Bonum Certa Men Certa

Links 19/11/2020: Kali Linux 2020.4 and Regolith 1.5 Released

  • GNU/Linux

    • Linux and open source: The biggest issue in 2020

      For the most part, 2020 was actually pretty good for open source. Enterprise-level companies embraced open source software even further, containers and the cloud became even more crucial to both businesses and consumers, the Linux community found a larger piece of the support pie from large manufacturers like Microsoft, and distributions continued to wow.

      That doesn't mean the year was full of celebrations, as there were some rather cringe-worthy moments. A good number of major open source projects suffered from poorly written or out of date documentation, DockerHub started throttling image downloads, etc.

      There was, however, one particular issue open source faced in 2020 that will not only go down as a thorn in the side of the community for the year, but will probably haunt us moving forward.

    • Desktop/Laptop

      • FydeOS beta brings Chromium OS to the PineBook Pro (Android app support too)

        The PineBook Pro is a $200 laptop with a 14 inch full HD display, a Rockchip RK3399 processor, 4GB of RAM, 64GB of storage, and support for a bunch of different operating systems… most of which are GNU/Linux distributions.

        But you can also turn the laptop into a Chromebook-like device by installing a new beta release of FydeOS 11.2 for the PineBook Pro.

      • Can You Replace Your Desktop PC With a Raspberry Pi 4?

        Since the introduction of the Raspberry Pi 4, a lot more people have been trying to use this microcomputer as their desktop PC. More recently, the Raspberry Pi 400 Personal Computer has been released, the name of which directly indicates its “main” purpose. I have long been interested in the possibility of using a portable and silent PC for simple tasks like creating this text, where the full-size desktop is redundant and the tablet is inconvenient. Finally, I bought a top-of-the-line Raspberry Pi 4 with 8GB of memory. It’s time to see how it works.

    • Audiocasts/Shows

      • Anti-Virus On Linux: Should You Use One? | Destination Linux 200 - Destination Linux

        On this week’s episode of Destination Linux, we have a great episode in store for you. We’re going to talk about the marketshare potential of Linux. Growth numbers in the 300% range and wondering how this is going to translate to the Linux desktop. In addition we will be covering community feedback, Antivirus Software on Linux? Is this something you should worry about? Google Play Store reportedly containing the highest risks for malware and then of course we have our popular tips/tricks and software picks. All of this and so much more this week on Destination Linux.

      • I Love Linux And You Should Too

        About a week ago JayzTwoCents posted on Twitter asking dedicated Linux users why those use Linux even though it has a bunch of seemingly insurmountable problems that make it annoying to use, so today I'm going to give my response and hopefully you'll see why Linux is great.

      • How to install Feren OS 2020.11 - YouTube

        In this video, I am going to show how to install Feren OS 2020.11.

      • The Radeon RX 6800 XT Can Do THIS? - YouTube

        I don't have a PS5 or Xbox Series X, but I was still treated to a jaw-dropping "next-generation gaming" moment this week thanks to the AMD Radeon RX 6800 XT and rally racer DIRT 5.

      • FLOSS Weekly 605: Trust in Health Care

        HIE Of One is a non-profit patient privacy rights foundation designed to advance healthcare information solutions and standards. Doc Searls and Shawn Powers talk with Adrian Gropper MD, who is the volunteer CTO of HIE. They discuss how in today's healthcare environment, medical records and personal wellness information are often spread across a complicated maze of systems, leaving patients and providers without an easy way to access and share important health data. To help with this, HIE is building, Trustee. Trustee is a private, patient-directed health information record being built on the HIE of One open source platform. The Trustee, universal health record, is designed to give the patient complete control over who has access to their medical files. They also talk about the importance of blockchain and how it can be the solution for standards in identity management.

      • A First Look At ArcoLinux With Dwm - YouTube

        ArcoLinux recently released a new version (20.11.9). This release is the first one to offer a dwm edition of ArcoLinuxB.

      • MacOS Lincoler | Coder Radio 388

        The guys deploy their sage wisdom to answer your age-old questions and solve why the latest macOS is less appealing than ever to developers.

        Plus our thoughts on youtube-dl’s return to GitHub.

    • Kernel Space

      • GraalVM 20.3 Released With Many Small Performance Optimizations - Phoronix

        GraalVM continues its quest as the virtual machine not only supporting Java but also additional languages and execution modes with a focus on stellar performance and speedy startups. GraalVM CE 20.3 was released on Tuesday as the latest for this open-source package supporting Java, Node.js, an LLVM runtime, and more.

        With GraalVM CE 20.3 there is an optimization for faster startup times of Java workloads with very short iterations by eliminating/delaying class loading from libgraal, better container awareness on Linux with its native image code, improved support for isolated compilation where applications and the runtime compiler are separate, and the never-ending performance work.

      • WireGuard and UEK6U1

        WireGuard has received a lot of attention of late as a new, easier to use VPN mechanism, and it has now been added to UEK6U1 as a technology preview.

        But what is it, and how do I use it?

        What is WireGuard?

      • Google Publishes Latest Linux Core Scheduling Patches So Only Trusted Tasks Share A Core

        Google engineer Joel Fernandes sent out the ninth version of their "core scheduling" patches for the Linux kernel that allows for allowing only trusted tasks to run concurrently on the same CPU core -- in cases where Hyper Threading is involved to safeguard the system against the possible security exploits.

        Core Scheduling has been a popular topic since vulnerabilities like MDS and L1TF have come to light. Core Scheduling aims to make Hyper Threading safer and by only letting trusted tasks share a CPU core is a reasonable safeguard for still leaving Hyper Threading active on servers rather than disabling it in the name of security. DigitalOcean, Oracle, Google, and other major x86_64 players have all been interested in core scheduling and working on different solutions in order to keep HT/SMT active. Particularly for the major cloud server providers having to disable HT/SMT would be a big blow to their models.

      • KVM for Android [LWN]

        A Google project aims to bring the Linux kernel virtualization mechanism, KVM, to Android systems. Will Deacon leads that effort and he (virtually) came to KVM Forum to discuss the project, its goals, and some of the challenges it has faced. Unlike some Android projects of the past, though, "protected KVM" is being worked on in the open, with code going upstream along the way.

        Deacon is one of the maintainers of the arm64 architecture for the kernel, as well as a maintainer and contributor in various other parts of the kernel, including concurrency, locking, atomic operations, and tools for the kernel memory model. He has worked in the kernel for a long time, but not really on KVM; the closest he had come to that is maintaining the Arm IOMMU drivers. He started working on the Android Systems team at Google in 2019 "and found myself leading the protected KVM project", which is the KVM on Android effort.

        The project is the top contributor to KVM for arm64 for the 5.9 and 5.10 kernels; KVM seems to be a "hot topic" right now, he said, and not just for arm64, but for other architectures as well. All of the project's work is being upstreamed as it goes, so what he was presenting was "very much a work in progress". He wants to avoid the trap of doing a bunch of work out of tree and then "throwing it over the wall", which does not lead to good solutions that are embraced by the community.

      • Migration disable for the mainline

        The realtime developers have been working for many years to create a kernel where the highest-priority task is always able to run without delay. That has meant a long process of finding and fixing situations where high-priority tasks might be blocked from running; one of the persistent problems in this regard has been kernel code that disables preemption. One tool that the realtime developers have reached for is disabling migration (moving a process from one CPU to another) rather than preemption; this approach has not been entirely popular among scheduler developers, though. Even so, the solution would appear to be this migration-disable patch set from scheduler developer Peter Zijlstra.

        One of the key scalability techniques used in the kernel is per-CPU data. System-wide locking is an effective way of protecting shared data, but it can kill performance in a number of ways, even if a given lock is itself not heavily contested. Any data structure that is only accessed by a single CPU does not need to be protected by system-wide locks, avoiding this problem. Thus, for example, the memory allocators maintain per-CPU lists of available memory that can be handed out without interference from the other CPUs on the system. But kernel code can only safely manipulate per-CPU data if it has exclusive access to the CPU; if some other process is able to jump in, it could find (or create) inconsistent per-CPU data structures. The normal way to prevent this from happening is to disable preemption when necessary; it is a cheap operation (setting a flag, essentially) that ensures that a given task will not be interrupted until its work is done.

        Disabling preemption runs afoul of the goals of the realtime developers, who have put so much work into ensuring that any given task can be interrupted if a higher-priority task needs the CPU. As they have worked to remove preemption-disabled regions, they have observed that, often, all that is really needed is to keep tasks from being moved between CPUs while they are accessing per-CPU data, with perhaps some (normally CPU-local) locking as well. See, for example, the kmap_local() work. Disabling migration still allows a process to be preempted, so it does not interfere with the goals of the realtime project — or so those developers hope.

        Disabling migration brings problems of its own, though. The kernel's CPU scheduler is tasked with making the best use of all of the CPUs in the system. If there are N CPUs available, they should be running the N highest-priority tasks at any given time. That goal cannot be achieved without occasionally moving tasks between CPUs; it would be nice if tasks just happened to land on the right processors every time, but the real world is not like that. Depriving the scheduler of the ability to migrate tasks, even for brief periods, thus takes away a tool that is crucial for the overall behavior and throughput of the system.

      • Atomic kmaps become local

        A 32-bit processor will, unsurprisingly, use 32-bit pointers, which limits the amount of memory that can be addressed to 4GB. The resulting 4GB address space is split between user space and the kernel, with the kernel getting 1GB in the most common configurations; that space holds the kernel's code and data, memory-mapped I/O areas, and the "direct map" that gives the kernel access to physical memory. The direct map clearly cannot address a lot of memory; once the kernel's other needs are taken care of, there is room for significantly less than 1GB of mappings to physical memory.

        As a result, any system with 1GB or more of physical memory will have to be managed without a direct mapping to some of that memory. The memory that lies above the range that can be directly mapped is called "high memory"; on many systems, most of the installed memory is high memory. User space can use high memory without noticing any difference, but the kernel side is a bit more complicated. Whenever the kernel must access a high-memory page (to zero out a page prior to giving it to user space, for example), it must first create a temporary mapping for that page. The kmap() interface exists to manage these mappings.

        The kmap() function itself will map a given page into the kernel's address space, returning a pointer that can now be used to access the page's contents. Mappings created this way are expensive, though. They consume address space, and mapping changes must be propagated across all the CPUs of the system, which is costly. This work is necessary if a mapping must last for a relatively long time, but the bulk of high-memory mappings in the kernel are short-lived and only used in one place; the cost of kmap() is mostly wasted in such cases.

        Thus, the kmap_atomic() API was added as a way of avoiding this cost. It, too, will map a high-memory page into the kernel's address space, but with some differences. It uses one of a small set of address slots for the mapping, and that mapping is only valid on the CPU where it is created. This design implies that code holding one of these mappings must run in atomic context (thus the name kmap_atomic()); if it were to sleep or be moved to another CPU, confusion and data corruption would be an almost certain result. Thus, whenever code running in kernel space creates an atomic mapping, it can no longer be preempted or migrated, and it is not allowed to sleep, until all atomic mappings have been released.

      • Graphics Stack

        • Radeon Software for Linux 20.45 Driver Released With RX 6800 Series Support - Phoronix

          Radeon Software for Linux 20.45 is now available as the Radeon RX 6800 series launch driver for Linux systems.

          Radeon Software for Linux 20.45 is the packaged driver now adding in the Radeon RX 6800 series support while retaining the existing product support as well. There are, however, no listed changes besides the new RX 6800 / RDNA2 support.

    • Benchmarks

      • Radeon RX 6800 Series Has Excellent ROCm-Based OpenCL Performance On Linux

        While Radeon Open eCosystem (ROCm) support wasn't a focus for the initial Radeon RX 5000 "Navi" graphics cards by AMD engineers, that is fortunately changing for both the RX 5000/6000 series moving forward. With the Radeon RX 6800 series there is at-launch support available with working OpenCL provided by the "ROCr" (runtime) path in their packaged driver. Now that we have looked at the Radeon RX 6800 Linux gaming performance here are some initial OpenCL compute benchmarks between NVIDIA and AMD Radeon on Linux.

        The Radeon RX 6800 / RX 6800 XT OpenCL support is in good shape with the launch-day Radeon Software for Linux 20.45 packaged driver, Benchmarks on Ubuntu 20.04 LTS were carried out and going up against the NVIDIA GeForce RTX 20/30 graphics cards with their latest proprietary driver. After Navi compute support on Linux being ignored up to now, it's good to see it coming together nicely for Big Navi.

    • Instructionals/Technical

      • How to install Gimp 2.10.23 with Plugins on a Chromebook

        Today we are looking at how to install Gimp 2.10.23 with Plugins on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • How to send files over the network on Linux with Warpinator

        Need to send a file to another Linux PC on your network but don’t want to fuss? Check out Warpinator! It can automatically detect computers on the network and allow you to send and receive files with ease.

      • CoreOS install via Live ISO --copy-network - A Random Walk Down Tech Street

        A couple of us recently gave an update to our Customer Experience team at Red Hat on the improvements that were made in Red Hat CoreOS for OpenShift 4.6. My part of the presentation focused on the new Live ISO that is now used for Fedora/Red Hat CoreOS installations and also the improvements that we made for being able to copy the install environment networking configuration into the installed system via coreos-installer --copy-network.

      • Docker Exec - How to Connect to a Docker Container - LinuxBuz

        If you are a system administrator and responsible for managing Docker containers then you may often need to connect to a running Docker container. It is very helpful if you want to see what is happening inside the container. You can use docker exec or docker attach command to connect to a running Docker container or get a shell to the container.

      • Manage AppImages, AUR, Flatpaks And Snaps With Bauh - OSTechNix

        Bauh is an opensource, graphical application to manage AppImages, AUR, Flatpaks, Snaps and native web applications in Linux.

      • Amazon ECR: Creating repository and pushing first container image - Kernel Talks

        A quick rundown on how to create Amazon ECR repository and push container image to it.

      • Testing Raspberry PI Storage Speed (SD, USB) with dd
      • Installing Fedora on the NVIDIA Jetson nano – nullr0ute's blog

        Nvidia launched the Jetson Nano Developer Kit in March 2019, since there there’s been a few minor refreshes including a just announced cheaper 2Gb model. I received the original 4Gb rev A device shortly after they were launched.

        Over the last year or so as part of my role at Red Hat I started working with some of the NVidia Tegra team to improve support for the Jetson devices. This work has been wide ranging and while it’s taken a little while, with Fedora 33 we’re starting to see the fruits of that collaboration. The first is improved support for the Jetson Nano. The official L4T (Linux 4 Tegra) Jetson Nano images look is a lot like an Android phone with numerous partitions across the mSD card. This makes it harder to support a generic Linux distribution like Fedora as there’s assumptions by distributions of what level of control they can have over a storage disk, so while it was certainly possible to get Fedora to run on these devices it generally wasn’t for the faint of heart

    • Games

      • If you enjoy first-person dungeon crawling, you need to play Vaporum: Lockdown | GamingOnLinux

        Vaporum: Lockdown is the standalone prequel to the original Vaporum from 2017 and Fatbot Games did another fantastic job with a great world to explore. The game follows the story of Ellie Teller, a scientist who is a part of a mysterious research project in the middle of an ocean.

        After getting an official Linux release back in October, I spent some time with it crawling through dark hallways, dealing with freaky creatures and solving puzzles. Much like the first game, I've come away with a lasting impression and thoroughly enjoyed the experience it offers. With a sleek steampunk style, along with real-time exploration and combat, everything in Vaporum: Lockdown feels like it flows together quite nicely.

      • Godot Engine - Dev snapshot: Godot 3.2.4 beta 2

        While development keeps going at full speed towards Godot 4.0 (see recent devblogs on GDScript typed instructions and Complex Text Layout), a lot of work is also being done on the 3.2 branch for the upcoming Godot 3.2.4.

      • Bridge Constructor: Walking Dead. Come Again? - Boiling Steam

        This has to be one of the most unlikely partnerships in the history of video games: mixing zombies (sorry, walkers was it?) with bridge construction mechanics. The idea sounds so crazy on its own that I had to try it out.

        At first, I was not sure what the game was trying to be. It recounts the story of survivors trying to make it through the zombie/walker apocalypse. By the way, you do not need to be familiar with the series to enjoy the game, while you will recognize some famous characters (modeled after the TV show characters) throughout the story. Walking Dead the show is all about following the destinies of small groups of people as they try to restart their lives in a land infested with walkers (aka zombies). It takes place in good old contemporary America.

        The first few missions are about building bridges or structures to make folks or vehicles reach a specific point on the map. To build structures, you start working with wooden planks, and as you move on, wires and steel pillars become available. While materials are not restricted in any way, they cost resources and each stage encourages you to build with less by awarding you a badge if you complete a stage with few resources. But who cares? I’m a pragmatist. As long as it works, I’m good.

      • How to install Unity3D on Ubuntu 20.04 [Ed: (Microsoft Mono vector]

        Today we are looking at how to install Unity3D on Ubuntu 20.04. Firstly, we download the UnityHUB and make it executable as a program. Then we open a terminal in the folder where the package is located. Then we run two commands, firstly we move the package to the /opt directory as many 3rd party applications store their data there. Then we install a menu editor. Next, we add unity to our menu by creating a menu launcher with the editor we installed. Lastly, we launch Unity, activate it, install an editor, and create and launch projects. Enjoy!

    • Distributions

      • New Releases

        • Kali Linux 2020.4 released: New default shell, fresh tools, and more!

          ZSH is now Kali’s new default shell on desktop images and cloud, Bash remains the default shell for other platforms (ARM, containers, NetHunter, WSL) for the time being. Users can, of course, use that which they prefer, but be aware that, visually, Bash has been made to look more like ZSH.

          Upon logging into a Kali terminal or console, users may be presented with a message from Kali developers that will point them to more information about that specific installation, in case they need it for troubleshooting.


          Finally, Offensive Security is partnering with Marcello Salvati, the creator of the CrackMapExec, to deliver new updates exclusively to Kali Linux for a 30 day period (as the author has moved to a sponsorware model).

          The goal of the partnership is to, according to Salvati, “help improve the status quo of the Open Source Infosec/Hacking tool developer community with the end goal of actually making it sustainable through a number of experiments.” The company is also looking for other authors to to sponsor with.

        • Kali Linux 2020.4 Release

          We find ourselves in the 4th quarter of 2020, and we are ecstatic to announce the release of Kali Linux 2020.4, which is ready for immediate download or updating.

          What’s different with this release since 2020.3 in August 2020 is...

        • Regolith 1.5 Released with Support for Ubuntu 20.10

          This is a new feature release of the i3-based desktop environment and includes key improvements and system optimisations aiming at simplifying workspace management and finessing the user experience.

          If you’re not familiar with Regolith Linux all you need to know about it is that it takes the latest Ubuntu base and lays a keyboard-centric tiling window manager across the top. The result is a user-friendly, power-user desktop computing experience.

          Regolith Linux is an Ubuntu-based Linux distro that ships with the Regolith desktop environment by default. The Regolith desktop environment is, however, available to install from a PPA — you can install Regolith alongside the regular GNOME Shell desktop.

      • IBM/Red Hat/Fedora

      • Canonical/Ubuntu Family

        • Ubuntu Web Remix is a Linux distro that puts Firefox front and center (Chrome OS alternative)

          Global Chromebook shipments are on the rise as folks around the world are stuck working, studying, and binge watching from home. They tend to be affordable, reasonably responsive, and fairly simple to learn to use.

          But a key selling point for some is a turnoff for others – Chromebooks put Google’s Chrome browser front and center.

          So this summer developer Rudra Saraswat decided to build a Chrome OS alternative focused on Firefox rather than Chrome. Now the first release of Ubuntu Web Remix is available for download.

        • Respun ISOs Questionnaire

          I've just released a new version of '' that supports the respinning of the latest Ubuntu and Ubuntu flavoured 20.10 (Groovy Gorilla) ISOs.

          However I don't have sufficient space available at the moment to post an example ISO similar to those posted here.

          So I've created a questionnaire to ask which ISOs are required both now and in the future.

    • Devices/Embedded

      • Librem 5 Mass Production Phone Has Begun Shipping
        Purism, a Social Purpose Company (SPC) focusing on security and privacy with its hardware and software, has begun shipping its mass-produced Librem 5 phone to customers.

        The Librem 5 is a one-of-a-kind general-purpose computer in a phone form-factor that Purism has designed and built from scratch following a successful crowdfunding campaign that raised over $2.2 million. Both the hardware and software design is focused on respecting the end user’s freedom and giving them control over their privacy and security. The Librem 5 doesn’t run Android nor iOS but instead runs the same PureOS operating system as Purism’s laptops and mini PC.

      • The Journey to Shipping the Librem 5
        I was a pretty avid mountaineer when I lived in the pacific northwest, as a child I set a goal to summit every mountain in the Olympic National Forest. There are a lot of them, and I reached that goal over the course of many many years. I summited with my father one weekend, then my brother the next, and my friend the third, and a hiking group the fourth. Sometimes two in a day, sometimes taking a break due to weather, sometimes failing to summit and retrying again the next month. Mountaineers have perseverance.

        With Purism, and specifically the Librem 5, I set a lofty goal of delivering a mobile phone that does not spy on you, avoids Big Tech entirely, ensures that all the software is freedom respecting with the source code released, that is the most secure phone available on the market, while also making it convenient to use. I knew back in 2014 when I formed Purism that this was going to be a multi-year very challenging journey, and I also knew that there would be many summits toward this much larger goal.

      • Purism’s Librem 5 Linux smartphone is now shipping

        Purism’s first smartphone is now shipping. The Librem 5 is a smartphone with a 5.7 inch display, an NXP i.MX8M quad-core processor, 3GB of RAM, 32GB of storage, and a 4,500 mAh battery.

        It’s also one of only a handful of smartphones designed to ship with a GNU/Linux distribution rather than Android or iOS.

        The phone has been under development for several years, and a small number of dev kits and pre-production units have already been shipped. But mass production of the first “Evergreen” batch hardware began recently, and earlier this month Purism announced that it would begin shipping the mass production version of the phone to customers.

      • Banana Pi quad-GbE router SBC features M.2 and five mini-PCIe slots with SIM

        SinoVoip’s $750 “Banana Pi GrassRouter” is a quad-GbE router board for mobile communications that runs Linux on a dual-core -A53 MediaTek MT7622E and offers 5x mini-PCIe for 4G, M.2 for 5G, and 7x SIM slots.

        In Aug. 2019, SinoVoip launched a $68 Banana Pi BPI-R64 router board with 4x GbE ports, a WAN port, and dual mini-PCIe slots. As part of the company’s “BPI 4.0 server” OEM/ODM customization service, the company developed a customized multi-link fusion version of the board for a customer with more mini-PCIe and SIM card slots. This Banana Pi GrassRouter SBC is now publicly available for $750.

      • Coffee Lake robotics controller to power Indy Autonomous Challenge racers

        Adlink’s Linux-ready “DLAP-8000” robotics controller offers a 9th Gen CPU, 4x swappable SATA, 2x PCIe x16, 2x PCIe x8, and PCIe x4. The system will be used in the Indy Autonomous Challenge (IAC).

        Adlink announced that its “preliminary” DLAP-8000 Series robotics controller and “industrial GPU workstation” is being used by competitors in the Indy Autonomous Challenge (IAC). The 9th Gen Coffee Lake based system is loaded with PCIe slots for performing rapid deep learning processing on up to Quadro RTX 8000 graphics cards (see farther below).

      • Open Hardware/Modding

        • AMD ROCm Open-Source Stack Coming To Xilinx FPGAs

          Now here is some darn interesting software news from SC20... AMD, which is in the process of acquiring Xilinx, is bringing the Radeon Open eCosystem "ROCm" stack to Xilinx hardware.

          Xilinx and AMD are offering a technology demonstration of the AMD ROCm open-source stack atop the Xilinx Alveo accelerator cards. AMD and Xilinx are working to fully support the FPGAs within the ROCm platform and integration between AMD Instinct GPUs and Alveo accelerators for compute, networking, and storage solutions. Ultimately they aim to provide a fully integrated ROCm runtime to span from AMD CPUs and GPUs through FPGAs.

      • Mobile Systems/Mobile Applications

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Firefox 83 Released with JavaScript Engine Updates, Https-Only Mode
            Mozilla Firefox 83.0 was released a day ago with significant updates to its JavaScript Engine, SpiderMonkey. It improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%.

          • Mozilla Thunderbird 78.5 Released with More OpenPGP Improvements

            Mozilla Thunderbird 78.5 is all about improving the best feature of the 78 series, OpenPGP support, which is now built into the application and enabled by default to let users send encrypted emails.

            In this version, OpenPGP gains a new option that let users disable the attaching of the public key to a signed email, improved support for inline PGP messages, as well as a fix for the message security dialog to no longer display unverified keys as unavailable.

          • No more Flash support in Firefox [LWN]

            Mozilla has announced that the Adobe Flash era is coming to an end.

          • SD Times news digest: Linux Foundation to host Servo web engine, Postman public workspaces beta launched, and split diffs added in GitHub Desktop

            The Linux Foundation has announced it will now host the Servo web engine. Servo is an open source, high-performance browser engine that is designed for both application and embedded use and is written in the Rust programming language.

            “The Linux Foundation’s track record for hosting and supporting the world’s most ubiquitous open source technologies makes it the natural home for growing the Servo community and increasing its platform support,” said Alan Jeffrey, the technical chair of the Servo project. “There’s a lot of development work and opportunities for our Servo Technical Steering Committee to consider, and we know this cross-industry open source collaboration model will enable us to accelerate the highest priorities for web developers.”

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

          • Entrapment (Microsoft GitHub)

            • Origins of the youtube-dl project

              As you may know, as of the time this text is being written youtube-dl’s repository at GitHub is blocked due to a DMCA takedown letter received by GitHub on behalf of the RIAA. While I cannot comment on the current maintainers' plans or ongoing discussions, in light of the claims made in that letter I thought it would be valuable to put in writing the first years of youtube-dl as the project creator and initial maintainer.

              Copper thieves

              All good stories need at least a villain so I have arbitrarily chosen copper thieves as the villains of the story that set in motion what youtube-dl is today. Back in 2006 I was living in a town 5 to 10 kilometers away from Avilés, which is itself a small city or town in northern Spain. While people in Avilés enjoyed some nice infrastructures and services, including cable and ADSL Internet access, the area I lived in lacked those advantages. I was too far away from the telephone exchange to enjoy ADSL and copper thieves had been stealing copper wires along the way to it for years, causing telephone service outages from time to time and making the telephone company replace those wires with weaker and thinner wires, knowing they would likely be stolen again. This had been going on for several years at that point. This meant my only choice for home Internet access so far had been a dial-up connection and a 56k V.90 modem. In fact, connection quality was so poor I had to limit the modem to 33.6 kbps mode so the connection would be at least stable. Actual download speeds rarely surpassed 4 KB/sec. YouTube was gaining popularity then to the point it was purchased by Google at the end of that year.


              I’d like to remark one more time that the purpose of youtube-dl as a tool has barely changed along its 14 years of existence. Before and after the RIAA’s DMCA letter was received, many people have explained how they use youtube-dl with different goals in mind. For me, it has always been about offline access to videos that are already available to the general public online. In a world of mobile networks and always-on Internet connections, you may wonder if that’s really needed. It must be, I guess, if Netflix, Amazon, Disney or HBO have all implemented similar functionality in their extremely popular streaming applications. For long road trips, or trips abroad specially with kids, or underground or on an airplane, or in a place with poor connectivity or metered connections, having offline access to that review, report, podcast, lecture, piece of news or work of art is incredibly convenient. An additional side-effect of youtube-dl is online access when the default online interface is not up to the task. The old proprietary Flash plugin was not available for every platform and architecture, depending on what your choice was. Nowadays, web browsers can play video but may sometimes not take advantage of efficient available GPU decoding, wasting large amounts of battery power along the way. youtube-dl can be combined with a native video player to make playing some videos possible and/or efficient. For example, mpv includes native youtube-dl support. You only need to feed it a supported video site URL and it will use youtube-dl to access the video stream and play it without storing anything in your hard drive.

            • The RIAA, GitHub, and youtube-dl

              Toward the end of October, GitHub removed the repository for the youtube-dl utility, which provides a means to download video content from various streaming sites, such as YouTube. The repository was replaced with a cheery notice that it had been removed due to a DMCA takedown. It will likely come as no surprise that the DMCA action came from the Recording Industry Association of America (RIAA) or that the complaint was that the program circumvented the "technological protection measures" used on the videos by YouTube and other authorized sites.

              If the goal of that notice was to somehow erase youtube-dl from the internet, the effort could not have been more misguided. Predictably, the notice fully revalidated the "Streisand effect": as word filtered out, youtube-dl was spread far and wide. Beyond that, many who had never heard of the program before were suddenly aware of its existence, purpose, and the threat to its continued existence. Meanwhile, youtube-dl is still available for download, packaged for Linux distributions, and so on. The repository shutdown is an inconvenience to the project and its users but not much more than that.

              The Digital Millennium Copyright Act (DMCA) is a US law—ostensibly about protecting copyright-holders—that has been (ab)used in a wide variety of ways by the enormous content conglomerates that hold the bulk of the copyrights for music, television, movies, and so on. In particular, the anti-circumvention provisions have been invoked in dubious ways to try to prevent competition in printer-ink cartridges, thwart investigation into the Volkswagen emissions cheating, and to chill cryptographic research of various sorts. While the DMCA itself is US law, it was written to implement two World Intellectual Property Organization (WIPO) treaties, so the effects are more widely applicable.

              The RIAA is no stranger to using the DMCA, of course. The organization has been sending takedown notices since the DMCA was enacted and was filing lawsuits against alleged copyright infringers before that. There are certainly legitimate infringement problems that the organization and its members have targeted along the way, but their blanket attacks and overreach (e.g. the the "dancing baby" video takedown) have also done much to paint the law (and the RIAA) in a rather bad light—not that it has resulted in any changes to the DMCA, sadly.

        • Security

          • Security updates for Wednesday []

            Security updates have been issued by openSUSE (opera and raptor), Oracle (bind, bluez, firefox, microcode_ctl, and thunderbird), Red Hat (firefox, net-snmp, and thunderbird), SUSE (java-11-openjdk and tcpdump), and Ubuntu (firefox, krb5, and libvncserver, vino).

          • Cloud native security for your clusters

            Over the last few years a small, security focused community has been working diligently to deepen our understanding of security, given the evolving cloud native infrastructure and corresponding iterative deployment practices. To enable sharing of this knowledge with the rest of the community, members of CNCF SIG Security (a group which reports into CNCF TOC and who are friends with Kubernetes SIG Security) led by Emily Fox, collaborated on a whitepaper outlining holistic cloud native security concerns and best practices. After over 1200 comments, changes, and discussions from 35 members across the world, we are proud to share cloud native security whitepaper v1.0 that serves as essential reading for security leadership in enterprises, financial and healthcare industries, academia, government, and non-profit organizations.


            The cloud native way, including containers, provides great security benefits for its users: immutability, modularity, faster upgrades and consistent state across the environment. Realizing this fundamental change in “the way things are done”, motivates us to look at security with a cloud native lens. One of the things that was evident for all the authors of the paper was the fact that it’s tough to make smarter decisions on how and what to secure in a cloud native ecosystem if you do not understand the tools, patterns, and frameworks at hand (in addition to knowing your own critical assets). Hence, for all the security practitioners out there who want to be partners rather than a gatekeeper for your friends in Operations, Product Development, and Compliance, let’s make an attempt to learn more so we can secure better.

          • Privacy/Surveillance

            • Cloud control vs local control: What to choose for your home automation [Ed: Lots of spying and user-hostile Trojan horses disguised as "smart" and/or "assistant"]

              Cloud access also creates issues around being reliant on something outside your control. In 2019, Sonos came under fire for remotely bricking older smart speakers. Speakers usually continue to work for years after their warranty ends; in fact, they usually function until they physically break. There's also the case of Automatic, which produced a cloud-based car tracker. When it announced in May 2020 that it would be shutting down its services, it advised customers to "please discard your adapter by following standard electronic recycling procedures."

              Being dependent on a third-party provider for critical functionality can come back to bite you. IFTTT, a popular service for programming events based on external conditions, recently altered its free plan's terms and conditions to severely limit the number of events you can create—from an unlimited number to three. This is even though IFTTT charges device manufacturers for certification with its system, which allows products like Meross smart bulbs to proudly display their compatibility with IFTTT.

    • Environment

      • The New Humanitarian | Climate crisis in Honduras drives needs and fuels migration

        As Honduras endures its second major hurricane in as many weeks, international aid agencies and local volunteer groups are scrambling the best responses they can to assist people displaced by flooding and landslides.

        But aid experts and rights activists, as well as local residents and politicians, say longer-term problems are being neglected in a country where years of devastating drought have caused mass hunger and are leading thousands of Hondurans to flee annually towards the United States.

    • Monopolies

      • Copyrights

        • [Guest post] The Implementation of Article 17 CDSMD in EU Member States and the Evolution of the Digital Services Act: Why the Ban on General Monitoring Obligations Must Not Be Underestimated - The IPKat

          Article 17 of the Directive on Copyright in the Digital Single Market (‘CDSMD’) is an inexhaustible source for debate. Setting forth new obligations to prevent the appearance of illegal user uploads on online content-sharing platforms (Article 17(4)(b) and (c)), it has triggered a never-ending controversy on content filtering and potential overblocking. With national legislators in EU Member States trying to find the right implementation strategy at the domestic level and the European Commission working on a new architecture for internet service provider liability in the Digital Services Act (‘DSA’), the debate has reached a new peak. How far-reaching are the new content moderation obligations in the field of copyright law? Does it make sense to rely on Article 17 CDSMD as a template for regulating online platform services in the DSA?

Recent Techrights' Posts

Aggressive Efforts (and Threats) for Those Who Speak About What Happened in the Balkans
Acting in this way in an effort to censor people typically results in a second scandal on top of the original scandal
[Video] How the Media Blamed SSH and Linux (for Nearly a Whole Fortnight!) Instead of Microsoft's GitHub and Systemd
Microsoft-connected sites have said a whole bunch of lies
Links 12/04/2024: Reporters Without Borders Rep Kicked Out of Hong Kong
Links for the day
Gemini Links 12/04/2024: Funny Thing, Manual Scripts, and More
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 11, 2024
IRC logs for Thursday, April 11, 2024
[Video] Trainline Finally Issues a Refund, But It Took 9 Days and Showed How 'Modern' Systems Fail Travelers
They treat people like a bunch of animals or cattle, not like valuable customers
DebConf22 Kosovo segregation of women exposed
Reprinted with permission from
Links 11/04/2024: Web Diversity and More Crackdowns in Russia
Links for the day
Gemini Links 11/04/2024: Activity and Motivation in Geminispace, gwit Implementations
Links for the day
First They Came for Iranian Developers...
Red Hat/IBM and 'cancel culture'
[Video] A Debian Project Leader Needs to Also be a Technical Project Leader
We do not vouch for one (or none) horse in this race
How Kosovo won DebConf21
Reprinted with permission from Daniel Pocock
Anzacathon: a hackathon for Anzac day at home
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 10, 2024
IRC logs for Wednesday, April 10, 2024
On Julian Assange, Now 5 Years in Belmarsh Prison: The Good News, the Bad News, and Ugly Noise
Some time this spring (or summer) we'll revisit the Appelbaum case
Links 10/04/2024: Starvation as Weapon in Sudan, Sonos v. ITC Explained
Links for the day
Gemini Links 10/04/2024: JSON explore and Downtime
Links for the day
Links 09/04/2024: Netflix Layoffs and Cox Will Try to Bring Copyright Liability of ISPs to SCOTUS
Links for the day
Links 10/04/2024: Biden Reportedly Considers Dropping the Charges Against Julian Assange
Links for the day
Wikileaks, Dickileaks & Ubuntu Underage girl
Reprinted with permission from the Free Software Fellowship
Gemini Links 10/04/2024: Tanana River, Picotron, and Citation on Gemini
Links for the day
Elio Qoshi & Redon Skikuli missing from OSCAL agenda
Reprinted with permission from the Free Software Fellowship
Links 10/04/2024: TikTok Trouble, East Asian Companies Receive Subsidies From American Taxpayers
Links for the day
This is What Techrights Would Look Like If We Participated in 'CSS Naked Day'
All cascading style sheets (CSS) should be optional
Microsoft Hiring People Who Attempt to Murder Colleagues
magnet for sociopaths
Francophone GNU/Linux
Moving in a positive direction
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 09, 2024
IRC logs for Tuesday, April 09, 2024
Over-Enforcement of a Code of Conduct (CoC) Would Ruin Events, Maybe Not for Corporate Posters, Sponsors, Posers, and Speakers
a shrine for corporate supremacy
The "F" in Free Software Doesn't Stand for "Censorship"; Attempts to Censor Mere Links to Articles About DebConf22 in Kosovo
It's about an article we'll reproduce here later this week
Daniele Scasciafratte & Mozilla, OSCAL, Albania dating
Reprinted with permission from the Free Software Fellowship
Gemini Links 10/04/2024: Notifications, Motivation, Profectus Graphical Browser for the Smallnet
Links for the day
Abuse & Sex Crimes at FOSDEM and Open Source tech events
Reprinted with permission from the Free Software Fellowship