Bonum Certa Men Certa

Links 25/2/2021: Kali Linux 2021.1, Wine Launcher 1.4.46, and Google's Security Posing

  • GNU/Linux

    • Audiocasts/Shows

      • Password Managers: A Tool Everybody Deserves - YouTube

        Lastpass was in the news recently and it made me realize how few people use a password manager, regardless of whether you prefer an offline or online solution not using a password manager leads to bad habits and much weaker passwords.

      • FLOSS Weekly 618: Rust - Steve Klabnik & Rust

        Steve Klabnik joins Doc Searls and Shawn Powers to talk about Rust. Rust, which was started at Mozilla, has grown to become one of the world's most relied-upon and fastest growing programming languages. Klabnik literally wrote the book on Rust. In the show, he visits how it differs from C++ and other alternatives, some of the many ways it is used, the large and familiar names (e.g. DropBox) that depend on it, the community culture around it, how open source and free software work are changing as we move toward a post-COVID world.

      • How to Homelab - Laptops as Servers?!

        In the latest episode of "How to Homelab", we take a look at the concept of using laptops as servers, and I give you my thoughts. It might just be a crazy enough idea to work!

    • Kernel Space

      • Millennium prize problems but for Linux

        There is a longstanding tradition in mathematics to create a list of hard unsolved problems to drive people to work on solving them. Examples include Hilbert's problems and the Millennium Prize problems. Wouldn't it be nice if we had the same for Linux? A bunch of hard problems with sexy names that would drive development forward? Sadly there is no easy source for tens of millions of euros in prize money, not to mention it would be very hard to distribute as this work would, by necessity, be spread over a large group of people.

        Thus it seems is unlikely for this to work in practice, but that does not prevent us from stealing a different trick from mathematicians' toolbox and ponder how it would work in theory. In this case the list of problems will probably never exist, but let's assume that it does. What would it contain if it did exist? Here's one example I came up with. it is left as an exercise to the reader to work out what prompted me to write this post.


        A knee-jerk reaction many people have is something along the lines of "you can solve this by limiting the number of linker processes by doing X". That is not the answer. It solves the symptoms but not the underlying cause, which is that bad input causes the scheduler to do the wrong thing. There are many other ways of triggering the same issue, for example by copying large files around. A proper solution would fix all of those in one go.

      • Compute Express Link 2.0 Support Sent In For Linux 5.12, Enabling CXL 2.0 Memory Devices - Phoronix

        Immediately following the publishing of the Linux enablement patches for CXL 2.0 and that continued in the months since over several rounds of patches. That initial CXL 2.0 code is now slated for mainlining with the Linux 5.12 kernel.

        The initial Compute Express Link 2.0 focus for the Linux kernel has been on supporting Type-3 Memory Devices. The CXL 2.0 type-3 memory device support being fleshed out first is for serving as a memory expander for RAM or persistent memory and can optionally be interleaved with other CXL devices.

        For the lack of any CXL 2.0 hardware yet even within the confines of Intel, Widawsky worked out this initial enablement code thanks to writing up support around the specification within QEMU for emulation.

      • Linux 5.13 Should See HP Platform Profile Support - Phoronix

        Linux 5.12 is bringing the initial infrastructure around ACPI Platform Profile support and with this kernel it's implemented for newer Lenovo ThinkPad and IdeaPad laptops. The support allow for altering the system's power/performance characteristics depending upon your desire for a speedy, quiet, or cool experience. With Linux 5.13 it looks like HP laptops with this capability will begin to see working Platform Profile support too.

        Lenovo is the initial Linux user/supporter of this Platform Profile support while Dell has also expressed interest in supporting it on Linux for letting users manipulate their desire desired balance of performance vs. cool/quiet operation. There has been an HP patch implementing the support and it's looking like that is now ready to be queued into the x86 platform driver tree once the current Linux 5.12 merge window is over, which would mark it as material for 5.13.

    • Applications

      • RSS Guard Is A Qt Desktop RSS Feed Reader With Support For Syncing With Feedly, Google Reader API, More

        RSS Guard is a free and open source Qt RSS feed reader for Microsoft Windows, Linux and macOS. The application can synchronize with services like Tiny Tiny RSS, Inoreader, Nextcloud News, and with the latest 3.9.0 version released today, Feedly and services supporting the Google Reader API (The Old Reader, Bazqux, Reedah, FreshRSS, etc.).

        The application supports RSS / RDF / ATOM / JSON feed formats, as well as podcasts using RSS / ATOM / JSON. Besides syncing with the online services mentioned above via plugins, RSS Guard can also add feeds locally, with support for importing and exporting feeds to/from OPML 2.0.

        The user interface is highly customizable, allowing users to hide various elements, add or remove buttons to/from the toolbar, and even use a vertical or horizontal layout (with the latter being great for ultrawide screens). A full screen mode is also included.

      • Best Free And Open Source Photoshop Alternatives

        Photoshop is quite synonymous with Graphics design nowadays, but it is not the only king in the room. Photoshop doesn’t come with a friendly interface for beginners. No doubt photoshop offers you freedom of using features quite independently, but everything comes at a cost. There are some other options too that are worth considering for users who are looking for open source and free photoshop alternatives. These free and open source photoshop alternatives are not only useful for beginners but also useful for professionals who are thinking of switching from photoshop. And the good thing is that these free applications make no compromise with the quality of work.

        So, what to do if you are a bit tight on budget and want to learn to design without paying the monthly subscription as in Photoshop. Well, I have prepared a list of free and open-source applications like photoshop to create awesome designs without compromising quality.

    • Instructionals/Technical

      • GNU Linux (CentOS8) – how to enable power tools repository and install sshfs
      • Apt Update and Apt Upgrade Commands - What's the difference?

        In an earlier article, we looked at the APT command and various ways that you can make use of the package manager to manage packages. That was a general overview, but in this guide, we pause and shine the spotlight on 2 command usages. These are apt update and apt upgrade commands.

        The apt update and apt upgrade are two of the most commonly used yet misunderstood commands for many Linux users. For some, these play the same role, which is not the case. In this guide, we seek to distinguish the differences between the two and how each one of them is used.

      • Remap custom keyboard keys in Linux - Tutorial

        Modern problems require modern solutions. I've recently got meself a new Linux test laptop, one IdeaPad 3, which I bought (unfortunately, due to market shortages) with the UK keyboard layout instead of the US layout. This means suboptimal physical key placement - even if you do use a different keyboard variant. Namely, the bar and backspace keys and such are placed all wrong, plus the Enter key is too small.

        Moreover, this also means, muscle memory and all, you end up typing \ when you actually want to jump to a new line, and this can be quite annoying. So I thought, perhaps I can remap keyboard keys in a small way? But I didn't want to just remap the backspace key (bearing the UK tilde and hash symbols) to a "second" Enter, thus effectively making a larger Enter key, I still wanted to have the bar and backspace keys available. Hence a more complex exercise. Let me show you how you can this somewhat convoluted but super-nice setup.

      • Linux server certifications becoming a must-have for IT pros | Network World

        Linux certification is increasingly significant for tech workers as the public cloud and software-defined networking become ever more important. A Linux cert can set IT professionals apart from the herd and potentially put a lot more money in their bank accounts.

        Once these certifications were a gauge of reliability, according to CompTIA chief tech evangelist James Stanger. “Twenty years ago, Linux tended to attract people who were a little edgier,” he said. “So certification was traditionally used in the Linux side just to find people you can work with—will they show up on time?”

        Now, these certifications are a demonstration not only of proficiency but also dedication to self-improvement. “You can’t go wrong with a certification,” said Joe Faletra, director of infrastructure services at Modis, a technology staffing and consulting firm. “I’ll lean towards certs over experience [in hiring], because this person has put the effort into learning and passing the exam.”

      • How to install Discord on a Chromebook in 2021 - Desktop version

        Today we are looking at how to install Discord, the desktop version, on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • How to fix Ubuntu boot issues

        There can be many reasons behind Ubuntu being unable to boot, like, GRUB error, broken package installation, or even a faulty hardware issue. We will be looking at these issues one-by-one and try to solve it.Here are some of the most common Linux Boot issues and their solutions. Bear in mind that these steps are generally for Ubuntu, but could be applied to any Linux system.

      • How To Install AnyDesk on Manjaro 20 - idroot

        In this tutorial, we will show you how to install AnyDesk on Manjaro 20. For those of you who didn’t know, AnyDesk is the world’s so much completely satisfied remote computing device application. Access all your programs, documents, and documents from anywhere, without needing to entrust your information to a cloud service. You could say it is an alternative to the TeamViewer, that’s available free. Anydesk offers a faster remote connection than any other current distant computer application.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of AnyDesk Remote desktop on a Manjaro 20 (Nibia).

      • How to use scp command in Linux to transfer files securely using ssh

        On Unix or Linux operating systems, the scp utility, stands for secure copy, is similar to the more famous command, cp, but is used to transfer files and directories between hosts on a secure encrypted network.

        Since it relies on ssh for data transfer, it offers the same security and uses the same authentication ssh. The scp command will prompt for passwords for authentication (if needed), unlike rcp.

        In this article, we will dive into the world of secure transfer of files in Linux and learn how to use scp command. You will see how to use this utility through detailed explanations and example use cases of the commonly used scp switches and options.

      • Encryption at Rest in MariaDB – Linux Hint

        Encryption-at-rest prevents an attacker from accessing encrypted data stored on the disk even if he has access to the system. The open-source databases MySQL and MariaDB now support encryption-at-rest feature that meets the demands of new EU data protection legislation. MySQL encryption at rest is slightly different from MariaDB as MySQL only provides encryption for InnoDB tables. Whereas MariaDB also provides an option to encrypt files such as redo logs, slow logs, audit logs, error logs, etc. However, both can’t encrypt data on a RAM and protect it from a malicious root. In this article, we will learn to configure database-level encryption for MariaDB.

      • How To Install ERPNext on CentOS | RoseHosting Blog

        ERPNext is a completely robust ERP framework intended for small and medium-sized businesses. It covers an extensive variety of features, including accounting, CRM, inventory, selling, purchasing, manufacturing, projects, HR and payroll, website, e-commerce, and more – all of which make it profoundly adaptable and extendable.

        ERPNext is developed in Python and depends on the Frappe Framework. It utilizes Node.js for the front end, Nginx for the web server, Redis for caching, and MariaDB for the database.

      • How To Find Out Which Groups A User Belongs To In Linux

        A Linux group is a collection of one or more users with identical permission requirements on files and directories. An user can be a member of more than group at a time. In Linux, each group information is stored in the "/etc/group" file. In this tutorial, we will see all the possible ways to easily find out which groups a user belongs to in Linux and Unix-like operating systems.

        Finding out the groups to which a user account belongs will be helpful in many occasions. For instance, the other day I was installing Dropbox on my Ubuntu server. When configuring Dropbox, I had to enter my current user name and the group name. You could also be in a situation where you need to identify the groups a user belongs to. If so, use any one of the following methods to know what group a user is in.

      • How Do I Perform a Traceroute on Linux Mint 20? – Linux Hint

        Traceroute is a very useful utility that is used to track the path that a packet takes to reach a destination within a network. It can also act as a tool to report network congestion.

        In today’s article, we will discuss different examples that will demonstrate the usage of Traceroute on Linux Mint 20.

      • How do I Completely Remove a Package in Linux Mint 20? – Linux Hint

        The task of removing an installed package from any operating system can surely be a hassle if handled carelessly. It is because whenever you attempt to remove a package, you expect it not to leave any of its traces behind. In other words, you want a clean removal of the desired package. However, such a complete removal cannot be achieved without taking certain measures.

        That is why today’s article will be focused on the method of completely removing a package in Linux.

        Note: The method that we have attempted and shared with you in this article has been performed on a Linux Mint 20 system. However, the very same steps can also be performed on Ubuntu 20.04 and Debian 10.

      • How to Install Spotify in Fedora Linux – Linux Hint

        Spotify is a popular audio and video streaming service used by millions of people. Spotify is available for download on smartphones, tablets, and desktops for Windows, Mac, and Linux. Though Spotify works in Linux, this application is not actively supported, as it is on Windows and Mac. You can also enjoy Spotify on wearable gadgets. For example, if you have a Samsung smartwatch, you can listen to and control Spotify using the watch only. You need only install the app on your smartphone from the Play Store to start listening to tracks on Spotify.

        The free version of the application provides access to limited audio streaming services with advertisements. The premium service offers many features, including the ability to download media, ad-free browsing, better sound quality, and more. There are also other plans offered to specific individuals and groups. Spotify also supports various devices, such as Wireless Speakers, Wearables, Smart TVs, and Streamers.

      • How to Install Official Wallpaper Packs on Fedora? – Linux Hint

        Wallpapers are great for improving the user experience of any operating system. In the case of Fedora, one of its iconic features is the wallpapers it comes with. Every single Fedora release gets its own set of wallpaper, and these are some of the most anticipated components of any of its releases.

        In this guide, check out how to install official wallpaper packs on Fedora.

      • How to Reset Your Gnome Desktop to Default Settings

        Linux is a very versatile platform for not only power users, but also tweakers and tinkerers. With the rise of Linux desktop distros have come a whole new level of options for these users.

        Gnome is one of the most popular desktop environments on Linux and Ubuntu. The most popular desktop Linux distro now comes with Gnome out of the box following the shelving of Ubuntu’s Unity desktop environment. It, therefore, follows that there are countless ways to tweak your Gnome and make it truly yours.

      • How to Find Files Based on Timestamp in Linux

        The find command in Linux is used to search for files and folders based on different parameters. These parameters can be the filename, size, type of file, etc.

      • How to Delete Files Older Than Specified Days in Linux

        As you might already know, we use the rm command in Linux to delete files and folders. The filenames to be deleted have to be passed as arguments to rm. However, rm does not offer other options by itself, like deleting files based on timestamps.

        That’s the reason, we use the find command in Linux, which is used to search for files and folders based on different parameters. It is a complex command which can be used to search with parameters like the filename, size, type of file, etc.

        There is an option in the find command to search for files based on how old they are and today we will see how to use find and rm together to delete files older than the specified number of days.

      • How Can I Sudo Another User Without A Password? – Linux Hint

        In Linux platforms, a sudo user is a tool that implies “superuser do” to run various systems’ commands. A sudo user is typically a root user or any other user who has some privileges. To delegate important tasks like server rebooting or restarting the Apache server, or even to create a backup using the sudo command, you can use the sudo without having to enter the password again and again.

        By default, sudo user needs to provide some user authentication. At times, user requirements are to run a command with these root privileges, but they do not desire to type a password multiple times, especially while scripting. This is easily doable in Linux systems. In this article, we will check the method to sudo another user without entering their password.

      • How to configure Route53 with our DomainName to access a static website from S3 on AWS

        This article will help you with the steps to host a static website on S3 and redirect traffic from your subdomain to the static website on the S3 bucket. For this, you will need a domain purchased on AWS. Once you have the domain on AWS, you can create a subdomain and redirect requests from it to the S3 bucket.

      • How to install Zoom on Ubuntu, Lubuntu (latest version) using terminal

        What is zoom? Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars. You can use free and payed versios.

      • How to install mutliple Ubuntu VMs using Multipass on Ubunut 20.04 - Linux Shout

        Multipass is a platform developed by Canonical to launch and run Ubuntu virtual machines while offering a user the ability to configure them with cloud-init like a public cloud. Here we learn how to install Multipass on Ubuntu 20.04 Linux and use the same to launch Virtual machine instance.

        Although when it comes to launching lightweight pre-built virtual machine images with just a command, Docker comes to mind, however, Multipass could be another option for those who love to work on Ubuntu Server. Yes, if you want to launch Ubuntu Linux command line server VMs instantly on Windows, Linux and macOS then cross-platform Multipass is one of the good options to consider.

      • How to use the sipcalc Linux command line tool | Enable Sysadmin

        The only network numbers I can keep in my head are now and always have been a Class C network with a 24-bit netmask, such as I know there are 254 usable host addresses available with a broadcast address of, a gateway/router address of or (depending on who's running the network), and a human-readable netmask of That's my standard network. After all, 254 hosts are enough for any subnet, right? Wrong. A few years back, I had to step outside of my standard 254 hosts per subnet scenario when I decided to use a 22-bit netmask ( to get a 1022 usable address space.

        I knew little about this address space, and it was frustrating to try to search for the simple information that I needed without scrolling through forums with all the idle chatter and off-topic rhetoric. I guess some people just need a space in which to air their grievances about everything. I digress.

      • How to Install Cinnamon Desktop in Arch Linux

        Cinnamon is the default desktop environment for Linux Mint. This quick guide explains the steps to install the Cinnamon desktop environment in Arch Linux.

    • Wine or Emulation

      • Wine Launcher 1.4.46 Is Released

        Wine Launcher is a simple front-end for Wine that lets you use separate WINEPREFIX= prefixes and different configurations for each game you install using it.

        Wine Launcher version 1.4.46 is the seventh minor version of it that has been released this month. The Russians are producing new releases on a near-daily basis. A lot of new features have been added in the last dozen releases. The latest versions allow you to compress games to SquashFS images, the PipeWire multimedia server is now supported, VKD3D Proton has been added to the long list of Wine implementations a game can be configured to use, it is now possible to install libraries using Winetricks and the launcher itself has been re-designed.

    • Games

      • KenShape is a new tool to get easy 3D models from 2D pixel-art by Kenney | GamingOnLinux

        Want a quick way to make 3D models? Here's your fresh tip of the day for prototyping, game development or anything else - check out the new KenShape application from Kenney. For those unaware Kenney is the developer of games like Pixross, Frick, Inc., the Asset Forge application to bash together blocks to make 3D models and — oh, an absolute ton of high quality assets both paid and public domain.

        Their latest work is quite brilliant with KenShape. You draw something in a pixel-art block style, give it some depth based on numbers 1-8 with 1 being thin and 8 being quite large and it will then generate a proper 3D model of it. You can preview it first though of course but the result is quite remarkable. Generated models can be exported to various 3D formats compatible with most game engines (including Unity, Unreal Engine, Godot, Asset Forge, Blender and PlayCanvas), or as .vox files compatible with voxel software like MagicaVoxel.


        Thanks to having easy press access to anything on the platform (as long as developers hit the right checkboxes), I took it for a spin since it offers full Linux support.

      • Thrilling Linux Gaming Predictions for 2021 - Boiling Steam

        Last week we reached out to the community at large with a simple question: What do you predict will happen in the world of Linux Gaming by the end of 2021? To make things a little more fun, we asked everyone to limit their Linux Gaming predictions to 5 items, and be as specific as possible as to what they expect to occur. We also asked everyone to work on their predictions individually to avoid any potential bias.

        Now, we are sharing with you all the predictions we received, from quite a few places across the world as you can see from the below map. The Linux Gaming Community knows no frontiers.

      • Team Cherry upgrade the excellent Hollow Knight with Vulkan for Linux | GamingOnLinux

        Team Cherry have given their excellent action-platformer metroidvania Hollow Knight a bit of an upgrade, which you can test out on Steam in a fresh Beta test.

        Not played it before? You're missing out. Hollow Knight is a classically styled 2D action adventure across a vast interconnected world. Explore twisting caverns, ancient cities and deadly wastes; battle tainted creatures and befriend bizarre bugs; and solve ancient mysteries at the kingdom's heart.

      • OpenLoco is a free and open source re-implementation of Chris Sawyer's Locomotion | GamingOnLinux

        Just like there's the awesome OpenTTD for fans of Transport Tycoon Deluxe, there's also OpenLoco for players who want to play through the classic Locomotion. Not a project we've covered here before it seems, so we're making that right today.

        Originally released back in 2004, it's actually a spiritual successor to Transport Tycoon but it was not as loved due to various problems with the original release. Perhaps though it can have a new life thanks to OpenLoco.

      • VRWorkout is a free and open source VR fitness rhythm game

        Well, that's certainly one way to get a bit more exercise in. Whatever helps right? No judgement here, I could probably do with a little more myself…

        It's built with the free and open source game engine Godot Engine, so not only is the source code open for the game itself it's properly open for anyone to put it together from the source and will remain so. Speaking about VRWorkout to us on Twitter, the developer mentioned they actually do develop for it on Linux but they use a Quest headset not supported on Linux so they have to work with that on Windows. Perhaps though, in time, Monado might break down that barrier.

      • Free and open source voxel game engine Minetest 5.4 is out, makes mods easier for users | GamingOnLinux

        Minetest, the Minecraft-like voxel game engine (and a basic game that comes with it) has a big new release out with Minetest 5.4.0 and it's worth trying again.

        As we covered before during the Release Candidate stage, one of the big features for users in this release is vastly easier modding with both small mod packs and entire games. Minetest had a way to browse and download them all directly in the game for a while, but now it will also actually download all the dependencies mods need - making it vastly easier to get what you want and then into a game. No more downloading one mod, then finding all the individual bits it needs.

    • Desktop Environments/WMs

      • LXTerminal 0.4.0 released.

        Terminal emulator of LXDE had no releases for more than two years. Not much was added, not much was fixed but still some work done. Could be more of course but what we can do with our forces, that we do. Let hope we can do more later.

      • GNOME Desktop/GTK

        • GNOME 40 Beta Released for Public Testing, Here’s What’s New

          As you already know, GNOME 40 will introduce a new Activities Overview design that promises better overview spatial organization, improved touchpad navigation using gestures, more engaging app browsing and launching, as well as better boot performance.

          But the GNOME 40 beta release is packed with many other goodies, including the ability to switch workspaces with Super+scroll on Wayland, the implementation of a Welcome dialog after major updates, improved fingerprint login support, better handling of a large number of window previews, on-screen keyboard improvements, support for handling monitor changes during screencasts, as well as integration of the clipboard with remote desktop sessions.

    • Distributions

      • Kali Linux’s First Release in 2021 Ships with Xfce 4.16, Linux 5.10 LTS, and New Hacking Tools

        The first biggest change is the inclusion of the latest Xfce 4.16 desktop environment, which is used by default in the Kali Linux images. This change alone is so huge that you'll want to download the Kali Linux 2021.1 release right now and install it on your personal computer.

        The second biggest change in Kali Linux's first 2021 release is the inclusion of new tools for ethical hacking and penetration testing, such as Airgeddon for auditing wireless networks, AltDNS for generating and resolving permutations, alterations and mutations of subdomains, as well as Arjun HTTP parameter discovery suite.

      • Reviews

        • GhostBSD Review: Simple and Lightweight

          Because there are so many different options out there for your free and open-source operating system, it can be hard to figure out what the best option is for you. Sifting between Linux distros is difficult – Debian and its derivatives, Ubuntu and its derivatives, Fedora, Arch, openSUSE, the list goes on. However, what if the best choice for you isn’t actually technically Linux? Here we review GhostBSD, a FreeBSD-based Unix OS designed for a simple desktop experience, to see if it’s the right fit for you.


          The applications that are installed are all necessary. It’s exactly what you might expect to find in your typical lean open-source desktop OS configuration, with no frills and just the essential applications.

          There is not much to remark on with the user experience – it is a very simple and friendly version of the MATE desktop that’s designed to be light on system resources and simple to use. Overall, I think there is no way you could go wrong.

      • New Releases

        • Kali Linux 2021.1 released: Tweaked DEs and terminals, new tools, Kali ARM for Apple Silicon Macs

          Let’s start with the important cosmetic changes: the Xfce (default) and KDE desktop environments have been updated to v4.16 and v5.20, respectively. These bring a new look, but also more usability and increased efficiency.

          A few of the terminals have also been tweaked to – as the developers noted – “Kalify” them.

        • Kali Linux 2021.1 Release (Command-Not-Found)

          How you choose to interact with Kali is completely up to you. You may want to access Kali locally or remotely, either graphically or on the command line. Even when you pick a method, there are still options you can choose from, such as a desktop environment.

          By default, Kali uses Xfce, but during the setup process, allows for GNOME, KDE, or no GUI to be selected. After the setup is complete, you can install even more. We have pre-configurations for Enlightenment, i3, LXDE, and MATE as well.


          When we use Kali, we spend a significant amount of time using the command line. A lot of the time, we do it using a local terminal (rather than in a console or remote SSH). With the options of desktop environments, there are also choices when it comes to the terminals (same with what shell to use).

      • BSD

        • Syslog-ng on BSDs

          My FOSDEM presentation in the BSD devroom showcased what is new in sudo and syslog-ng and explained how to install or compile these software yourself on FreeBSD. Not only am I a long time FreeBSD user (started with version 1.0 in 1994) I also work on keeping the syslog-ng port in FreeBSD up to date. But soon after my presentation I was asked what I knew about other BSDs. And – while I knew that all BSDs have syslog-ng in their ports system – I realized I had no idea about the shape of those ports.


          In this blog I identified many problems related to syslog-ng in various BSD port systems. I also provided some workarounds, but of course these are not real solutions. I cannot promise anything, as I am not an active user or developer of any of these BSD systems and I am also short on time. However, I’m planning to fix as many of these problems at the best effort level, as time allows.

      • Screenshots/Screencasts

      • IBM/Red Hat/Fedora

        • 6 resources and 3 tips to help you enter the world of Linux containers

          Here are some tips, ideas, and resources to help you develop your container vocabulary and start working with this useful technology.

        • Bringing manufacturing to the edge with Red Hat OpenShift

          We are excited to announce today that Siemens is using Red Hat OpenShift to help its customers leverage the open hybrid cloud for edge deployments in the manufacturing industry. Let's take a look at why this is important for Siemens and why the approach is important for the industry at large.

          With Red Hat OpenShift for MindSphere, Siemens industrial IoT as a service solution, manufacturers will be able to run MindSphere across the hybrid cloud, including on-premise, for speed and agility in factory floor operations, as well as in the cloud for seamless product support, updates and enterprise connectivity. With MindSphere on Red Hat OpenShift, manufacturers will have control over factory floor data processed at the edge, as well as the agility and flexibility they require to meet expectations for higher quality products.


          Red Hat OpenShift has long provided a control plane across the hybrid cloud but we have also focused efforts around updating OpenShift to better meet the unique needs of edge-specific deployments like Siemens'.

          A few of the latest edge related updates include three-node cluster support, which brings the capabilities of the industry’s leading enterprise Kubernetes platform to bear at the network’s edge in a smaller footprint. We’ve also added remote worker nodes.

          Remote worker nodes enable IT organizations to place single worker nodes in remote locations that can then be managed by centralized supervisor nodes at a larger site, such as a core or regional datacenter. This provides an additional topology choice to organizations pursuing Kubernetes innovation at the edge.

        • Defense in depth with Red Hat Insights

          Vulnerability and patch management can be time-consuming and painful. Standard practices for vulnerability management rely on scanning for vulnerabilities and rescanning to confirm that patches have been applied. Unfortunately, this can lead to false positives and can be time consuming. In this post we will discuss how Red Hat Insights complements vulnerability management processes by providing deeper visibility to the risks associated with vulnerabilities based on your environment.

          Not only does Red Hat Insights identify vulnerabilities but it prioritises them based on any mitigations already in place and gives immediate validation when a patch is applied. This additional validation can serve as defense in depth security strategy, as Insights helps you monitor policy, identify vulnerabilities and validate that appropriate mediations are in place remediation.

        • How your career goals can focus your open source contributions

          One of the quiet secrets of open source software projects is how much direct experience you can gain from domains and disciplines beyond software development. And the reverse is true—if you have non-developer skills and job experience, you are valuable to open source projects.

          There are relatively common forms that a contribution might end up taking when submitted to an open source project. We can examine from an outside perspective how your skills and career development goals map to these types of contributions.

          While conversation around technology sometimes focuses on the code and developers, it is a maxim of open source software projects that contribution is more than just code. This is evident when you study a project’s success holistically from within its ecosystem. A skilled project manager or user interface designer, for example, is just as likely as a software developer to provide the ideas and efforts behind a major success.

        • Scaling with partners in 2021: How partner momentum is driving Red Hat success

          Taking a page from Red Hat president and CEO, Paul Cormier’s post, I’d like to take a moment to recognize what the past year has meant for the partner ecosystem and where we go from here. Not for the first time, we heard Paul explain the importance of partners in Red Hat’s story:

          "The channel is what made Red Hat. Without our partner ecosystem, Red Hat would be a very different company."

          Partners are the connective tissue between Red Hat and customers. This has remained true throughout most of Red Hat’s history, this was true in 2020, and it will be our truth as we grow in 2021 together. Red Hat and our partners proved to be resilient this past year, but what stands out to me is the momentum fueled by partners in a time filled with uncertainty and challenges.

      • Debian Family

    • Devices/Embedded

      • LG Will Add WebOS to Other Brands of Smart TVs

        WebOS is LG’s proprietary smart TV software. It began as a mobile operating system for Palm Inc.: Palm WebOS. It was acquired by Hewlett-Packard, which made it open source and renamed it Open webOS. LG then acquired it and renamed it just webOS, using it primarily for Smart TVs, but it also appears in the brand’s smart refrigerators and smart projectors.

        This week LG announced it’s licensing webOS to RCA, Ayona, Konka, and other brands of smart TVs. “This has the potential to reshape the TV business for both technology and content providers while significantly growing LG’s presence and prominence in the global home entertainment market,” said LG in a press release.

      • Khronos and EMVA collaborate on embedded camera standards [Ed: Has an NDA problem]

        The Khronos Group and the European Machine Vision Association have formed an Embedded Camera API Exploratory Group to explore open, royalty-free API standards for controlling embedded cameras and sensors.

        Beaverton, Oregon based The Khronos Group, known for graphic standards such as OpenGL and Vulkan, has announced a collaboration with the European Machine Vision Association to develop guidelines for potential standards governing embedded camera and sensor controls. Their new Embedded Camera API Exploratory Group, which is “open to all at no cost” will bring together sensor and camera manufacturers, silicon vendors, and software developers to explore the potential for camera control standards.

      • SmartNIC Standardizes FPGA Offload

        The latter runs standard Linux distributions like Ubuntu and Yocto Linux. SmartNIC drivers are available for host platforms such as Red Hat Enterprise Linux (RHEL), CentOS, and Ubuntu.

      • 3.5-inch Elkhart Lake SBC offers triple GbE ports

        Ibase’s -40 to 85€°C ready “IB836” SBC runs Ubuntu or Windows on an Atom x6000 with up to 32GB DDR4, 3x GbE, 3x USB 3.1, DP, Type-C with DP, 2x SATA, mini-PCIe, and M.2.

        Avalue revealed the first 3.5-inch SBC based on Intel’s Elkhart Lake back in September with its ECM-EHL, and now Ibase has posted a preliminary product page for its own 3.5-inch entry. The IB836 offers triple 1GbE ports instead of the GbE and 2.5GbE ports found on the ECM-EHL or the dual GbE ports on Congatec’s smaller, Elkhart Lake based Conga-PA7 Pico-ITX board.

      • Open Hardware/Modding

        • Raspberry Pi relaunches four IQAudio HATs

          Raspberry Pi Ltd has relaunched four IQaudio HATs as official Pi audio add-ons with lower prices ranging from $20 to $30: the IQaudio DAC+, DAC Pro, DigiAMP+ and Codec Zero.

          In December, Raspberry Pi Trading announced it had acquired IQAudio and would be relaunching their Raspberry Pi audio HATs at lower prices. As reported by MagPi, IQAudio’s four most popular HATs have now been relaunched as official Pi accessories and are available via the usual Pi resellers.

        • Crowbits magnetic blocks for STEM Education work with Arduino, Micro:bit, ESP32, and Raspberry Pi (Crowdfunding)

          Elecrow develops and manufactures electronics products for the maker market, and in recent years entered the STEM education market with products such as CrowPi2 Raspberry Pi 4 education laptop that I reviewed last year.

        • Arduino Blog €» Arduino MKR IoT Carrier: Control what you want, how you want to!

          By popular demand, we are pleased to announce that it’s now possible to buy the Arduino MKR IoT Carrier. Originally forming a key part of the Arduino Oplá IoT Kit, we’ve responded to our community to make the carrier available on it’s own, thus enabling you to benefit from having a bunch of sensors, actuators and a display all featured on the one board — making it quicker and easier to take your IoT projects to the next level.

          Featuring a large set of built-in sensors and actuators as well as a useful color display, the carrier lets you focus on prototyping your IoT ideas right away by saving on the hassle of wiring and soldering these components.

          The carrier can become a WiFi, LoRa, NB-IoT or GSM-compatible device by seamlessly connecting to any MKR family board. Building a user interface for these boards is easy with the embedded color OLED screen, five capacitive touch buttons, and the five RGB LEDs. The integrated sensors (temperature, humidity, pressure, RGBC light, gesture and proximity) allow you to map the environment around the carrier, and should you need to capture any other data there are over 100 additional Grove sensors that can easily be connected directly to the carrier.

    • Free, Libre, and Open Source Software

      • Nextcloud Hub 21 Is A Promising Release For Remote Teams With Big Improvements - It's FOSS News

        The Nextcloud team recently unveiled the details and general availability of Nextcloud Hub 21. In case you didn’t know, the Nextcloud Hub is an open-source collaboration platform as a replacement to other proprietary solutions.

        Even the team at It’s FOSS utilizes Nextcloud. You can learn more about Nextcloud in one of our previous articles.

        This is their latest offering and the first major release of 2021 with claims of up to ten times better performance and a host of new features.

      • Ampere Making Progress On Open-Source Firmware For Their CPUs/Platform

        Ampere's Arjun Khare presented earlier this month at the 2021 FOSDEM virtual conference on the company's open-source firmware efforts. Ampere is "committed to supporting open-source in the firmware ecosystem" and have been engaging with the community and their customers from OpenBMC support to TianoCore/EDK2 and LinuxBoot through OCP/OSF efforts. Their relevant code tends to be hosted through AmpereComputing on GitHub.

      • Web Browsers

        • Mozilla

          • Firefox 86 Released with Multiple Video Playback in Picture-in-Picture Mode

            Mozilla Firefox web browser 86.0 was released with improved pop out video support and latest privacy protection.

            In Firefox 86, you can now play multiple videos at the same time in the Picture-in-Picture mode.

            The new release also features new privacy protection: Total Cookie Protection. It stops cookies from tracking you around the web by creating a separate cookie jar for every website.

            To enable this feature, go to about:preferences#privacy page and set Enhanced Tracking Protection to Strict mode.

          • Firefox 86 brings multiple Picture-in-Picture, “Total Cookie Protection”

            In December 2019, Firefox introduced Picture-in-Picture mode—an additional overlay control on in-browser embedded videos that allows the user to detach the video from the browser. Once detached, the video has no window dressing whatsoever—no title bar, min/max/close, etc.

            PiP mode allows users who tile their windows—automatically or manually—to watch said video while consuming a bare minimum of screen real estate.

            Firefox 86 introduces the concept of multiple simultaneous Picture-in-Picture instances. Prior to build 86, hitting the PiP control on a second video would simply reattach the first video to its parent tab and detach the second. Now, you can have as many floating, detached video windows as you'd like—potentially turning any monitor into something reminiscent of a security DVR display.

            The key thing to realize about multi-PiP is that the parent tabs must remain open—if you navigate away from the parent tab of an existing PiP window, the PiP window itself closes as well. Once I realized this, I had no difficulty surrounding my Firefox 86 window with five detached, simultaneously playing video windows.

          • This Week in Glean: Boring Monitoring [Ed: Mozilla insists that it is not surveillance when they call it "data science" and "big data"]

            Every Monday the Glean has its weekly Glean SDK meeting. This meeting is used for 2 main parts: First discussing the features and bugs the team is currently investigating or that were requested by outside stakeholders. And second bug triage & monitoring of data that Glean reports in the wild.

            [...] It probably can! But it requires more work than throwing together a dashboard with graphs. It’s also not as easy to define thresholds on these changes and when to report them. There’s work underway that hopefully enables us to more quickly build up these dashboards for any product using the Glean SDK, which we can then also extend to do more reporting automated. The final goal should be that the product teams themselves are responsible for monitoring their data.

          • William Lachance: Community @ Mozilla: People First, Open Source Second [Ed: Is this why Mozilla pays its CEO over 3 million dollars per year (quadruple the older sum) while sacking even its own people and spying on Firefox users (people)?]

            It seems ridiculously naive in retrospect, but I can remember thinking at the time that the right amount of “open source” would solve all the problems. What can I say? It was the era of the Arab Spring, WikiLeaks had not yet become a scandal, Google still felt like something of a benevolent upstart, even Facebook’s mission of “making the world more connected” sounded great to me at the time. If we could just push more things out in the open, then the right solutions would become apparent and fixing the structural problems society was facing would become easy!

            What a difference a decade makes. The events of the last few years have demonstrated (conclusively, in my view) that open systems aren’t necessarily a protector against abuse by governments, technology monopolies and ill-intentioned groups of individuals alike. Amazon, Google and Facebook are (still) some of the top contributors to key pieces of open source infrastructure but it’s now beyond any doubt that they’re also responsible for amplifying a very large share of the problems global society is experiencing.

          • Tor Browser 10.0.12 Is Released

            The latest version of the Tor projects web browser bundle has their re-branded Mozilla Firefox browser updated to version 78.8.0esr, the NoScript for it updated to version 11.2.2 and the Tor client is updated to version Firefox 78.8.0esr contains three high impact security fixes so Tor users who use this bundle should upgrade.

      • CMS

        • Did You Know About Reusable Blocks?

          The WordPress block editor (a.k.a. Gutenberg) comes with a feature called “reusable blocks.” They are blocks, saved for later, edited in one place.

        • Alternatives to ikiwiki?

          Connected to the fact that I only can have static sites (no CGI, no forms, nothing else), I am, at this time, using Disqus to host the comments of my blog. I am also thinking of alternatives to this, like sending people to Twitter (or mastodon or email) or some site similar to Disqus, but with more of a Free Software inclination.

      • FSF

        • Licensing/Legal

          • Open Source Community Critical Of Chessbase, Fat Fritz 2

            The development teams behind the two most successful and influential open-source chess programs, Stockfish and Leela Chess Zero, have issued statements denouncing the commercial program Fat Fritz 2 and the company Chessbase that is selling the program for 99,90 euros.

            The statements (Stockfish blog, lichess announcement) assert that the engine in Fat Fritz 2 is Stockfish with minimal changes, that Fat Fritz 2 has violated the GNU General Public License under which Stockfish is released, and that Chessbase's marketing has made false claims about Fat Fritz 2's playing strength.

      • Programming/Development

        • LD_PRELOAD: How to Run Code at Load Time

          Today I want to continue the series on using LD_PRELOAD. In previous posts, we covered how to inject a shared object binary into a process, and use that to hijack a library function call to run our own code. This is great when we want to overwrite the behavior of external library calls in a process, but we would have to wait for that call to happen first before our code can run. What if we want to run code before the program even runs from within the target process? Today, we are going to explore how this can be accomplished and look at a few use cases where this could be useful.

        • Qt Creator 4.14.1 released

          This release fixes various issues in various parts of Qt Creator. Please see our change log for an overview of the improvements.

        • Using maps in GNU poke

          Editing data with GNU poke mainly involves creating mapped values and storing them in Poke variables. However, this may not be that convenient when poking several files simultaneously, and when the complexity of the data increases.

        • Shell/Bash/Zsh/Ksh

          • Bash script to While Loop while Reading Stdin – Linux Hint

            The concept “stream” in a computer applies to something that might move data. Any instruction you are executing in the terminal would be at any position of the flow. These positions can be an origin or an outflow. Let’s get a quick overview of the specific Stdin stream. In Linux, stdin refers to the default or standard input. The input it requires must be a text. To acquire data or information from you, it’s the file handler that your procedure readout. Almost all flows are viewed in Linux as if they are directories. We may read/write information from all of these streams, exactly as you can read/write a document. By using a special file descriptor number related to it provides a great approach to access a document. There have been special values allocated to every one of these throughout the situation of such streams. Stdin has a value of 1.

          • How to Obtain a Bash Substring After a Specified Character – Linux Hint

            In programming, a string is a series of characters, whether as a precise constant or some sort of variable. The characters contained within a string can be any number, digit, or special character.

          • Create Bash Functions with Arguments – Linux Hint

            In programming, a function is an entity that performs an activity when it is called. This function may or may not accept arguments, which are the parameters that determine the activity that a function performs. Many of those who are new to programming might wonder why we even need to create functions when we can simply write a program as-is without breaking it into different parts.

            This is where the concepts of Modularity and Code Reusability come into play. Modularity, or modular programming, is a highly recommended programming approach that breaks code into chunks to enhance readability, which also results in Code Reusability. Code Reusability refers to the ability to reuse a certain piece of code repeatedly, thus avoiding the task of rewriting the code every time it is used.

            Modularity and Code Reusability are why functions are so extensively used in all programming languages, regardless of whether they are high-level or low-level. However, it can be quite tricky to create functions that work with the correct arguments or that accept certain arguments. This article uses several examples to show you how to create Bash functions with arguments in Linux Mint 20.

          • Creating Bash Infinite Loop by Example Scripts – Linux Hint

            An infinite loop in Bash or any other programming language refers to a loop that is continuous i.e., its terminating condition is never met or its executing condition forever stays true. Such loops in any programming language are very simple to write. Whether it is a “for” loop or a “while” loop, it can be made infinite with very slight tweaking in its normal syntax.

            In this article, we will be sharing with you the different ways on how you can conveniently make the “for” and “while” loops infinitely in Bash in Linux Mint 20.

          • How to Break from a Bash While Loop? – Linux Hint

            Loops are an extremely useful means of performing repetitive tasks not only in Bash scripting but also in all other programming languages. It enables us to write a task (that is supposed to occur multiple times) at once and enclose it within any desired loop so that the said task can be performed repeatedly. Different loops are used in every programming language, i.e., multiple types of loops can be used with every programming language. Amongst all types, the most frequently used loops are the “for” loop and the “while” loop.

            A major difference between the execution of the “for” loop and the “while” loop is that in the former one, the incrementing or decrementing variable is specified with the loop whereas, in the latter, that variable is specified after the task that is supposed to be performed repeatedly is stated. The “while” loops appear to be more convenient for the programmers syntactically.

            The concept of infinite loops in every programming language is also very common, i.e., a loop that never terminates and its condition assesses to be always “true”. At times, these loops are written accidentally by the programmers, however, there are situations in which such loops are written deliberately. Either way, there can be certain conditions in which we want that infinite loop to break.

          • How to Create a Bash Function that Returns an Array – Linux Hint

            It may appear at first glimpse that returning an array from a Bash function is not realistic. Considering all the benefits, it can be useful to call multiple methods to construct arrays to split up the process of gathering all the appropriate parameters for a YAD call.

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Lessons Learned From the SolarWinds Supply Chain Hack

          In a recent Linux Foundation blog post titled “Preventing Supply Chain Attacks like SolarWinds,” the foundation’s Director of Open Source Supply Chain Security, David A. Wheeler, adamantly pushed the need for software developers to embrace the LF’s security recommendations to prevent even worse assaults on government and corporate data security in the wake of the rampant data breach.

          Wheeler’s post is timely and filled with information to make it harder for hackers to exploit the future systems we all depend on. He includes 11 Linux Foundation recommendations including how organizations can harden their build environments against attackers, the need to begin shifting towards implementing and then requiring verified reproducible builds, and the practice of changing tools and interfaces so unintentional vulnerabilities are less likely.

          According to Wheeler, SolarWinds met some of the foundation’s defensive measures. None of them prevented the successful SolarWinds attack, he said. More software hardening is needed.

          The SolarWinds Orion software product is proprietary. So how can open-source coding methods help create better security?

        • M1 MacBook SSDs are facing a big problem — and it could kill your laptop

          The new M1 chip in Apple's latest MacBooks offers great performance and battery life. It may not be so good for your storage drive, however.

          On Twitter and several other forums, users of the latest MacBook Air, MacBook Pro and Mac Mini models are reporting solid-state-drive (SSD) wear rates far higher than expected. If the figures are accurate and the trend continues, it could mean worryingly short lifespans for Apple's latest batch of laptops.


          In the case of the tested Macs seen in these threads, one Mac Mini user claimed to have written 165TB of data in just two months of use. Compared to equivalent retail SSDs from Toshiba (who supplies the SSDs inside the MacBooks), that's equivalent to 10% of its total warrantied TBW.

          In theory, the SSDs in Apple's M1 MacBooks should guarantee reliable use for around five years. But this rapid rate of use slashes that reliable life to less than two years.

          This 10% figure seems to be an outlier. Most users complaining about this issue are reporting figures of 2-3% usage, as seen on threads on the MacRumors forum and the LinusTechTips forum. That's still higher than you'd expect for a brand-new device, though.

        • Security

          • Google Provides Funding For Linux Kernel Developers To Focus On Security

            Google is announcing today in cooperation with The Linux Foundation that they are providing funding for two full-time developers to focus solely on security issues.

            Longtime Linux developers Gustavo Silva and Nathan Chancellor are the two that will now be focusing full-time on dealing with Linux security issues.

          • Google Funds Linux Kernel Developers to Focus Exclusively on Security

            Today, Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

            Silva and Chancellor’s exclusive focus is to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.

          • Google invests in open source security by funding Linux kernel developers

            In a nod to the growing importance of open source software, Google today announced that it will underwrite the salaries for two developers who will focus on Linux’s fundamental security.

            The gesture may seem limited, but Google believes targeting the Linux kernel will have a broader impact on Linux’s underlying security. The company hopes other corporations will be inspired to do the same in an attempt to clear a lengthy backlog of items researchers already know need to be addressed.

            The Linux kernel is the basic interface that sits between computer hardware and the software running on it. It has become the cornerstone of a large portion of the open source systems that have been deployed around the world.

          • Google funds two Linux kernel developers to focus on security

            Google and the Linux Foundation are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development.

            Gustavo Silva and Nathan Chancellor will focus on maintaining and improving kernel security and associated initiatives in order to ensure the world's most pervasive open source software project is sustainable for decades to come.

            A recently published open source contributor survey from the Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) has identified a need for additional work on security in open source software. While there are thousands involved in developing the Linux kernel this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the sustainability of open source software.

          • Google Funds Linux Kernel Developers to Focus Exclusively on Security

            "At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software," said Dan Lorenc, Staff Software Engineer, Google. "We're honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel."

            Chancellor's work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work ongoing. Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies. Chancellor has been working on the Linux kernel for four and a half years. Two years ago, Chancellor started contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools.

          • Google funds two Linux Foundation security roles

            The effort support Google’s strategy “to help support the critical open source projects that we’re relying on,” Google software engineer Dan Lorenc told SC Media.

            “We do this in a bunch of ways, but the one that we like most is to work with existing maintainers and existing communities rather than coming in from the outside.”

            Google will fund Gustavo Silva, who already works in a similar role eliminating buffer overflows and bolstering new security tools; and Nathan Chancellor, a new hire, who will focus on the Clang/LLVM compiler.

            Using the Clang compiler for Linux is an accepted secondary option to build the operating system. But, said Lorenc, Clang is not particularly well maintained by full-time staff. Chancellor had been an active contributor to the project, but only in his free time.

          • Google is funding Linux Kernel developers with a special focus on security

            To further bolster the security credentials of the Linux kernel, Google and the Linux Foundation have decided to fund two kernel developers to work exclusively on security-related developments.

            The kernel developers, Gustavo Silva and Nathan Chancellor, are long-time kernel developers and have now been tasked to maintain and improve kernel security along with any associated initiatives.

            “At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer, Google. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”

          • An XDA Recognized Developer is being funded by Google to improve Linux Kernel security

            Google and the Linux Foundation announced plans to provide funds to two Linux kernel security developers, one of whom is Nathan Chancellor, a well-known kernel developer on our forums. The two developers will focus their time on improving kernel security and associated initiatives.

            The news comes on the heels of the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently publishing an open-source contributor survey report that identified a need for additional work on security in open-source software. In a press release, the Linux Foundation said Google’s contribution to underwriting two full-time security maintainers signals how important it is to maintain the integrity of open-source software.

          • Google funds Linux maintainers to boost Linux kernel security

            Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security.

            "While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today.

          • 'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security

            Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security.

            The internet giant builds code from its own repositories rather than downloading outside binaries, though given the pace at which code is being added to Linux, this task is non-trivial. Google's open-source security team lead Dan Lorenc spoke to The Register about its approach, and why it will not use pre-built binaries despite their convenience.

            But first: the two individuals full-time sponsored by Google are Gustavo Silva, whose work includes eliminating some classes of buffer overflow risks and on kernel self-protection, and Nathan Chancellor, who fixes bugs in the Clang/LLVM compilers and improves compiler warnings.

            Both are already working at the Linux Foundation, so what is new? "Gustavo's been working on the Linux kernel at the Linux Foundation for several years now," Lorenc tells us. "We've actually been sponsoring it within the Foundation for a number of years. The main change is that we're trying to talk about it more, to encourage other companies to participate. It's a model that works, we're trying to expand it, find contributors that want to turn this into a full-time thing, and giving them the funding to do that."

          • Google Sponsors 2 Full-Time Devs To Improve Linux Security

            Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security

          • Google to fund two full-time Linux kernel security developers - SD Times

            Google and the Linux Foundation have announced plans to maintain and improve Linux’s long-term security. As part of the plan, the organizations will prioritize funds to underwrite long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor as full-time developers focused on Linux kernel security development.

            This decision follows a survey by the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH), which found a need for additional security work on the Linux operating system.

          • Security updates for Wednesday

            Security updates have been issued by openSUSE (firefox and tor), Oracle (stunnel and xterm), Red Hat (virt:8.2 and virt-devel:8.2 and xterm), SUSE (avahi, gnuplot, java-1_7_0-ibm, and pcp), and Ubuntu (openssl).

          • Why not rely on app developer to handle security? – MichaÅ‚ Górny

            One of the comments to the The modern packager’s security nightmare post posed a very important question: why is it bad to depend on the app developer to address security issues? In fact, I believe it is important enough to justify a whole post discussing the problem. To clarify, the wider context is bundling dependencies, i.e. relying on the application developer to ensure that all the dependencies included with the application to be free of vulnerabilities.

            In my opinion, the root of security in open source software is widely understood auditing. Since the code is public, everyone can read it, analyze it, test it. However, with a typical system install including thousands of packages from hundreds of different upstreams, it is really impossible even for large companies (not to mention individuals) to be able to audit all that code. Instead, we assume that with large enough number of eyes looking at the code, all vulnerabilities will eventually be found and published.

            On top of auditing we add trust. Today, CVE authorities are at the root of our vulnerability trust. We trust them to reliably publish reports of vulnerabilities found in various packages. However, once again we can’t expect users to manually make sure that the huge number of the packages they are running are free of vulnerabilities. Instead, the trust is hierarchically moved down to software authors and distributions.

            Both software authors and distribution packagers share a common goal — ensuring that their end users are running working, secure software. Why do I believe then that the user’s trust is better placed in distribution packagers than in software authors? I am going to explain this in three points.

          • Sysdig Donates Module to CNCF to Improve Linux Security

            Sysdig announced today it has donated a sysdig kernel module, along with libraries for the Falco security platform for Kubernetes, to the Cloud Native Computing Foundation (CNCF) as part of an effort to advance Linux security.

          • Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network

            The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the DizmeID Foundation and technical project with the intent to support digital identity credentialing. The effort will combine the benefits of self-sovereign identity with necessary compliance and regulation, with the aim to enable wallet holders with ownership and control over their digital identity and data access and distribution.

          • Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network
          • A Tale of Two Updates

            Helping your users stay up to date on their workstation is something I believe OS vendors should endeavour to do, to the best of their ability. Some users aren’t able to find time to install updates, or are irritated by update dialogs. Others are skeptical of their contents, some even block updates completely. No OS vendor wants to be “That Guy” featuring in the news as millions of their customers are found to be vulnerable on their watch. Equally, respecting the user, given it’s their computing device, is vital too. It’s a difficult balance to strike. Somewhere in between “That Linux distro which nags me constantly to do updates” and “That distro which is outdated and insecure” erring towards the former, is probably the sweet spot. So when I read today in typical El Reg fashion that “Linux Mint users in hot water for being slow with security updates, running old versions” I was reminded of an issue we had in Ubuntu a few years back. I’m going to muddy things a little to save engineer embarrassment, but you’ll get the gist. First though, a small backstory.

          • Linux Mint users in hot water for being slow with security updates, running old versions [Ed: By Microsoft Tim]

            Linux Mint founder Clem Lefebvre has complained that too many users are slow to apply updates or run unsupported versions of the operating system.

            Lefebvre used Firefox as an example. Mozilla's browser is frequently updated and has fixes for security vulnerabilities described by the firm as critical, which it defined as "can be used to run attacker code and install software, requiring no user interaction beyond normal browsing." The latest such update is dated 5 February 2021 (though it is a Windows-only problem).

          • TPM

            • Patrick Uiterwijk: TPM2 Key Trust: where did Keylime go wrong

              In my previous blog post, I explained how a verifier can get a signing key that it trusts is on a TPM for attestation (part 2 of the other post in the making).

              I have been contributing to a specific implementation of remote attestation for Linux, called Keylime.

              As part of the effort on porting the agent to Rust, I was looking into how the process works, and as part of that I identified a vulnerability in how Keylime deals with the TPM2 that breaks the Chain of Trust in two different places.

              For the quick rundown, see the advisory.

            • Patrick Uiterwijk: TPM2 Key Attestation

              The TPM is able to hold cryptographic keys and use those keys for various operations. So it can do things like signing things with an asymmetric RSA or ECC key.

              These keys can either be imported or generated by the TPM itself, and they have various attributes that the TPM stores and returns about their properties, like whether the key was generated by the TPM, and whether the key is exportable (as in, you can get the private part for this key out of the TPM).

              Keys (and other objects in the TPM) also have a “Name”. For keys, this Name is a digest over the TPM representation of the keys, which includes their attributes. This means that two keys with the exact same public numbers (i.e. RSA modulus and exponent) may still have a different name, if one is for example non-exportable and one is exportable.

    • Environment

      • Canada and the US Should Cooperate in an Ecosocialist Green New Deal

        I was asked by Energy Advisor, a weekly publication of the Inter-American Dialogue, to write a 250 word commentary responding to the following questions. I sent them a shorter version of my response below, but here is a fuller response to their big questions.

        Canadian Prime Minister Justin Trudeau said in February that he sees Canada and the United States collaborating more closely on the manufacturing of electric vehicles, as well as on the supply of critical minerals used to make batteries for electric cars and other clean technologies, such as solar panels. To what extent and in what ways are Canada and the United States already jointly working on the development of electric vehicles and other clean technologies? How much room is there for further cooperation, and what might that look like? What does each country stand to gain from enhanced collaboration on the green economy?

        What Prime Minister Trudeau sees is not enough. Canadian and the US are supporting electric vehicle (EV) production by multinational corporations in Canada and the US with various subsidies, including government EV purchases, tax breaks to consumer who purchase EVs, and direct government subsidies to EV manufacturing. Prime Minister Trudeau also touts Canada’s mineral resources that are critical for EVs, particularly copper, aluminum and nickel.

        What is missing are goals and timetables to electrify all of transportation powered by clean renewable energy in the timeframe required by the climate emergency. Both governments should cooperate in directing this transformation like the US government did during the World War II emergency when it took over a quarter of US manufacturing capacity in order to turn industry on a dime into the Arsenal of Democracy to arm the allies to defeat Hitler, Mussolini, and Tojo. We need to do nothing less through the public sector in manufacturing, transportation, and power production to defeat climate change. Government incentives to private enterprise are not direct and coordinated enough to make the rapid transformation we need for climate safety.

        With public enterprise and economic plannin

    • Monopolies

      • Book Review: Intellectual Property in the Era of Big Data and Blockchain [Ed: “Intellectual Property" in a book title already tells us it's about propaganda, not an honest debate about real things]

        The volume opens with Chapter 1, written in English, where Carlos Correa introduces the reader to the legal limbo surrounding the regulation of data. Starting from the premise that the law is lagging behind recent technological developments in the data sector, the author first gives a definition of data. He then suggests a classification of data, based on the experiences in the EU, US, Canada, and India. Chapter 1 follows by addressing the legal rights in data, primarily copyright, protection of data bases as a sui generis right in the EU, and a sui generis exclusive right on data,– a proposal circulated by the European Commission in 2017. The chapter closes with addressing the data ownership, especially regarding sensitive categories of data sets, such as individual health data.

      • Apple Hit with Antitrust Investigation for "Sign in with Apple" - Make Tech Easier

        Apple is facing increasing pressure over its App Store practices. It is facing lawsuits from developers over its insistence that apps only use its subscription model under heavy fire from Facebook for forcing apps to disclose their data privacy practices. It’s also deep into an antitrust investigation after more complaints from developers over its “Sign in with Apple” option.

      • Patents

        • All eyes on Luxembourg in Nokia and Daimler patent battle [Ed: Luxembourg as outpost for legal dispute rather than actual innovation]

          For the time being, Nokia cannot enforce the injunctive relief from an infringement ruling of the Regional Court Mannheim against Daimler. The Higher Regional Court Karlsruhe ordered this measure on 12 February. Daimler has appealed against the Mannheim Regional Court’s ruling.

          A date has yet to be set for the oral hearing. However, this may no longer be decisive. Nokia has since cleared the way for the CJEU to clarify important FRAND issues.

          Last week, Nokia withdrew its appeal against a decision by the Regional Court Düsseldorf to refer parallel proceedings against Daimler to the CJEU.

        • Oxford tech transfer chief: ‘It’s been the most intense year’ [Ed: The patent profiteers who deny poor people access to vaccines get a puff piece from a think tank of patent zealots]

          In an exclusive interview, Adam Stoten of Oxford University Innovation explains why his team partnered with AstraZeneca on a COVID vaccine – and what made the deal unique

        • The Bible and patent law [Ed: Many have accused patent maximalists of being like a cult or a religion. They oblige, proving that to be partly true. ]

          There may be cases where the defendant infringed a patent during the development of a product, method or process which, as such, does not infringe that patent. When such use is not covered by the “experimental use exemption” or other exemptions, such as the “Bolar exemption”, the question arises as to whether the patent owner should be able to claim so-called “reach-through” royalties based on the downstream turnover generated by a non-infringing product, process or method that would not have been available to the defendant but for the infringement. A classic example is a non-infringing product that has been developed using a research tool protected by a patent. The logic is that “but for the infringement” the downstream profits would not have been obtained. This logic was followed by the U.S. courts in Monsanto v. Dupont, which resulted in the latter being ordered to pay approximately $1 billion in damages to the former for having used a patented soybean line during the development of a commercial product.

        • Oceana Innovations patent determined to be likely invalid

          On February 23, 2021, the Patent Trial and Appeal Board (PTAB) instituted trial on all grounds challenging all of the claims of U.S. Patent 6,508,678, owned by Oceana Innovations LLC, an NPE and subsidiary of Endpoint IP. The ‘678 patent is generally directed to USB electrical connector assemblies with the patent being asserted against HDMI cable assemblies. In 2017, the previous patent owner, Interface Linx, LLC, asserted the ‘678 patent against TTE, Haier, Onkyo, Pioneer, Sherwood, Sound United, VOXX, and Hisense. Those cases terminated in 2019. The current patent owner, Oceana Innovations LLC, began a new campaign in May 2020, filing suits against JVCKenwood, Charter Communications, and Roku (terminated).

        • Software Patents

          • GE Video Compression patent likely unpatentable

            On February 22, 2021, the USPTO granted Unified's request for ex parte reexamination, finding substantial questions of patentability for all challenged claims of U.S. Patent 10,057,603, owned by GE Video Compression LLC (GEVC). The ‘603 patent has been designated as essential in the HEVC Advance patent pool and is one of the largest GE families in Advance.

Recent Techrights' Posts

Geminispace Growing and Getting More Free (Independent)
Because self-signed certificates are the way to go
Washington's WARN Site/Portal (That Excludes Many Microsoft Layoffs) is Now Down for Many Hours, Microsoft Causes Major Outages and Incidents Worldwide (Even Deaths)
The mass layoffs (lots of them in Azure since 2020) probably worsen resilience and security some more
UEFI 'Secure Boot' Once Again Bricking PCs and Fake Security Models Are Perishing in Geminispace
Let's Encrypt has just fallen again
Microsoft/Windows Has Fallen Well Below 1% (Now 0.7%) in American Samoa
statCounter Sees Microsoft Windows at Below 1% in American Samoa
The Thelio Mega Is a Dual-GPU Linux Supercomputer
System76 sells many desktops and laptops built to run Linux. The company has now revealed its new high-powered Linux desktop, the Thelio Mega
[Meme] "System of a Down"
The latest international catastrophe kills people
Why Microsoft is Laying Off So Many People in Nigeria
Nigeria is a place Microsoft has lost
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 19, 2024
IRC logs for Friday, July 19, 2024
Gemini Links 20/07/2024: Gopher Catchup and Old Computer Challenge
Links for the day
Microsoft Lays Off Half of Its Workforce in Nigeria
Microsoft continues to implode in Africa
Links 19/07/2024: Microsoft Breaks Down and Amdocs Has 1,500-3,000 More Layoffs
Links for the day
[Meme] Conservative (and Fake) Nuclear Physicist Bill Gates
Didn't even graduate from college, media treats him like a world-renowned expert in nuclear energy
The Gemini Capsule of Tux Machines Turns 2 in Six Days
Many people actually use Gemini, some participate in it by creating their own capsule (or capsules)
GNU/Linux Rises to 4% in Saudi Arabia, Says statCounter, Windows Has Fallen to 11% (Android Exceeds 60%)
Microsoft might soon fall below 10% in KSA (Saudi Arabia)
IRC Proceedings: Thursday, July 18, 2024
IRC logs for Thursday, July 18, 2024
GNU/Linux news for the past day
GNU/Linux news for the past day
1901 Days in High-Security Prison (and 8 More Years in Severe Confinement) for the 'Crime' of Exposing War Crimes and Corruption
Julian Assange clip = Microsoft Lobbying (Openwashing)
Here's the latest pair of blog posts
In Northern Mariana Islands, Where Julian Assange Pled Guilty 4 Weeks Ago, Windows Remains Second to Android, and GNU/Linux Still Grows in Oceania
It was the first month ever that statCounter saw more Web requests there from Android than from Windows
If GitLab Gets Sold (Datadog and Google Named Among Potential Buyers), It'll Prove Our Point About GitLab
Beware the bait on the hook
Hot Summer: Microsoft Flirting With the "5% Windows" Club in Afghanistan
The share of Windows in Afghanistan has fallen to almost 5% (1 in 20 Web requests)
[Meme] Nothing Says "Independence Day" Like...
Firing DEI on Independence Day period
Good News About GNU/Linux, Geminispace, FSF, and Backlash Against Microsoft
here are a few quick takes
Links 18/07/2024: Hardware, Conflicts, and Gemini Leftovers
Links for the day
Backlash and Negative Press After Microsoft Tells Diversity, Equity, and Inclusion (DEI) People to DIE
Follow-up stories
Links 18/07/2024: Retroactively Pseudonymised Litigant and Alberta’s Energy ‘War Room’
Links for the day
Gemini Links 18/07/2024: A Welcome to Gemini and Politics of Assassinations
Links for the day
Red Hat's Official Site Yesterday: Promoting 'Secure' Boot in Machines You Don't Own or Control Anyway
"To be clear, CentOS Linux no longer exist"
Fabian Gruenbichler & Debian: former GSoC student added to keyring
Reprinted with permission from Daniel Pocock
Links 18/07/2024: ORG Complaint to ICO About Facebook, Korean Double Agent Unmasked
Links for the day
Joel Espy Klecker & Debian on Joe Biden's health and Donald Trump's assassination
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 17, 2024
IRC logs for Wednesday, July 17, 2024
Links 18/07/2024: Hostname Pedantry and Retro Coding
Links for the day