Bonum Certa Men Certa

Links 22/4/2021: Grafana Goes for AGPLv3, Godot 3.3 Released, Mesa 21.0.3 Available



  • GNU/Linux

    • Desktop/Laptop

      • Librem 14 First Boot

        The Librem 14 supports our Pureboot bundle. This includes software based on Heads and Coreboot and a hardware security device called a Librem key. It’s a compelling way to verify your OS has not been tampered with.

        While most GNU/Linux distros can be installed on the Librem 14, the two supported OSs are PureOS 10 and QubesOS. PureOS 10 code name Byzantium is our flagship OS with security and convenience at its core. QubesOS is a bit less convenient but adds extra software security for those that need it.

    • Server

      • Open-Source Bare Metal Provisioning Platform, Tinkerbell, Spreads Its Wings in the CNCF Sandbox

        The open-source bare metal provisioning platform known as Tinkerbell has been growing its feature set since it joined the Cloud Native Computing Foundation (CNCF) sandbox program a year ago, belying its diminutive name with sizeable new capabilities. The latest release comes with a new, next-gen, in-memory operating system installation environment; the ability to share common workflow actions using the CNCF Artifact Hub; support for Cluster API; and out-of-the-box support from a long list of operating systems.

        Originally developed by Equinix, the Tinkerbell platform is a collection of microservices designed to help organizations transform static physical hardware into programmable digital infrastructure, regardless of manufacturer, processor architecture, internal components, or networking environment. The platform's cloud-native and workflow-driven approach has been tested in production with the Equinix Metal automated bare metal service. Equinix open sourced the platform last May, and it was accepted as a CNCF sandbox project in November 2020.

      • Using Podman Compose with Microcks: A cloud-native API mocking and testing tool

        Microcks is a cloud-native API mocking and testing tool. It helps you cover your API’s full lifecycle by taking your OpenAPI specifications and generating live mocks from them. It can also assert that your API implementation conforms to your OpenAPI specifications. You can deploy Microcks in a wide variety of cloud-native platforms, such as Kubernetes and Red Hat OpenShift. Developers who do not have corporate access to a cloud-native platform have used Docker Compose. Although Docker is still the most popular container option for software packaging and installation, Podman is gaining traction.

        Podman was advertised as a drop-in replacement for Docker. Advocates gave the impression that you could issue alias docker=podman and you would be good to go. The reality is more nuanced, and the community had to work to get proper docker-compose support in Microcks for Podman.

        This article discusses the barriers to getting Microcks to work with Podman and the design decisions we made to get around them. It includes a brief example of using Podman in rootless mode with Microcks.

      • Evolving Kubernetes networking with the Gateway API

        The Ingress resource is one of the many Kubernetes success stories. It created a diverse ecosystem of Ingress controllers which were used across hundreds of thousands of clusters in a standardized and consistent way. This standardization helped users adopt Kubernetes. However, five years after the creation of Ingress, there are signs of fragmentation into different but strikingly similar CRDs and overloaded annotations. The same portability that made Ingress pervasive also limited its future.

        It was at Kubecon 2019 San Diego when a passionate group of contributors gathered to discuss the evolution of Ingress. The discussion overflowed to the hotel lobby across the street and what came out of it would later be known as the Gateway API.

        [...]

        So we have two HTTPRoutes matching and routing traffic to different Services. You might be wondering, where are these Services accessible? Through which networks or IPs are they exposed?

        How Routes are exposed to clients is governed by Route binding, which describes how Routes and Gateways create a bidirectional relationship between each other. When Routes are bound to a Gateway it means their collective routing rules are configured on the underlying load balancers or proxies and the Routes are accessible through the Gateway. Thus, a Gateway is a logical representation of a networking data plane that can be configured through Routes.

        [...]

        When you put it all together, you have a single load balancing infrastructure that can be safely shared by multiple teams. The Gateway API not only a more expressive API for advanced routing, but is also a role-oriented API, designed for multi-tenant infrastructure. Its extensibility ensures that it will evolve for future use-cases while preserving portability. Ultimately these characteristics will allow Gateway API to adapt to different organizational models and implementations well into the future.

    • Audiocasts/Shows

      • FLOSS Weekly 626: WireGuard and Open Source VPN - Open Source VPN

        WireGuard, the VPN protocol that Linus Torvalds calls a "work of art," and is now in or close to the kernels of many operating systems, is the subject of this deep and wide-ranging show, in which WireGuard's founder and alpha maintainer, Jason Donenfeld, shares his wisdom and experience. Doc Searls and Jonathan Bennet of FLOSS Weekly completes a deep-dive into discussion topics around WireGuard including development methods, surprising uses, security design principles and much more.

      • Argos Translate: Who Needs Google Translate!!

        Automatic text translation is a very difficult process that requires massive data models to be effective so why shouldn't these data models be open source to help them improve as quickly as possible, well that's what Argos Translate the topic for today has to offer.

      • XMonad, You're Simply The Best!

        I've made some tweaks to my XMonad config in recent weeks. So this video is just me covering some of what I've added or removed from the config. Just a typical DT-tiling-window-manager kind of video. ;)

      • BSDNow 399: Comparing Sandboxes

        Comparing sandboxing techniques, Statement on FreeBSD development processes, customizing FreeBSD ports and packages, the quest for a comfortable NetBSD desktop, Nginx as a TCP/UDP relay, HardenedBSD March 2021 Status Report, Detailed Behaviors of Unix Signal, and more

      • The Linux Link Tech Show Episode 903

        wordpress development, ci woes, 3d printing updates, window managers, down memory lane

      • M1 has a Dirty Little Secret | Coder Radio 410

        Our thoughts on the hardware Apple announced this week, and if any of it is suitable for professional workloads.

        Plus your feedback, a few random stories, and more.

    • Kernel Space

      • CPU Cluster Scheduler Continues To Be Worked On For Linux With Promising Results

        HiSilicon engineers continue working on a cluster scheduler that could help the performance of certain x86 and ARM platforms on Linux.

        HiSilicon has been pursuing this "cluster scheduler" for the Linux kernel in order to enhance the performance of the Kunpeng 920 ARM server chip that has six or eight clusters per NUMA node and each cluster being comprised of four CPU cores with shared L3 cache access among the clusters. But there is also the possibility of this scheduler helping some x86 hardware too, like Intel's Jacobsville is noted for its clusters of Atom cores.

        The HiSilicon Linux kernel work now up to its sixth round of patches is for exposing this topology and having a CPU scheduler to properly/efficiently deal with the layout. The goal with the scheduler is for spreading unrelated tasks among the multiple clusters to reduce contention and then to also gather related tasks within a cluster for improving cache affinity.

      • AMD Energy Monitoring Driver Slated To Be Removed From The Linux Kernel - Phoronix

        As a surprise and big disappointment, the "amd_energy" driver that exposes AMD EPYC server CPU energy monitoring metrics under Linux for being able to calculate the per-core and package power consumption and more is now set to be removed from the mainline Linux kernel.

        The removal of this driver sadly isn't for a case like it's being replaced by some superior solution but rather a disagreement in the exposing of the energy data.

        Last year as a result of the PLATYPUS power attack Linux restricted access to such data to root/privileged users.

      • University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired

        Computer scientists at the University of Minnesota theorized they could sneak vulnerabilities into open-source software – but when they tried subverting the Linux kernel, it backfired spectacularly.

        And now their entire school – or at least anyone using a umn.edu email address – has been banned from offering future Linux kernel contributions.

        Qiushi Wu, a doctoral student in computer science and engineering at the American college, and Kangjie Lu, assistant professor at the school, penned a paper titled, "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits" [PDF], which is slated to be presented at the Proceedings of the 42nd IEEE Symposium on Security and Privacy next month.

        The paper describes how the authors submitted what's described as subtly subversive code contributions that would introduce error conditions into the operating system software, and it claims the researchers contacted Linux maintainers to prevent any bad code making it into an official release of the kernel.

        It further states that the experiment was vetted by the university's Institutional Review Board (IRB), which determined that the project did not constitute human research and thus granted an ethical review waiver.

        [...]

        In a statement released on Wednesday afternoon, the University of Minnesota Department of Computer Science & Engineering said it has suspended the research project and plans to look into the approval process to determine whether remedial action and future safeguards are needed.

      • Greg Kroah-Hartman bans University of Minnesota from Linux development for deliberately buggy patches

        Thanks to the Solarwinds security breach, software supply chain attacks have become an important issue. Naturally enough, there's a lot of research being done into these attacks. Two graduate students at the University of Minnesota working on a paper entitled, "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits" tried to put the Use-After-Free (UAF) vulnerability into the Linux kernel. This kind of Red Team security testing is commonplace… when the project includes people who know what's going on beforehand. That wasn't the case here. When they tried it again, Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch, had had enough.

      • Uni group slammed over submitting known buggy patches to Linux kernel

        A group from the University of Minnesota have come in for a tongue-lashing from the normally mild-mannered Linux developer Greg Kroah-Hartman, the maintainer of the stable kernel.

        Kroah-Hartman blew up after the group submitted patches to the kernel which were known to be buggy.

        He said in a post addressed to Aditya Pakki at the university that he, and his group, had sent the buggy patches to see how the kernel community would react, and put out a paper based on that.

        The university has now reacted by saying that it has suspended this line of research.

      • PhD students willfully committed known malicious changes to mainline Linux

        We just reported about the Linux 5.12 changelog with a focus on Arm, MIPS and RISC-V targets on Tuesday, and at the time, the expectation was a delay of about one week after Linux 5.12-rc8 was outed on Sunday, April 18.

        But Linux 5.12 could be further delayed due to shenanigans from two Ph.D. students doing a research project on open-source vulnerability at the University of Minnesota. This was announced by Greg Kroah-Hartman on the Linux kernel mailing list.

      • Linux Kernel Developers Were Not Amused By Faulty Patches Sent By University of Minnesota Researchers

        Researches from the American University of Minnesota submitted a series of faulty patches to the Linux kernel last year and published a research paper about their effort. They tried to send more faulty patches to the Linux Kernel Mailing List earlier this month. Greg Kroah-Hartman, Trond Myklebust and other seasoned kernel developers were not amused.

        [...]

        The Linux kernel is a huge software project with nearly thirty million lines of code and hundreds of patches floating around on the Linux Kernel Mailing List (LKML) at any given time. Some patches are included, some are flat out rejected, and some go through eight or more revisions before they are accepted.

        Qiushi Wu and Professor Kangjie Lu at the American University of Minnesota wanted to learn just how easy it is to get intentionally faulty patches past the Linux kernel maintainers and into the mainline Linux kernel. They came up with a "vulnerability-introducing method", sent patches introducing security holes and published a research paper on it titled "Open Source Insecurity: Stealthily Introducing Vulnerabilities via Hypocrite Commits" (OpenSourceInsecurity.pdf, 443 KiB), in LaTeX, and published it on February 10th, 2021.

        The researches at the American University of Minnesota were not content with wasting the Linux kernel community's time by experimenting on them for the purpose of writing just one research paper. They just had to try again with a useless patch titled [PATCH] SUNRPC: Add a check for gss_release_msg on April 6th, 2021.

      • Comparing SystemTap and bpftrace

        There are times when developers and system administrators need to diagnose problems in running code. The program to be examined can be a user-space process, the kernel, or both. Two of the major tools available on Linux to perform this sort of analysis are SystemTap and bpftrace. SystemTap has been available since 2005, while bpftrace is a more recent contender that, to some, may appear to have made SystemTap obsolete. However, SystemTap is still the preferred tool for some real-world use cases.

        Although dynamic instrumentation capabilities, in the form of KProbes, were added to Linux as early as 2004, the functionality was hard to use and not particularly well known. Sun released DTrace one year later, and soon that system became one of the highlights of Solaris. Naturally, Linux users started asking for something similar, and SystemTap quickly emerged as the most promising answer. But SystemTap was criticized as being difficult to get working, while DTrace on Solaris could be expected to simply work out of the box.

        While DTrace came with both kernel and user-space tracing capabilities, it wasn't until 2012 that Linux gained support for user-space tracing in the form of Uprobes. Around 2019, bpftrace gained significant traction, in part due to the general attention being paid to the various use cases for BPF. More recently, Oracle has been working on a re-implementation of DTrace, for Linux, based on the latest tracing facilities in the kernel, although, at this point, it may be too late for DTrace given the options that are already available in this space.

        The underlying kernel infrastructure used by both SystemTap and bpftrace is largely the same: KProbes, for dynamically tracing kernel functions, tracepoints for static kernel instrumentation, Uprobes for dynamic instrumentation of user-level functions, and user-level statically defined tracing (USDT) for static user-space instrumentation. Both systems allow instrumenting the kernel and user-space programs through a "script" in a high-level language that can be used to specify what needs to be probed and how.

      • NUMA-aware qspinlocks

        While some parts of the core kernel reached a relatively stable "done" state years ago, others never really seem to be finished. One of the latter variety is undoubtedly the kernel's implementation of spinlocks, which arbitrate access to data at the lowest levels of the kernel. Lock performance can have a significant effect on the performance of the system as a whole, so optimization work can pay back big dividends. Lest one think that this work is finally done, the NUMA-aware qspinlock patch set shows how some more performance can be squeezed out of the kernel's spinlock implementation.

        In its simplest form, a spinlock is a single word in memory, initially set to one. Any CPU wishing to acquire the lock will perform an atomic decrement-and-test operation; if the result is zero, the lock has been successfully taken. Otherwise the CPU will increment the value, then "spin" in tight loop until the operation succeeds. The kernel has long since left this sort of implementation behind, though, for a number of reasons, including performance. All those atomic operations on the lock word cause its cache line to be bounced around the system, slowing things considerably even if contention for the lock is light.

        The current "qspinlock" implementation is based on MCS locks, which implement a queue of CPUs waiting for the lock as a simple linked list. Normally, linked lists are just the sort of data structure that one wants to avoid when cache efficiency is a concern, but nobody ever has to traverse this list. Instead, each CPU will spin on its own entry in the list, and only reach into the next entry to release the lock. See this article for a more complete description, complete with cheesy diagrams, of how MCS locks work.

      • Seccomp user-space notification and signals

        The seccomp() mechanism allows the imposition of a filter program (expressed in "classic" BPF) that makes policy decisions on whether to allow each system call invoked by the target process. The user-space notification feature further allows those decisions to be deferred to another process. As this recent patch set from Sargun Dhillon shows, though, user-space notification still has some rough edges, especially when it comes to signals. This patch makes a simple change to try to address a rather complex problem brought to the fore by changes in the Go language's preemption model. Normally, seccomp() is used to implement a simple sort of attack-surface reduction, making much of the system-call space off limits for the affected process. User-space notification can be used to that end, but the objective there is often different: it allows a supervisor process to emulate system calls for the target process. An example might be a container manager that wishes to make mount() available inside a container, but with some strict limits on what can actually be mounted. User-space notification allows the (privileged) supervisor to actually perform the mount operations it approves of and return the results to the target process.

        While the supervisor is handling an intercepted system call, the target process will be blocked in the kernel, waiting for a response to come back. Should that process receive a signal, though, it will stop waiting and respond immediately to the signal; if the signal itself is not fatal, the result may well be the system call returning an EINTR error to the target process. The supervisor, instead, will not know about the signal until it tries to give the kernel its answer to the original notification; at that point, it will get an ENOENT error indicating that the notification is no longer alive.

        This sort of interruption can be inconvenient, especially if the supervisor has carried out some sort of long task on the target's behalf. If the signal does not kill the target process, it is likely that the same operation will be retried shortly, leading to extra work being done. Most of the time, though, non-fatal signals of this type are likely to be rare in programs running under seccomp() monitoring.

      • Updated CIFSD In-Kernel SMB3 File Sharing Server Patches Published

        The Samsung-led CIFSD as an in-kernel SMB3 file-sharing server continues on its trajectory toward the mainline Linux kernel.

        CIFSD is an in-kernel CIFS/SMB3 server designed for running within the kernel to deliver greater I/O performance and make better use of modern technologies around RDMA and encryption. CIFSD made it into Linux-Next last month for testing while being considered experimental and this week Samsung published the latest version of this kernel code.

      • Graphics Stack

        • Review of Igalia Multimedia activities (2020/H2)

          Regarding digital protected media playback, we worked to upstream OpenCDM, support with Widevine, through RDK’s Thunder framework, while continued with the usual maintenance of the others key systems, such as Clear Key, Widevine and PlayReady.

        • Turnips in the wild (Part 1)

          Running games and benchmarks is much more exciting than trying to fix a handful of remaining synthetic tests. Turnip, which is an open-source Vulkan driver for recent Adreno GPUs, should already be capable of running real world applications, and they always have a way to break the driver in a new, unexpected ways.

        • [Older] Freedreno now supports OpenGL 3.3 on A6XX

          I recently joined Igalia and as a way to familiarize myself with Adreno GPUs it was decided to get Freedreno up to OpenGL 3.3.

          Just recently, Freedreno exposed only OpenGL 3.0. The big jump in version required only two small extensions and a few fixes to get rid of most crashes in Piglit since almost all features were already supported.

        • GRVK 0.4 Released For Running AMD's Mantle API Over Vulkan

          While AMD's Mantle graphics API development has been suspended for more than a half-decade already with the Vulkan API successfully taking off, the open-source GRVK project continues to let Mantle unofficially live on by re-implementing its interfaces over Vulkan.

          GRVK was started during the pandemic last year and continues maturing in being a more capable Mantle implementation on top of Vulkan. With today's GRVK 0.4.0 release, this Mantle API re-implementation can now run the Star Swarm demo that was one of the original demos for showcasing this AMD API alternative to Direct3D 11 and OpenGL. While Star Swarm is now running with GRVK, the performance is admittedly very low at this point and there are other known issues.

        • [Mesa-dev] [ANNOUNCE] mesa 21.0.3
          Hi list,
          
          

          Mesa 21.0.3 is now available. This features quite a few backports done by helpful mesa devlopers, so a big thank you to all of them. We've got a bunch of stuff here, from haiku, to core mesa, radeonsi, lavapipe, nir, radv, anv, freedreno and turnip, etniviv, iris, egl, lima, core gallium stuff, spriv, v3d, lots of microsoft stuff, and even meson fixes.

          Cheers, Dylan
        • Mesa 21.0.3 + Mesa 21.1-rc2 Released - Phoronix

          Whether you are a stable Mesa user or living more on the bleeding-edge with Git or development snapshots, there are new updates out today for this collection of open-source Linux GPU drivers.

          Mesa 21.0.3 is out with the latest batch of back-ports and other fixes. Among the notable fixes for Mesa 21.0.3 is enabling AFBC frame-buffer compression sharing, several Lavapipe driver fixes, RADV now de-duplicating Winsys'es per device, RadeonSI now reporting multi-plane formats as unsupported, several Panfrost fixes for Arm Mali support, a few Intel ANV clean-ups, several Microsoft code fixes, the WSI code on X11 now waiting for fences with the IMMEDIATE mode on XWayland, and an assortment of other fixes.

    • Instructionals/Technical

      • Hunting down the stuck BGP routes

        BGP is the glue between all of the thousands of border routers that make up the internet (you can find this post (battleships) and this post (EvE) as a crash course on how BGP works).

        With the current “default free zone” containing around 1,000,000 routes, the table is full of up to date routing information on how to get to almost everything. However as it came to slowly haunt me while working on a side project ( bgp.tools ) that routers don’t always have up to date information…

      • How To Install LAMP Stack on AlmaLinux 8 - idroot

        In this tutorial, we will show you how to install LAMP Stack on AlmaLinux 8. For those of you who didn’t know, LAMP is a stack of open-source software to provide a fully functional web server environment for various PHP and other web applications. LAMP stands for Linux, Apache, MySQL database (or MariaDB alternatively), and PHP programming language.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the LAMP Stack on an AlmaLinux 8.

      • How to Set up PGP Encryption in ProtonMail

        PGP algorithms work by generating an encrypted session key. When you use PGP to send an email, you need the recipient’s public key. The recipient then uses their own private key to unlock the encryption. Likewise, if someone gets a hold of your private key, it would allow them to read the email.

      • Linux Ubuntu/Debian monitoring tools guide for system administrators

        For a system administrator, monitoring the performance of Ubuntu or any other OS, is very important for day to day activities. Since many performance monitoring tools for linux are available , it is difficult to choose a good and reliable one. In this article, we will walk you through the most common system monitoring tools for linux, linux network monitoring tools and outline some of the best monitoring tools for linux servers.

        Top and htop are one of the best command-line based performance monitoring tools. If you are looking for a monitoring tool for your Ubuntu machine then you have probably came across “top”. “top” is a simple command-line based monitoring tool. It comes pre-installed in Ubuntu. To run top, open the terminal window and issue the command top.

      • Can’t connect to WiFi in Linux

        So I installed the latest version of Kali Linux from USB into my RAZER Blade 2016 laptop. Took a while as it seems after 5 years on non-stop use and abuse, this laptop is finally slowing down. Oh yes, touchpad was disabled the whole time I was installing but keyboard was just fine. After finishing the install and reboot, touchpad worked fine, so I guess it just some quirky driver that doesn’t get loaded during the minimal USB install process. Anyhow, so installed Kali Linux after a long time and to be honest, it looks and feels amazing. Then I tried to connect to Google Nest WiFi and this spinny thing just kept spinning until eventually it failed. I kept trying but I can’t connect to WiFi!

      • How to Install and setup Selenium with Google Chrome on Ubuntu

        Through this article, we will see how to set up selenium on Chrome Browser using chrome driver in very simple way with an example using python script.

      • How to create Cloudwatch alarms for a Lambda Function on AWS

        There are various invocation metrics, performance metrics, and concurrency metrics available for Lambda functions in Cloudwatch to monitor. Invocation metrics are the outcome of an invocation and binary in nature, performance details about a single invocation are provided by Performance metrics.

      • How to Install SQLite and SQLite Browser on Ubuntu 20.04

        Sqlite is a lightweight but feature-rich database management system that is widely used in embedded systems like mobile devices. It is basically a relative database management system used for storing structured data in large tables. Other Major Database Management Systems in this series include Microsoft’s SQL Server, MySQL, PostgreSQL, IBM’s DB2, and Oracle Database. Being open-source, SQLite source code can be modified as per the requirement of developers. It is also available for free use in both commercial and non-commercial projects.

        SQLite runs without the need for a separate server process. Since no server is required for setting up SQLite, an SQLite database instance can be created just like opening a file. It is a C library that has direct access to its stored files. The whole database system is contained in a single library. It is integrated directly into the host program. It is fully compliant with ACID. It uses minimum system resources.

        With the SQLite browser, we can directly manipulate the files in the SQLite database. It is open source. DB Browser is an example of an SQLite browser. It can be used for creating and editing database files. With the visual interface of a DB browser, you do not need to remember SQL commands. This feature makes it more flexible for new users as well as for developers.

      • bullseye: doveadm as unprivileged user with dovecot ssl config
      • How to install JetBrains Rider on Linux

        In this guide, we’ll show you how to download and install JetBrains Rider on Linux. However, before we begin, please note that you will need to create a JetBrains account. To do that, head over to their website.

      • How to use the Nano text editor on Linux

        There are many different text editors on Linux, and the community is quite passionate about this subject. However, one text editor stands out from the rest as the easiest to use, especially for beginners. That text editor is Nano.

      • How to install the Brave Browser on Deepin 20.2

        In this video, we are looking at how to install the Brave Browser on Deepin 20.2.

      • How to install Firefox ESR on a Chromebook in 2021

        Today we are looking at how to install Firefox ESR (Extended Release Cycle) on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

    • Games

      • Godot 3.3 Arrives With Renderer Improvements, WebXR Support For VR Games

        Godot 3.3 is out today as the newest feature release for this increasingly used open-source, cross-platform game engine that is beginning to rival the capabilities of commercial game engines.

        While eagerly looking forward to the Godot 4.0 game engine update, Godot 3.3 does bring some significant improvements as an interim release.

      • Godot 3.3 has arrived, with a focus on optimization and reliability

        All Godot contributors are delighted to release our latest milestone today, Godot 3.3, after more than 7 months of development! This release was initially planned as a 3.2.4 update to the 3.2 branch, but it grew to become a feature-packed update well worth of opening a new stable branch.

        While most development focus is on our upcoming Godot 4.0 release, many contributors and users want a robust and mature 3.x branch to develop and publish their games today, so it's important for us to keep giving Godot 3 users an improved gamedev experience. As such, most of the focus was on implementing missing features or bugfixes which are critical for publishing 2D and 3D games with Godot 3, and on making the existing featuresmore optimized and reliable.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Peruse 2.0 Beta 1 Is Released: A KDE Comic Book Reader Disaster

          Peruse is, supposedly, a "easy and pleasant" desktop and mobile comic book reader built using the KDE Kirigami interface framework by a Danish developer. Something is rotten in Denmark and everything that could go wrong did go wrong with the first Peruse 2.0 beta release. It is completely bug riddled, it Krashes half the time you click on something and it far from being "easy" or "pleasant" to use.

          [...]

          The Filter by Folder will, of course, not filter by folder. It shows every folder it has ever scanned followed by a every .pdf file it has decided to index.

          Quitting Peruse by closing it's window, and is the only way to quit it, does not actually terminate it, Peruse will happily leave behind a peruse process loading one CPU core at 100%. Starting it again while that process is left behind will, of course, not terminate it, so you will get 3 preuse processes running at 100% on one CPU core if you start and quit it 3 times. Those left-behind processes will eventually stop using 100% of one CPU core, but they won't die.

          The right side of the Peruse window has a familiar scroll-bar. Clicking the slider on it and moving it doesn't work. Clicking on the arrows in either end of it will, of course, also not do anything.

    • Distributions

      • New Netrunner 21.01 ‘XOXO’ Worthy of Hugs and Kisses

        When I last visited the ever-changing Netrunner distribution, I said that Netrunner Linux still went its own way. That was its twentieth rebirthday upgrade over its then 10-year history in late February 2020.

        The same is true for Netrunner 21.01 XOXO — now with more modern trappings. Today, the two-month-old Netrunner XOXO release is something much more reminiscent of the 1990’s Linux Netrunner’s look and feel.

        That is not necessarily a bad thing. Netrunner XOXO is a good fit for your general computing needs. In its present form, the developers should stop the constant rebuilding and let this well-running operating system find its audience.

        I suspect that Netrunner Linux’s sordid history of changes suggested it was not a reliable choice with its own staying power. It clearly has the right stuff to make it a success as a modern desktop with a tinge of yesteryear to give it more classiness.

        Netrunner — at least until its next unexpected change — is still a Debian-based distribution with a highly refurbished KDE desktop loaded with extra applications, multimedia codecs, Flash, and Java plugins. It has its own look and feel. The result is an enhanced desktop that is very user-friendly on top of a set of controls to make tweaking it fun and efficient.

      • BSD

      • SUSE/OpenSUSE

        • Digest of YaST Development Sprints 119, 120 & 121

          YaST development never stops. But we have to admit we have not kept our readers as informed as usual about the activities of the YaST team, other than our blog post about Hack Week. We had to adapt the length and focus of some sprints before and after Hack Week. That, together with Easter season in Europe and some extra vacations, affected our good publishing habits. On the bright side, we have tons of topics for you, let’s do a quick recap.

      • IBM/Red Hat/Fedora

        • Enabling debuginfod for Fedora by default

          In early April, Fedora program manager Ben Cotton posted a proposal to use the distribution's debuginfod servers by default in Fedora 35. This feature would help developers who are trying to debug or trace their programs using various tools, but who are lacking the source code and debugging symbols needed. The servers can provide that data directly to the tools as needed, but there are some security and privacy concerns to work through before turning the feature on by default.

          The required source code and debugging information is available for Fedora already, of course, but it lives in debuginfo and src RPMs that must be installed to be used by the tools. Those RPM files are quite large and generally cover much more than the symbols and source for a single file that a user might want to look at in a tracing or debugging session. In addition, installing them via DNF requires root privileges, which may not be available to the user. Grabbing just the pieces needed, at the right time and without extra privileges, is a highly useful service that the debuginfod feature can provide.

          An October 2019 Red Hat blog post describes debuginfod and notes that it is a new feature coming in the elfutils tools. The idea is that the Build.ID hash that gets stored in object files by GCC and LLVM can be used to identify which version of the symbols and source code correspond to the object. Build.ID support was added for Fedora 8 in 2007. The Build.ID directly identifies the debugging symbols for the object file; the source code path is also stored in the object file, which can be used to identify (thus serve) the right source file package as well.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Energy infrastructure platform uses open source to fight climate change

        LF Energy is a Linux Foundation project working to accelerate the energy transition of the world's grids and transportation systems through open source. In December, our project took a major step toward achieving its mission when we and our member organizations Alliander, RTE, and Savoir-faire Linux launched SEAPATH, which stands for Software Enabled Automation Platform and Artifacts.

        SEAPATH is a reference design and a real-time, open source platform for grid operators to run virtualized automation and protection applications. It is the second project for LF Energy's Digital Substation Automation Systems initiative and a vital step toward adopting renewable energy on the power grid. It will accelerate the grid's decarbonization, helping lead the planet to carbon neutrality by 2050. Power system transformation leads all efforts for decarbonization; it's the key enabler for fighting climate change.

      • CMS

        • Become an Early Adopter With the Gutenberg Plugin

          In WordPress circles (whether it’s your local meetup, a trusted publication, or your networking group), you may have heard terms like Core Editor, Gutenberg, and the Block Editor used interchangeably over the last four years. And if you’re following contributor work on the project itself, you may also have heard some additional nuances—Gutenberg plugin, Gutenberg, or Block Editor.

      • FSF

        • What did Ludovic Courtès do on the Guix website, which is part of the GNU Project website?

          Ludovic Courtès (Guix) is accusing Stallman of Thoughtcrime. By using the same platform that was provided to him by chief gnuissance Dr. Richard Stallman, the subdomain guix.gnu.org on gnu.org domain, Ludovic Courtès is defaming and harassing Stallman for reasons of thoughtcrime (see the book 1984).

          By that same act Ludovic Courtès abuses the Guix code of conduct and the GNU Kind Communication Guidelines as set in the community by Richard Stallman himself. They promise in the "Guix Code of Conduct" "Being respectful of differing viewpoints and experiences", but for reasons of finding few jokes offensive, they defame and slander Dr. Richard Stallman, the very founder of the GNU project where Guix operating system and the FSF from which Guix got more than US $100,000 donation. Imagine.

        • How I Fought To Graduate Without Using Nonfree Software

          Software freedom is a huge but hidden issue in our time. Digital communications technologies such as videoconferencing have taken center stage in our lives, and for many the use of these has been a saviour. They do not notice the danger concealed in the way it works: whoever controls this technology controls our lives. Recently we have seen the power of Big Tech to subvert democracy, control speech, exclude groups, and invade our privacy.

          Software Freedom is a fight to return control to people. It is a fight against “nonfree” software, also called proprietary software, which imposes unjust and invasive harms on its users. In pursuit of our liberating mission, advocates of software freedom like myself insist on using libre software.

          It is especially important to spread these ideals to new generations. Unfortunately, we often see the opposite trend. The default operating system found in most computer classrooms of my country is proprietary Microsoft Windows, with some universities even providing students licenses for it. At some point I came to realize this practice really only benefits the proprietary operating system vendor. Similarly terrifying is the level of dependence of course organization on nonfree Google Sheets and Google Forms.

          During the pandemic we saw educational facilities hastily embrace proprietary tools such as Microsoft Teams, Zoom, and Whatsapp, pressured by the network they generate. Schools and universities then tried to impose them on students, who subseqnuently suffered the loss of freedom from using programs that users don't control, as well as bad security and violations of privacy.

          Because I refuse to use unethical software, the complete reliance on proprietary platforms has created an ethical conflict. My aim has been to complete my university degree without surrendering to the imposed nonfree services, by convincing my professors[2] to allow me to use only free-software replacements to proprietary applications. I didn't expect to win a fight against such power, but now, through polite but firm action, I think I may have prevailed. Hopefully this story will help you resist too.

        • Debian votes on a statement — and a leader

          Richard Stallman's return to the Free Software Foundation's board of directors has provoked a flurry of responses, and many organizations in the free-software community have expressed their unhappiness with that appointment. In almost every case, the process leading up to that expression has been carried out behind closed doors. The Debian project, instead, is deciding what to do in a classic Debian way — holding a public vote on a general resolution with a wide range of possible outcomes.

          The discussion appears to have started on March 23, when Gunnar Wolf floated the possibility of the project taking a position on this issue. One day later, Steve Langasek proposed a general resolution that would make the project a signatory of this open letter opposing Stallman's return. Several hundred (not always pleasant) emails and many proposed amendments later, the final resolution was put out for a vote. In fitting with Debian's reputation for packaging everything, this ballot contains eight options for developers to rank, covering a whole spectrum of potential actions.

        • You know what? I support RMS. Hate me if you will

          I believe the main reason why a lot of people are supporting the hate campaign is because of the context that has been presented to them for years, instead of the actual facts. The claims of the hate letter are inaccurate, product of intentional mischaracterizations and quotes taken out of context, by people who want him removed for strategic reasons.

          My intention is not to downplay the impact this whole thing has had on people who constantly suffer abuse and discrimination at first hand. I believe they are the only ones entitled to talk about how certain actions can affect them. That's why, in the following sections, I will include testimonies from people who belong to the “affected” minorities or groups, and have worked closely with RMS for years or even decades. I will also do especial emphasis on the real intentions behind RMS' actions, and the real actions as well.

          It is so unfortunate and disappointing how a person can do a lot for the people, but as soon as they says or does something slightly off, a small group (mob) of “important” people take it as an opportunity to spread FUD about that person in order to disparage them; and when everyone believes it, people put the responsibility onto that person and say they has caused them harm. Meanwhile, the person turns into a “criminal” and the mob and all its members turn into “heroes”. The real harm was done by the mob creating the illusion, not by the victim who has been taken out of context by it.

        • Trying to Understand the Lynching of Stallman: for an Uncompromising Defense of Free/Libre Software
        • Licensing/Legal

          • Grafana, Loki, and Tempo will be relicensed to AGPLv3

            Over the last few years, we’ve watched closely as almost every at-scale open source company that we admire (such as Elastic, Redis Labs, MongoDB, Timescale, Cockroach Labs, and many others) has evolved their license regime. In almost all of these cases, the result has been a move to a non-OSI-approved source-available license.

            We have spent the first months of 2021 having sometimes contentious but always healthy internal debates over this topic, and today we are announcing a change of our own.

            Going forward, we will be relicensing our core open source projects (Grafana, Grafana Loki, and Grafana Tempo) from the Apache License 2.0 to the Affero General Public License (AGPL) v3. Plugins, agents, and certain libraries will remain Apache-licensed. You can find information in GitHub about what is being relicensed for Grafana, Loki, and Tempo.

            AGPLv3 is an OSI-approved license that meets all criteria for Free and Open Source Software.

          • All change: Grafana switches core open source projects from Apache to AGPLv3 licensing

            Grafana Labs is changing the licensing for its core open source projects (Grafana, Grafana Loki, and Grafana Tempo) from the Apache License 2.0 to the Affero General Public License (AGPL) v3. The company says the vast majority of users should be unaffected by this decision, which follows similar moves from other open source software companies.

            Grafana made the announcement on its blog, but has also published the results of an internal Q&A with Grafana Labs CEO and co-founder Raj Dutt that outlines some of the reasons.

            Dutt said the decision to revamp licensing from the Apache License 2.0 to AGPLv3 came after “almost every at-scale open source company that we admire (such as Elastic, Redis Labs, MongoDB, Timescale, Cockroach Labs, and many others) has evolved their license regime.”

          • Grafana Loki and Tempo switches to AGPLv3

            Observability platform provider Grafana Labs announced its open-source projects Grafana, Grafana Loki and Grafana Tempo will now be available under the Affero General Public License v3 (AGPLv3). The projects were previously available under the Apache License 2.0.

            Raj Dutt, CEO of Grafana Labs, explained it chose AGPLv3 because it is an Open Source Initiative approved license and meets the criteria of free and open-source software.

            “Ensuring we maintain these freedoms for our community is a big priority for us. While AGPL doesn’t ‘protect’ us to the same degree as other licenses (such as the SSPL), we feel that it strikes the right balance. Being open source will always be at the core of who we are, and we believe that adopting AGPLv3 allows our community and users to by and large have the same freedoms that they have enjoyed since our inception,” he wrote in a post.

          • Grafana Ditches Apache 2.0, Switches to AGPL

            Grafana is switching licensing of its core products from Apache License 2.0 to the more restrictive Affero General Public License (GPL) v3. The company made the change in an attempt to balance the value of open source with Grafana’s monetization strategy, CEO Raj Dutt announced yesterday.

            Grafana has been considering a license change for some time, Dutt wrote in a blog post on April 20. This week, the company finally felt the time was right to move.

            “Our company has always tried to balance the ‘value creation’ of open source and community with the ‘value capture’ of our monetization strategy,” Dutt wrote. “The choice of license is a key pillar of this strategy, and is something that we’ve deliberated on extensively since the company began.”

          • Elastic vs. AWS highlights open source monetization dilemma [Ed: "Open Source" is not Free-as-in-Freedom software and isn't about Freedom but a preoccupation with money, using openwashing for marketing advantage/edge/latch]

            The cloud has upended assumptions in almost every industry and profession, and the commercial open source market is no exception.

            The efficiency, flexibility and usability of cloud services has collided with the established order in the development and commercialization of open source software. The latest example is the long-simmering feud between AWS and Elastic, which came to a head earlier this year.

            Elastic, whose developers founded and then commercialized the Elasticsearch project, changed the licensing terms for the analytics and data visualization software to prevent AWS from packaging it as a service. AWS promptly responded with the open source equivalent of the nuclear option: It forked the project and created a separate version customized for its use.

      • Programming/Development

    • Standards/Consortia

      • ISO 8601: Ending The Date Wars And Confusing Everyone Equally | Hackaday

        Where I come from in England, it’s the norm to represent dates in ascending order: day, month, year. Thus the 4th of March 2021 becomes 04/03/2021 when written down on a form. This is entirely logical, and makes complete sense given the way a date is said aloud in English and other languages.

        Meanwhile in America it’s the norm to represent dates in a different manner: month, day, year. Thus March 4th, 2021 becomes 03/04/2021 when written down on a form. This is also entirely logical, and makes complete sense given the way dates are pronounced in American English.

        As someone whose job entails crossing the Atlantic in linguistic terms, I am frequently confused and caught out by this amusing quirk of being divided by a common language. Is 03/04/2021 the 3rd of April or March 4th? “Why can’t Americans use a logical date format!” I cry as in a distant transatlantic echo I hear my friends over there bemoaning our annoying European ways. It’s doubtful that this divergence has caused any satellites to crash, but it sure can be annoying.

  • Leftovers

    • Back the Blue Hashtag Co-opted to Show Support for Postal, Health Workers

      Twitter users jumped into action, co-opting the hashtag to show support for other blue-hued icons, like United States Postal Service workers and blue whales.

    • To see how the European Super League will change football, look to America

      The only alternative to the hyper-commercialisation of football is to put ownership and control in the hands of communities, supporters and players

    • Science

    • Hardware

      • Detroit Jeep Plant Faces Temporary Layoffs on Chip Shortage

        Stellantis will cut two work crews at its Jefferson North plant in Detroit for three weeks starting April 26, then call them back and lay off a third crew from May 17 through the week of May 31, according to a schedule obtained by Bloomberg News. The plant on Detroit’s east side normally operates two shifts with three work crews six days a week to keep it running 20 hours a day.

    • Integrity/Availability

      • Proprietary

        • Justice Department convenes task force to tackle wave of ransomware attacks [iophk: Windows TCO]

          The Justice Department this week convened a new task force to address the mounting ransomware cyberattacks on critical U.S. organizations that have spiked during the COVID-19 pandemic.

          The Ransomware and Digital Extortion Task Force, first reported on Wednesday by The Wall Street Journal, will be made of officials from the agency’s National Security Division, Criminal Division, Civil Division, Executive Office of U.S. Attorneys and FBI.

        • Internal Facebook Memo Reveals Company Plan to ‘Normalize’ News of Data Leaks After 500 Million User Breach

          A leaked internal Facebook memo has inadvertently revealed the social media giant’s tactics after its recent data scraping controversy.

        • Internal Facebook Memo Reveals Company Plan To ‘Normalise’ News Of Data Leaks After 500 Million User Breach

          "LONG-TERM STRATEGY: Assuming press volume continues to decline, we’re not planning additional statements on this issue. Longer term, though, we expect more scraping incidents and think it’s important to both frame this as a broad industry issue and normalize the fact that this activity happens regularly.

          “To do this, the team is proposing a follow-up post in the next several weeks that talks more broadly about our anti-scraping work and provides more transparency around the work we’re doing in this area. While this may reflect a significant volume of scraping activity, we hope this will help to normalize the fact that this activity is ongoing and avoid criticism that we aren’t being transparent about particular incidents."

          The memo was sent to Belgian tech news site Datanews, intended for Facebook’s European, Middle East, and Africa (EMEA) PR team.

          Facebook confirmed to The Independent that the memo, which was a coverage summary circulated through the social media site’s PR team, was genuine.

        • Pseudo-Open Source

          • Privatisation/Privateering

            • Shirish Agarwal: The Great Train Robbery

              The Above video is by a gentleman called Shaun who basically shared that privatization as far as UK is concerned is nothing but monopolies and while there are complex reasons for the same, the design of the Railways is such that it will always be a monopoly structure. At the most what you can do is have several monopolies but that is all that can happen. The idea of competition just cannot happen. Even the idea that subsidies will be less or/and trains will run on time is far from fact. Both of these facts have been checked and found to be truthful by fullfact.org. It is and argued that UK is small and perhaps it doesn’t have the right conditions. It is probably true but still we do deserve to have a glance at the UK railway map.

              [...]

              The above map is copyrighted to Map Marketing where you could see it today . As can be seen above most companies had their own specified areas. Now if you had looked at the facts then you would have seen that UK fares have been higher. In fact, an oldish article from Metro (a UK publication) shares the same. In fact, UK nationalized its railways effectively as many large rail operators were running in red. Even Scotland is set to nationalised back in March 2022. Remember this is a country which hasn’t seen inflation go upwards of 5% in nearly a decade. The only outlier was 2011 where they indeed breached the 5% mark. So from this, what we see is ‘Private Gains’ and “Private Gains Public Losses’ perhaps seem fit. But then maybe we didn’t use the right example. Perhaps Japan would be better. They have bullet trains while UK is still thinking about it. (HS2).

        • Security

          • Superfeedr sends logins in plain-text (a HSTS case study)

            I recently signed up for an account with Superfeedr (a WebSub Hub provider.) I noticed a security issue in the sign-up process, and thought it would make an excellent case study for HTTP Strict Transport Security (HSTS). Here’s what Superfeedr did wrong, why they probably didn’t realize it, and how you can avoid making the same mistake in the future.

            The Superfeedr website is served over an unencrypted/unsecured connection, and it asked me to submit my desired username, password, and email address to the server over an unencrypted connection. After submitting the login, the website redirects you from the unencrypted to an encrypted/secure connection. The damage has already happened, though. A person-in-the-middle may have observed the authentication credential data and can use them to log in to your account.

          • Qualys Extends VMDR to Patch Linux Workloads
          • Wireshark 3.4.5

            Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.

          • Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective

            Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. A few months ago, they announced that they added Signal support to their software.

            Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.

          • Statement on DNS Encryption [PDF]

            The Root Server Operators are well aware of the active work takingplace around DNS Encryption. The IETF's DPRIVE and DOH working groups have developed proposed standards for encrypted DNS between stub resolver and recursive resolvers. DNS-over-TLS is specified in RFCs 7858 and 8094, and DNS-over-HTTPS in RFC 8484. Also,currently under development is a protocol for DNS-over-QUIC.

            Now that solutions and standards exist for encryption between stub resolvers and recursive resolvers, attention turns toward providing privacy protection for the next step: recursive resolvers to authoritative servers. A significant challenge here is agreement on the best way for authoritative servers to signal their support for and preferences regarding encrypted transports.

          • Privacy/Surveillance

            • DHS wants to put REAL-ID drivers licenses on smartphones

              The Department of Homeland Security has published a Request For Information (RFI) from vendors and other stakeholders regarding standards for drivers licenses and other IDs stored on smartphones or other mobile devices to be considered compliant with the REAL-ID Act of 2005.

              Responses to the RFI are due by June 18, 2021.

              The amendments to the REAL-ID Act signed into law at the end of 2021 included provisions authorizing the DHS to certify digital ID credentials as “REAL-ID compliant”. That certification can’t happen, though, until the DHS promulgates new regulations.

    • Defence/Aggression

      • Ramadan Brings No Relief for Yemen as Saudis Block Chairties and Turks Unleash Foreign Mercanaries

        Adel al-Hajajji is a proud man but, with a pregnant wife and three young mouths to feed, he can’t afford to wait around for a miracle. Instead, he has taken to wandering the streets of Sana’a, gathering discarded plastic water bottles to sell to the recycling center near his home in al-Rawdah. The meager earnings net him just enough to provide his family with a modest iftar, the evening meal that marks the end of the day’s fast during the month of Ramadan. The meal usually consists of bread and water but on occasion neighbors will bring by Saltah, Yemen’s national dish made of rice and potatoes, with meat blended in during more prosperous times.

      • I Met a Taliban Leader and Lost Hope for My Country

        As men continue to bicker over the future and control of Afghanistan, I have already lost my home and my country. I worked in Kabul as a television journalist for 12 years, and finally left in November after threats to my life.

        I know how the Taliban plan to shape the future of my country, and their vision of my country has no space for me.

      • ‘The Taliban Have Tracked Me’

        Her greatest fear right now is violence and a sense it may be impossible for under-equipped local government forces to hold off the Taliban, said Zargar, whose office has worked hard to ensure the rights of Logari women. “We’ve fought back against cultural practices and prejudices, but none of that matters if families are afraid to send their daughters to school due to fear of bombs and mines,” she said.

        That fear is borne out in the numbers. According to the United Nations, the first quarter of 2021 saw a 37 percent increase in civilian casualties among women.

    • Environment

      • A sweeping study shows how humans changed the environment over 12,000 years

        The main difference in that span is not in how much land has been inhabited by people, but how those inhabitants cared for the land. The authors found that many ancient cultures were careful to preserve biodiversity hot spots, such as those found in the Amazon and the Congo, and as a result minimized or prevented ecological problems. The tipping point wasn't the massive growth in the human population but rather how we shifted our land use. Since the industrial revolution in the 19th century, urbanization, deforestation, factory farming, mining and other irresponsible land uses have put our planet in danger.

      • People have shaped most of terrestrial nature for at least 12,000 years

        The current biodiversity crisis is often depicted as a struggle to preserve untouched habitats. Here, we combine global maps of human populations and land use over the past 12,000 y with current biodiversity data to show that nearly three quarters of terrestrial nature has long been shaped by diverse histories of human habitation and use by Indigenous and traditional peoples. With rare exceptions, current biodiversity losses are caused not by human conversion or degradation of untouched ecosystems, but rather by the appropriation, colonization, and intensification of use in lands inhabited and used by prior societies. Global land use history confirms that empowering the environmental stewardship of Indigenous peoples and local communities will be critical to conserving biodiversity across the planet.

      • How to save coffee from global warming

        Lots of other coffee species are known (122 at the last count). And many do, indeed, grow in places warmer than those preferred by canephora and arabica. But all were thought to have poorer flavours, smaller beans and lower yields. Dr Davis, however, came across a paper written in 1834 by George Don, a Scottish botanist, which described a species from the lowland hills of Sierra Leone. Don dubbed it Coffea stenophylla, and wrote that it had a flavour superior to arabica’s.

        This piqued Dr Davis’s interest, for stenophylla still grows, he discovered, in parts of Guinea, Sierra Leone and Ivory Coast that have temperature ranges between 24 and 26€°C. He and his colleagues also learned that stenophylla was farmed up until the 1920s, after which canephora, which had higher yields, took over. Stenophylla was then gradually forgotten.

      • The US has a long way to go to make up for its part in the climate crisis

        The US plans to officially ratchet up its climate commitments going into Earth Day tomorrow, but many advocates are skeptical that it will be ambitious enough to balance out the nation’s inordinate role in creating the climate crisis.

        Biden is expected to commit the US to slashing its greenhouse gas emissions by at least half compared to what they were in 2005. That’s already a significant ramp-up compared to the trajectory the US was on before. (Barack Obama committed the US to a roughly 27 percent cut by 2025.) But there’s still somewhat of a mismatch between what the US is willing to commit to and what some say it owes to the rest of the world.

      • Energy

        • New investments to boost Finland’s battery cluster

          Johnson Matthey, a UK-listed chemicals company, together with the Finnish Minerals Group have announced investment in a cathode materials plant planned for Vaasa.

          The plant will produce cathode materials used in electric vehicle (EV) batteries, which are increasingly in high demand as car manufacturers shift to electric vehicles. The plant with a nameplate capacity of 30,000 tonnes of ultra-high energy density cathode materials required by EV producers is Johnson Matthey’s second investment in Finland.

      • Wildlife/Nature

        • New amphibious centipede species discovered in Okinawa and Taiwan

          Researchers from Tokyo Metropolitan University and Hosei University have discovered a new species of large, tropical centipede of genus Scolopendra in Okinawa and Taiwan. It is only the third amphibious centipede identified in the world, and is the largest in the region, 20 cm long and nearly 2 cm thick. It is also the first new centipede to be identified in Japan in 143 years, testament to the incredible biodiversity of the Ryukyu Archipelago.

          Scolopendra is a genus of large, tropical centipede, one of the original genera named by the father of modern taxonomy himself, Carl Linnaeus. They are strong predators in any soil ecosystems they inhabit, with around 100 different species found in tropical regions around the world. Of these, only five have been identified in Japan and Taiwan.

          Scientists were excited when news came in of an unknown centipede species sighted around the Ryukyu Archipelago, reportedly attacking giant freshwater prawns. A team led by Sho Tsukamoto, his supervisor Associate Professor Katsuyuki Eguchi of Tokyo Metropolitan University, and Professor Satoshi Shimano of Hosei University set out to look for and identify this mystery creature.

    • AstroTurf/Lobbying/Politics

      • How Josh Hawley and Marjorie Taylor Greene Juiced Their Fundraising Numbers

        Two of the leading Republican firebrands in Congress touted big fundraising hauls as a show of grassroots support for their high-profile stands against accepting the 2020 election results.

        But new financial disclosures show that Sen. Josh Hawley, R-Mo., and Rep. Marjorie Taylor Greene, R-Ga., relied on an email marketing vendor that takes as much as 80 cents on the dollar. That means their headline-grabbing numbers were more the product of expensively soliciting hardcore Republicans than an organic groundswell of far-reaching support.

    • Censorship/Free Speech

      • Confusion Erupts Around Misleading News Surrounding Youtube-dl Takedown [Ed: This downplays the fact that other than Youtube-dl, Microsoft continues to kill many Free software projects, based on DMCA abuse, without the media taking notice. There have been many examples of it lately. Stop defending a proprietary software monopoly (GitHub).]

        Among the confusion caused by this takedown, some recent reports have surfaced claiming that forks of the Youtube-dl repository are still disabled. This is not true. If we look at the list of forks, we can see a huge list of repositories, with each one working as normal.

        Multiple sources reference this repository, which has been taken down and has still not been reinstated by GitHub. However, it is not actually forked from the official Youtube-dl repository. Instead, this repository is based on an unofficial version of Youtube-dl and is not actually a Youtube-dl fork.

        This isn’t to say that GitHub is without blame, as they have still ignored this developer’s counternotice. However, this warrants nowhere near the amount of criticism GitHub has received because of this.

    • Freedom of Information/Freedom of the Press

      • Conversation with Nils Melzer: The Case of Julian Assange – How could this happen in European Democracies?

        Invited by Julian Assange’s lawyer, Melzer decided to investigate the legal background of Julien Assange’s persecution and incarceration. He revealed a series of serious irregularities unexpected to occur in European democracies: fabricated evidence, conflict of interests, political pressure, biased courts. Melzer’s explosive findings were compiled in his upcoming book: Der Fall Julian Assange (Piper, April 2021). The case Assange is one of many torture cases on Melzer’s agenda. The conversation will focus on several cases and why nobody seems to care.

    • Civil Rights/Policing

      • Climate Change and Capitalism Are Forcing Chilean Farmers to Abandon Their Land

        One factor making things more difficult for many small farmers is that Chile is the only country in the world with a fully privatized water system.

        The Chilean Constitution ensures access to water, but in practice, Roco said, market forces decide who gets water rights. In this tug of war, industrial farmers growing export crops, like avocados, are able to pay more for water, boxing out small farmers.

        “The domestic market is mainly supplied by small-scale farmers,” Roco said. “But it’s more difficult for these small, family farmers to adapt to climate change.”

        The Codigo de Aguas, the water code, came into being during General Pinochet’s dictatorship. Under the code, water rights go to the highest bidder. Over the years, rivers, glaciers, and underground water rights have been sold to international firms, mainly in mining and large-scale agriculture. Many small farmers struggle to navigate the complex registration system that was created to keep track of water rights, Roco said.

        f
      • EU engagement gives Turkey a free pass on human rights violations

        There was an outpouring of indignation at von der Leyen’s relegation—accusations flew about who was responsible for the faux pas that led to ‘sofagate’. But this distracts from another controversy: the EU’s decision to engage with Erdogan at a time when Turkey’s authoritarian drift is accelerating. A US State Department report from 2020 outlines a litany of human rights transgressions and restrictions on political freedoms in Turkey. In deciding to visit Ankara, the EU turned a blind eye to democratic backsliding and human rights violations, effectively letting Erdogan get away with it.

      • Three years after Dubai princess' failed escape attempt, Frenchman who helped her recounts ordeal

        Three years after Christian Elombo took part in a doomed bid to help the daughter of Dubai's ruler flee the UAE, the Frenchman still thinks he did the right thing despite spending months in jail in the Gulf and Europe as a consequence.

        In March 2018, Princess Latifa, the daughter of Sheikh Mohammed bin Rashid Al-Maktoum, attempted to flee the UAE on a boat that was intercepted by commandos off the coast of India.

        Her fate remains a mystery and a cause of international concern, with the UN urging the United Arab Emirates to provide proof she is alive, after the BBC broadcast a video where Latifa said she was being held captive.

    • Digital Restrictions (DRM)

      • Netflix’s Dominance Starts to Slow as Rivals Gain

        In its latest rankings, Parrot reported that Netflix’s share of total demand — a measure of the popularity of its shows — was slightly above 50 percent for the first three months of the year, compared with 54 percent a year ago and 65 percent in the first quarter of 2019.

        In other words, competitors have started eating into Netflix’s dominance.

    • Monopolies

      • Lawmakers And Newsmakers Tackle Google and Facebook Market Power

        Sen. Amy Klobuchar, D-Minnesota, who chairs the Senate judiciary’s subcommittee on antitrust, spoke on the recent tussle between Facebook and Australia over news feeds on the social media platform. “That is the very definition of a monopoly — when you can hold a country hostage simply because they want to make sure the content is paid for from the news,” she said.

        Both Google and Facebook face several anti-competitive lawsuits from the Department of Justice, states attorneys general, federal agencies and several news publications that claim the big tech’s behavior has led to a monopoly in the digital space.

      • Eurasian industrial design: an overview of a new regional system [Ed: Dennemeyer mentions the Eurasian Patent Convention (EPC), which is not the same as the other EPC, which the corrupt EPO routinely violates, turning the European patent system into a self-harming farce that does nothing but collect money for invalid patents (IPs)]

        The Eurasian regional system of industrial design legal protection is a flexible and convenient instrument for applicants and patent owners acting in the region. It also represents the fruit of several years of preliminary work by the Eurasian Patent Organization (EAPO) and a new chapter in IP regulations in the nations of the former Soviet Union.

        The EPC currently comprises eight member states: Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Russia, Tajikistan and Turkmenistan. The Protocol on the Protection of Industrial Designs to the EPC was adopted on September 9, 2019, and, according to it, the EAPO grants unified Eurasian patents for industrial designs valid within the territory of the EPC member states covered by the Protocol. Currently, those are Armenia, Azerbaijan, Kazakhstan, Kyrgyzstan and Russia. Belarus, Tajikistan, and Turkmenistan have not yet finalized their ratification / accession procedures.

      • Patents

        • Intel beats VLSI in $3.1bn Texas suit [Ed: Patrick Wingrove, the patent trolls' mouthpiece, responds to Texas coming to grips with the damage it does to the public perception of the patent system (and Texas)]

          In a surprise turn of events at the District Court for the Western District of Texas yesterday, April 21, a jury ruled in favour of Intel in the tech company’s second patent trial against VLSI Technology, in which the latter was seeking $3.1 billion in damages.

        • FOSS Patents: Intel doesn't infringe VLSI patents-in-suit: jury verdict in second VLSI v. Intel case (Western District of Texas)

          Reuters reports--as do other media--that a jury in Waco (Western District of Texas) has found for Intel. According to the verdict, which I haven't found on the electronic docket yet, the semiconductor company infringes neither of the two patents asserted by VLSI Technology, a non-practicing entity funded by Fortress Investment.

          In early March, Intel had lost a trial over two other VLSI patents, and the damages award amounted to $2.175 billion.

          There'll be a third VLSI v. Intel trial in June, and should jurors or their friends or relatives inform themselves on the Internet of the wider dispute, the picture will be more favorable to Intel than last time.

          This outcome is in line with my observations. I noted the burden of proof on infringement and that there were reasons that might very lead a jury to doubt the infringement allegations. I wrote: "I think Intel may avoid an infringement finding, but even if it happened, I can't imagine it would be another billion-dollar amount."

        • Intel, Albright Make a Potentially Big Change in Second Patent Trial

          The judge refused to let VLSI Technology admit evidence of big payouts Intel has made to settle other litigation. The decision came after Intel said it had been careful not to open the door to such evidence this time around.

        • Sen. Tillis Asks Biden Administration to Oppose WTO Waiver Proposal [Ed: Tillis is a front for the patent cartel and litigation 'industry', so of course he's willing to cause the deaths of millions of people just for the sake of patent profiteering]

          Last month, the Biotechnology Innovation Organization (BIO) and Pharmaceutical Research and Manufacturers of America (PhRMA) sent separate letters urging the Biden Administration to join the European Union, United Kingdom, Japan, Canada, Switzerland, Brazil, and Norway in opposing a proposal made by India and South Africa to have the World Trade Organization (WTO) waive the implementation, application and enforcement of certain provisions of the Trade-Related Aspects of Intellectual Property Rights (TRIPS) Agreement with respect to the prevention, containment, or treatment of COVID-19. A group of fifteen industry and trade organizations (including BIO and PhRMA) followed with their own letter to several members of the Biden Administration, opposing what the coalition called "a problematic proposal" to waive global IP protections. And then, a group of intellectual property organizations sent a letter to several members of Congress and officials at the Patent and Copyright Offices to express their support for the United States' continued opposition to the TRIPS waiver proposal. One of the recipients of that last letter was Sen. Thom Tillis (R-NC), the Ranking Member of the Subcommittee on Intellectual Property.

          Last week, Sen, Tillis (at right) sent his own letter to members of the Biden Administration, asking that the Administration "oppose any and all efforts aimed at waiving intellectual property rights." Calling the waiver a "disastrous" proposal (not once, but three times), Sen. Tillis expressed his concern that "the Biden Administration is being urged to support this broad and open-ended waiver in the mistaken belief that it will promote broader access to vaccines needed to halt the spread of this terrible pandemic," while arguing that the proposed waiver "would do nothing of the sort." Instead, Sen. Tillis contends that the waiver "would undermine the extraordinary global response that has achieved historically remarkable results in record time and undermine our nation's global leadership in the technologies, medicines, and treatments of the future."

        • FOSS Patents: Retired UK judge: ETSI FRAND pledge requires component-level licensing of cellular standard-essential patents

          Today's IPKat/LSE Joint Event was entitled "The CJEU's billion-dollar questions -- who gets a SEP license and when should an injunction be granted?" One of Europe's most famous patent judges, recently-retired Lord Justice Sir Christopher Floyd, gave a clear answer to the first question: in his interpretation, ETSI's standard-essential patent (SEP) licensing pledge entitles every maker of equipment, including suppliers of components, to a license on FRAND terms.

          That conclusion didn't surprise me. The ETSI agreement must be interpreted under French law, and at my Brussels conference on component-level SEP licensing in November 2019, French law professor Philippe Stoffel-Munck took the same position. What made the judge's position today particularly noteworthy is that he previously criticized the ETSI FRAND pledge for containing only about half the clarity that he'd like to see in it. He provide one example of such a shortcoming: the pledge doesn't specify in what forum any disputes over licensing terms should be resolved.

          While some major cellular SEP holders--such as InterDigital, whose licensing chief Eeva Hakoranta also spoke today--argue that licensing at the end-product level is the standard in their industry, two industry representatives at today's webinar--though it's important to note they all expressed only their personal opinions--explained why component-level licensing is key to the ability of standardization to serve its purpose. Intel's IP policy chief Dr. Rebekka Porath mentioned that Intel, a member of approximately 300 standard-setting organizations, does grant SEP licenses at the component level. Last summer, a component-level SEP license deal between Huawei and Sharp became known (neither Huawei nor Sharp spoke today). Automotive supplier Continental's IP chief Dr. Roman Bonn explained the supply chain for connected cars, where cellular standards are implemented in the baseband chipset. What corroborates this view is what WilmerHale's patent and antitrust attorney Tim Syrett explained: he's litigated various SEP cases in the U.S. involving SEPs, and the infringement analysis always focused on the source code of the baseband chip. (This is a structural difference between SEP litigation in the U.S. and Germany; in the latter country, infringement allegations are typically based on the specification of a standard, not on what the accused products actually do.)

        • Software Patents

          • Flexiworld Technologies patent challenged

            On April 13, 2021, Unified Patents filed an ex parte reexamination against U.S. Patent 10,346,114, owned by Flexiworld Technologies, Inc. The ‘114 patent relates to transmitting or streaming protected digital content to client devices over the internet. It has been asserted against Roku.

          • Caselas, a Raymond Anthony Joao entity, patent challenged

            On April 15, 2021, Unified filed a petition for inter partes review (IPR) against U.S. Patent 9,715,691, which is being asserted by Caselas, LLC, a Raymond Anthony Joao entity. The '691 patent is generally directed to providing transaction history information including charge-back information.

            Caselas is asserting the '691 patent against 25 banks and merchant services companies, including First Citizens Bank, UBS Bank, First National Bank of Omaha, TruWest Credit Union, and Electronic Merchant Systems.

          • [Older] Enlarged Board of Appeal of European Patent Office clarifies examination of patentability of computer-implemented simulations [Ed: Litigation firms happy about besieged panels that lack independence (in violation of the underlying laws or the EPC) saying "OK" to illegal patents after being threatened by what EPO workers call "Mafia"]

            The Enlarged Board of Appeal of the European Patent Office (EPO) has concluded that the long-established “COMVIK” approach for computer-implemented inventions applies also to computer-implemented simulations. Accordingly, inventions directed to computer-implemented simulations are expected to be examined by the EPO as any computer-implemented invention and to be subject to the same two hurdles set by the COMVIK approach for assessing compliance of such an invention with the eligibility requirement (first hurdle) and the inventive step requirement (second hurdle).

            The Enlarged Board of Appeal (EBoA) of the European Patent Office (EPO) issued decision G 1/19 concluding that the long-established “COMVIK” approach for computer-implemented (CI) inventions (T 641/00) applies also to computer-implemented simulations. Accordingly, computer-implemented simulations are expected to be treated by the European Patent Office (EPO) as any computer-implemented invention and to be subject to the same two hurdles set by the COMVIK approach to assess compliance of such an invention with the eligibility requirement (first hurdle) and the inventive step requirement (second hurdle).



Recent Techrights' Posts

15 Countries Where Yandex is Already Seen to be Bigger Than Microsoft (in Search)
Georgia, Syrian Arab Republic, Cyprus, Moldova, Ukraine, Armenia, Azerbaijan, Kyrgyz Republic, Uzbekistan, Kazakhstan, Turkmenistan, Tajikistan, Belarus, Turkey, and Russia
FSF Has Made It Halfway to Its Target (Funding Goal) a Week Before Christmas Day
$400,000 definitely seems reachable now, especially if they extend the "deadline"
 
There's an Abundance of Articles About the New Release of Kali Linux, But This One is a Fake
It can add nothing except casual misinformation (fed back into the model to reinforce lies)
Links 19/12/2024: Astronaut Record and Observer Absorbed
Links for the day
Links 19/12/2024: Seven Dirty Words and Isle Release v0.0.3 (Alpha)
Links for the day
Links 19/12/2024: Nurses Besieged by "Apps", More Harms of Social Control Media Illuminated
Links for the day
Links 19/12/2024: Magnitude 7.3 Earthquake and Privacy Camp
Links for the day
Gemini Links 19/12/2024: Port Of Miami Explosion, TurboQOA, Gnus
Links for the day
Fake Articles About 'Linux'
Dated yesterday
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 18, 2024
IRC logs for Wednesday, December 18, 2024
[Meme] The Master Churnalist
Speaking of press releases being passed off as "journalism"
Spamnil's TFiR: Still Pretending Press Releases Are 'Articles' (TFiR 'Originals' as Plagiarism or Fluff)
Same as last year
Links 18/12/2024: Zakir Hussain Dies, TuneIn Layoffs
Links for the day
Links 18/12/2024: Karate Love and Advent of Code
Links for the day
Windows (or Microsoft) Has Become the "One Percent" (Market Share) in Chad
How long before it falls below 1%?
Arvind Krishna, IBM's CEO, Will Eventually Suck Up to Donald Trump Like His Predecessor Did or the Watson Family Did With Adolf Hitler
Literally Hitler
Being a Geek Need Not Mean Being Sedentary
"In the past 18 months," Berkholz writes, "I’ve lost 75 pounds and gone from completely sedentary to fit, while minimizing the effort to do so (but needing a whole lot of persistence and grit)."
GAFAM Kissing the Ring of the Mafia Don
"resistance" to dictatorship and defenders of democracy?
Slop Spaghetti From the Chef, Second Time Today
Fresh slop ready out the oven!
IBM - Like Microsoft - Lies About the Number of People It's Laying Off (Several Tens of Thousands, Not Counting R.T.O. "Silent" Layoffs and Contractors/Perma-Temps)
How many waves of silent layoffs have we seen so far at IBM this year?
Links 18/12/2024: EU Launches Probe Into TikTok (At Last!)
Links for the day
Links 18/12/2024: Doha/Qatar Trafficking, Bloat Comfort Zone, and Advent of Code 2024
Links for the day
Saving What's Left of Decent and Independent Journalism on the Web
We increasingly (over time) try to make local copies (hosted on our server) of important documents; it's hard to rely on third parties
[Meme] Microsoft's Latest Marketing Pitch
"Stop Being Poor; buy a new PC with TPMs"
In South Africa, a Very Large Nation, Web Developers Can Already Ignore Microsoft Browsers (Edge Measured Below 3% in 55 Nations)
The dumb assumption you must naively test with Microsoft browsers is no longer applicable in a lot of places
Open Source Initiative (OSI) is the Voice of Bill Gates and Satya Nadella
Not hard to see what they've done with the money
Microsoft Boasts That Its (Microsoft-Sponsored) "Open Source AI" Propaganda Got Cited in Media (That's Just What the Money Did)
This is a grotesque openwashing campaign
In Many Places Around the World, Perhaps as Expected, Yandex is Nearly Bigger Than Microsoft (Like in Several African Countries)
Microsoft may soon fall to "third place" in search
Keeping Productive This Christmas
We've (pre)paid for hosting till almost January 2026 and fully back on the saddle
IBM and Canonical Leave Money on the Table Because Microsoft Pays Them Not to Compete and Instead Market Windows, WSL, Microsoft 'Clown Computing', and TPMs
Where are the regulators?
Other Editors Who Agree "Hey Hi" (AI) is Just Hype But Won't Say So Publicly as It Might Upset Key Sponsors
Some media would gladly participate in a scam to make money
Brian Fagioli's Latest "Linux" Article Appears to be Fake
Another form of plagiarism/ripoff using bots?
IBM (and Red Hat) is a Patent Troll, Still Leveraging Software Patents to Extract Money Out of Other Companies by Suing Them
Basically, when it comes to patents, IBM is demonstrably part of the problem, not the solution
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 17, 2024
IRC logs for Tuesday, December 17, 2024
[Meme] When the People Who Falsely Accuse You of Pedophilia Turn Out to be Projecting
When you attack something or someone using falsehoods, as happens a lot to Richard Stallman (RMS), there's risk that the attacks will backfire, badly
In Some Countries, Such as Greece, Almost 80% of Windows Users Are on Vista 10 and About 85% Need to Move to GNU/Linux for Security Patches
Vista 11 was a failure
[Meme] They Don't Want the Public to Know What "Responsible Encryption" Really Means
They also blame "China" for their own back doors (because China learned how to exploit those)
The Linux Foundation's Certificate Authority (CA) Significantly and Suspiciously Raises the Number of Certificates It Issues (Quantity Increase/Inflation) by Lessening Their Lifetime in the Name of 'Security' (That Barely Makes Sense!)
LE made 3 months the "standard" for most, soon to become just 6 days instead of 6 months?
Why I Continue to Believe That at the End Software Freedom Will Win
a short and incomplete list of factors which I believe contribute to the sentiment that we can - and will - win the battles over hearts and minds in the "Tech" realm
Links 17/12/2024: More China Sanctions, GOP Scheming to Prop Up Fentanylware (TikTok)
Links for the day
Gemini Links 17/12/2024: The Streisand Effect and Productivity-systems Desiderata
Links for the day
Technology: rights or responsibilities? - Part X
By Dr. Andy Farnell
Links 17/12/2024: More "Tesla Autopilot" and "Hey Hi" (AI) Blunders
Links for the day
Instead of Promoting GNU/Linux (or Ubuntu) Ahead of Vista 10's EoL Canonical is Marketing Microsoft's Proprietary Software
It's like Canonical employs people who work for Microsoft, not for Canonical
Links 17/12/2024: Many Abuses by Microsoft and War Updates From Ukraine
Links for the day
Content Management Systems (CMS) Bloat/ Static Site Generators (SSG) Trouble
some Web site management stories
DEI Room at fedoraproject.org Pretty Much Dead
We're not against diversity but against its weaponisation by greedy people who do not value diversity at all
The "Latest Technology News" at BetaNews is Slop About Slop
This is at the very top of the "news" (front page) at the moment
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 16, 2024
IRC logs for Monday, December 16, 2024