Bonum Certa Men Certa

Links 21/7/2021: WordPress 5.8, Wine 6.13, and VirtualBox 6.1.24

  • GNU/Linux

    • Desktop/Laptop

      • Microsoft has its own Linux distribution. [Ed: They are missing the point of it and overlooking the fact that Microsoft continues to attack Linux from a number of fronts]

        The days when Microsoft CEO, the shy and retiring Steve Ballmer, called Linux cancer on the software industry, are really dead and buried – Vole now has its own Linux distribution which it is even telling people about.

    • Audiocasts/Shows

      • The Killer Feature Of Tiling Window Managers Isn't Tiling

        I often get people telling me that they don't see the point of using a tiling window manager. I think part of the problem is the name "tiling window manager".

      • Using Linux at work - KDE Edition

        This is an update on the Linux at work series I started a while ago! At the time, I was using elementary OS on a Huawei matebook 13, to work as a Product Owner. Since then, remote work became a lot more prevalent, and I also changed distros, and laptops, so let's see how I'm making Linux and KDE work as my primary OS, on my laptop, and desktop!

    • Kernel Space

      • Linux 5.12 Kernel Reaches End of Life, Upgrade to Linux Kernel 5.13 Now

        Released about three months ago, Linux kernel 5.12 introduced lots of goodies, including support for Playstation 5 DualSense and Nintendo 64 game controllers, eMMC inline encryption support, support for the Lenovo IdeaPad platform profile and the Lenovo ThinkPad X1 Tablet Gen 2, as well as a new memory-debugging tool called KFENCE.

        It also introduced initial support for zoned block devices to the Btrfs file system, LTO in Clang support, AMDGPU Freesync HDMI support, and many other cool features, but it’s now marked as EOL (End of Life) on the website, which means that it will no longer receive support upstream and that you must upgrade to a newer or LTS kernel as soon as possible.

      • Linux 5.13.4
        I'm announcing the release of the 5.13.4 kernel.

        All users of the 5.13 kernel series must upgrade.

        The updated 5.13.y git tree can be found at: git:// linux-5.13.y and can be browsed at the normal git web browser:


        greg k-h
      • Linux 5.12.19
      • Linux 5.10.52
      • Linux 5.4.134
      • Linux 4.19.198
      • Linux 4.14.240
      • Linux 4.9.276
      • Linux 4.4.276
      • Graphics Stack

        • AMD Posts Linux Graphics Driver Patches For "Cyan Skillfish"

          AMD posted a new patch series bringing up a new graphics processor, Cyan Skillfish.

          As usual, this is a Linux-focused codename for a yet-to-be-launched product with their naming convention of an X11 color name paired with a fish species.

          While yet to be launched, Cyan Skillfish isn't as exciting as some of the recent RDNA2 or CDNA GPUs. Cyan Skillfish is the support for a Navi (1x) graphics processor in a forthcoming APU.

        • Reverse-engineering the Mali G78

          After a month of reverse-engineering, we’re excited to release documentation on the Valhall instruction set, available as a PDF. The findings are summarized in an XML architecture description for machine consumption. In tandem with the documentation, we’ve developed a Valhall assembler and disassembler as a reverse-engineering aid.

          Valhall is the fourth Arm€® Maliâ„¢ architecture and the fifth Mali instruction set. It is implemented in the Arm€® Maliâ„¢-G78, the most recently released Mali hardware, and Valhall will continue to be implemented in Mali products yet to come.

        • Arm Mali "Valhall" Reverse-Engineering Started

          The Panfrost open-source Linux graphics driver stack has matured nicely for Arm Mali Midgard and Bifrost generations but for the past two years now there has been Valhall as the latest-generation Arm Mali microarchitecture. There is now work underway on reverse-engineering Valhall for ultimately wiring up with open-source graphics driver support.

          Panfrost lead developer Alyssa Rosenzweig commented today that reverse-engineering work has begun for Valhall with a focus on the Mali G78 in particular. This reverse engineering has been going on for just about one month but there is already some instruction set documentation made as well as an XML-based representation.

        • NVIDIA Brings Its RTX Tech To Linux On Arm

          When NVIDIA sets out to acquire a company, it doesn’t seem to waste any time to start producing custom product with the new IP access. After the company announced its plans to acquire Arm last fall, the company announced a full-fledged Arm-based supercomputer called Grace this past spring. Arm in the enterprise seemed likely, but did you expect to see the label “RTX” tied in with it, as well?

          At the ongoing Game Developers Conference, NVIDIA announced that it’s bringing RTX to Arm on Linux, which should result in a number of different types of devices adopting it. With the help of two tech demos, the company utilized MediaTek’s Kompanio 120 (eight-core with 1-3-4 config) and gave it a GeForce RTX 3060 to work with. With one demo, the fast-paced Wolfenstein: Youngblood was shown-off, utilizing both ray tracing and DLSS. You can check it running in real-time in the video below:

    • Applications

      • HandBrake 1.4.0

        HandBrake is an open-source, GPL-licensed, multiplatform, multithreaded video transcoder, available for MacOS X, Linux and Windows. Handbrake can process most common multimedia files and any DVD or BluRay sources that do not contain any kind of copy protection.

      • VirtualBox 6.1.24 Released with Support for Linux 5.13 and Ubuntu Specific Kernels

        VirtualBox 6.1.24 comes almost three months after version 6.1.22 to introduce support for the latest and greatest Linux 5.13 kernel series, for both hosts and guests. As you can imagine, this means that you can now run GNU/Linux distributions powered by Linux kernel 5.13 on virtual machines or install VirtualBox on a distro running Linux 5.13.

        For the first time, VirtualBox introduces support for kernels that are specific to a certain GNU/Linux distribution. In this release, there’s support for Ubuntu specific kernels, as well as kernels that are specific to the SUSE Linux Enterprise Server and Desktop (SLES/SLED) 15 SP3 (Service Pack 3) operating systems.

      • The best email client for Linux, Windows and macOS isn't Outlook

        I rely on email. In fact, it's my primary method of communication with the outside world. While most people are busy on Slack and other chat platforms, I still prefer email. Why? For one thing, I retain a digital trail of my communication. I can search through email threads to follow conversations with a single person (or multiple persons) with ease. Another reason is that I've been using email since the late '90s, so it's a very comfortable and familiar format.

        Does that mean I ignore chat and other types of communication platforms? Not at all. But for my primary method of communication with clients, editors and publishers, it's email all the way. It's easy, fast and always there. I don't have to worry about whether or not a recipient is online; they'll get the communication one way or another.

        But there is a slight problem. Which email client to use? There are quite a large number of apps available on every platform, and not every app is available for every operating system. You have Apple Mail for macOS, Outlook for Windows and macOS, Evolution for Linux, and a host of other possibilities. And for the longest time, everyone just assumed Microsoft Outlook was the single best email client on the planet.

        For anyone who's had to troubleshoot Outlook problems, you know just how bad that client can get when it's in a fussy mood. I've experienced Outlook problems so bad, the only way to solve the problem was a complete reinstall of the OS. Granted, that situation was not normal, but it is very indicative of what can go wrong with that particular email client. And although Apple Mail is a very good email application, its macOS-only limitation is problematic. I will go so far as to say if Apple Mail was available for Linux, macOS and Windows, it would probably wind up at the very top of this list.

    • Instructionals/Technical

      • How to Create Rust Virtual Environment Using Conda on Linux

        Conda is an open-source package management system and environment management system for installing multiple versions of software packages and their dependencies. It is mainly developed for Python and not tied to any specific programming language. Conda allows you to install many programming languages in multiple different environments.

        In this post, we will show you how to create Rust virtual environments using Conda in Linux.

      • How to Install the Latest HPLIP Driver in Ubuntu 20.04 [Fix Dependency Issue] | UbuntuHandbook

        Need the most recent HPLIP to get your HP printer or scanner working in Ubuntu? Here’s how to install guide as well as workaround to fix the python-pyqt5 dependency issue.

        HPLIP is an open-source Linux drivers for HP’s inkjet and laser printers. The project is initiated and led by HP Inc. While the package in Ubuntu repositories is always old, you can install the official binary to get new devices support.

        However, the most recent releases refuse to install in my Ubuntu 20.04 due to python-pyqt5 dependency issue. If you’re facing with the similar issue, then this tutorial may help!

      • Linux Essentials - Automatically mounting storage volumes with /etc/fstab

        In a previous video we went over the basics of storage, and in this episode of Linux Essentials, I'll show you how to automatically mount storage volumes when you boot your server.

      • Automatically bring up a SocketCAN interface on boot

        Working with Controller Area Network (CAN) on your Linux PC? Through the SocketCAN kernel modules, Linux supports CAN quite well. It can be a bit tricky though, to get your USB-to-CAN adapter configured and up-and-running. This tutorial not only explains how to bring up your SocketCAN network interface, it also shows you how to configure your Linux system to automatically bring up your SocketCAN network interface, each time you plug it in or boot up your Linux system.

      • How to Build a Package from Source in Linux - Make Tech Easier

        Besides its open-source nature, customizability is one of the other reasons many users love Linux: you can modify and configure almost every file to meet your specific needs and style. This includes the ability to rebuild a package from source.

        The ability to rebuild a package from the source can be beneficial to any Linux power user because it allows you to change packages, enable or disable a feature, or even apply custom modifications.

    • Wine or Emulation

      • Wine 6.13
        The Wine development release 6.13 is now available.

        What's new in this release (see below for details): - Proper scrollbar theming. - More work towards WinSock PE conversion. - Preparation work for the GDI syscall interface. - Some progress on the IPHLPAPI PE conversion. - Various bug fixes.

        The source is available from the following locations:

        Binary packages for various distributions will be available from:

        You will find documentation on

        You can also get the current source directly from the git repository. Check for details.

        Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list.
      • Wine 6.13 Released With Proper Scrollbar Theming, More PE Conversion

        The Wine project usually puts out new open-source development releases reliably every other week, but as is sometimes the case during the summer months, last Friday's was missed due to summer holidays. That update -- Wine 6.13 -- has now shipped today.

        Alexandre Julliard just issued the belated Wine 6.13 release. Among the changes this time around are now having proper scrollbar theming for Windows applications running in Wine, preparation work for the GDI system call interface, and more PE conversion work. There still is work going on the WinSock portable executable conversion and now on the IPHLPAPI PE conversion too.

    • Games

      • Ubisoft are keeping an eye on the Steam Deck, will release on it if it's big enough

        Today during the Ubisoft conference call where they discussed first-quarter 2021-2022 sales, Steam Deck got mentioned.

        It's an interesting one, since Ubisoft has pretty much left Steam behind in favour of other stores like the Epic Games Store. The Epic store doesn't support Linux, and Epic currently have no intention to do so. So unless people are expected to manually load up Windows to replace SteamOS, companies like Ubisoft would need to bring their games back to Steam to give users a good experience.

        During the conference call that we listened to today, a question was asked about the Steam Deck from one investor.

      • Space station building and management sim Starmancer confirmed for GOG

        The release of the fantastic space station building and management game Starmancer is getting ever closer, and now a GOG released has been confirmed today. It's been a while since the Kickstarter in 2018, which showed a hugely promising idea.

        Starmancer follows long after some sort of catastrophe on Earth with the remains of humanity having their brains uploaded into special memory banks. You're responsible for building up a sustainable station to enable supporting human life, which you end up growing in special pods to have a consciousness downloaded into.

        "Starmancer offers gameplay with consequences, a living sandbox environment, crafting, and managing the daily lives of colonists. Create a utopian society where everyone is well fed, happy, and safe. Or go rogue and figure out how many times a colonist can eat wheat before they go crazy. The choice is yours!"

      • DXVK-NVAPI 0.4 Released For Improving NVIDIA Integration Atop DXVK

        DXVK-NVAPI 0.4 is out today for improving the implementation of this NVIDIA driver public API interface (NVAPI) within DXVK for running Windows Direct3D games on Linux. DXVK-NVAPI 0.4 updates against the latest public NVAPI header files, now makes use of the NVIDIA Management Library (NVML) for querying various attributes on Linux, changes around log level options, and adds an optional test suite for helping to verify the NVAPI support.

      • The Nvidia Arm race has just put Microsoft, AMD, and Intel on notice

        Nvidia is paving the way for entirely GeForce-powered notebooks, potentially shoving Microsoft, Intel, and AMD aside in its quest for high-performance gaming laptops. The green team has now proven the power of both ray tracing and DLSS running in a Linux distro, on ARM-based silicon, with RTX graphics cards plumbed into them.

        And that should scare the crap out of everyone involved in the traditional Microsoft/x86 PC gaming monopoly.

        So yeah, it sure looks like GDC 2021 is kicking off with a bang, as Nvidia has today shown Wolfenstein: Youngblood running with ray traced reflections enabled, and DLSS in operation, on a system using an eight-core MediaTek CPU and an Nvidia RTX 3060 GPU.

      • Nvidia's ARM-Powered Linux RTX Demo Is a Warning Shot to x86, Microsoft
      • The Steam Deck Might Not Play All Games in Your Library

        As of now, the Steam Deck might play all of the games in the Steam Library, though the developers at Valve are working hard to make everything work.

        The Steam Deck is a portable gaming console. Its biggest selling point is its hardware specs capable of running even the most demanding PC games. So, if you’re the type of person who wants to play games on the go, this thing is ideal for you.

        That said, while there are many games to choose from, you might not get them running on this device.

      • Steam Deck SSD Replacement Possible on All Models

        Valve's upcoming handheld Steam Deck will allow its users to replace and upgrade its internal SSD with their own, although the company strongly recommends against it.

        The news was first brought to light by Valve's head Game Newell himself by responding to a redditor's inquiry about the system's SSD. The Steam Deck's website was later updated (spotted via VGC) to state that all models "use socketed 2230 m.2 modules (not intended for end-user replacement)."

      • Gadgets Weekly: Valve Steam Deck, Asus Chromebooks and more

        Out of the blue, Valve Corp on Thursday unveiled the company's first-ever hand-held gaming console Steam Deck, which competes directly with the popular Nintendo Switch series.

        The new Steam Deck sports wide 7.0-inch HD+ (1,280x800p) LCD panel with a 16:10 aspect ratio. It supports up to 60Hz display refresh rate, and offers close to 400 nits of peak brightness.

        Yes, the screen is touch-sensitive and also comes with an ambient light sensor, stereo speakers and a dual microphone array.

        Inside, it houses AMD's custom APU, optimized for handheld gaming. The APU's power ranges from 4W to 15W, which promises to deliver more than enough performance to run the latest AAA games very efficiently.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

      • GNOME Desktop/GTK

        • How Calls became a part of GNOME

          Since Purism’s philosophy and GNOME’s principles are closely aligned it is not far fetched to call them a match made in heaven.

          As you probably know the software stack in use on the Librem 5 is built upon GNOME technologies and has been designed by parts the GNOME Design Team.

          This is why we’re happy to officially announce that Calls will become a part of the GNOME project. Having a dialer application available shows that mobile is an important use case for GNOME. Furthermore this shows that we take upstreaming our development efforts and making them available to the wider community very seriously.

          The old repository has been archived and the new repository where development takes place can be found here while the packaging for PureOS can be found here.

          By moving to GNOME infrastructure we hope to generate more community interest around Calls.

    • Distributions

      • IBM/Red Hat/Fedora

      • Debian Family

        • Debian GNU/Linux 10 “Buster” Users Get New Linux Kernel Security Update, 4 Flaws Patched

          The new Linux kernel security update comes about three months after the previous kernel update and it’s here to address a total of four security vulnerabilities discovered by various security researchers in the upstream Linux 4.19 kernel series used by the Debian GNU/Linux 10 “Buster” operating system.

          The four security flaws patched in this kernel update are CVE-2020-36311, a vulnerability discovered in the KVM subsystem for AMD CPUs that could allow an attacker to cause a denial of service (soft lockup) by triggering the destruction of a large Secure Encrypted Virtualization (SEV) virtual machine.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Firefox May Have Lost Up to 12% Of Its Users So Far In 2021

            Firefox is the default web browser installed on most Linux distributions. It is a well-known browser by Mozilla that respects user privacy by design, and currently remains the only major web browser pushing for open web standards and community interest rather than giant corporations like Google, Microsoft or Apple.

            The existence of Firefox is important for the open source community. Both to prevent the monopoly of these corporations on the web and also to ensure a free and open source web browser (and engine!) remains accessible for end-users.

            However, Firefox has been recently struggling on many different fronts and on a number of issues and topics. We have covered a story in October, 2020 where Mozilla’s CEO was found to be getting a large $2.4M annual salary, while 25% of Mozilla’s workforce was let go because of financial issues at Mozilla. And yet, Mozilla is promoting initiatives to fight political ads, misinformation and “promote diversity” rather than fixing its own problems.

          • Spring Cleaning MDN: Part 1 [Ed: Mozilla is dead. And it is outsourcing to Microsoft proprietary software now.. Stick a form it it. Mozilla is a walking dead.]

            Most notably MDN now manages its content from a repository on GitHub. Prior to this, the content was stored in a database and edited by logging in to the site and modifying content via an in-page (WYSIWYG) editor, aka ‘The Wiki’. Since the big move, we have determined that MDN accounts are no longer functional for our users. If you want to edit or contribute content, you need to sign in to GitHub, not MDN.

      • SaaS/Back End/Databases

        • SQLite Extraction of Oracle Tables Tools, Methods and Pitfalls

          The SQLite database is a wildly successful and ubiquitous software package that is mostly unknown to the larger IT community. Designed and coded by Dr. Richard Hipp, the third major revision of SQLite serves many users in market segments with critical requirements for software quality, which SQLite has met with compliance to the DO-178B avionics standard. In addition to a strong presence in aerospace and automotive, most major operating system vendors (including Oracle, Microsoft, Apple, Google, and RedHat) include SQLite as a core OS component.

          There are a few eccentricities that may trip up users from other RDBMS environments. SQLite is known as a “flexibly-typed” database, unlike Oracle which rigidly enforces columnar datatypes; character values can be inserted into SQLite columns that are declared integer without error (although check constraints can strengthen SQLite type rigidity, if desired). While many concurrent processes are allowed to read from a SQLite database, only one process is allowed write privilege at any time (applications requiring concurrent writers should tread carefully with SQLite). There is no network interface, and all connections are made through a filesystem; SQLite does not implement a client-server model. There is no “point in time recovery,” and backup operations are basically an Oracle 7-style ALTER DATAFILE BEGIN BACKUP that makes a transaction-consistent copy of the whole database. GRANT and REVOKE are not implemented in SQLite, which uses filesystem permissions for all access control. There are no background processes, and newly-connecting clients may find themselves delayed and responsible for transaction recovery, statistics collection, or other administrative functions that are quietly performed in the background in this “zero-administration database.” Some history and architecture of SQLite can be found in audio and video records of Dr. Hipp's discussions.

          Despite these eccentricities, SQLite is likely a superior format for data exchange as opposed to CSV, XML, or even JSON, as indexes can be included, enabling recipients to perform high-speed queries in SQL92 without any preprocessing, licensing, or activation. SQLite’s conservative coding style and commentary is intended to benefit “future programmers who are not yet born,” and the on-disk database format has further been defined as a long-term storage standard by the Library of the U.S. Congress.

      • CMS

        • WordPress 5.8 Tatum

          Introducing 5.8 “Tatum”, our latest and greatest release now available for download or update in your dashboard. Named in honor of Art Tatum, the legendary Jazz pianist. His formidable technique and willingness to push boundaries inspired musicians and changed what people thought could be done.

          So fire up your music service of choice and enjoy Tatum’s famous recordings of ‘Tea for Two’, ‘Tiger Rag’, ‘Begin the Beguine’, and ‘Night and Day’ as you read about what the latest WordPress version brings to you.

      • FSF

        • Freedom moving forward: An overview of the FSF's history

          Our thirty-fifth birthday as an organization has given us the opportunity to think about the Free Software Foundation's (FSF) development over the years. More than thirty-five years of history is hard to bring together in a few sentences, so much so that even staff at the FSF sometimes have to do serious research into the exact dates that milestones occurred. This being the case, we realized it was high time to create an overview listing key points in the history of the FSF and GNU.

          Today we launched the FSF history timeline page which shows a clear overview of milestones for the organization, like when the GPLv3 was published, or when the first LibrePlanet conference took place.

        • Licensing/Legal

          • Our lawsuit against ChessBase

            The Stockfish project strongly believes in free and open-source software and data. Collaboration is what made this engine the strongest chess engine in the world. We license our software using the GNU General Public License, Version 3 (GPL) with the intent to guarantee all chess enthusiasts the freedom to use, share and change all versions of the program.

            Unfortunately, not everybody shares this vision of openness. We have come to realize that ChessBase concealed from their customers Stockfish as the true origin of key parts of their products (see also earlier blog posts by us and the joint Lichess, Leela Chess Zero, and Stockfish teams). Indeed, few customers know they obtained a modified version of Stockfish when they paid for Fat Fritz 2 or Houdini 6 - both Stockfish derivatives - and they thus have good reason to be upset. ChessBase repeatedly violated central obligations of the GPL, which ensures that the user of the software is informed of their rights. These rights are explicit in the license and include access to the corresponding sources, and the right to reproduce, modify and distribute GPLed programs royalty-free.

          • Stockfish sues ChessBase

            The Stockfish project, which distributes a chess engine under GPLv3, has announced the filing of a GPL-enforcement lawsuit against ChessBase, which has been (and evidently still is) distributing proprietary versions of the Stockfish code.

          • Are you compliant with open-source license obligations?

            A short answer is no. Your piece of software will not be open-source if it doesn’t have an open-source license. Under copyright law, such software is copyrighted by default, with all the restrictions that this implies.

            If you want anyone to use your code freely, you should ensure certain liberties commonly called “the four freedoms“. They say that OS software may be used, studied, modified, and distributed freely, as long as the license is respected.

            For the first three, there are no conditions of any kind; you are free to use, study, and modify the code for any purpose. If you move beyond that and decide to distribute your modified version (or the original), this is when open-source license compliance starts.

            Missing license texts are the number one cause of license infringement cases, which, as we’ve seen above, can lead to the loss of ownership rights and enforcement actions such as an interim injunction.

      • Programming/Development

        • Python

          • The data worker's guide to psiphiorrhea

            A dataset I recently audited had a record for a marine specimen observed at latitude 6.47457312, longitude -52.5741239, depth 103.8799973 metres. I've changed the coordinates (but not their number of decimal places) to protect the data owner's privacy.

            While those coordinates aren't as impressive as the -33.8903169365705 151.198409720645 I blogged about in 2019 for a huge building in Sydney, Australia, they still specify the specimen's underwater location €±0.55 millimetres in latitude. And the depth measurement is €±0.00005 millimetres.

            I suspect that the marine recorder might be afflicted with psiphiorrhea. I concocted this word (pronounced siff-ee-oh-REE-uh) from Greek roots meaning "digit or numeral" and "flux". In the same way that someone who talks far too much is exhibiting logorrhea, or excessive word-iness, someone who uses far too many digits in their numbers is exhibiting psiphiorrhea, or excessive digit-iness.

  • Leftovers

    • Science

      • Not only is Hubble back online after outage, it's already taking photos of the cosmos ● The Register

        The Hubble Space Telescope is back in action doing what it does best – capturing stunning images of the universe – after more than 50 NASA engineers worked hundreds of hours to get the instrument working again.

        After activating redundant components within the orbiting observatory on Friday to clear a hardware glitch, the telescope has been able to use its sensors again. NASA released two photos of oddball galaxies Hubble snapped over the weekend: one depicting two galaxies intersecting each other, and the other showing a large spiral galaxy with three arms.

    • Integrity/Availability

      • Proprietary

        • China says Microsoft hacking accusations fabricated by US and allies [Ed: Well, it is the fault of Microsoft that holes exist]
        • US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach
        • Security

          • Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

            A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been unearthed by researchers.

          • New Linux kernel bug lets you get root on most modern distros
          • Nasty Linux systemd security bug revealed

            Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system. The patch is available, and you should deploy it as soon as possible.

          • How IBM i Fits Into a Zero-Trust Security Framework [Ed: Authored by IBM shill funded by IBM]

            One of the hot new trends in cybersecurity these days is the zero-trust security model. Instead of implicitly trusting network traffic behind the firewall, zero-trust demands that traffic have explicit permission to be there. But how does that model work with the strange beast known as IBM i? IT Jungle recently sat down with PJ Kirner, the CTO and co-founder of zero-trust software provider Illumio, to find out.

            Illumio is an eight-year-old venture-backed startup based in Sunnyvale, California, that is working in the field of zero-trust security. It develops an offering, called Illumio Core, that allows companies to begin implementing the zero-trust security model in their own data centers.

            It’s a fairly radical shift in philosophy, Kirner says. “There’s a mentality change from ‘I trust everything’ to . . . ‘I need a policy enforcement point of some sort everywhere, not just in the one place at the boundary of two things,'” he says.

            When fully built out, an IT estate with an active zero-trust security model will resemble a party where only invited guests are allowed in. Building from a whitelist, or “allow list,” is starkly different than starting with a blacklist, or an “exclude list,” Kirner says. “If you start by saying just these two things are not allowed to talk, well, that’s a whole bunch of implicit trust around everything else,” he says.

            Illumio, which recently added support for IBM i systems, begins every zero-trust security engagement by making a map of network traffic behind the firewall. Illumio develops software that does this mapping, which can be quite illuminating in its own right.

          • New Windows 10 vulnerability allows anyone to get admin privileges
          • The virus rears its ugly head....

            There is a virus going around. We thought we were winning the battle against it, but powerful forces and events have allowed it to raise its ugly head and cause unforeseen additional hardship. People thought that it was not so bad, they did not listen to reason and take the precautionary measures necessary to protect themselves. In letting down their guard they were unprepared and unprotected. After months of machines being turned off, software licenses (with their expiration dates never “dormant”) are up for renewal. Many companies, educational institutions and public buildings (like libraries) are turning on their Wintel PCs for the first time in over a year and finding that they need to renew their licenses, not only for what is called an operating system on their computer, but also for many of the closed source, proprietary add-on software packages that owners purchased in a wild attempt to make their hardware somewhat useful.


            This variant is called “Windows 11”, and the creator of it seems to be unable to tell you how much havoc it will create for you. Does it run on your otherwise great hardware? You have a decent processor, a lot of RAM, and you bought it just two or three years ago….but it might not run Windows 11.

          •'s Huawei watchdog says firm made 'no overall improvement' on firmware security but won't say why

            Huawei has made "no overall improvement" in software engineering processes for its UK telecoms equipment's firmware, its GCHQ overseers have warned.

            The Huawei Cyber Security Evaluation Cell (HCSEC) oversight board's annual report for 2020 was noticeably less critical than in previous years – but still says Huawei is dragging its feet in key areas.

          • Northern Train's ticketing system out to lunch as ransomware attack shuts down servers

            Publicly owned rail operator Northern Trains has an excuse somewhat more technical than "leaves on the line" for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count.

            "Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken offline," a spokesperson for Northern Trains confirmed to the The Register.

          • Fortinet's security appliances hit by remote code execution vulnerability

            Security appliance slinger Fortinet has warned of a critical vulnerability in its products that can be exploited to allow unauthenticated attackers full control over the target system - providing a particular daemon is enabled.

            The vulnerability, discovered by Orange Group security researcher Cyrille Chatras and sent to Fortinet privately for responsible disclosure, lies in the FortiManager and FortiAnalyzer software running atop selected models in the company's FortiGate security appliance family. Should a particular daemon be enabled, the company admitted, a remote attacker can gain full control.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Romanian Linux Cryptojacking Cybercriminals Spotted [Ed: This is classic FUD as it's not a Linux issue but a weak password issue]

              Since at least 2020, an active threat organization based in Romania has been running a cryptojacking operation against Linux-based machines using the Golang-based SSH brute force, according to The Hacker News. The campaign's objective is to infect Linux systems with Monero mining applications.

          • Privacy/Surveillance

            • India IT minister denies illegal use of NSO Pegasus spyware

              Indian IT Minister Ashwini Vaishnaw has denied the nation illegally used the NSO Group's Pegasus spyware, but hasn't denied that India used it.

              The existence of Pegasus is not news. But over the weekend, Amnesty International, French outfit Forbidden Stories and a dozen publications around the world alleged the software has been widely misused to target media, dissidents, and other individuals, and that NSO Group's assertions its products are only used in the cause of national security are insincere at best.

    • Environment

      • Wildlife/Nature

        • Thousands of penguins crowding near Ukrainian polar station

          Ukrainian polar explorers recorded large waddles of penguins near the Antarctic station "Academician Vernadsky". "This July, our polar explorers recorded extremely large winter waddles of penguins: hundreds and thousands of individuals have a rest on different islands within a radius of 20 km from the station, and hundreds of penguins that eat can be observed in the water at the same time. These are mostly sub-Antarctic penguins (Gentoo) or Adélie penguins," the National Antarctic Scientific Center of Ukraine posted on Facebook.

Recent Techrights' Posts

Canonical Works for Microsoft
Where are the antitrust regulators or CMA?
[Meme] 10 Years Down the New Career System (NCS) and What it Did to Our Collegiality
New from SUEPO, the staff union of the EPO
[Chart] Chromebooks in Micronesia Grew at the Expense of Microsoft Windows
As of today...
Angola: Microsoft Windows Down From 98% to 12%
Africa is "lost territory" for Microsoft colonialism
No News Drought in Techrights
Leaving my job after almost 12 years also contributes to available time for research and publication
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: Targeting My Wife
In my view, it is a form of overt sexism
The Campaign to 'End' Richard Stallman - Part II - Scaring People Who Produce Videos in Support of Stallman
There are allegations of threats, defamation, and censorship
Links 30/05/2024: Public Domain and Kangaroo Courts
Links for the day
Links 30/05/2024: Microsoft Layoffs Back in Headlines, RISC-V and Standards
Links for the day
Gemini Links 30/05/2024: A Lonely Friend and Deletion of Old Posts
Links for the day
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: In Summary
Some high-profile examples of defamation include Linus Torvalds, Richard Stallman...
Death Valley
The truth can be twisted
[Meme] UEFI 'Secure' Boot's Model of Security
Lion cage with people
Climbing a Tall Mountain for 2 Decades
In Web terms, 20 years is a very long time. Very few sites (or a small proportion of the whole) make it to 20.
If You're Going to Concern-Troll "Linux" Make Sure You Actually Use It (Or Tried It)
Concern-trolling has long been a key ingredient of GNU/Linux Fear, Uncertainty, and Doubt
The Serial Strangler From Microsoft is About to Be Served Court Papers
You can run, but you cannot hide
The Campaign to 'End' Richard Stallman - Part III - The Reddit Mob (Social Control Media Controlled, Steered or Commandeered by Wall Street)
This is totally reminiscent of what authoritarian regimes do
Caged by Microsoft
Are you telling me that preventing people from booting their Linux is security?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 29, 2024
IRC logs for Wednesday, May 29, 2024
Linus Torvalds Mocked "Cloud Native" in His Latest Talk (Arguing It's Just Hype), 'Linux' Foundation 'Research' (Marketing) Chooses Proprietary Software to Query Its Adopters
The name "Linux" is overused, abused, even grossly misused
Links 29/05/2024: More Arrests of Regime Critics and Hate Crimes
Links for the day
Brittany Day ( Now Leverages Microsoft Chatbots to Promote Microsoft Propaganda Disguised as "Linux"
What Brittany Day does is an attack both on the Web and on Linux
[Meme] Don't Trust Users to Boot Their Own PCs?
UEFI 'secure' boot
Links 29/05/2024: Hack The Box, Why I Left Healthcare, and Chatbots as Health Risk
Links for the day
Gemini Links 29/05/2024: BESM Retro Second Edition and Itanium Day
Links for the day
Azerbaijan: Microsoft Falls From 99.5% to Almost Nothing or Less Than 20% (Windows Down Sharply, GNU/Linux Surges)
Based on statSounter
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 28, 2024
IRC logs for Tuesday, May 28, 2024
The Campaign to 'End' Richard Stallman - Part I - Two Canceled Talks in a Row?
RMS has left Europe, so the concept of "delayed" talk is facetious or deeply cynical
An "Efficient Windows 11 Experience" is Removing a Text Editor (Less than 5 Megabytes in Size) and Adding Chatbots That Require a New PC/Datacentre
Vista 11 24H2 update removes WordPad
On Desktops/Laptops in Andorra Windows Fell to Less Than Half, 20% If One Counts Mobile as Well
And this is a European country
[Meme] 3 Years Later
If you're going to start a fight, make sure you can handle it
When You Leave a Bad Employer and Move on to Better Things
Perhaps my main mistake was not resigning from my job sooner
No, Your Site Likely Does Not Need WordPress
I was one of the first users of WordPress
GNU/Linux in Cameroon: Rising Steadily While Windows Falls From 99% to Just 6%
If one also counts mobile (mostly Android)
Monkey See, Monkey Share
on deprivation of users
From 0.17% to 10% or More (GNU/Linux in Dominica)
Dominica isn't well known, but it does seem to have embraced Chromebooks in recent years
Links 28/05/2024: Tensions in East Asia, UK Mandatory National Service
Links for the day
Gemini Links 28/05/2024: NetCrawl and Living in Lagrange
Links for the day
Guardian Digital, Inc ( Handed Over Its Web Site to Chatbots That Generate SEO Garbage
They need to be called out on it
statCounter Sees Microsoft Windows at Below 1% in American Samoa
Not even 1%!
Windows Down to 60% of Guam's Desktops/Laptops and Down to a Quarter Overall
No wonder Microsoft is panicking
Today in UEFI 'Secure' Boot Debates (the Frog is Already Boiling and Melting)
Over at LQ today
[Meme] A "Modern" Web's Message in a Bottle
So-called 'security'
Brittany Day: Still Chatbot Slinging, Producing Fake 'Articles' About "Linux"
random garbage produced (and censored) by Microsoft
Almost 4k Gemini Capsules, 5th Anniversary Only Weeks Away
The Web will continue to deteriorate
Microsoft: $1 Million a Day for Contempt of Court Orders (Justice Department)
Microsoft behaves as if it's 100% exempt from laws
Catbodia? In Cambodia, Microsoft's Windows Fell to All-Time Low of Less Than a Quarter.
Cambodia is leaving Microsoft behind
[Meme] Deadnaming
Guess who uses a name that was deprecated well over a decade ago?
[Meme] 'Secure' Boot in a Nutshell
Ask Microsoft if it is "safe" to boot Linux
New Press Report Explains Microsoft Severance and Quiet (Undisclosed) Layoffs
Some people will call this "loophole", whereas others will opine that it is outright illegal (but kept secret to circumvent scrutiny)
Global South is Android/Linux (Windows Era Has Come to an End Already)
I've decided to take a quick glance at South American trends for all operating systems
[Meme] Unified Patent Troll
Unified Patent Court remains illegal and unconstitutional
The European Patent Office is Sinking
Officials (or national delegates) at the European Patent Organisation have long been warned about this (by staff representatives from the European Patent Office), but they ignored the warnings
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: Targeting Guest Writers (Intimidation)
Some high-profile people have told me that the serial defamer is a "monster" (their word), so why would Neil Brown wish to help him?
Summer in the Air
We have a good pace going on owing to health, positivity, inertia and good software tools
GNU/Linux Activity in Belize
From an economic point of view, Microsoft needn't worry about Belize, but when it comes to preserving the Windows monopoly/monoculture Belize matters
Links 28/05/2024: Back to MP3, NVIDIA Sued by Authors
Links for the day
Gemini Links 28/05/2024: Bad Beach and TLS
Links for the day
Microsoft Windows Fell From 100% to Just 7.5% in Sierra Leone
Based on statCounter
In Benin, Microsoft's Windows Fell Below 10%, GNU/Linux Surged to 6% or Higher on Desktops/Laptops
That's nearly 7% - a lot higher than the average in Africa
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 27, 2024
IRC logs for Monday, May 27, 2024