Bonum Certa Men Certa

Links 1/10/2021: LLVM 13.0.0 Release and Linux Mint Plans



  • GNU/Linux

    • Desktop/Laptop

      • System76 readies high-end Oryx Pro Linux laptops with Tiger Lake-H processor and Nvidia RTX dGPU options

        System76 is introducing its first high-end Linux-based customizable laptop dubbed the Oryx Pro. This model packs powerful components in a relatively slim case (238-265 mm profile) and offers the signature open source firmware with GPLv3 license code that grants users total control over the iGPU, GPU, keyboard, cooling system and battery.

        The Oryx Pro is powered by the Intel Core i7-11800H 8-core / 16-thread processor with integrated 32 EU UHD Xe graphics, which can be coupled with up to 64 GB of DDR4-3200 RAM plus up to 4 TB of NVMe PCIe 4.0 SSD storage via two M.2 slots. Users can opt for a15.6-inch or 17.3-inch display with FHD resolution, 144 Hz refresh rate and matte coating. There is also a choice between the Nvidia RTX 3070 and 3080 dGPUs. System76 mentions that these are the Max-Q versions, but does not specify the exact wattage, unfortunately. Nevertheless, there is a MUX switch, so the dGPU can be exploited to its full capacity. As far as the operating system is concerned, users can choose among the proprietary Pop!_OS 21.04 or 20.04 versions and the Ubuntu 20.04 LTS. Accessories include an external DVD-RW drive, mechanical switches for the keyboard (shipping in November), plus carrying bags for each size.

      • Red Hat / Fedora To Focus On Driving New Linux Video Improvements Around PipeWire

        PipeWire from the start was designed around handling the needs of both audio and video streams on Linux. While PipeWire is already in use for screencasting/recording under Wayland and working with Flatpak'ed applications, recently much of PipeWire's focus has been on addressing the use-cases of JACK and PulseAudio on the sound side. Now that the audio support is in quite good shape, Red Hat engineers are back to focusing on improvements to the video support.

        As part of bolstering the Linux multimedia stack, Red Hat is going to be working on a fresh round of video feature work to PipeWire led by its founder Wim Taymans. In particular, the area they will be focusing on is improving the video capture support on Linux.

      • PipeWire and fixing the Linux Video Capture stack

        PipeWire has already made great strides forward in terms of improving the audio handling situation on Linux, but one of the original goals was to also bring along the video side of the house. In fact in the first few releases of Fedora Workstation where we shipped PipeWire we solely enabled it as a tool to handle screen sharing for Wayland and Flatpaks. So with PipeWire having stabilized a lot for audio now we feel the time has come to go back to the video side of PipeWire and work to improve the state-of-art for video capture handling under Linux. Wim Taymans did a presentation to our team inside Red Hat on the 30th of September talking about the current state of the world and where we need to go to move forward. I thought the information and ideas in his presentation deserved wider distribution so this blog post is building on that presentation to share it more widely and also hopefully rally the community to support us in this endeavour.

    • Audiocasts/Shows

      • A First Look At Q4OS 4.6 With The Plasma Desktop - Invidious

        In this video, I'm going to take a look at the recently released Q4OS 4.6, codenamed "Gemini." Q4OS is a fast and friendly, desktop oriented operating system based on Debian 11 Testing. Q4OS now uses the Plasma desktop as its default.

      • LHS Episode #432: The Weekender LXXIX

        It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

      • Hackaday Podcast 138: Breakin’ Bluetooth, Doritos Rockets, Wireless Robots, And Autonomous Trolling | Hackaday

        Hackaday editors Elliot Williams and Mike Szczys peruse the great hardware hacks of the past week. There’s a robot walker platform that wirelessly offloads motor control planning to a computer. We take a look at automating your fishing boat with a trolling motor upgrade, building the Hoover dam in your back yard, and playing Holst’s Planets on an army of Arduini. Make sure you stick around until the end as we stroll through distant memories of Gopher, and peek inside the parking garages of the sea.

    • Kernel Space

      • Rust Concurrency Philosophy: A Historical Perspective

        At first glance, Rust's concurrency philosophy resembles that of Sequent's DYNIX and DYNIX/ptx in the 1980s and early 1990s: "Lock data, not code" (see Jack Inman's classic USENIX'85 paper "Implementing Loosely Coupled Functions on Tightly Coupled Engines", sadly invisible to search engines). Of course, Sequent lacked Rust's automatic checking, and Sequent's software engineers made much less disciplined use of ownership than Rust fans recommend. Nevertheless, this resemblance has resulted in some comparisons of Rust with the DEC Alpha, which had a similar concurrency model.

        Interestingly enough, DYNIX and early versions of DYNIX/ptx used compile-time-allocated arrays for almost all of its data structures. You want your kernel to support up to N tasks? Very well, build your kernel to have its array of N task structures. This worked surprisingly well, perhaps because the important concurrent applications of that time had very predictable resource requirements, including numbers of tasks. Nevertheless, as you might expect, this did become quite the configuration nightmare. So why were arrays used in the first place?

        To the best of my knowledge, the earliest published complete articulation of the reason appeared in Gamsa et al.'s landmark paper "Tornado: Maximizing Locality and Concurrency in a Shared Memory Multiprocessor Operating System". The key point is that you cannot protect a dynamically allocated object with a lock located within that object. The DYNIX arrays avoided deallocation (or, alternatively, provided a straightforward implementation of type-safe memory), thus allowing these objects to be protected with internal locks. Avoiding the need for global locks or reference counters was an important key to the performance and scalability prized by Sequent's customers.

      • Rusting the Linux Kernel: Atomics and Barriers and Locks, Oh My!

        LKMM is not the most complex memory model out there, but neither is it the simplest. In addition, it is in some ways more strict than the C/C++ memory models, which means that strict adherence to coding guidelines is required in order to prevent compiler optimizations from breaking Linux-kernel code. Many of these optimizations are not localized, but are instead scattered hither and yon throughout the compilers, including throughout the compiler backends. The optimizations in the backends are a special challenge to Rust, which seems to take the approach of layering safety on top of (or perhaps within) the compiler frontend. Later posts in this series will look at several pragmatic options available to Rust Linux-kernel code.

        There is one piece of good news: Compilers are forbidden from introducing data races into code, at least not into code that is free of undefined behavior.

        With all of that out of the way, let's look at Rust's options for dealing with Linux-kernel atomics and barriers and locks.

    • Applications

      • Can Linux Run Windows EXE Files?

        Users who have recently migrated from Windows to Linux often wonder if they can run Windows apps and programs on their new system. The answer to this affects a user's perspective of Linux in general, since operating systems should be easy to use and at the same time, welcoming to the idea of running different file formats.

        A straightforward answer to the question is—Yes. You can run EXE files and other Windows programs on Linux, and it's not as complicated as it sounds.

        By the end, you'll have a brief understanding of executable files, along with different ways to run said programs on Linux.

      • The best VPN for Linux for 2021 [Ed: How many of these links are just sponsored?]
    • Instructionals/Technical

      • How To Install Apache Maven on Debian 11 - idroot

        In this tutorial, we will show you how to install Apache Maven on Debian 11. For those of you who didn’t know, Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model, Maven can manage a project’s build, reporting, and documentation from a central piece of information.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Apache Maven on a Debian 11 (Bullseye).

      • How To Install PIP on Debian 11 Linux – TecAdmin

        Pip is a popular package management tool for Python. It allows the Python developers to install and manage additional Python libraries in their applications. This is a similar application to nvm for Node.js and composer for PHP. Pip stands for Preferred Installer Program.

        Rather than a package management utility, Pip can create a completely isolated environment for the Python application. In this tutorial, you will learn about the installation of Pip on the Debian 11 Linux system.

      • How To Install Samba File Sharing Server on Linux System

        The Samba file-sharing server of the SMB, in short, is an open-source file-sharing server specially designed for Linux systems. It allows sharing files among client PCs from a hosted server. It’s not a conventional FTP server type server, and it does not require hosted files for the client users. You can use the Samba file-sharing server on Linux to access the Windows files over a network. Samba can be used for both personal and business usage. In Samba, users get both read and write permission for file accessing. They can change, revise, edit files over the server, and the changes go live immediately. In a word, using the Samba for sharing files with clients with access permission is hassle-free and strong in Linux.

      • How To Voice Video Calls on XMPP and Matrix Made Simple

        This tutorial explains how to quickly voice and video call with friends and family using XMPP and Matrix telecommunication services. This tutorial's aimed for people who want easy calls without technical knowledge especially school teachers and computing beginners. Thus, we will use Movim and Schildi via web browser so we can call everywhere both on desktop and mobile. Let's do it.

      • How to Access Clipboard (Copy & Paste) History in Ubuntu via GPaste | UbuntuHandbook

        For those doing copy & paste actions frequently in Ubuntu Linux, GPaste remembers the clipboard history and allows to find them easily via few click.

        The clipboard is the place to store the text, image, file path and all the stuff that you last copied (or cut). The content in clipboard will be overwritten once you do another copy & paste action. So, when you trying to find out what you’ve copied earlier, a clipboard manager will be helpful.

      • How to Install and Set Up PM2 on Linux Servers

        Deployment is one of the most crucial and conclusive stages of software development. A proper deployment strategy is vital in delivering the best experience to your users while utilizing your services efficiently. However, this process also brings its own set of challenges with it.

        Node.js, the open-source JavaScript runtime, is a popular choice for building the backend infrastructure of your application by allowing you to run JavaScript outside web browsers. But what if your Node.js application crashes in production? Find out how you can avoid such scenarios in this article.

      • How to enable server-side FastCGI caching with Nginx and PHP – VITUX

        Nginx is an open-source and high-performance web server that can be used to speed up content and application delivery. Nginx enhances security, improves scalability, and also can be used as a high availability load balancer. It can be used as a reverse proxy and one of the most important uses of Nginx is content caching. One of the best approaches is to use Nginx as content caching. In this article, we will discuss Nginx FastCGI content caching for better performance of websites.

      • 4 Ways to Hide Desktop Icons in Ubuntu - Make Tech Easier

        If hiding the top bar and side panel isn’t enough, and you want everything removed from your Ubuntu desktop, then you’d probably also like to get rid of those pesky icons on its surface. Read on to learn how you can hide desktop icons in Ubuntu.

    • Wine or Emulation

      • Wine, Windows programs, and gaming on Debian GNU/Linux. The XBOX 360 controller is “just working” now!

        PC gaming, for me, is sort of a hit or miss thing.

        Even though Wine (If you’re feeling cheeky, the “Linux Subsystem for Windows”) and, for that matter, Steam with Proton, a Wine fork optimized for gaming, have advanced a lot.

        I use laptops, and the only way to get a GPU upgrade with a laptop is to buy a new laptop.

        (Well, external GPUs are becoming more of a thing, but I’m not really sure where the GNU/Linux support stands on that, and if it would mean a proprietary driver, no thanks anyway.)

        Anyway, even up to a couple of years ago, controllers under Wine were dicey and even getting an XBOX 360 controller to be recognized involved terrible hacks involving a userspace driver, blacklisting a kernel module (xpad), and then installing an XBOX 360 controller emulator program for Windows in Wine so you could map the output of the actual hardware to an emulated version of the controller, which would send it along to video games.

        What a pain in the ass! I mean, not as much of one as installing a GNU/Linux distribution in the 90s with winmodems and having to tell X your modelines, under pains and penalties of potentially frying your computer monitor. (How uncivilized!). Modern GNU/Linux should be no more difficult than a small tweak here, a tweak there, and you’re done. At it’s very worst, no problem is likely to come up that would be worse than something that could come up under Windows.

    • Games

      • Maintenance release: Godot 3.3.4

        While we're busy working on both the upcoming Godot 4.0 and 3.4 releases (with a dev snapshot for 3.4 beta 5 available now), we still cherry-pick important bug fixes to the 3.3 branch regularly for maintenance releases (see our release policy).

        Godot 3.3.3 was released a month ago, and a handful of important fixes have been queued in the 3.3 branch since then. Most notably, users of the GDScript LSP in Visual Studio Code have been experiencing crashes in 3.3.3, which are fixed in this new Godot 3.3.4.

        Note: Version numbers can be confusing with three branches worked on in parallel - this release is 3.3.4, i.e. a maintenance update to the 3.3 branch. This is not the upcoming 3.4 feature release.

        Godot 3.3.4, like all future 3.3.x releases, focuses purely on bug fixes, and aims to preserve compatibility. It is a recommended upgrade for all Godot 3.3 users.

      • Steam Next Fest is live again with demos, livestreams and more | GamingOnLinux

        It's that time again! From now until October 7 you get to try out various new demos on Steam, watch developer livestreams and much more.

        This is another wonderful chance to test out various games before they see a full release. For the games included in the event, they are supposed to be releasing somewhere between October 7, 2021 and May 1, 2022 so even if you find something you like it might be a while before you get to see the full complete thing.

    • Distributions

      • Arch Family

        • First Arch Linux ISO Powered by Linux Kernel 5.14 Is Now Available for Download

          That’s right Arch Linux fans, Arch Linux 2021.10.01 is up for grabs as I am writing this and it comes with Linux kernel 5.14 by default. The ISO image includes Linux 5.14.8 as default kernel since the recently released Linux 5.14.9 kernel is still in the Testing repos.

          Linux kernel 5.14 is the latest kernel branch available for GNU/Linux distributions, bringing new features like a much-enhanced AMDGPU graphics driver for AMD GPU users, much-improved EXT4 and F2FS filesystems, the core scheduling functionality to better protect your computers against some of those Spectre vulnerabilities, as well as some goodies for ARM 64-bit (AArch64) and RISC-V users.

      • Debian Family

        • Deepin 20.2.4 integrates global desktop search

          Barely a month and a half have passed since its previous launch and is here Deepin 20.2.4 , a smaller version than the Chinese distribution takes advantage of to introduce a new feature, as well as a maintenance update to use.

          If you are already using Deepin 20 and keep your system updated, you don’t have to do anything else, because you are up to date, but if you want to install the distribution from scratch, Deepin 20.2.4 is the recommended one at the moment. Although the truth is that we would have to go back a little earlier, to the launch of Deepin 20.2 , the latest regular version until what seems like a conscious change in development and releases.

          In summary, Deepin 20.2 was followed by Deepin 20.2.1 only with corrections, and since then the versions that have followed have been dedicated to applying patches, but also new features of relative importance, but one by one. Thus, Deepin 20.2.2 introduced a new application store with support for Android applications; Deepin 20.2.3 did the same with integrating OCR support to extract text from images …

          … And Deepin 20.2.4 launches what its developers have called an ” effective global search “, a new search function with which “quickly find the information you want”, they have in the official announcement . And what does this effective global search consist of? In what you imagine.

      • Canonical/Ubuntu Family

        • Linux Mint 20.3 is named 'Una' and Debian Edition (LMDE) 5 is called 'Elsie'
          Back in July, we shared with you that Linux Mint 20.3 would be released around Christmas. Unfortunately, that was pretty much all we knew about the upcoming version of the Ubuntu-based operating system. Thankfully, today, the developers give us some more details.

          Not only do we now know the name of Linux Mint 20.3, but the moniker of the upcoming Linux Mint Debian Edition (LMDE) 5 too. Following Mint's tradition of only using female names, the former will be named "Una," while the latter shall be called "Elsie."

        • Linux Mint 20.3 due by Christmas and project's website receives a fresh look

          Clem Lefebvre, head of the Linux Mint project, has announced that the next version of Linux Mint, version 20.3, will be available by Christmas in three flavours – Cinnamon, MATE and Xfce. The new update is codenamed Una which is just one letter away from the codename of the current version, Uma. Accompanying today’s news, the project updated its website so that it looks modern and is easier to use.

          In its announcement, the Mint team said the upcoming version will have improved themes, for example, the titlebars of applications will be made larger allowing for larger buttons and making them easier to grab and move around. Further, they have been given rounder corners so they look more pleasant.

        • Monthly News – September 2021

          The new website is now fully ready and live on https://www.linuxmint.com. It looks minty, it works on all devices and it looks modern. It also does a better job than before at welcoming newcomers, explaining what Linux Mint is, why people love it and how to install it.

          It took longer than expected but the job is done and we’re glad we took the time to finally do it. I’d like to thank all the people who sent us feedback and who helped us with it.

          The website no longer shows ads and this blog announcement is no longer showing the community sponsors. These were tough decisions to take because they immediately reduce our income but they also make Linux Mint look more serious and professional. We’re hopeful they’ll help us grow in the long term and we’ll generate enough to not worry about it.

          We received a lot of positive feedback since the website went live so we know you really like it! I know we can’t please everybody and taste is subjective but for most people this is a very welcome change. Personally I remember how amazing the previous website looked when it was made in 2009, but what looked amazing then just simply looks outdated now. Although I grew attached to it since it represented part of our identity during these many years, getting the opportunity to redesign it during this development cycle was a relief and I’m very happy with the result. We are a modern operating system. We use Linux because it’s better, not because it’s free or because it’s old or because it didn’t embrace controversial design changes. We use it because it’s fast, because it works, because it does what we want. It was important for our website to not only convey these ideas but to look modern as well.

        • Chihuahua-sized robot dog developed

          The little quadruped was designed by MangDans in collaboration with Stanford Pupper.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Anti-cheat works on Linux, Firefox stumbles again, and HDR support - Linux news - September 2021 - Invidious

            This time, we have Red Hat hiring for HDR support on Linux, Firefox making more controversial decisions, and support for Linux from the major anti cheat providers, among a LOT of other linux gaming news.

          • Addressing gender-based online harms in the DSA [Ed: Mozilla spends money on politics and lobbying while firing actual engineers]

            Last year the European Commission published the Digital Services Act (DSA) proposal, a draft law that seeks to set a new standard for platform accountability. We welcomed the draft law when it was published, and since then we have been working to ensure it is strengthened and elaborated as it proceeds through the mark-up stage. Today we’re confirming our support for a new initiative that focuses on improving the DSA with respect to gender-based online harm, an objective that aligns with our policy vision and the Mozilla Manifesto addendum.

            An overarching focus of our efforts to improve the DSA have focused on the draft law’s risk assessment and auditing provisions. In order to structurally improve the health of the internet ecosystem, we need laws that compel platforms to meaningfully assess and mitigate the systemic risks stemming from the design and operation of their services. While the draft DSA is a good start, it falls short when it comes to specifying the types of systemic risks that platforms need to address.

          • MDN Web Docs at Write the Docs Prague 2021 [Ed: Mozilla does not mention the awful tragedy of outsourcing to to proprietary software of Microsoft, an attack on the Web itself]

            The MDN Web Docs team is pleased to sponsor Write the Docs Prague 2021, which is being held remotely this year. We’re excited to join hundreds of documentarians to learn more about collaborating with writers, developers, and readers to make better documentation. We plan to take part in all that the conference has to offer, including the Writing Day, Job Fair, and the virtual hallway track.

          • Superhero passwords may be your kryptonite wherever you go online [Ed: So Mozilla wants your passwords. Should you trust it?]

            A password is like a key to your house. In the online world, your password keeps your house of personal information safe, so a super strong password is like having a superhero in a fight of good vs. evil. In recognition of Cybersecurity Awareness month, we revisited our “Princesses make terrible passwords for Disney+ and every other account,” and took a look to see how fortified superhero passwords are in the fight against hackers and breaches. According to haveibeenpwned.com, take a look at the how many times these superhero passwords have showed up in breached datasets....

          • How to delete your jQuery Reject Plugin in 1 easy step.

            In my last post on testing Chrome version 100, I encouraged everyone to flip on that flag and report bugs. It’s with a heavy heart that I announce that Ian Kilpatrick did so, and found a bug.

            [...]

            Also, if you happen to work on any of the following 1936 sites using this script, you know what to do (pick option Roman numeral 3, just to be super clear).

          • The Mozilla Blog: Analysis of Google’s Privacy Budget Proposal [Ed: The person who wrote it receives his salary from Google via Mozilla]

            Fingerprinting is a major threat to user privacy on the Web. Fingerprinting uses existing properties of your browser like screen size, installed add-ons, etc. to create a unique or semi-unique identifier which it can use to track you around the Web. Even if individual values are not particularly unique, the combination of values can be unique (e.g., how many people are running Firefox Nightly, live in North Dakota, have an M1 Mac and a big monitor, etc.)

            This post discusses a proposal by Google to address fingerprinting called the Privacy Budget. The idea behind the Privacy Budget is to estimate the amount of information revealed by each piece of fingerprinting information (called a “fingerprinting surface”, e.g., screen resolution) and then limit the total amount of that information a site can obtain about you. Once the site reaches that limit (the “budget”), further attempts to learn more about you would fail, perhaps by reporting an error or returning a generic value. This idea has been getting a fair amount of attention and has been proposed as a potential privacy mitigation in some in-development W3C specifications.

          • Niko Matsakis: Dyn async traits, part 2

            In the previous post, we uncovered a key challenge for dyn and async traits: the fact that, in Rust today, dyn types have to specify the values for all associated types. This post is going to dive into more background about how dyn traits work today, and in particular it will talk about where that limitation comes from.

            [...]

            Early on in Rust, we debated whether dyn DoTheThing ought to implement the trait DoTheThing or not. This was, indeed, the origin of the term “dyn safe” (then called “object safe”). At the time, I argued in favor of the current approach: that is, creating a binary property. Either the trait was dyn safe, in which case dyn DoTheThing implements DoTheThing, or it was not, in which case dyn DoTheThing is not a legal type. I am no longer sure that was the right call.

      • SaaS/Back End/Databases

        • PostgreSQL 14 Ships with Improved Performance for Heavy Workloads

          The PostgreSQL team released the PostgreSQL 14 database, providing users of the widely deployed relational database with new features.

          PostgreSQL, also known as “Postgres”, is an open-source, object-relational database management system. It has been around for over 30 years and advertises itself as “the most advanced open-source relational database in the world”. It is developed by a worldwide team of volunteers and it is quite popular due to its stability and advanced features.

          PostgreSQL is perceived as a go-to solution for performing complicated, high-volume data operations. That’s because PostgreSQL is better at handling extraordinary database situations. Additional points that set PostgreSQL apart are the fact it is object-relational, ACID-compliant, highly concurrent, and offers NoSQL support. And the latest PostgreSQL 14 makes things even better.

      • LibreOffice on Chromebooks and Apache/OpenOffice

        • How to install LibreOffice 7.2 on a Chromebook

          Today we are looking at how to install LibreOffice 7.2 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

          If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

        • Apache Month in Review: September 2021

          Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in September [video highlights available]...

        • This Week In Security: OpenOffice Vulnerable, IOS Vulnerable, Outlook… You Get The Idea | Hackaday

          We start this week with a good write-up by [Eugene Lim] on getting started on vulnerability hunting, and news of a problem in OpenOffice’s handling of DBase files. [Lim] decided to concentrate on a file format, and picked the venerable dbase format, .dbf. This database format was eventually used all over the place, and is still supported in Microsoft Office, Libreoffice, and OpenOffice. He put together a fuzzing approach using Peach Fuzzer, and found a handful of possible vulnerabilities in the file format, by testing a very simple file viewer that supported the format. He managed to achieve code execution in dbfview, but that wasn’t enough.

          Armed with a vulnerability in one application, [Lim] turned his attention to OpenOffice. He knew exactly what he was looking for, and found vulnerable code right away. A buffer is allocated based on the specified data type, but data is copied into this buffer with a different length, also specified in the dbase file. Simple buffer overflow. Turning this into an actual RCE exploit took a bit of doing, but is possible. The disclosure didn’t include a full PoC, but will likely be reverse engineered shortly.

          Normally we’d wrap by telling you to go get the update, but OpenOffice doesn’t have a stable release with this fix in it. There is a release candidate that does contain the fix, but every stable install of OpenOffice in the world is currently vulnerable to this RCE. The vulnerability report was sent way back on May 4th, over 90 days before full disclosure. And what about LibreOffice, the fork of OpenOffice? Surely it is also vulnerable? Nope. LibreOffice fixed this in routine code maintenance back in 2014. The truth of the matter is that when the two projects forked, the programmers who really understood the codebase went to LibreOffice, and OpenOffice has had a severe programmer shortage ever since. I’ve said it before: Use LibreOffice, OpenOffice is known to be unsafe.

        • All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) [Ed: How many still use OpenOffice instead of LibreOffice]

          Venturing out into the wilderness of vulnerability research can be a daunting task. Coming from a background in primarily web and application security, I had to shift my hacking mindset towards memory corruption vulnerabilities and local attack vectors. This two-part series will share how I got started in vulnerability research by discovering and exploiting code execution zero-days in office applications used by hundreds of millions of people. I will outline my approach to getting started in vulnerability research including dumb fuzzing, coverage-guided fuzzing, reverse engineering, and source code review. I will also discuss some management aspects of vulnerability research such as CVE assignment and responsible disclosure.

      • FSF

        • FSF job opportunity: Outreach and communications coordinator

          The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity with a worldwide mission to protect computer user freedom, seeks a motivated and organized Boston-based individual to be our full-time outreach and communications coordinator.

          Reporting to the executive director, the outreach and communications coordinator works closely with our campaigns, licensing, technical, and operations teams to plan, write, edit, publish, and promote high-quality, effective materials, both digital and printed. These materials are a critical part of advancing the FSF's work in support of the GNU Project, free software adoption, copyleft licensing, and freedom on the Internet; and against Digital Restrictions Management (DRM), software patents, and proprietary software. Nearly every publication from the FSF goes through this public-facing position, tying together our work across various constituencies.

      • Programming/Development

        • LLVM 14.0.0 Release Notes€¶

          This document contains the release notes for the LLVM Compiler Infrastructure, release 14.0.0. Here we describe the status of LLVM, including major improvements from the previous release, improvements in various subprojects of LLVM, and some of the current users of the code. All LLVM releases may be downloaded from the LLVM releases web site.

          For more information about LLVM, including information about the latest release, please check out the main LLVM web site. If you have questions or comments, the LLVM Developer’s Mailing List is a good place to send them.

          Note that if you are reading this file from a Git checkout or the main LLVM web page, this document applies to the next release, not the current one. To see the release notes for a specific release, please see the releases page.

        • LLVM 13.0 Released With Official Flang Binary Packages, Improved OpenCL Clang Support - Phoronix

          LLVM 13.0 was tagged overnight as the latest half-year update to this widely-used, very powerful open-source compiler stack.

          LLVM 13.0 is now available with many features that accumulated over the course of the summer. Some of the LLVM 13 highlights include:

          - Flang as the Fortran front-end is now included in the official LLVM binary packages.

        • Giant Working NERF Gun Runs On Tiny Arduino | Hackaday

          Well, here it is: a shoe-in for the new world’s largest NERF gun. (Video, embedded below.) The Guinness people haven’t shown up yet to award [Michael Pick], but at 12.5 feet, this baby is over twice as long as the current record holder, which belongs to former NASA mechanical engineer Mark Rober and his now-puny six-foot six-shooter.

          We have to wonder if it is technically bigger than the six-shooter, because they seem to be roughly the same scale, except that [Michael] chose a much bigger model to start from. The main body is made from wood, and there are a ton of 3D-printed details that make it look fantastically accurate. The whole thing weighs over 200 pounds and takes at least two people to move it around. We especially love the DIY darts that [Michael] came up with, which are made from a PVC tube inside a section of pool noodle, topped off with a 3D printed piece for that distinctive orange cap.

        • Minimalist Timer Counts Down With LED Matrix | Hackaday

          Looking for something with a bit more style than the traditional kitchen timer, [Martin Jonasson] decided to take the last couple of months to design and build his own take on the idea using a rotary encoder, 16×9 LED matrix, and a Teensy 2.0 microcontroller. Were there better things he could have spent that time on? Possibly. But you probably wouldn’t have been reading it about it here, so we won’t trouble ourselves with such thoughts.

        • Canonical: What is an IoT marketplace?

          The Internet of Things (IoT) ecosystem is expanding at a rapid rate, with the number of devices growing every year. The increase in physical hardware being manufactured multiplies the amount of software needed to perform various functions on new platforms. There are a range of IoT use cases, including voice-controlling the lights in your home, monitoring air pollution, or the parking feature of a self-driving car. With various entities publishing specialised software for all these use cases (and many more), it can often be time-consuming to compare possible solutions. For somebody interested in working on an IoT project but unsure where to start, it can be difficult to discover the software you need. An IoT marketplace, as a centralised platform for IoT applications, can help to solve these issues.

          [...]

          Often, using an IoT marketplace allows you to easily choose and install the software you want in one place. Thus, you don’t need to research the software you want to install, then navigate to the company page that owns that software, to search for individual download pages to then install the software you want in a non-standard way. Was the software pre-packaged and available for click-to-install? Would you need to extract the contents of the downloaded folder and run the installer in the terminal? This time-consuming process can all be optimised by using an IoT marketplace like the Snap Store.

        • Read and write XML files with wxWidgets

          XML files are a perfect choice for storing the settings of your wxWidgets cross-platform application. Confused about how to use the wxWidgets classes to read and write XML files? No worries. In this hands-on tutorial, you’ll learn how to read and write XML files with wxWidgets, using the classes wxXmlDocument, wxXmlNode and wxXmlAttribute. We’ll expand a previously presented wxWidgets template application, such that it stores its application window dimensions in an XML file.

        • QML Runtime features: part 1

          This post is a refresher about some features of the qml binary that is installed along with the Qt SDK, which should help to explain why we now prefer to use it, rather than older tools like qmlscene and qmlviewer.

        • Red Hat Pushing Microsoft Proprietary Software

          • SQL Server on Red Hat Enterprise Linux at Data Platform Virtual Summit 2021 [Ed: IBM only cares about money]

            At this year's Data Platform Virtual Summit (DPS) 2021, I was honored to present "Monitoring SQL Server on Linux performance with Performance Co-Pilot and Grafana." In this post I'll cover some of the topics I touched on during my talk and include some suggestions for DBAs who might be new to Linux.

        • Java

          • New Red Hat Developer e-book: Quarkus for Spring Developers

            Red Hat Developer has published Quarkus for Spring Developers, a comprehensive, 149-page e-book introducing Quarkus to Java developers, with a focus on helping people familiar with Spring make the transition. This includes the Spring Framework and Spring Boot, and any other modules within the Spring ecosystem.

            While Java continues to be one of the most widely used programming languages for building applications, Java developers often struggle to make their applications smaller and faster to meet modern computing requirements.

            Quarkus is designed to help.

  • Leftovers

    • What a car’s cabin air filter looks like after nobody has changed it in 19 years. – BaronHK's Rants

      I got a 2003 Chevy Impala from mom a couple of years ago for free because it needed all kinds of work.

      One thing that every car owner should know how to do themselves is change their engine and cabin air filters, because it’s not that hard and over the years they will plug up and could cause the systems they protect to malfunction or work less than ideally.

      But shops charge $70 and up for a cabin air filter job sometimes and $40 and up for an engine air filter. Since these should be replaced so often, the jobs can get really expensive. Not changing the cabin air filter can result in a dysfunctional HVAC system or damage to it’s components, weird smells, restricted air flow, and has some impact on gas mileage as the engine has to runthis system. Then it’s even more expensive.

    • Hardware

      • Pixel Pump Pick & Place Positions Parts Precisely | Hackaday

        You’ve finally decided to take the plunge and build a board with surface-mount parts. After carefully dispensing the solder paste with a syringe, it’s time to place the parts. You take up your trusty tweezers and reach to grab a SOIC-14 logic IC—only there’s not a great way to grab it. The IC is too long to grab one way and has leads obstructing the other. You work around the leads, drop the IC into place, and then pick up an 0402 resistor. You gently set the resistor into your perfectly dispensed solder paste, pull the tweezers away, and the resistor has stuck to your slightly magnetic tweezers. [Robin Reiter] realized that hobbyists and small manufacturers needed a better way to assemble their surface-mount designs, so he’s building the Pixel Pump Pick & Place, an open-source vacuum assembly tool.

    • Integrity/Availability

      • Proprietary

        • Security

          • Security updates for Friday

            Security updates have been issued by Debian (curl, krb5, openssl1.0, and taglib), Fedora (cifs-utils), SUSE (libqt5-qtbase and rubygem-activerecord-4_2), and Ubuntu (linux-raspi, linux-raspi-5.4 and linux-raspi2).

          • Baby’s Death Alleged to Be Linked to Ransomware [Ed: This happens on a much grander scale due to Microsoft]

            Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby’s death.

            A U.S. hospital paralyzed by ransomware in 2019 will be defending itself in court in November over the death of a newborn, allegedly caused by the cyberattack.

            As the Wall Street Journal reported on Thursday, the baby’s mother, Teiranni Kidd, gave birth to her daughter, Nicko Silar, on July 16, 2019, without knowing that the hospital was entering its eighth day of clawing its way back from the attack.

          • A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death

            When Teiranni Kidd walked into Springhill Medical Center on July 16, 2019, to have her baby, she had no idea the Alabama hospital was deep in the midst of a ransomware attack.

          • A Death Due to Ransomware

            What will be interesting to see is whether the courts rule that the hospital was negligent in its security, contributing to the success of the ransomware and by extension the death of the infant.

          • Privacy/Surveillance

            • Locked In Your Home

              What brand is your home? Do you live in a Google, Apple, or Amazon house? Because in a modern “smart home” you may choose only one, and that choice locks you into dependence on only that vendor and its approved partners for any future appliances and home gadgets. Your “AI” voice assistant may talk to you, but it won’t talk to its competitors.

              [...]

              With the current trajectory, the smart home will become much like your phone–under a single vendor’s control, not yours. They will get to choose which appliances integrate, which services they use for your voice queries, and what happens to your personal data. If they do something you don’t like, it will be even harder (and more expensive) to switch to a competitor than it already is with a phone or laptop.

              Fortunately it’s not too late to change the current situation. If there is any hope for a smart home where you hold the keys, it must start with open standards for how devices communicate. Only then is there a space where truly open alternatives to Big Tech smart home gadgets can exist for the average consumer outside of do-it-yourself electronics projects.

              There is an effort underway with the industry organization Matter to create such standards but like with other industry standards membership and compliance is voluntary. Consumers should pressure existing smart home companies to comply with open standards and vote with their wallet. For our part, we will continue our work to build alternatives that don’t lock you in, based on our Social Purpose commitment to protect people’s privacy, security and freedom.

            • PhishLabs spying on my WordPress blog?

              WordPress gives me a list of where people link to my blog from, and today I noticed some company called PhishLabs. Including directly through from their main site and from a “threatintel” subdomain.

              It appears to be owned by Gartner, and claims that they do “digital brand and reputation management”, but I’m unable to determine exactly what they mean by this.

              I’ve had a WordPress blog before and I know that as soon as you start criticizing big corporations, they have these firms they hire to monitor blogs, figure out if what you’re saying is a “threat” to their brand, and from there….I don’t know what they want exactly.

    • Monopolies

      • Patents

        • Not a class ACT: the so-called App Association is simply an Apple Association and does NOT represent app developers' interests in fair distribution terms [Ed: Microsoft AstroTurfing groups recycled]

          Enough is enough. While I have previously agreed, and may in the future agree, with ACT | The App(le) Association on some patent policy questions, its pro-Apple advocacy in the App Store antitrust context--which I already mentioned in May--gets worse by the month. Judges, policy makers, and journalists should see that lobbying scheme for what it is.

          Three months ago, New York-based attorney David Cohen wrote a blog post entitled "On Deceptive Apps and Practices: Unmasking the ACT App(le) Association." Mr. Cohen was rightfully astonished when he saw ACT claiming to speak on small businesses' behalf at a Federal Trade Commission (FTC) hearing. I trust he will not attempt to assert any copyright against me for borrowing the term "App(le) Association" from him, and I appreciate that he quoted me in the aforementioned post.

          [...]

          In other words, Apple was using its mouthpiece named ACT to tell the media that Apple should continue with its stranglehold on app developers large and small. In reality, there's not a single app developer out there who truly thinks Apple's death grip is a good thing--and if any make public declarations to the contrary (which are few and far between), it's because they expect (which doesn't necessarily mean they've been promised) Apple to reciprocate that favor in some form or another.

          If ACT respected not only itself but also, more generally, human intelligence, it would have realized that when the New York Times exposes an apparent lack of credibility and legitimacy, it's over. I mean, seriously, the NYT paragraph I quoted above should have given them and their other backers pause. Apple stops at nothing to defend its iOS app distribution monopoly, but other companies should be profoundly concerned that this App Store propaganda effort also discredits ACT's work on other issues, such as SEPs, regardless of whether those positions may be correct.

        • [Older] On Deceptive Apps and Practices: Unmasking the ACT App(le) Association



          The ACT App Association should really be called the ACT Apple Association. It was founded in 1998 by Microsoft as a lobbying arm utilizing smaller player’ as a front to support its defense against antitrust charges on both sides of the Atlantic. Over the years, it remained a vehicle for Big Tech interests. Although hard to find (and strategically placed off the members’ page), if you scroll all the way down this page you see the ACT App(le) association’s main sponsors are Apple, Microsoft, Intel, Verizon, and AT&T (other recent sponsors have included Facebook, Oracle, and eBay).

          I have written about this “hide behind a supposed app association” charade last year. Since then, we’ve seen real app developers fight for their lives in the Epic Games vs. Apple litigation. However, the ACT App Association filed an amicus brief in support of… Apple (!), and its blog similarly takes Apple’s side. So why is an “app association” opposed to app developers’ interests?

          [...]

          I hope the FTC understands why the association’s small app developers supposedly support Apple in the Epic v. Apple litigation, why these app developers supposedly care so strongly about standards essential patents (although app developers are never required to take SEP licenses), or how these app developers have the resources to support a 22-employee trade association. The answer is easy. It’s because the ACT App(le) Association represents Apple, Microsoft, Intel, Verizon and AT&T – not app developers.

          Also misleading is the Association’s claim at last week’s hearing to represent “thousands of small business software application development companies…located across every state in America.” The Association’s membership page lists thirty entities. Ten of these are European entities surprisingly listed without websites. The remaining ones include a venture capital company, a marketing company, a design company, and at least one entity that appears to be out of business. It is unclear how the remaining dozen or so entities amount to “thousands of small [app developers] … located across every state in America.”



Recent Techrights' Posts

In Malta, Android/Linux Has Overtaken Microsoft Windows (According to statCounter)
statCounter milestone?
 
Microsoft Falls Further and Closer Towards 10% (Windows "Market Share") in Kuwait
more countries entering the "single-digit Windows" (under 10%) club
Gemini Links 15/07/2024: Antenna's Pro-Hamas Bias Revisited and Old Computer Challenge
Links for the day
[Video] Julian Assange, Over One Decade Ago, Cautioning About What the Internet Had Truly Become
video is not new
Antenna Abuse and Gemini Abuse (Self-hosting Perils)
Perhaps all this junk is a sign of Gemini growing up
Homage to Malta
Malta is probably easy for Microsoft to bribe
IRC at 16
Logging has been used for us and against us
Links 15/07/2024: China’s Economic Problems, Boeing Under Fire
Links for the day
500 Days' Uptime Very Soon
Good luck doing that with Windows...
Windows Falls Below 20% in Tunisia
A month ago we wrote about GNU/Linux in Tunisia
Links 15/07/2024: Google Wants Wiz and Why "Sports Ruin Everything"
Links for the day
Gemini Links 15/07/2024: Old Computer Challenge and Sending Files via NNCP
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 14, 2024
IRC logs for Sunday, July 14, 2024
Debian History Harassment & Abuse culture evolution
Reprinted with permission from Daniel Pocock
Microsoft Windows Down to 23% in Spain
the rate of change is noteworthy
[Meme] It Is Not About Empowerment, It's About Optics for Bigots and Businessmen
Truth hurts
Truth is Always Truth
Desperate efforts to suppress the truth resulted in even worse chaos and some people are going to pay for it
Android Surges to New Highs in Georgia, Windows Plunges to 30% (It Was 99% in 2012)
Until 2012 almost all Web requests there came from Windows
Another Casualty of the 'GAI' Ponzi Scheme: Most of the News Cycle and News Sites
accelerated death of journalism
Empowering Predators Who Fancy Exercising Control Over Women (Using Corporate Money)
Remember this when Google talks about diversity, women etc.
GNU/Linux Continues Its Rapid Growth in July, Today We Look at Belgium
Again, a word of caution: statCounter isn't a perfect yardstick
Links 14/07/2024: Goldman Sachs Says 'Advanced' or 'Generative' Hey Hi (AI) is Just Hype, Thoughts on Negatives
Links for the day
GNOME Foundation Welcomes Dolly
It didn't work out with Molly and Holly
Links 14/07/2024: Perils for AI PC Hype Train, Further Attacks on Freedom of the Press
Links for the day
A Response to Bill Maher's Senseless Attacks on Julian Assange and Wikileaks
published a few hours ago
The List of Sites or Sources for Linux News is Getting Shorter Over Time (Despite GNU and Linux Steadily Growing in Usage)
A lack of publishing begets lack of educated, informed population (a return to Dark Ages where rulers leverage mass ignorance)
The Number of Web Servers Has Gone Down
Cloud fatigue deux?
[Meme] GNOME Foundation's Relationship With Women
Lots more coming soon, so stay tuned
The Smugness of "I'm a Journalist"
Attacking women for expressing their opinions (for example, about the abuse they received) isn't unprecedented
It Takes No Courage to Become Another Corporate Stooge
transition to spam
Why Techrights Has Just Programmatically Blacklisted ZDNet
Even their "Linux" writers are AWOL
Gemini Links 14/07/2024: The Stress of 24/7 Notifications and FOSS tools for Sipeed Tang Nano 1K
Links for the day
Windows Already Down to 10% in Lao (It was 96% a Decade and a Half Ago), Vista 11 Adoption Has Stalled
And GNU/Linux is topping a 1-year high in Loa
IRC Proceedings: Saturday, July 13, 2024
IRC logs for Saturday, July 13, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Links 13/07/2024: Patent Trolls in UK Court of Appeal, Eric Schmidt Continues so Show Womanising at Google
Links for the day
Links 13/07/2024: Not Quite Dead Yet After All and Unfederated E-mail
Links for the day
Holly Million, GNOME Foundation departure after Albanian whistleblower revelations
Reprinted with permission from Daniel Pocock
Julian Assange’s Brother Gabriel Shipton Explains the Logistics of 'Smuggling' Julian Out of the United Kingdom
a lot of new information and prison stories
[Meme] Like They Got Rid of Molly (and Now Holly)
Pay over 100,000 dollars a year for someone without any background in tech (to "lead" a tech project)
Microsoft Windows Falls to Almost 10% in Palestine (It Was Measured at 100% Just 15 Years Ago)
quite a big drop
Guardianship of the Licence is Not Enough (the Case of Systemd and Microsoft)
Whether the GPL gets enforced or not, if people adopt lousy software, that will have negative consequences
Speaking Out and Spreading the Message of GNU
Free Software Foundation (FSF) got 112 new members since 2.5 weeks ago
[Video] Why Wikileaks Publishing War-Related Documents Was Both Important and Justified
It's important to remember the principle which says privacy is for the powerless, whereas the powerful (like those with the power to kill) deserve not privacy but transparency
3.5 Years in Gemini
It's important to speak about and spread the word (about software freedom, BSD, GNU/Linux, patents etc.) in a medium that's strategic and growing
[Meme] Whoever in GNOME Decided to Attack the G (GNU), It Was a Foolish Miscalculation
How could they expect any outcome other than GNOME's own collapse?
Windows Down to Unprecedented Low in Czech Republic, Android Rises to New Record
From 98% in July 2009 (15 years ago) Windows is down to all-time low of 38% and well below Android
GNOME Foundation Lost Nearly a Million Dollars in 2 Years, IBM and GAFAM Won't Bail It Out Anymore
Seems like a suicide mission
Google News Has Become a Big Pile of Garbage
The issue predates chatbots, but these SEO tricks were accelerated somewhat by slop
OpenAI and ChatGPT Could Very Well Collapse and Shut Down Later This Year (Huge Losses, Sagging Usage Levels, and Massive Debt)
we illuminate the suppressed observations that Microsoft-sponsored publishers and cheaply-made slop (LLM spew disguised as "news") try to distract from
[Meme] Attacking the "G" in GNOME (Since 2009) Was a Mistake
Spending 50,000 pounds to sue women of racial minority
Difficult Times in GNOME Foundation
GNOME Foundation is in "crisis management" or "face-saving" or "damage control" mode
Links 13/07/2024: TikTok Interferences, YouTube Throttled in Russia
Links for the day
Kathy Lette on Julian Assange Staying at Her Attic, Why His Release Matters So Much, and Jen Robinson Staying Over Yesterday
They talk a lot about politics, but the segment mentions publishers, including Rushdie
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 12, 2024
IRC logs for Friday, July 12, 2024
Microsoft Windows Down to a New Low in Canada (Only a Third)
Very steep decline a decade ago