Bonum Certa Men Certa

Links 1/10/2021: KaiOS 3.0 and Xfce Update

  • GNU/Linux

    • Audiocasts/Shows

    • Kernel Space

      • Another system update adventure with RAUC, Barebox & Yocto Project - Bootlin's blog

        After experiencing both SWupdate and Mender in the past we recently got the opportunity to work with another update framework for embedded systems called RAUC.

        This time the choice of RAUC as system upgrade framework was mainly motivated by the Phytec IMX6 board ecosystem which is based on both Barebox and Yocto Project. Indeed RAUC and Barebox are both developed by Pengutronix and both are designed to provide a complete and homogeneous solution that will be introduced in this post.

      • Paul E. Mc Kenney: So You Want to Rust the Linux Kernel?

        There has been much discussion of using the Rust language in the Linux kernel (for example, here, here, and here) and 2021 LInux Plumbers Conference had a number of sessions on this topic, as did Maintainers Summit. At least two of these sessions mentioned the question of how Rust is to handle the Linux-kernel memory model (LKMM), and I volunteered to write this blog series on this topic.

        This series focuses mostly on use cases and opportunities, rather than on any non-trivial solutions. Please note that I am not in any way attempting to dictate or limit Rust's level of ambition. I am instead noting the memory-model consequences of a few potential levels of ambition, ranging from "portions of a few drivers", "a few drivers", "some core code" and up to and including "the entire kernel". Greater levels of ambition will require greater willingness to accommodate a wider variety of LKMM requirements.

    • Benchmarks

      • Fedora Server 35 Performance Looking Good - Initial Benchmarks With Intel Xeon Ice Lake

        Given this week's release of Fedora 35 Beta I have begun my benchmarking to look at how this next installment of Fedora Linux is shaping up given that it tends to be at the forefront of open-source innovations given Red Hat's investments. For our initial F35 benchmarking is looking at the Fedora Server 35 Beta performance compared to Fedora 35 on a dual Intel Xeon Platinum 8380 server.

        This initial testing is quite straight-forward and from the same Intel Xeon Platinum 8380 "Ice Lake" reference platform, Fedora 34, Fedora 34 with all stable release updates, and Fedora 35 Beta were carried out for seeing how this H2'2021 Linux distribution release update is looking. The stable release of Fedora 35 is currently expected for the end of October.

    • Applications

      • Video Trimmer – quickly trim videos

        Video editing is the process of editing motion video footage. In the new age of personal video, video editing is becoming a central function of the desktop, with the popularity of video editing software ever increasing.

        Any self-respecting operating system that has ambitions on becoming the dominant force on the desktop therefore needs to have a good selection of video editing software. Video sharing websites such as YouTube are now enormously popular with hundreds of thousands of new videos uploaded every day.

      • MAKE MORE with Inkscape – Stroke Fonts

        Inkscape, the most used and loved tool of Fedora’s Design Team is not just a program for doing nice vector graphics. With vector graphics (in our case SVG) a lot more can be done. Many programs can import this format. Also, Inkscape can do a lot more than just graphics. The last article of this series showed how to design embroidery with Inkscape and the extension Ink/Stitch. This time, several extensions for Inkscape will be examined. All are helpful for working with so called Stroke or Hershey Fonts.

        Inkscape version 0.91+ includes an extension called Hershey Text – Extensions > Text > Hershey Text. This extension brings a small set of Stroke Fonts or Hershey Fonts. If you try testing all of the extensions Inkscape comes with, you might get to this one and ask yourself, “What is it for? It just renders text?”

    • Instructionals/Technical

      • How to Install GitLab on Debian 11

        GitLab is a free and open-source DevOps platform that allows teams to iterate faster and innovate together. It is a web-based tool developed by GitLab Inc. It is very similar to GitHub and provides a Git repository manager providing wiki, issue-tracking, and continuous integration and deployment. GitLab community edition is available absolutely free for development and production environment.

        In this tutorial, I will show you how to install GitLab with Nginx and Let's Encrypt SSL on Debian 11.

      • How to Install & Create a VM on VirtualBox with Pop!_OS 20.04 - LinuxCapable

        VirtualBox is a free and open-source hypervisor for x86 and x86-64 virtualization, which the Oracle Corporation develops. The software targets users wishing to create virtual environments for servers and desktops that allow users and administrations to run multiple guest operating systems on a single computer for either testing methods or production use. VirtualBox may be installed on Windows, macOS, Linux, Solaris, and OpenSolaris.

        In the following tutorial, you will learn how to install VirtualBox on your Pop!_OS 20.04 desktop, along with creating a new Virtual Machine from scratch.

      • How to Install Tor Browser on Pop!_OS 20.04 - LinuxCapable

        Tor, also known as The Onion Router, is open-source, free software that enables anonymous communication when using online services such as web surfing. The Tor network directs the Internet traffic through an accessible worldwide volunteer overlay network with over six thousand relays and continues to grow. Many users want to find more ways to keep their information and activities anonymous or at least as private as possible, which has led to Tor Browser growing quite popular in recent years as it conceals a user’s location and usage from anyone conducting network surveillance or traffic analysis.

        The Tor network is intended to protect the personal privacy of users and their freedom and ability from conducting communication without having their activities monitored, and data were taken without their consent and used to sum it up.

        In the following tutorial, you will learn how to install the latest Tor Browser on Pop!_OS 20.04.

      • How to Add a User to Sudoers on Linux Mint - LinuxCapable

        When installing Linux Mint, the user account that was created during the initial setup has sudo rights. However, there may be a need to add additional sudo users or to remove the access. This is a straightforward process with a few commands.

        In the following tutorial, you will learn to add a user to the sudoers group on any current Linux Mint system.

      • How To Install Telnet on Ubuntu 20.04 LTS - idroot

        In this tutorial, we will show you how to install Telnet on Ubuntu 20.04 LTS. For those of you who didn’t know, Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network using a client-server protocol to establish a connection. Telnet listens to all the requests by the user usually on TCP port 23, but you can change it accordingly.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Telnet on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • What is Shebang in Linux Shell Scripting?

        The seemingly insignificant #! characters at the beginning of a shell script has a major significance on how your script will be executed.

      • What Nodes are broken? | Adam Young’s Web Log

        While I tend to think about the nodes in OpenStack term, the people that physically move the servers around are more familiar with their IPMI address. We have several nodes that are not responding to IPMI requests. Some have been put into the manageable state, some are in error.

      • Legible Error traces from openstack server show | Adam Young’s Web Log

        If an OpenStack server (Ironic or Nova) has an error, it shows up in a nested field. That field is hard to read in its normal layout, due to JSON formatting. Using jq to strip the formatting helps a bunch

      • Debugging a Clean Failure in Ironic | Adam Young’s Web Log

        My team is running a small OpenStack cluster with reposnsibility for providing bare metal nodes via Ironic. Currently, we have a handful of nodes that are not usable. They show up as “Cleaning failed.” I’m learning how to debug this process.

    • Games

      • Cyberpunk speedrunner platformer Aeon Drive is out now starring Kira Buckland | GamingOnLinux

        Developer 2Awesome Studio has released Aeon Drive, a cyberpunk themed platformer with a speedrunning theme.

        Aeon Drive stars Jackelyne, a space ranger desperate to get home. Voiced by actress Kira Buckland, who is best known for the voice of 2B in Nier: Automata, Reimi Sugimoto in JoJo's Bizarre Adventure: Diamond Is Unbreakable, Trucy Wright in the Ace Attorney series, and Hiyoko Saionji in the Danganronpa series (and a lot more). Armed with a power sword and teleportation dagger, Jackelyne must dash through the neon-infused metropolis of Neo Barcelona, using time and space-bending abilities to find all the drive cores to fix her ship - and save the city from doom.

      • Steam is doing another Tabletop Fest starting October 21 all about RPGs | GamingOnLinux

        While today will see the Steam Next Fest arrive, Valve have more plans as the digital Tabletop Fest returns to Steam between October 21 - 25 and this time around it's all about the RPGs.

        Kicking off at 10 AM PST / 5 PM UTC it will see a big sale with hundreds of titles discounted, so you might want to start filling up your wishlist. There will also be around 18 hours of streaming from developers, which is being done in partnership with Auroch Digital. Starting off with Robert Kurvitz, lead writer and designer on Disco Elysium.

      • The State of Linux Gaming - Invidious
      • The Ultimate BRRRT Simulator: Fully Featured A-10 Warthog Cockpit | Hackaday

        The Arduinos take input from switches and control knobs, but also run 7-segment displays and analog dials driven by servos. The panels were all laser-cut using MDF or perspex and backlit using LEDs.

      • The upcoming No VR Mod for Half-Life: Alyx shows off amazing progress | GamingOnLinux

        I consider Half-Life: Alyx played in VR to be one of the greatest gaming experiences I've ever had but for a lot of people it's just not possible and so the No VR Mod is in progress.

        For whatever reason some cannot use VR be it due to price, physical ability and more. But if you still want to be able to experience the story first-hand you're currently a bit stuck. There are a few hacky mods floating around to enable mouse/keyboard support but they're all really quite rough. The No VR Mod looks like a different breed though, with smooth movement and it all just looks good.

      • XIGNCODE3 anti-cheat working towards Steam Deck support by launch | GamingOnLinux

        XIGNCODE3 is another popular anti-cheat like Easy Anti-Cheat and BattlEye that currently causes issues for Linux and it's going to hopefully see support (thanks Reddit) for Linux and the Steam Deck by launch.

      • Proton Experimental Enables NVIDIA DLSS For D3D12 Games, Proton Now Handles More Games

        Valve published new versions of Proton and Proton Experimental last night.

        With the latest Proton Experimental update as of yesterday, NVIDIA's Deep Learning Super Sampling (DLSS) is now working for Direct3D 12 games when setting the "PROTON_ENABLE_NVAPI=1" environment variable and using a supported NVIDIA graphics card on a new enough driver. Proton was previously working for DLSS Vulkan titles while now DLSS for D3D12 games should be working with the above met conditions.

      • Steam Play Proton 6.3-7 is out now, Proton Experimental gets DLSS for DX12 games on Linux

        Two big bits of news for Steam Play Proton today with two new versions getting released so let's take a look and see exactly what's new for the Windows compatibility layer.

        Firstly, NVIDIA announced back in August that DLSS would come to Proton in September for DirectX 11 / 12. Well, their date was a bit off there it seems but Valve / CodeWeavers managed to pull in DLSS support for at least DirectX 12 in Proton Experimental as of September 30. To enable it you need to set PROTON_ENABLE_NVAPI=1 as a launch option for games. Additionally this release also fixes crashes in Project Wingman, Satisfactory and other Unreal Engine 4 games using the Vulkan renderer.

    • Desktop Environments/WMs

      • Xfce’s Apps Update for September 2021: New Releases of Thunar, Mousepad, Whisker Menu

        While we skipped August because of the summer holidays, the month of September 2021 brought some great releases, starting with the awesome Thunar file manager, which received not one but two maintenance updates, up to version 4.16.10.

        While Thunar 4.16.9 introduced support for using the move action when dragging files of different users, the ability to open the correct folder when middle-clicking in tree-view, fixes a issue where a folder was missing in history when it was opened in a new tab, and disabled automatic queueing of file transfers, Thunar 4.16.10 only addressed a regression that could crash the file manager when using the clipboard.

      • K Desktop Environment/KDE SC/Qt

        • Calamares and Hacktoberfest 2021

          Calamares is an independent Linux-distro-installer. It was recently added to FreeBSD ports as well, although you won’t be able to use it as an installer yet. The Calamares project is KDE-adjacent – but independent – so it participates ins some things that KDE projects do not. One of those things is Hacktoberfest.

        • August/September in KDE Itinerary

          Travel is slowly returning, and that shows in many improvements of KDE Itinerary being driven by real-world testing and feedback again in the past two month since the last summary.

    • Distributions

      • Download Linux - Linux Nightly

        Linux refers to the kernel on which distributions are built. You can think of it as the core to all systems that are running on Linux.

        Linux distributions are the download links featured above – such as Ubuntu, Fedora, Manjaro, etc. These are collections of software and configurations that have been packaged with the Linux kernel. A team of developers is responsible for each distro, and attaches their own branding or moniker (i.e. “Linux Mint) to it. Typically, the devs will release free updates and support for the distro they’ve created.

        Another term you’ll hear often is GNU, or GNU/Linux. The GNU project is responsible for a massive amount of the free software you’ll find availalble across all Linux distributions.

        While the Linux kernel provides an operating system with its core functionality, the GNU software, as well as software from other developers, allows us to interact with the operating system and do things. Since GNU and Linux are both so integral to Linux distributions, the term GNU/Linux is exceedingly common.

        Both the Linux kernel and GNU software are free. That’s why so many Linux distributions exist in the first place. Anyone is free to take these components, bundle them together, add their own spin to the package, and then release the finished product as a separate operating system (Linux distro). This is very different than systems like Microsoft Windows, where the code for the OS and its applications are locked tightly behind a closed source and copyright laws.

      • SUSE/OpenSUSE

        • GNOME, Plasma Releases Make Progress While Tumbleweed Rolls

          GNOME 41 has reached openSUSE Factory staging and KDE’s Plasma 5.23 is nearing a release in an openSUSE Tumbleweed snapshot as it progresses through staging.

          openSUSE’s rolling release turned out four snapshots this week and updated software packages like Mesa, curl, catfish, PipeWire, Perl and more.

          The 20210928 snapshot improved the transferring of data via an update of curl 7.79.1, which made it work with OpenSSH 8.7; the command line tool and library also adjusted a setup to not change connection data upon repeat invokes. An update of inkscape 1.1.1 fixed a crash and improved the startup time of the graphics editor application. Two other packages updated in the snapshot were yast2-network 4.4.26 and yast2-nfs-client 4.4.1; the latter had an update that supports systemd mount options in fstab.

        • openSUSE Tumbleweed – Review of the weeks 2021/39 – Dominique a.k.a. DimStar (Dim*)

          Dear Tumbleweed users and hackers,

          After the massive update in the last week due to a full rebuild caused by glibc 2.34, this week seems ‘somewhat’ quieter. Or at least from a Release manager PoV less involvement hungry. Yet, we managed to release 5 snapshots during this week (0923, 0924, 0926, 0927, and 0928).

      • IBM/Red Hat/Fedora

        • Junichi Uekawa: Garbage collecting with podman system prune.

          Garbage collecting with podman system prune. Tells me it freed 20GB when it seems to have freed 4GB. Wondering where that discrepancy comes from.

        • Use this tool to build an API without code | Enable Sysadmin

          Application programming interfaces (APIs) are like fuel for digital transformation, enabling companies to develop applications and microservices quickly. DataTrucker.IO is a new, free and open source (Apache 2.0) no-code/less-code API backend that decreases the time required to build APIs.

        • New application samples in Red Hat OpenShift 4.8 | Red Hat Developer

          As Red Hat OpenShift continues to evolve and improve, our efforts to promote developer success ramp up as well. The OpenShift developer dashboard provides sample applications that are just a few clicks away from deployment. These samples are spread across a wide range of software development interests and stacks, so you'll probably find one of interest to you.

          For OpenShift 4.8, four new samples have been added, while four others have been updated. A total of 14 samples are at hand for the new or curious developer. We'll review all the samples in this article.

        • 5 ways leaders can boost psychological safety on teams

          “Welcome to the family.” That’s how it should feel right from the start when new people join the team at any company.

          Of course, relating a workplace to a home is an ambitious promise. To live up to it, you need to ensure that your people experience a safe place where they can be who they are with no fear of being punished or humiliated for sharing their ideas, raising concerns, or making mistakes.

        • Contribute to Call for Code projects as part of Hacktoberfest

          We’re excited that Call for Code will be participating in Hacktoberfest again this year. Now in its eighth year, Hacktoberfest is a global online festival meant to drive contribution to and involvement in open source projects.

          Both Call for Code and Hacktoberfest encourage contributions from people of all backgrounds and skill levels. Call for Code is of course a great opportunity for experienced open source contributors to get involved in projects that address social and humanitarian issues, but if you’re brand new to open source projects, we’ve got you covered there as well. Our “Call for Code: Introduction to Open Source” online course is available at no cost and introduces you to key concepts, tools, and processes that you need to start contributing to any open source project. Start learning, and earn a badge by completing this course.

      • Canonical/Ubuntu Family

        • Linux Mint 20.3 “Una” Arrives This Christmas with Dark Apps and Other Visual Changes

          Linux Mint 20.3 will be dubbed “Una” and will be the third major update to the Linux Mint 20 series based on the Ubuntu 20.04 LTS (Focal Fossa) operating system series, which, of course, will be supported with software updates and security patches until 2025.

          Most probably, Linux Mint 20.3 “Una” will be derived from the recently launched Ubuntu 20.04.3 LTS point release, but, like with Linux Mint 20.2 “Uma”, Linux Mint 20.1 “Ulyssa”, and Linux Mint 20 “Ulyana”, it will stick to the long-term supported Linux 5.4 LTS kernel series rather than using the newer Linux kernel 5.`11.

        • Meet Mini Pupper: the Robot Dog That Is Just as Smart as a Border Collie

          Powered by a Raspberry Pi 4B microprocessor, Mini Pupper uses Ubuntu and ROS to run its FSN (Full Self-Navigation) System. It also supports SLAM (Simultaneous Localization and Mapping), which allows it to map its surroundings and learn in real-time from objects around it using Lidar or a camera sensor.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • KaiOS 3.0 with the current Gecko 84.0 is distributed

            KaiOS is based on the code of Mozilla’s Firefox OS and the third major version has just been released. The success of KaiOS shows how much Mozilla had backed the wrong horse with Firefox OS. Kai OS Technologies from Hong Kong did not concentrate the development of the operating system on smartphones or TV sets, but on the promising category of feature phones.

          • Firefox Wayland development in 2021

            It’s been long time from my last update about Firefox news on Linux and I’ve finally got some time to sum up what we’ve been working on for last year and what’s coming. There haven’t been introduced any new exciting features (from Linux perspective) for the last year but rather a hidden but important changes.

            From Linux desktop developers perspective 2021 is a year of Wayland. KDE has been shipping decent Wayland compositor which becomes default for Fedora 34. It’s actually pretty fast and gives you smooth feeling of “good old times” with X11/Gtk2/name-your-favorite environment where any graphics change was just instant without lags or slow transitions. I must mention Robert Mader who created a new Firefox Wayland SW backend for the KDE.

      • Productivity Software/LibreOffice/Calligra

        • Fixing a LibreOffice bug in less than eight hours!

          LibreOffice’s QA community works on identifying, testing and fixing bug reports from users around the world. Gabriele Ponzo, a long-time LibreOffice contributors and part of The Document Foundation’s Membership Committee, tells us about how a bug was recently fixed in just under eight hours...

      • CMS

        • Diamantedesk: Open-source Ticketing System for business

          Diamantedesk is an open source web-based Ticketing, help-desk solution aims to allow you to customize for business needs.

          Diamantedesk offers reliability, flexibility, scalability, and extensibility for many enterprise sectors like IT support, shipping, customer services, healthcare and more.

          It is built to improve customer service and convert feedback into valuable experience

          The system comes with a rich set of features and fancy look with informative dashboard filled with graphs, charts, and logs.


          It is published under the Open Software License (OSL 3.0).

      • Programming/Development

        • Qt 6.2 LTS adds a large number of modules and support for Apple Silicon and Windows 11 -

          Qt 6.2 LTS is now available not only to be the first release with long-term support of the sixth major version of the framework , but also to start laying the foundations that will allow developers to truly transition from Qt 5 by having almost achieved the parity with version 5.15, which has become the penultimate LTS.

          Qt 6.2 LTS comes with many interesting news that should give it a strong boost and open the door to many projects to start the migration to the current major version of the framework . Of course, before starting to explain the news, those responsible recalled the main aspects of Qt 6, which already we summarized at the time .

          What stands out the most about Qt 6.2 LTS is the inclusion of a large number of new modules to approach parity with version 5.15, which are the following: Qt Bluetooth, Qt Multimedia, Qt NFC, Qt Positioning, Qt Quick Dialogs, Qt RemoteObjects, Qt Sensors, Qt SerialBus, Qt SerialPort, Qt WebChannel, Qt WebEngine, Qt WebSockets, and Qt WebView . On this aspect, the company has said that “the API for these modules is mostly compatible with previous versions of Qt 5 and will only require minor adjustments of the user code when it is transferred to Qt 6” .’

        • Qt Creator 5.0.2 released
        • Dirk Eddelbuettel: RcppArmadillo on CRAN: New Upstream

          Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 912 other packages on CRAN.

          This new release brings us Armadillo 10.7.0 released this morning by Conrad. Leading up to this were three runs of reverse dependencies the first of which uncovered the need for a small PR for subview_cols support which Conrad kindly supplied.

        • PoCL 1.8 OpenCL Implementation Coming With LLVM 13 Support, Better SPIR-V On CUDA

          PoCL is the open-source project implementing OpenCL for CPU-based execution as well as multi-device support by getting its Portable Computing Language implementation working atop NVIDIA GPUs via CUDA, AMD GPUs via HSA, and other experimental implementations through leveraging LLVM/Clang.

        • Arm Begins Adding Armv9 Support To The GNU Compiler Toolchain

          Arm engineers have begun landing their Armv9 enablement work in the GNU compiler toolchain.

          Yesterday brought the initial Armv9 commits to GNU Binutils. This included adding armv9-a to -march for the GNU Assembler as well as for GAS adding the Cortex-X2, Cotex-A510, and Cortex-A710.

        • Python

          • Awesome Python Video Tutorials Keep You Motivated | Hackaday

            Programming languages are one of those topics that we geeks have some very strong and often rather polarised opinions about. As new concepts in computing are dreamt up, older languages may grow new features, if viable, or get left behind when new upstarts come along and shake things up a bit. This scribe can remember his early days programming embedded systems, and the arguments that ensued when someone came along with a project that required embedded C++ or worse, Java, when we were mostly diehard C programmers. Fast forward a decade or two, and things are way more complicated. So much choice, so much opinion.

        • Java

          • 8 reasons why I learned Core Java |

            Computer programming, also known as coding for short, is not about which language you use. It's about developing programming logic and learning to think like a programmer. The language you start with should be the one that helps you the most in this endeavor. So you have to ask yourself the question: "What do you want to do as a programmer?"

            For example, if you want to work on Android app development, video game development, desktop GUI applications, or just general software development, I think learning Java is an excellent option. It's the language I chose, and it has made a whole world of programming available to me. In India, where I live, the average salary of a Java programmer is around 5.9 Lakhs per Annum (LPA) (it can be as high as 10 LPA, depending on your experience.)

            Java is a vast language, though, with lots of frameworks and variants to choose from. Core Java is the term the tech industry has developed to refer to the central components of the Java language—the thing that people use to write the frameworks and has developed the cottage industry around Java. I believe that Core Java is one of the most powerful skills you can acquire because understanding the basics of Java gives you a significant advantage when learning all of the related tools built on top of it.

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Security

          • Reproducible Builds (diffoscope): diffoscope 186 released

            The diffoscope maintainers are pleased to announce the release of diffoscope version 186. This version includes the following changes:

            [ Chris Lamb ]
            * Don't call close_archive when garbage-collecting Archive instances unless
              open_archive returned successfully. This prevents, amongst others, an
              AttributeError traceback due to PGPContainer's cleanup routines assuming
              that its temporary directory had been created.
              (Closes: reproducible-builds/diffoscope#276)
            * Ensure that the string "RPM archives" exists in the package description,
              regardless of whether python3-rpm is installed or not at build time.

            [ Jean-Romain Garnier ] * Fix the LVM Macho comparator for non-x86-64 architectures.

          • Crashes in OpenBSD, DragonFly BSD and Electron due to deprecation of the IdenTrust root certificate

            The termination of the IdenTrust root certificate (DST Root CA X3) used to cross-sign the Let’s Encrypt CA root certificate resulted in problems with Let’s Encrypt certificate validation in projects using older versions of OpenSSL and GnuTLS. Problems also affected the LibreSSL library, the developers of which did not take into account past experience related to failures that occurred after the AddTrust root certificate of the Sectigo (Comodo) certification authority expired.

            Recall that in releases of OpenSSL up to and including the 1.0.2 branch and in GnuTLS before release 3.6.14 , there was an error that did not allow the correct processing of cross-signed certificates, if one of the root certificates used for signing expired, even if other valid ones were saved. chains of trust (in the case of Let’s Encrypt, the aging of the IdenTrust root certificate does not allow verification, even if the system supports its own Let’s Encrypt root certificate valid until 2030). The essence of the error is that older versions of OpenSSL and GnuTLS parsed the certificate as a linear chain, while according to RFC 4158, a certificate can represent a directed distributed circular graph with several trust anchors that need to be considered.

          • BloodHound – Hacking Active Directory Trust Relationships

            Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use it to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.

            It is a single page JavaScript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor.

          • Getting Started With Kali

            Kali is a Debian based distribution aimed at penetration testing. I haven’t felt a need to use it in the past because Debian has packages for all the scanning tools I regularly use, and all the rest are free software that can be obtained separately. But I recently decided to try it.

            Here’s the URL to get Kali [1]. For a VM you can get VMWare or VirtualBox images, I chose VMWare as it’s the most popular image format and also a much smaller download (2.7G vs 4G). For unknown reasons the torrent for it didn’t work (might be a problem with my torrent client). The download link for it was extremely slow in Australia, so I downloaded it to a system in Germany and then copied it from there.


            Installing VMs for both these distributions was quite easy. Most of my time was spent downloading from a slow server, trying to get SCSI emulation working, working out how to convert image files, and testing different compression options. The time spent doing stuff once I knew what to do was very small.

          • Privacy/Surveillance

            • Coalition Letter to the 48th U.N. Human Rights Council (HRC) on Pegasus - Access Now

              We, the undersigned civil society organizations and independent experts, call on Member States of the U.N. Human Rights Council (HRC) to take urgent action at the ongoing 48th regular session of the HRC to denounce the unfolding and unprecedented scale of human rights violations by States facilitated by the use of the NSO Group’s Pegasus spyware and provide immediate, robust support for impartial and transparent inquiries into the abuses.

              We are deeply alarmed by the Pegasus Project revelations, a major investigation conducted by Forbidden Stories, and a consortium of 16 media organizations, alongside Amnesty International who was a technical partner in the investigations. The investigation was based on a leak of 50,000 phone numbers of potential targets of NSO Group surveillance technology, a list which includes journalists, activists, human rights defenders, lawyers, world leaders, and civil society actors. So far, at least 180 journalists in 20 countries were identified as potential targets of Pegasus spyware between 2016 to June 2021.

              Adding to the revelations, further cases of targeted surveillance continue to unfold. The most recent victim targeted by Pegasus spyware is the Budapest-based photojournalist Dániel Németh. According to an investigation by media organization Direkt36 and forensic analysis by Citizen Lab, independently validated by Amnesty International, two of Németh’s phones were hacked by a government client of the NSO in early July 2021. Németh is not the only Hungarian journalist to be hacked using Pegasus, Amnesty International’s forensic checks confirmed that two of Direkt36 investigative journalists, András Szabó and Szabolcs Panyi, and another investigative reporter, Brigitta Csikász, were also hacked in 2019.

            • Act now against spyware, coalition tells UN Human Rights Council - Access Now

              As the U.N. Human Rights Council (HRC) convenes at the ongoing 48th regular session, Access Now joins 94 civil society organizations and independent experts in urging member states to denounce abuses facilitated by spyware technologies.

              The Pegasus Project revealed a long list of journalists, activists, human rights defenders, lawyers, world leaders, and civil society actors that were a target of NSO Group’s Pegasus Spyware. The U.N. HRC should mandate comprehensive measures to investigate and prevent further violations linked to the sale, export, and use of Pegasus spyware and cases of targeted surveillance.

              “Member States must urgently act to address the perpetual human rights abuses by States facilitated by NSO Group’s Pegasus spyware,” said Laura O’Brien, UN Advocacy Officer at Access Now. “The clandestine surveillance industry must be held accountable.”

              The recent revelations showcased the unprecedented scale of human rights violations by States facilitated by the use of Pegasus with Budapest-based photojournalist Dániel Németh being the latest victim targeted by the spyware.

    • Freedom of Information/Freedom of the Press

      • Russian journalist acknowledges emigration, denounces new felony charges as effort to silence his investigative reporting

        Roman Dobrokhotov, the editor-in-chief of The Insider, has responded to new criminal charges that he allegedly crossed the Russian border illegally. The criminal case “was conjured out of thin air,” he argued in an editorial published by The Insider, asserting that he was within his rights when he left the country in August, weeks after federal agents raided his home and interrogated his parents. Russian officials seized his international passport at the time, but Dobrokhotov says he maintains his general civil passport.

    • Civil Rights/Policing

      • Why the cybersecurity industry should treat civil society as critical infrastructure - The Record by Recorded Future

        Cybersecurity risks now affect everyone, but those risks aren’t the same everywhere. The Record spoke with Access Now’s Asia Policy Director and Senior International Counsel Raman Jit Singh Chima about how the human rights organization helps secure activists and journalists around the world. Chima, who also serves as the organization’s global security lead, shared details about risks facing human rights defenders in the Asia-Pacific region—from spyware and social media monitoring to disrupting access to certain apps or the entire Internet.

        Protecting civil society from these threats must be a key part of cybersecurity policy discussions, Chima told The Record, much like we think about how we need to protect power grids and other utilities that keep society functioning.

        “Understand that people who protect civil liberties, rights, and democracy are critical infrastructure and need to be talked about as such when you engage in cybersecurity conversations with national governments in this region,” he explained.

Recent Techrights' Posts

[Meme] Debian's 'Cannon Fodder' Economics
Conflicts of interest don't matter
According to Microsoft, It's Not a Code of Conduct Violation to Troll Your Victims Whose Files You Are Purging
The group of vandals from Microsoft think it's "funny" (and for a "nominal fee") to troll Microsoft critics
Microsoft Inside Debian is Sabotaging Debian and Its Many Hundreds of Derivatives With SystemD (Microsoft/GitHub Slopware With Catastrophic Bugs is Hardly a New Problem)
What is the moral of the story about The Scorpion and the Frog?
[Meme/Photography] Photos From the Tux Machines Parties
took nearly a fortnight
Links 23/06/2024: Twitter/X Wants Your Money, Google Reports a Billion DMCA Takedowns in Four Months
Links for the day
Digital Restrictions (Like DRM) Don't Have Brands, We Need to Teach People to Hate the Underlying Restrictions, Not Companies That Typically Come and Go
Conceptually, the hens should fear humans, not the farmer who cages them
Going Above 4% Again
Maybe 4% (or above) by month's end?
Conviction, jail for Hinduja family, Debian exploitation comparison
Reprinted with permission from Daniel Pocock
Links 23/06/2024: Hey Hi (AI) Scrapers Gone Very Rogue, Software Patents Squashed at EPO
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 22, 2024
IRC logs for Saturday, June 22, 2024
Gemini Links 23/06/2024: LoRaWAN and Gemini Plugin for KOReade
Links for the day
Links 22/06/2024: Chat Control Vote Postponed, More Economic Perils
Links for the day
Uzbekistan: GNU/Linux Ascent
Uzbekistan is almost the same size as France
SLAPP as an Own Goal
We have better things to with our limited time
Independence From Monopolies
"They were ethnically GAFAM anyway..."
GNU/Linux at New Highs (Again) in Taiwan
latest numbers
Links 22/06/2024: More Layoffs and Health Scares
Links for the day
Rwanda: Windows Falls Below 30%
For the first time since 2020 Windows is measured below 30%
[Meme] IBM Lost the Case Over "Dinobabies" (and People Died)
IBM agreed to pay to keep the details (and embarrassing evidence) secret; people never forgot what IBM called its staff that wasn't young, this keeps coming up in forums
Exactly One Year Ago RHEL Became Proprietary Operating System
Oh, you want the source code of RHEL? You need to pay me money and promise not to share with anyone
Dr. John Campbell on Gates Foundation
Published two days ago
Melinda Gates Did Not Trust Bill Gates, So Why Should You?
She left him because of his ties to child sex trafficker Jeffrey Epstein
How Much IBM Really Cares About Software Freedom (Exactly One Year Ago IBM Turned RHEL Into Proprietary Software)
RHEL became proprietary software
Fedora Week of Diversity 2024 Was Powered by Proprietary Software
If instead of opening up to women and minorities we might open up to proprietary software, i.e. become less open
18 Countries in Europe Where Windows Fell Below 30% "Market Share"
Many people still use laptops with Windows, but they're outnumbered by mobile users on Android
[Meme] EPO Pensions in the UK
pensioners: looks like another EPO 'reform'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 21, 2024
IRC logs for Friday, June 21, 2024
During Fedora Week of Diversity (FWD) 2024 IBM and Its Subsidiaries Dragged to Court Over Discrimination at the Corporate Level
IBM is a deplorable, racist company
Workers of the European Patent Office Take the Office to Court Over Pension
pensions still precarious
Gemini Links 22/06/2024: FreeBSD vs XFCE and Gemini Bookmarks Syncing Solution
Links for the day
Links 21/06/2024: Matrimony Perils and US-Sponsored COVID-19 Misinformation
Links for the day
"A coming cybersecurity schism" by Dr. Andy Farnell
new from Dr. Andy Farnell
Links 21/06/2024: Overpopulation, Censorship, and Conflicts
Links for the day
IBM and Subsidiaries Sued for Ageism (Not Just for Racism)
This is already being discussed
UEFI is Against Computer Security, Its True Goal is to Curtail Adoption of GNU/Linux and BSDs on Existing or New PCs
the world is moving away from Windows
[Meme] Chat Control (EU) is All About Social Control
It won't even protect children
The Persistent Nature of Freedom Isn't About Easy Routes
Resistance to oppression takes effort and sometimes money
EFF Not Only Lobbies for TikTok (CPC) But for All Social Control Media, Irrespective of Known Harms as Explained by the US Government
The EFF's own "free speech" people reject free speech
Microsoft's Search (Bing) Fell From 3.3% to 1% in Turkey Just Since the LLM Hype Began
Bing fell sharply in many other countries
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 20, 2024
IRC logs for Thursday, June 20, 2024
The Real FSF Lost Well Over a Million Dollars Since the Defamation Attacks on Its Founder
2020-2023 income: -$659,756, -$349,927, -$227,857, and -$686,366, respectively
The Fake FSF ('FSF Europe') Connected to Novell Via SUSE, Not Just Via Microsoft (Repeated 'Donations')
'FSF Europe' is an imposter organisation
Just Less Than 3 Hours After Article on Debian Suicide Cluster Debian's Donald Norwood Recycles a Fortnight-Old 'Hit Piece'
The fall of Debian is its attack on its very own volunteers