Bonum Certa Men Certa

Links 13/10/2021: Sparky 2021.10 and New Archcraft



  • GNU/Linux

    • Desktop/Laptop

      • Microsoft and CNET confuse users with fake “This PC can’t run Windows 11” errors. Suggest buying a completely new computer.

        Microsoft and CNET confuse users with fake “This PC can’t run Windows 11” errors. Suggest buying a completely new computer.

        Mostly, if your machine doesn’t have “Security Theater Boot” and the “Toilet Paper Module” (I jest.) available to be turned on, you need to buy another computer.

        Except that you don’t. You could format Windows off your computer entirely and go on happily using GNU/Linux for many more years without fake incompatibility messages from your pals at Microsoft and Intel, where sales have been in the dumps and they need fake error messages to drive new sales.

      • Framework MarketPlace lets you buy replacement parts, expansion cards for the modular Framework Laptop

        The Framework Laptop is a thin and light notebook with a 13.5 inch display and an Intel Tiger Lake processor. But what really makes the notebook stand out is its modular design and emphasis on repairability and customization.

        When the Framework laptop went up for pre-order earlier this year, customers could choose from a couple of different configuration options. But now Framework has launched a Marketplace, which were you purchase Expansion Cards to further customize the laptop, as well as replacement parts that let you swap out keyboards, batteries, displays, and even motherboards and processors.

    • Audiocasts/Shows

      • Life Changing Virtualization | LINUX Unplugged 427

        Wimpy stops by with a new tool that will change your virtualization game, and we share our thoughts on Ubuntu 21.10 and take the flavor challenge.

      • mintCast 371.5 – Minus One

        1:37 Linux Innards 35:41 Vibrations from the Ether 50:04 Check This Out 53:53 Announcements & Outro

      • LHS Episode #434: Linux Install Media Deep Dive

        Hello and welcome to the 434th installment of Linux in the Ham Shack. In this episode, the hosts discuss creating bootable images to start your computer with Linux or install the operating system. Discussion ranges from CDs to DVDS, USB flash drives and Micro SD cards. Also touched on are persistence, running distros from install media, dual booting and more. We hope you enjoy this episode and come back for the next one. Have a great week.

    • Kernel Space

      • 7.4M IOPS Achieved Per-Core With Newest Linux Patches - Phoronix

        Linux block subsystem maintainer and lead IO_uring developer Jens Axboe had a goal of hitting 7M IOPS per-core performance this week. On Monday he managed to already hit 7.2M IOPS and today hit 7.4M IOPS with his latest work-in-progress kernel patches.

        This month Jens Axboe has been making some remarkable improvements to the Linux block code for squeezing out every bit of I/O potential of the system. Yesterday Jens Axboe was hitting 7.2M IOPS with new persistent DMA map patches that also shaved off around 10% of synchronization latency.

      • Loongson Volleys Latest Patches For LoongArch Linux Support - Phoronix

        Chinese vendor Loongson continues working on their Linux kernel patches enabling the LoongArch processor ISA as their fork from MIPS. While early on when copying existing MIPS open-source code they were quick to call their new ISA "not MIPS", in these later patch series they continue to refer to their ISA as "a bit like MIPS or RISC-V."

        LoongArch debuted this summer with their Loongson 3A5000 processors and since then their engineers have been working to get the LoongArch support into the mainline kernel. Loongson though has ruffled some feathers of the upstream kernel developers with in some areas just copying existing MIPS code.

      • DAMON Extended To Offer Physical Memory Address Space Monitoring - Phoronix

        One of many exciting additions with the forthcoming Linux 5.15 kernel is DAMON landed as a data access monitoring framework. DAMON opens up new possibilities around proactive reclamation of system memory and other interesting features. Currently though it's limited to monitoring the virtual address space of the kernel but a new set of patches out allow for physical address space monitoring as well.

      • Graphics Stack

        • Portable Computing Language 1.8 Released For OpenCL On CPUs, Other Accelerators - Phoronix

          PoCL is the open-source project implementing OpenCL for CPU-based execution as well as multi-device support by getting its Portable Computing Language implementation working atop NVIDIA GPUs via CUDA, AMD GPUs via HSA, and other back-ends by way of LLVM. PoCL 1.8 is out today as the newest feature release.

        • Mesa 21.3 Fixes Issue Of Some Games Having Transparency Issues Under Wayland - Phoronix

          Landing in time for the imminent Mesa 21.3 feature freeze / code branching is support for the EGL_EXT_present_opaque extension on Wayland. While this EGL extension may not sound too exciting, for some OpenGL games on Wayland it will address some transparency issues.

          The issue stems from this issue ticket opened during the summer by game porter Ethan Lee. The issue is around needing an EGL equivalent to VkCompositeAlphaFlagBitsKHR as "we've got a whole lot of games that are unintentionally translucent in Wayland." Portal 2 is among the games as a result having issues under native Wayland.

        • Vulkan 1.2.196 Introduces H.265 Encode Extension - Phoronix

          Arriving back in April were the initial Vulkan Video extensions that included support for video decode of H.264 and H.265 while the initial video encode support was limited to H.264. Out today with Vulkan 1.2.196 is the new extension allowing for H.265 encoding with this new industry-standard video API.

          Vulkan 1.2.196 introduces the provisional VK_EXT_video_encode_h265 extension. This extension was worked on by AMD, Intel, and NVIDIA but at least under Linux only the NVIDIA proprietary driver currently exposes Vulkan Video encode/decode support. Presumably this morning NVIDIA will be issuing a new Vulkan beta driver providing timely support for this new H.265 encode provisional extension.

    • Benchmarks

      • AMD Radeon RX 6600 Linux Performance

        Today AMD is officially launching the Radeon RX 6600 graphics card as a trimmed down model from the Radeon RX 6600 XT that launched back in August. This new (non-XT) model has a suggested price of $329 USD and here is a look at how well this RDNA2 graphics card is performing under Linux.

        The AMD Radeon RX 6600 graphics card features 28 compute units, 1792 stream processors, a 2044MHz game clock with up to 2491MHz boost clock, 8GB of GDDR6 video memory, and 32MB infinity cache.

    • Instructionals/Technical

      • How To Enable Virtual Emulated Desktop On Proton Steam On Ubuntu Linux! - Fosslicious

        Proton is an application released by Valve that is used to run Windows Operating System Games on Linux. We can install this application via Steam.

        To see a list of games that can be run on Proton, please visit ProtonDB. There are also some discussions posted by users regarding problems when running games using Proton.

        Proton was developed from Wine. So, some features of Wine can be used in this application. One of them is Virtual Emulated Desktop.

      • How To Install Snap on Linux Mint 20 - idroot

        In this tutorial, we will show you how to install Snap on Linux Mint 20. For those of you who didn’t know, Snap is a package management system for installing and managing applications (called Snaps) developed by Cananoical for Linux operating systems. The system is designed to work for the internet of things, cloud and desktop computing.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Snap on a Linux Mint 20 (Ulyana).

      • Install Docker and Portainer - blackMORE Ops

        Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels. Because all of the containers share the services of a single operating system kernel, they use fewer resources than virtual machines. The service has both free and premium tiers. The software that hosts the containers is called Docker Engine.

        Portainer CE is a lightweight ‘universal’ management GUI that can be used to easily manage Docker, Swarm, Kubernetes and ACI environments. It is designed to be as simple to deploy as it is to use. Portainer consists of a single container that can run on any cluster. It can be deployed as a Linux container or a Windows native container. Portainer allows you to manage all your orchestrator resources (containers, images, volumes, networks and more) through a super-simple graphical interface. A fully supported version of Portainer is available for business use.

      • Learn Usage of chown (Change Ownership) Command in Linux

        Under Linux, the ownership of created or existing files and directories is associated with a specific Linux system user, group, or other (file/directory permission access types).

        However, files or directories ownership verdicts are not final as it is possible to chown (Change Ownership) of any file and/or directory within the Linux operating system.

      • Learn Usage of chgrp (Change Group) Command in Linux

        If you are reading this article on the chgrp command, there is a high chance you have explored all the depths of Linux’s chown command and chmod command.

      • Linux Essentials: Background (bg) and Foreground (fg) - Invidious

        In this episode of Linux Essentials, we'll take a look at how to send tasks to the background, and then bring them to the foreground.

    • Games

      • Space sci-fi point and click adventure Warp Frontier releases for Linux in November | GamingOnLinux

        Developed Brawsome emailed to note that their space sci-fi adventure Warp Frontier will be releasing for Linux (and macOS) in November following the Windows release in late September.

        Warp Frontier is a 2D point and click adventure set in the year 2215, in orbit around humanity's newest extrasolar colony. It follows the story of war hero turned cop, Vincent Cassini, and his robot partner Mac, as they investigate the cover-up of a war crime by an old enemy that stole the lives of thousands, including his wife and best friend. The game has a particularly Australian flavour in both the writing and the voice cast, including the talents of Kevin Powe (Dead Static Drive), Aimee Smith (Eastern Market Murder), and Angela Tran (The Lake). The game also features an original soundtrack by Thomas Regin (Unavowed).

      • Space Crew: Legendary Edition releases as a free expansion on October 21 | GamingOnLinux

        Curve Digital and Runner Duck have together announced that Space Crew: Legendary Edition will arrive on October 21 as a free expansion to the base game with a ton of new content.

        Planned content includes a new "epic" Android Ambush campaign, the ability to take crew off-ship onto stations, outposts and new vessels in Away Team missions. There will also be a new star-system to explore with new missions as well as a range of special features and gameplay experiences.

      • Magical realist point and click adventure No Longer Home now on Linux | GamingOnLinux

        After the initial release back in July, No Longer Home from Humble Grove and Fellow Traveller has launched the Linux version. Funded on Kickstarter back in 2018, the original plan was to have Linux support so it's good to see it land.

        Based upon the real life experiences of the developer, where they were forced apart so they decided to stay in touch and make a game together. Here's what the story entails: "Bo and Ao are graduating university and preparing to leave the flat they’ve lived in together for a year. Thanks to visa limitations, Ao is forced to return to Japan, leaving Bo in England. Disillusioned by post-educational life and shoved aside by a government who doesn’t want them there, both are trying to come to terms with their uncertain futures. And deep under their South London flat, something grows..."

      • Doom Fighters turns the classic Doom II into a beat 'em up | GamingOnLinux

        Doom mods do a lot of things from small adjustments to total conversions and Doom Fighters is one of the most interesting I've seen recently that turns Doom II into a beat 'em up.

        Released on October 10 is genuinely a surprise. Giving you a 3D character model for Doomguy, you run around and beat up monsters. You get to punch, kick, grab enemies, fly away with them and more. The developer mentioned they do plan to expand the game to include powerful execution moves, alternate deaths, weapons and destructible environments. Sounds like multiplayer will be sorted eventually too.

      • Competitive action-puzzler Petal Crash Online arrives on Steam as a free update | GamingOnLinux

        Petal Crash Online is the free update to the original Petal Crash, a block-matching game where you push blocks around and smash them together to score points. It's pretty great actually. A genre of games that isn't overly popular on PC but this is easily one of the best.

        This new online mode was first launched on itch.io as a separate game but folks on Steam now have it free as an update download with it now giving you the option to play the original or the online mode when you launch it. The online client was built ground the ground-up to support rollback net-code for nicely synced matches.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • 25 ways you can contribute to KDE

          In honor of KDE’s impending 25th birthday tomorrow, here are 25 ways you can get involved to help make KDE software the best in the world!

      • GNOME Desktop/GTK

        • Excuse me, your memory is leaking. GNOME Software running in the background, taking hundreds of MB of RAM.

          So I noticed today that GNOME software is constantly running in the background taking up to 435 MB of RAM.

          It does that (very) occasionally, unpredictably. I can’t figure out why. Usually, it’s only taking 30-60 MB.

          Obviously that’s a bit much for a program that’s only job is sitting there and telling me when updates are available or waiting for me to install a program, and obviously there are leaks, and indeed, all you apparently need to do is run valgrind on it and it will find some.

    • Distributions

      • New Releases

        • Archcraft October Release Available

          New ISO of Archcraft is now available to download.

          Many users faced issues with the September release, due to the bug in the installer. However it was not a big issue and can be fixed easily, But there are people who are completely new to Linux in general. So, this release belongs to them. This release fixes every issue on the previous release.

      • SUSE/OpenSUSE

        • SUSE Harvester: Deploying virtual machines with Kubernetes

          I use Kubernetes. You use Kubernetes. We all use Kubernetes to manage containers. What you couldn't do, though, is use Kubernetes to manage virtual machines (VM)s as well. That was another ballgame. Until now. SUSE, the European Linux giant with one foot in containers and cloud computing, has released the first production version of Harvester, which along with Rancher, SUSE's Kubernetes as a Service offering, enables you to unify the delivery of VMs and containers

      • Slackware Family

        • Un-Googled Chromium update for Slackware 14.2 and -current | Alien Pastures

          After nearly two weeks of pulling my hair out I finally was able to build the newest Chromium in its un-Googled variant. You can find packages for Slackware 14.2 and -current in my repository on slackware.nl.

          It’s a jump from the 92 to the 94 release (94.0.4606.81 to be precise) but I simply did not have the opportunity to build a 93 release. In part because the un-googled repository maintained by Eloston did not offer release tarballs for a while. Extended leave of absence of the maintainer seems to be the issue which by now has been resolved by giving more people commit access to that repository.

          The un-Googled version of Chromium is incapable of “phoning home” to Google, by altering the source code and stripping/mangling all occurrences where that might happen. This is basically what Eloston’s project does.

      • IBM/Red Hat/Fedora

        • Kube by Example expands training curriculum with new learning paths for Kubernetes developers

          We see Kubernetes as the foundation for hybrid cloud, and hybrid cloud as the future of IT. The technology remains among both the most loved and most wanted tools in this year’s Stack Overflow Developer survey. Given its prevalence and strategic importance, we have also seen developers seeking out and engaging with Kubernetes-focused training resources like Kube by Example, an online destination for free Kubernetes-focused tutorials, news and community interaction.

          As the company behind the industry’s leading enterprise Kubernetes platform, Red Hat has backed Kube by Example and is diligently working to establish it as the premier destination for developers and operators to sharpen their Kubernetes skills in a hands-on environment.

        • Celebrating Ada Lovelace with 4 career lessons from women in technology

          Ada Lovelace is known as the first computer programmer. Mainly known for her work with Charles Babbage’s Analytical Engine in the 1800s, she was the first to recognize that the machine could do more than simple calculation — that it could follow a set of instructions (a program) to perform tasks. While Babbage’s computer was never built, Lovelace is credited with writing up an algorithm to be carried out by such a machine. Now, every year in mid-October, we celebrate women tech pioneers on Ada Lovelace Day.

        • Igor Seletskiy Steps Down to Assure AlmaLinux Independence - FOSS Force

          Today Igor Seletskiy, co-founder and CEO of CloudLinux, announced that he’s stepped down from his role as chairman of the board at the AlmaLinux Foundation, and is also vacating his seat on the board of directors.

          The foundation, which he started earlier this year, produces AlmaLinux, a drop-in replacement for Red Hat’s CentOS Linux that Seletskiy announced in December, shortly after Red Hat said it was moving the Linux distribution from its traditional role as a downstream clone of Red Hat Enterprise Linux to sit upstream as RHEL’s “nightly build.”

          A replacement was needed because many organizations, including many Fortune 500 enterprises, use CentOS in production as a way to take advantage of RHEL’s stability without having to pay for support contracts.

          Both Seletskiy and the AlmaLinux Foundation are very clear there’s no palace intrigue behind this move. The new distro’s founder is stepping down not because of some power struggle within the organization, but because he wants the distro he birthed to have a life of its own as an independent project.

        • Why can't I use sudo with rootless Podman?

          I was recently asked: Why can't I run rootless Podman containers when I log into a user via sudo or su? The problem is a bit complex to explain, so I'll start with an example.

        • Digital transformation: 3 myths the pandemic busted

          When the pandemic struck, most organizations had no choice but to accelerate their digital technology adoption. Many condensed into a matter of months what might otherwise have been years of consideration, strategizing, and change.

          According to a survey by McKinsey, the pandemic sparked a seven-year increase in the rate at which companies developed digital or digitally enhanced offerings. It accelerated the digitization of their customer and supply-chain interactions and internal operations by three to four years.

          This shift sparked a new reality for today’s organizations to remain competitive and meet customers’ changing needs. But while enterprises have certainly dedicated more resources to the process of digital transformation, many misconceptions still remain.

      • Debian Family

        • Sparky 2021.10

          Sparky 2021.10 of the (semi-)rolling line is out; it is based on Debian testing “Bookworm”.

          This iso update provides: – all packages upgraded as of October 12, 2021 – Linux kernel 5.14.9 – Calamares 3.2.44.3 – i386 libs removed from amd64 iso images – small improvements

          No reinstallation is required if you installed Sparky 2021.09, simply keep it up to date.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • SaaS/Back End/Databases

        • pg_partman 4.6.0 released

          PostgreSQL Partition Manager (pg_partman) v4.6.0 has been released.

        • PostgreSQL: PGConf NYC 2021 Sessions Announced, Last Week for Early Bird!

          The first community PostgreSQL conference in many months is coming to New York City in less than two months! PGConf NYC is a non-profit, community-run and PostgreSQL community recognized conference being run by the United States PostgreSQL Association (PgUS).

          PGConf NYC delivers two days packed with presentations about PostgreSQL and related technologies, as well as the usual hallway and social track. PGConf NYC is being held December 2nd and 3rd, 2021 in New York City.

        • Psycopg 3.0 released

          I am extremely excited to announce the first stable release of Psycopg 3!

          Psycopg 3 is a complete rewrite based on the experience accumulated with the development and maintenance of psycopg2. Psycopg 3 targets all the current versions of Python (3.6-3.10) and PostgreSQL (10-14) and allows the use of modern Python development techniques, such as async and statically typed code. A list of the new features is available in the documentation.

      • Productivity Software/LibreOffice/Calligra

        • Tender to implement C++ accessibility tests (#202110-01)

          The Document Foundation (TDF) is the charitable entity behind the world’s leading free/libre open source (FLOSS) office suite LibreOffice.

          We are looking for an individual or company to implement C++ accessibility tests.

          The work has to be developed on LibreOffice master, so that it will be released in the next major version.

          The current accessibility tests are rather incomplete and hard to maintain. Additionally, they are written in Java.

      • Programming/Development

        • abs function in C

          Why is it necessary for programmers to use the abs() function? It’s accessible in almost every programming language; But how much good is a function that just turns negative values into positive ones? You may find yourself wanting positive numbers occasionally, and the abs() function ensures that you will get them. The abs function is an abbreviation for “Absolute Value” inside the C programming language, and it specifies the distance of a number just on a number line beginning from 0 without taking the direction into account. The abs value of a number, or its absolute value, has always been positive, implying that a distance could never be negative. The abs () method returns the absolute appropriate value integers and is specified in the stdlib.h header file. To return the absolute value of a particular number, we must include the stdlib.h header file in our C application. Only positive values are returned by the abs() function.

          Consider the following scenario: If we have an integer number -2 and wish to find the absolute value, we may use the abs() method to have the positive number 2. In addition, when we have an integer number 2 and want to determine the absolute value, we can use the abs() method to return the very same value as 2. It gives the very same number if we provide it with any positive number.

        • Python

          • Printf-style debugging using GDB, Part 2

            The first article in this series introduced the GNU debugger, GDB, and in particular its dprintf command, which displays variables from programs in a fashion similar to C-language printf statements. This article expands on the rich capabilities of printf-style debugging by showing how to save commands for reuse and how to save the output from the program and GDB for later examination.

          • Python Wrapper to find all primes from a given interval via sieve of Eratosthenes released as C++ procedure
          • Intel Contributes AVX-512 Optimizations To Numpy, Yields Massive Speedups - Phoronix

            Intel has contributed AVX-512 optimizations to upstream Numpy. For those using Numpy as this leading Python library for numerical computing, newer Intel CPUs with AVX-512 capabilities can enjoy major speed-ups in the range of 14~32x faster.

            This summer Intel volleyed their initial AVX-512 code for Numpy and finally this week the code was merged upstream. This open-source AVX-512 code originates from the Intel Short Vector Math Library (SVML) that they open-sourced the code from. Intel has also been working on allowing Numpy to be built against SVML as a separate improvement.

        • Shell/Bash/Zsh/Ksh

          • TSV to CSV on the CLI (if you really have to)

            Regular visitors to this blog will know that I don't like the CSV format. It's awful. In my humble opinion, data workers should aim to use invisible tabs (TSV) or visible pipes (PSV) as field separators in delimited text tables. Sometimes, though, data workers are required to convert a perfectly good TSV or PSV to a CSV. What to do?

            I don't recommend opening the TSV or PSV in spreadsheet software and saving the result as a CSV, unless there are no leading or trailing quotes in the data items, or umatched quotes generally. The original quotes might well disappear in the saved CSV.

            There are a number of TSV-to-CSV programs for the command line. One is in Haskell, for example, and there also routines to do the job in Perl and Python. But if the individual fields in the TSV don't contain commas or quotes, the TSV-to-CSV conversion is simple — use tr:

          • Useful Bash Commands You May Not Know About

            Bash is a fairly powerful language to program in, and is also quite easy to start off with.

            After all, it's almost universally the shell you're going to see when you open up your terminal. That makes it extremely useful to get accustomed to.

            There's some powerful commands in Bash that you may not be aware of though, even if you're fairly seasoned with using the language. All of these commands can serve quite useful purposes though, and can make the shell scripts you write cleaner, more maintainable, and just outright more powerful than they could've been before.

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Adobe Gives a Free PDF Editor for Google Chrome and Edge Users

          Adobe announced via a blog post that Acrobat extension for Google Chrome and Microsoft Edge now have basic PDF editing features, right inside the browser.

        • Security

          • Don’t penalise cybersecurity researchers!

            We wrote to the Indian Computer Emergency Response Team regarding a provision in their new Responsible Vulnerability Disclosure and Coordination Policy that penalises cybersecurity researchers for vulnerability disclosures. In our representation, we highlighted how such provisions would create an atmosphere in which researchers would be reluctant about reporting vulnerabilities and recommended that a robust disclosure mechanism be implemented that protects researchers from harm.

            [...]

            Such provisions contribute to a disclosure regime in which security researchers would be liable under the Information Technology Act, 2000 (‘IT Act’), and are penalised for disclosures of genuine security vulnerabilities. Section 43 of the Information Technology Act, 2000 penalizes anyone who gains unauthorized access to a computer resource without permission of the owner, and so fails to draw a distinction between malicious hackers and ethical security researchers. Thus, even when researchers have acted in good faith they may be charged under the IT Act. As we have mentioned earlier, companies have exploited this loophole in the said provision to press charges against cybersecurity researchers who expose data breaches in their companies. The Personal Data Protection Bill, 2019, currently being considered by a Joint Parliamentary Committee, also fails to protect security researchers and whistleblowers. All of this leads to situations in which researchers are reluctant to report vulnerabilities for fear of being sued.

            Clause 7 of the Policy is also in conflict with the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (‘2013 IT Rules’) which adapts a cooperative and collaborative approach. Rule 10 requires CERT-IN to interact with stakeholders including research organisations and security experts for preventing cyber security incidents. Under Rule 11(2), CERT-IN is obligated to collaborate with, among others, organisations and individuals engaged in preventing and protecting against cyber security attacks. Thus, by imposing complete and sole responsibility on cyber security researchers for actions undertaken during the discovery of a vulnerability, the policy is in conflict with the collaborative spirit of the 2013 IT Rules and so is a genuine impediment to effective collaboration.

          • Airline Passenger Mistakes Vintage Camera for a Bomb

            Back in 2007, I called this the “war on the unexpected.” It’s why “see something, say something” doesn’t work. If you put amateurs in the front lines of security, don’t be surprised when you get amateur security. I have lots of examples.

          • How to create an effective security policy: 6 tips

            Are your security policies boring? OK, that’s not entirely fair. Security policies are boring, especially to people outside of IT – in the way that children find their parents’ or teachers’ rules “boring.” There’s a limit to how interesting one can make “best practices for creating strong passwords” sound to the masses.

            The point of such policies is to educate people on organizational rules and the habits of good security hygiene. This is the administrative layer of security controls: all of the rules, standards, guidelines, and training an organization puts in place as part of its overall security program. It’s the human-focused component that rounds out the other two general categories of security controls, according to Terumi Laskowsky, an IT security consultant and cybersecurity instructor at DevelopIntelligence. The other two categories are technical/logical controls (your hardware and software tools) and physical controls (things like building or site access).

            Laskowsky notes that people tend to question the value of administrative controls. That’s partly because it can be difficult to measure or “see” their effectiveness, especially relative to technical or physical controls. But Laskowsky and other security experts generally agree that they are necessary. Security is not a steady-state affair – while our security tooling and processes are becoming more automated, a strong posture still requires human awareness, intelligence, and adaptability.

            “Raising our security awareness through administrative controls allows us to start seeing the patterns of unsafe behavior,” Laskowsky says. “We can then generalize and respond to new threats faster than security companies can come up with software to handle them.”

          • 10 Most Commonly Used FOSS Packages

            The Core Infrastructure Initiative Census Program II report released earlier this year identified the most commonly used FOSS components in production applications, with the goal of understanding potential vulnerabilities in these components and better securing the open source software supply chain.

          • Privacy/Surveillance

            • Access Now report holds up poster child Aadhaar as ‘Big ID’ bugbear | Biometric Update

              A legal vacuum and vulnerable population allowed the creation of the world’s largest biometric digital ID project and built a myth which could be used by an entire industry to sell similar systems and dreams elsewhere, a new report argues. India’s Aadhaar biometric ID program is presented as a ‘cautionary tale’ for all the ills of ‘Big ID’ and its growing number of digital ID projects around the world in a new and in-depth report by campaign group Access Now.

              ‘Busting the Dangerous Myths of Big ID Programs: Cautionary Lessons from India’ attempts to knock the Unique Identification Authority of India project from its pedestal to ask why a digital ID is required in the first place and list what is wrong with “these centralized, ubiquitous, data-heavy forms of digital identification.”

            • Is Australia becoming a surveillance state? | IT PRO

              At the end of August, the Australian Parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 granting the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC) extensive new powers.

              Senator Lidia Thorpe, the Australian Greens spokesperson for Justice, said the bill enables both law enforcement agencies to be “judge, jury, and executioner”, adding there’s no explanation as to why these powers are necessary. She also highlighted that allies like Canada, New Zealand, the UK and US don’t grant their own law enforcement these rights.

              With this bill being brought into law with cross-party support, is Australia moving closer to being a surveillance state?

    • Censorship/Free Speech

    • Civil Rights/Policing

      • Singapore: Withdraw “foreign interference” law or risk violating civic freedoms

        Today, Access Now and nine organizations are calling on the Singapore government to withdraw the Foreign Interference (Countermeasures) Bill (FICA) — a law that contravenes international legal and human rights principles, and will significantly curtail already-limited civic space in the country.

        “Protecting national security may be a legitimate aim — but FICA is not the way to achieve it,” said Raman Jit Singh Chima, Senior International Counsel and Asia Pacific Director at Access Now. “It unnecessarily expands the government’s already-wide powers to control and censor online and offline speech, and potentially allows for even legitimate associations to be criminalized and monitored. Civil society, journalists, academics, researchers, artists, and writers who are often supported by cross-border collaboration and funding will be hardest hit.”

        On October 4, Singapore’s parliament passed FICA, three weeks after it was tabled on by the Ministry of Home Affairs to purportedly “prevent, detect and disrupt foreign interference in […] domestic politics.” This move came despite serious red flags raised by members of the public, civil society, legal fraternity, independent media, political opposition, academia, and industry in Singapore that the law would undermine civic freedoms.

      • Access Now to Telenor’s Board: Stop the sale in Myanmar - Access Now

        Norway’s Telenor Group must not jeopardize the human rights of people across Myanmar through the “disposal” of its local enterprise. For months, Telenor has ignored civil society’s ongoing pressure to stop the sale of its Myanmar operations to M1 Group — a telecoms conglomerate notorious for extracting profits from conflict zones and operating without appropriate human rights safeguards. Access Now is urgently calling on Telenor’s Board to immediately reverse their decision, and stop the sale.

        As Access Now’s letter to the Board outlines in detail, M1 Group has demonstrated a complete disregard for human rights in other high-risk markets, and actively coordinates with oppressive regimes. The company’s owners face serious corruption allegations, and there is strong evidence to suggest ties between M1 Group and the Myanmar military.

        “No rights-respecting Norwegian company should operate with such disregard for the human rights of others,” said Brett Solomon, Executive Director at Access Now. “Leaving the people who depend on its services in the hands of a company with such a dubious history is an abandonment of Telenor’s principles of transparency and respect for human rights. Telenor’s subscribers, particularly those most at risk of persecution by the Myanmar military, deserve better.”

        Telenor’s hasty decision in July, 2021, to hand over its operations in Myanmar to M1 Group has alarmed human rights activists, including a group of over 400 Myanmar-based civil society organizations who filed a complaint with the OECD Norwegian National Contact Point, which has since accepted it. In August, 2021, Access Now, along with 44 organizations, laid out the potential dangers of this sale to the Telenor Board, calling for them to stop the sale and conduct human rights due diligence in line with international standards.

      • Singapore’s anti-foreign interference law will ‘substantially narrow’ civic space, rights groups say

        Fica will allow Singapore to ‘expand curtailment of civil freedoms to the detriment of its people’, said 11 groups including Access Now, Human Rights Watch and Article 19



Recent Techrights' Posts

On Groupthink, Mindless 'Sheep', and Toxic Online Cults
This week, treat yourself to a life free of social control media
BetaNews is Run and Written by Bots That Make Clickbait
At least one author is doing this
 
Same Month Judge Suggests Selling Chrome (Compelling Google to Give It Away) Chrome Surpasses Two-Thirds of "The Market", Based on Surveyor
tackling Google's browser monoculture is still a priority
[Meme] Trying to Terrorise Critics
How Microsofters roll...
Illegitimi Non Carborundum
If you try to suppress our publication, we'll not just bark back but also bite
Why This Site Became "Simple" a Year Ago
Light is good, heavy is bad
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, November 25, 2024
IRC logs for Monday, November 25, 2024
Links 26/11/2024: International Microsoft Outages, Microsoft Mass Layoffs Bigger Than Reported Last Friday
Links for the day, Deutsche Welle and CBC focus
Gemini Links 26/11/2024: Not Pagan, Emacs Wiki, and More
Links for the day
Links 25/11/2024: Egypt Harasses Bloggers, The University of Michigan Has Become Like a Corporation
Links for the day
Links 25/11/2024: Climate News, Daniel Pocock Receives a Fake/Fraudulent €17,000 Electricity Bill
Links for the day
[Meme] Microsoft: Our "Hey Hi" Hype is Going So Well That We Have MASS Layoffs Every Month. Makes Sense?
Contradiction
Latest Mass Layoffs at Microsoft Are Confirmed, Bing and Vista 11 Losing Market Share
They tried to hide this. They misuse NDAs.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 24, 2024
IRC logs for Sunday, November 24, 2024
Gemini Links 25/11/2024: Purity and Cory Doctorow's Ulysses Pact, Smolnet Portal and SGI
Links for the day
Technology: rights or responsibilities? - Part VIII
By Dr. Andy Farnell
GNU/Linux Reaches All-Time High in Europe (at 6%)
many in Europe chose to explore something else, something freedom-respecting
Patents Against Energy Sources That Reduce Pollution
this EV space (not just charging) is a patent mine field and it has long been that way
DARPA’s Information Innovation Office, Howard Shrobe, Values Compartmentalisation But Loses the Opportunity to Promote GNU/Linux and BSDs
All in all, he misses an opportunity
Wayland is an Alternative to X
the alternative to X (as in Twitter) isn't social control media but something like IRC
BetaNews, Desperate for Clicks, is Pushing Donald Trump Spam Created by LLMs (Slop)
Big clap to Brian Fagioli for stuffing a "tech" site with Trump spam (not the first time he uses LLMs to do this)
[Meme] Social Control Media Bliss
"My tree is bigger than yours"
Links 24/11/2024: More IMF Bailouts and Net Client Freedom
Links for the day
Gemini Links 24/11/2024: Being a Student and Digital Downsizing
Links for the day
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular