Bonum Certa Men Certa

Links 29/10/2021: NeuVector Staff Hired by SUSE, BIND Has DDoS Bug



  • GNU/Linux

    • Audiocasts/Shows

    • Kernel Space

      • Linux + GCC/Clang Patches Coming For Straight-Line Speculation Mitigation On x86/x86_64 - Phoronix

        Disclosed last year by Arm was their processors affected by a straight-line speculation vulnerability. In this case the processor could speculatively execute instructions linearly in memory past an unconditional change in control flow. There has been talk about possible straight-line speculation on x86/x86_64 but without any action while now GCC and LLVM/Clang compiler developers along with Linux kernel developers are preparing such mitigation support.

        Last year LLVM added mitigations around Arm's straight-line speculation vulnerability as did GCC added SLS mitigation support for Arm. Those opt-in compiler options can be used when building important software like the kernel.

      • A disagreement over get_mm_exe_file()

        Differences of opinion over which kernel symbols should be exported to loadable modules have been anything but uncommon over the years. Often, these disagreements relate to which kernel capabilities should be available to proprietary modules. Sometimes, though, it hinges on the disagreements over the best way to solve a problem. The recent discussion around the removal of an export for a core kernel function is a case in point. Loadable modules, of course, are chunks of kernel code that are loaded into the core kernel after the system boots. Most modules are device drivers, but a surprising amount of kernel functionality can be built in modular form. While code that is built into the kernel can use any symbol that is accessible via the usual C scoping rules, loadable modules are rather more constrained; they can only use symbols that have been explicitly exported to them. In theory, the exported-symbol interface is tightly regulated; in practice, tens of thousands of symbols have been exported over the years without a lot of oversight. That said, the community still sees occasional disagreements when a module developer wants to use a symbol that core-kernel developers do not wish to export.

      • Nitrokey FIDO U2F Support Coming With Linux 5.16 - Phoronix

        If you happen to have a Nitrokey FIDO U2F as a two-factor authentication key, proper Linux support is about to land. While at launch it mentioned working out-of-the-box across all major browsers and platforms -- including Linux -- a change is needed to the kernel that's now on the way for the 5.16 cycle.

        Due to a different firmware on the NitroKey U2F and that shifting around some of the commands, the Linux kernel's hid-u2fzero driver had to be adapted to better deal with different hardware/firmware revisions. With this patch now in HID's for-next ahead of Linux 5.16, the less than 50 lines of code changed should get the NitroKey U2F working nicely under Linux.

      • Graphics Stack

        • Sway's wlroots Lands Initial Vulkan Renderer - Phoronix

          The wlroots modular Wayland compositing library that was started by the Sway compositor now has an initial Vulkan renderer merged.

          The wlroots library started to provide functionality for Sway in areas the Weston library hadn't filled and with time this library is now used by KWinFT, Taiwins, and other Wayland compositors for providing more shared code usage and functionality across compositors.

    • Applications

      • Premium Open-Source WhatsApp Alternative “Threema” is Now Available for Desktop

        Threema is one of the best secure alternatives to WhatsApp as a paid app (Swiss-based) that does not require a mobile number or email to sign up while using a decentralized architecture.

        While Threema is known for its security features long before WhatsApp advertised secure messaging, it wasn’t originally open-source. However, last year, Threema worked on making all of their applications open-source on GitHub with the ability to have reproducible builds as well.

        Now, it looks like Threema has introduced desktop application support for Linux, Windows, and macOS.

    • Instructionals/Technical

      • Only 4 MB? How to Fix USB ‘Destroyed’ by Etcher and Rufus After Creating Live Linux USB

        Here’s the scenario. You used Etcher or Rufus tools to create a bootable, live Linux USB in Windows or perhaps in Linux.

        You used it to install Linux and the purpose of the USB is accomplished. Now you want to format this USB and use it for the regular data transfer or storage.

      • How To Install Munin on Ubuntu 20.04 LTS - idroot

        In this tutorial, we will show you how to install Munin on Ubuntu 20.04 LTS. For those of you who didn’t know, Munin is a web-based tool to monitor system and network statistics. Munin shows this information through Graphs. It helps the system administrators to collect various system information that can be viewed via a web interface such as processor load, hard disk usage, network traffic, access to server services on one or more computers, and more.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Munin server monitoring on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • How to Install Ruby on Rails on Debian 11

        Ruby on Rails is a free, open-source, and one of the most popular application stacks used for creating sites and web apps. It is written in Ruby programming language and follows the MVC concept. It comes with the Rails development framework that makes app development easier. There are many well-known applications based on Rails, such as Github, Airbnb, Soundcloud, etc.

        In this tutorial, I will show you how to install Ruby on Rails on a Debian 11 system.

      • How to Install Python 3.9 on Rocky Linux 8

        Python is a programming language that can be used to create just about anything. From full-scale games to web applications, and even simple scripts for your PC or Mac. Python has been around since the late 1980s and continues to be one of the most popular languages in use today. Today’s tutorial will show you how to install Python 3.9 programming language on a Rocky Linux 8 system.

      • How to Install Yarn JS (Node) Package Manager on Debian 11 – VITUX

        Yarn is a package manager for Javascript. It is meant to replace npm (node package manager). Yarn uses a different way to install packages. Instead of installing from the registry, it installs packages from other nodes in your network that have already downloaded the package and its dependencies. This can speed up installations, especially in projects with lots of node modules.

        Yarn works exactly the same as npm, but with some benefits. First of all, it tells you which version of a package that was installed is compatible with your project. This makes it easier if you need to roll back or update packages. Secondly, it makes your packages more secure. Every package’s checksum is validated before it’s run by Yarn. This means that if a developer installs an outdated or corrupted package, Yarn will be able to detect the error, show the error in an easy-to-read format, and allow them to correct it before executing the code. It isn’t easy to say whether the yarn is better than npm or vice versa. It’s just different. If you want an easy-to-use package manager that makes your packages more secure, the yarn might be the answer.

        If you are a developer, chances are you have heard of Yarn. Installing yarn on Debian 11 can be tricky if you’re unfamiliar with the process, but this tutorial will walk you through the process step-by-step so that after reading this post, installing Yarn should be as easy as 1-2-3!

      • How to Record Your Desktop Screen in Ubuntu 21.10 Wayland with Kooha | UbuntuHandbook

        Looking for how to record Ubuntu desktop in Wayland session? Here’s how to do it in Ubuntu 21.10 using Kooha.

        Ubuntu switched to “Wayland” session since Ubuntu 21.04. However, many apps, e.g., Kazam, Peek and vokoscreen-NG, do not support it. Some apps including OBS-Studio claim to support for Wayland, but either record blank screen or just refuse to work!

        The best solution in my opinion is switch back to Xorg session. To do so, simply log out, select your user and then choose “Ubuntu on Xorg” via bottom-right gear button menu. All the apps will work once you login with Xorg.

        For those sticking to the default Wayland, Kooha is one of good choices until GNOME’s “in-shell” screenshot & screencast UI is out.

      • How to configure automatic updates in€ Ubuntu Server - blackMORE Ops

        This guide explains how to configure automatic updates in Ubuntu Server 20.04. This tutorial is based on the following official Ubuntu Documentation article: Ubuntu Server Guide €» Package Management €» Automatic Updates. If you just want to do it, scroll down to the end and copy paste the two configuration file configs and you’re done. If you want to understand it and tweak, then keep reading.

      • How to create an Application Load Balancer on AWS

        Load Balancer falls under the EC2 services of AWS. An Application Load Balancer works at the seventh layer of the Open Systems Interconnection (OSI) model, the application layer. We can add and remove targets from our load balancer as per our needs without affecting the flow of requests to the application. Application Load Balancer supports for path-based routing: forward requests based on the URL in the request, host-based routing: forward requests based on the host field in the HTTP header, routing based on fields in the request, registering targets by IP address: targets outside the VPC for the load balancer can also be added. These are a few of the benefits of using the Application Load Balancer.

      • How to edit files inside Docker container? - blackMORE Ops

        Just migrating everything to bunch of new RaspberryPi 4 8GB from my VMware farm. Instead of using multiple Raspberry Pi 4, I decided to use Docker and move as many I can into each one of these. I’ve think Home Assistant (with supervisor), Pi-Hole, Pi-VPN, UnBound and my NoIP2 scripts one Raspberry Pi4 8GB Pi running Debian 11 BullsEye and docker and Plex Server onto another Pi should do the trick. Anyhow, ran into an interesting problem with Undound where I needed to edit the configuration file nano application.yaml or vi unbound.sh and it said, nano or vi wasn’t installed.

      • Configuring TACACS+ Server With A Simple GUI | Linux Journal

        Managing authentication and authorization in a large-scale network is a challenge: the passwords need to be set and rotated every now and then, access to certain configuration settings needs to be controlled and, finally, users’ actions need to be logged somewhere. This poses a need for a centralized controller in the network that is responsible for such functions. Modern routers and switches, which typically run Linux operating systems, support TACACS+ protocol that enables system administrators to implement flexible rules for authentication and authorization. However, TACACS+ server implementation for Linux operating system, although neat, lacks a graphical user interface which makes daemon configuration a smooth and intuitive process. In the next few paragraphs, we will discuss how to configure the TACACS+ daemon on Linux operating system and demonstrate how to deploy a simple, yet intuitive, GUI used for the configuration of the TACACS+ instance.

        TACACS+, which stands for Terminal Access Controller Access-Control System Plus, is a protocol mainly designed by Cisco and standardized in RFC8907. The primary goal of the protocol is to handle authentication and authorization of commands executed on remote telecommunication hardware on a centralized server. TACACS+ is a great protocol and can be compared to RADIUS. Its key advantages are the following: it allows scrambling or obfuscating (although, not really encrypting in a cryptographic sense) the entire payload with help of MD5 hash function and a secret shared between telecommunication hardware and a central server, it supports TCP protocol for transport, and it provides the possibility of carrying out AAA functions in a flexible way. More details on the protocol can be found in the corresponding RFC.

      • Install Veritas Cluster server on CentOS 8 | RHEL 8 step by step - Unixcop

        This step-by-step guide intended to provide practical documentation for installing InfoScale Enterprise 7.4.1 in a non-production capacity. There is a innumerable of configurations for software products and the one used in this article is only meant to be used to demonstrate InfoScale’s . In this article we are about to learn how to Install Veritas Cluster server on CentOS 8 | RHEL 8 step by step.

        So The installation of InfoScale can_be performed using ISO installer, YUM, Response file, Kick start installer or from System management Satellite server.

        Also In our article, we are going to accomplish the installation using ISO installer.

      • Kubernetes: Install using MicroK8s on Ubuntu - Anto ./ Online

        This guide will show you how to install Kubernetes using MicroK8s on Ubuntu. MicroK8s makes it super easy to get going with Kubernetes. Additionally, MicroK8s is bundled with tools such as Prometheus. So you simply enable a feature if you need it.

      • How to install Anydesk on Ubuntu / Linux Mint - Unixcop

        AnyDesk is a closed source remote desktop application distributed by AnyDesk Software GmbH. The proprietary software program provides platform independent remote access to personal computers and other devices running the host application Due to this, the program often employed by internet scammers to take control of their victims computer over the internet. It offers remote control, file transfer, and VPN functionality.

        Also Anydesk has an attractive user-friendly interface and administrative tools through which you can easily manage the remote systems.

        WithAnyDesk, you can record everything you see on your computer as a video file so you can play back at any time.

        So In this guide, we will show you how to install AnyDesk on Ubuntu 20.04 and Linux Mint 20

        After that you can easily access your team member or friend’s system.

    • Games

      • Cause chaos in the pixel-art god sim WorldBox when it releases December 2 on Steam | GamingOnLinux

        After being available for direct purchases for some time now, the popular pixel-art god sim will enter Early Access on Steam on December 2.

        In Worldbox - God Simulator you can build your own world and fill it with life. It gives you the ability to create various forms of life including sheep, wolves, humans, orcs and even a UFO. Over time you watch and see how civilizations form and fall from the comfort of your chair. Don't like how it's going? Destroy them all - you're the god.

      • Blender 3.x Roadmap Has Big Plans For Vulkan, Other Improvements - Phoronix

        With Blender 3.0 releasing soon, the Blender project has published a Blender 3.x road-map outlining some of their plans for future releases.

        The Blender 3.x road-map was published this morning to provide a fresh look at the changes ahead for this leading open-source 3D modeling software. Blender 3.x will see a lot of work on using the Vulkan API along with other exciting areas.

      • Linux Users Make Better Software Testers

        An indie developer is reporting that his Linux users generate a disproportionate number of bug reports, and the reports are higher quality.

        User-submitted bug reports are one of the main ways many developers — especially smaller ones — identify bugs and improve their apps. Despite Linux having a much smaller desktop market share than either Windows or macOS, at least one developer is crediting Linux users with being far more productive as bug reporters.

        Koderski, at Kodera Software, posted his findings in a thread on Reddit.

    • Desktop Environments/WMs

    • Distributions

      • deepin OS: The Artistic, Unique Features Computer Users Would Love

        This is an overview of deepin OS for everyone who looks for the best alternative operating systems for their computing. It is a GNU/Linux distribution that is well made, artistic and beautiful, practically easy to use, and at the same time unique no other Free Software Desktop Systems could ever thought to be. We made this review based on version 20.2.4 and hopefully this can give you pictures of deepin OS. Lastly, we still hope that deepin OS will soon be mass produced so people can just purchase a deepin laptop or deepin PC they want to start their software freedom.

        We think deepin OS is artistic and unique for user's computing with aforementioned features explained in the whole article. We, once again, wish deepin OS to be mass produced, as we believe it is ready and deserves mass production more than either Windows or macOS so millions of people could start their software freedom computing. We strongly appreciate one shop, The Linux Laptop, who sell laptops with deepin OS preinstalled and international shipping, as that would help many people who can only work with, not take care of nor install the hardware or software in their computers. Is it not good if Wuhan Deepin Technology as the organization behind deepin OS, does the same? All in all, the unique traits of deepin OS can be a good study for everybody including other Free Software Desktop Systems developers.

      • Moving toward Qubes OS 4.1 [LWN.net]

        On October 11, the first release candidate for Qubes OS version 4.1 was announced. Qubes OS is a security-oriented desktop operating system that uses multiple virtual machines (VMs or "qubes") to isolate various types of functionality. The idea is to compartmentalize different applications and operating-system subsystems to protect them from each other and to limit access to the user's data if an application is compromised. Version 4.1 will bring several important enhancements to help Qubes OS continue to live up to its motto: "A reasonably secure operating system".

        It has been nearly five years since we looked at Qubes OS 3.2, though we have checked in on it a few times since we first wrote about it back in 2010. As with much in the security world, there are tradeoffs to be made when using Qubes OS, but it provides a level of security that is hard to find elsewhere. In addition, it does so using Linux and other open-source tools, so that users can inspect and modify the system as needed.

      • Muen 1.0 released, an open source microkernel for building highly reliable systems

        After eight years of development the Muen 1.0 project was released, developing the Separation kernel, the absence of errors in the source code of which was confirmed using mathematical methods of formal verification of reliability. The kernel is available for the x86_64 architecture and can be used in mission-critical systems that require an increased level of reliability and guarantee that there are no failures. The source texts of the project are written in the Ada language and its verifiable dialect SPARK 2014 . The code is distributed under the GPLv3 license.

        The partitioning kernel is a microkernel that provides an environment for the execution of components isolated from each other, the interaction of which is tightly regulated by specified rules. Isolation is based on the use of Intel VT-x virtualization extensions and includes protection mechanisms to block the organization of covert communication channels. The partitioning kernel is more minimalistic and static than other microkernels, which reduces the number of situations that can lead to a failure.

      • BSD

        • DragonFlyBSD's makefs Adds Support For FAT

          One could consider it long overdue, but DragonFlyBSD has finally merged support for FAT file-systems with the makefs utility.

          On DragonFlyBSD the makefs utility for creating a file-system image from a directory or mtree manifest can finally handle ubiquitous FAT.

      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

        • Interview of Nicolas Lécureuil, chair of the Mageia Board, on Linuxfr.org

          Nicolas Lécureuil, alias NeoClust, is a long time user of LinuxFr.org. He has an account on the website dedicated to Linux since 2005. Nicolas became the president of the Board of Mageia early in 2021. Nicolas has been, and still is, very active everywhere in the Mageia forums, discussion lists and the cauldron development, where new versions of the distribution are being cooked. In this interview, we will see that he is an early Mageian. Also, we will discover his ambitions and projects for this distribution, which is one of the most accessible to the general public.

        • PCLinuxOS: Kernel Updates Available

          The following kernels are available for PCLinuxOS. Kernel LTS 5.4.156. Kernel LTS 5.10.76 and Kernel 5.14.15.

      • SUSE/OpenSUSE

      • IBM/Red Hat/Fedora

        • Fedora 35 Cleared For Release Next Week

          After dealing with blocker bugs the past two weeks, Fedora 35 is now confirmed for releasing next week.

          The latest Fedora 35 RC compose has been declared a "GO" at today's Fedora meeting for releasing next week. Fedora 35 will be shipping on 2 November after missing its original final target date of 19 October and follow-up of 26 October due to unresolved issues. It's not as bad like Fedora's notorious release delays from many years ago and at least they side with quality rather than timeliness.

          Confirmation of Fedora 35 being ready to ship next week was announced today.

        • Red Hat: 5 lessons I learned about chaos engineering for Kubernetes | Opensource.com

          Kubernetes is a complex framework for a complex job. Managing several containers can be complicated, and managing hundreds and thousands of them is essentially just not humanly possible. Kubernetes makes highly available and highly scaled cloud applications a reality, and it usually does its job remarkably well. However, people don't tend to notice the days and months of success. Months and years of smooth operation aren't the things that result in phone calls at 2 AM. In IT, it's the failures that count. And unfortunately, failures don't run on a schedule.

        • Consuming Pino logs from Node.js applications

          Node.js offers a vast array of options to developers. This is why Red Hat and IBM teamed up to produce the Node.js reference architecture, a series of recommendations to help you build Node.js applications in the cloud. One of our recommendations is that you use Pino, an object logger for Node.js. You can visit this GitHub page for an overview of how and why to use Pino. This article demonstrates how to create and consume Pino logs with the Red Hat OpenShift Logging service.

        • IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles
        • Why automation progress stalls: 3 hidden culture challenges

          One of the major challenges to automation success exists right out in the open, even if people sometimes pretend otherwise. Automation stokes anxiety about how it will impact people’s jobs, including the possibility that it will make them obsolete.

          These automation obstacles might be lurking a bit outside your line of sight. We recently covered that most prominent issue with advice for IT leaders on proactively managing automation anxiety. But not every challenge is as visible.

          Here are three obstacles that might be lurking a bit outside your line of sight. Factor them into your planning and execution.

        • IT careers: 8 essential tips for your first 90 days | The Enterprisers Project

          You never get a second chance to make a first impression, as the saying goes. And while a misstep on the first day is understandable and surmountable, it's the first few months in a new role that tend to matter most. "First impressions are important in most situations in life," says Charley Betzig, managing director at technology executive search firm Heller Search Associates, "and this is no different when you start a new job."

          This is your time to "subtly and directly impress upon your subordinates, peers and managers that you are the right person for the job."

        • Download the original Red Hat Linux 0.9 "Halloween" release

          As a special Halloween treat this year we wanted to provide a download to Red Hat Linux 0.9 (beta). That 0.9 isn't a typo, that's the first publicly distributed release that got the entire Red Hat ball rolling.

          We talked about this release before on the Red Hat Blog, in a post in 2019. It was distributed with a spiral-bound book full of documentation and a single CD-ROM.

          After we wrote about the Halloween release in 2019, I got a number of pings on social media and via email asking for the files or an ISO image. For a variety of reasons, including a move, reconnecting with the ISO image took a little longer than one might hope. But, just in time for Halloween 2021, it has been relocated and is ready to go.

        • 3 basic Linux group management commands every sysadmin should know

          Groups make it easy to associate users with similar access-control requirements, so managing users and groups is a key responsibility for sysadmins. As I mentioned in my article on managing users, I like simple commands with a logical syntax. Such commands are easier to remember, particularly for new administrators.

        • GitOps: Best practices for the real world

          There is a common misunderstanding about how GitOps should be applied in real-world environments. Developers equate Infrastructure as Code (IaC) with GitOps in concept or believe that GitOps can only work with container-based applications — which is not true. In this blog, you will learn what GitOps is and how to apply its principles to real-world development and operations.

      • Debian Family

        • Makulu Shift Debian Patches Live – MakuluLinux

          If you are running the Shift Debian build we released a few months back you will notice after updating your whole system seems broken ? panels and menus etc etc just missing… This is because Debian Testing without warning just updated to gnome 41 framework and in the same week as we were putting out the Shift ubuntu Beta. However, don’t worry, we just sent out a patch that will fix your system. simply right click on desktop, open terminal and do : “sudo apt update && sudo apt upgrade -y” ( basically update your system ), then reboot and all will be well again

        • Possible changes to Debian's decision-making processes

          To a great extent, Debian leaves decisions in the hands of its individual developers. A developer's package is their castle, and they can generally manage it as they see fit. That freedom is somewhat constrained by the Debian constitution and the extensive Debian policy manual, both of which are designed to ensure that both developers and the packages they create all get along. Most of the time, this process just works, the project generates (mostly) regular releases, and users are happy.

          Occasionally, though, some sort of intervention is required; two of the mechanisms provided by the project for such cases are the Technical Committee and general resolutions. The Technical Committee is empowered to make decisions on technical policy and may, in extreme cases, override Debian developers if their actions are seen as sufficiently damaging to the distribution. General resolutions can, by way of a vote of the project membership, change or override decisions made by the Technical Committee (or others), set new policies, or amend the constitution.

          Voting is a key part of decision-making at levels above the individual developer. This is not particularly unusual in the free-software community; many projects make decisions by a vote of either the general membership or some sort of elected (via a vote, usually) representatives. Debian is nearly unique, though, in the way it decides what its members will vote on. Rather than simply being presented with a list of choices, Debian developers create those choices themselves, often in great number, and often with a lot of associated discussion. The creation of the ballot is the important part of a Debian resolution; the vote at the end is just calculating the final score.

          This process is designed to create outcomes that reflect, as well as possible, the will of the project as a whole. Debian's voting scheme allows a ballot to contain numerous options with small differences without fear of splitting the vote in a way that causes a relatively unpopular option to ultimately prevail. At its best, it creates ballots where developers can vote for the options they want rather than just voting against the worst case.

      • Canonical/Ubuntu Family

        • LMA 2: Reimaginging observability with MicroK8s and Grafana, Prometheus and Grafana Loki | Ubuntu

          Juju re-imagines the world of operating software securely, reliably, and at scale. Juju realizes the promise of model-driven operations. Excellent observability is undeniably a key ingredient for operating software well, which is why the Charmed Operator ecosystem has long provided operators the ability to run a variety of open source monitoring software. We collectively refer to these operators as the Logs, Metrics, and Alerts (LMA) stack.

          With the advent of cloud native software and microservices, and the resulting increase in complexity of systems, we decided it was time to create the next generation of LMA running on Kubernetes. It needed to be capable of monitoring workloads running on Kubernetes, virtual machines, bare metal, or the edge. Going back to the drawing board, we also reassessed which components would be part of this new cloud native LMA. The resulting design is composed of open source projects led or very heavily contributed to by Grafana Labs. Let us tell you why.

        • Taking Ubuntu for a spin (literally) | Ubuntu

          The designers of the Indianapolis Motor Speedway never could have predicted that unmanned autonomous vehicles would someday race on their track – much less robots that can see the checkered flag while their ‘drivers’ kiss the bricks. But after more than a century, what started as a gravel-and-tar track hosted the most advanced driving competition to this date. And in the process, it made history. Let us tell you how.

          On Saturday 23 of October, nine teams raced in Indy to see who was the fastest. A total of 21 universities from 9 countries competed, programming Dallara AV-21 racecars to win and take home $1.5M in prizes. The year-long challenge for innovating the field of autonomous vehicles started with more than 25 teams, and finished with nine finalists.

          While many skilled teams took part, open-source won the day. It powered the cars and teams, helping them shape the future of autonomous vehicles. It was also seen in the collaboration between the teams, and between competitors during the weeks before the race. ROS was there, and Ubuntu as well. Focal Fossa donned his racing suit and drove in the AV-21.

        • The Future Of The Ubuntu Installer Is Dark... - Invidious

          Every new version of Ubuntu comes with an exciting new wallpaper but in a soon to be upcoming version of ubuntu it'll be shipping with more than that it'll be shipping with a replacement to the Ubiquity installer written in Flutter. I know the joke is going to go over someone's head, it's dark because it has a dark mode

        • Best Way To Upgrade To Ubuntu 21.10

          Ubuntu 22.04 LTS (Jammy Jellyfish) daily builds are now available for download. In this Ubuntu 21.10 tutorial post, we are going to show you the process of upgrading to Ubuntu 21.10 from an earlier version of Ubuntu.

        • Design and Web team summary – 22 October 2021

          My name is Albert, I’ve been working at Canonical for little longer than a year. As a developer I am very proud to be working here, because I’ve always used a Linux based operating system while developing, and Ubuntu is my favourite distribution.

          It’s the first place I got to work in an Open-Source environment. It’s a very different mentality. Everyone can see what you are coding and many times my Git commits feel like a contribution to the community rather than just another bug fix, and it’s very rewarding.

    • Devices/Embedded

      • Raspberry Pi Compute Module 4 Powers New PiCam Carrier Board

        Users of Raspberry Pi Compute Module 4 boards who want to use the official Raspberry Pi Camera Module are left with a number of choices. Do they use the dedicated IO board or another carrier board? The latter is a popular option as the dedicated IO board is designed for development rather than daily use. We found Ledato's new PiCam module listed for $40 on Adafruit, and it looks like just the thing for CM4 camera projects.

        The PiCam module is the same size as the Compute Module (sold separately), and can be mounted directly on top of the board via four M2.5 screw points, with just a small offset to assemble a very small Raspberry Pi camera system, perfect for adding computer vision in small places. The Raspberry Pi 4, and the Compute Module 4 offer decent machine learning / computer vision using TensorFlow Lite, so a carrier board such as PiCam offers embedded machine learning projects a little more power over higher priced alternatives.

      • RPi CM4 carrier with camera connector sells for $40
      • Raspberry Pi Zero W takes a SiP of Cortex-A53

        The $15 “Raspberry Pi Zero 2 W” updates the tiny Zero W SBC with a SiP packaged, 1GHz, quad -A53 BCM2710A1 SoC that is up to five times faster. The Zero 2 W upgrades the WiFi/BT module to pre-certified 802.11n with BT 4.2.

        Raspberry Pi has launched an updated version of the $10 Raspberry Pi Zero W, which arrived in early 2017 as a wireless-enabled alternative to the similarly petite, $5 Raspberry Pi Zero. The $15 Raspberry Pi Zero 2 W maintains the 65 x 30mm footprint and ports of the W, but advances from the 1GHz, ARM11-based Broadcom BCM2836 to a SiP-packaged Broadcom BCM2710A1 with 4x Cortex-A53 cores.

      • Raspberry Pi Zero 2 W with Ubuntu Server 21.10 support is here | Ubuntu

        The hits keep coming from Raspberry Pi this month. Last week we saw the release of the Raspberry Pi Build Hat, which combines the flexibility of LEGO with the power of the Pi to unlock a new learning experience for educators and makers.

        This week it’s the Raspberry Pi Zero 2 W. We are stoked to confirm that both Ubuntu Server and Ubuntu Core will run on the Zero 2 W. To share the excitement, here is a rundown of the exciting aspects of the Zero 2 W and a guide on how to get started with Ubuntu Server 21.10. Users of 20.04 and Ubuntu Core 20 will have to hold tight until November, but we’ve also included a setup guide below in preparation.

      • New Raspberry Pi Zero 2 Upgrades To Quad-Core Processor | Hackaday

        Over the years, we’ve seen a steady stream of updates for the Raspberry Pi Foundation’s flagship single-board computer (SBC), with each new release representing a significant boost in processing power and capability. But the slim Raspberry Pi Zero, released all the way back in 2015, hasn’t been quite so fortunate. Beyond the “W” revision that added WiFi and Bluetooth in 2017, the specs of the diminutive board have remained unchanged since its release.

        That is, until now. With the introduction of the $15 USD Raspberry Pi Zero 2 W, the ultra-compact Linux board gets a much-needed performance bump thanks to the new RP3A0 system-in-package, which combines a Broadcom BCM2710A1 die with 512 MB of LPDDR2 SDRAM and a quad-core 64-bit ARM Cortex-A53 CPU clocked at 1 GHz. In practical terms, the Raspberry Pi Foundation says the new Zero 2 is five times as fast as its predecessor with multi-threaded workloads, and offers a healthy 40% improvement in single-threaded performance. That puts it about on par with the Raspberry Pi 3, though with only half the RAM.

      • Raspberry Pi Zero 2 W: We Have a New Pi Priced at $15

        Today we can take a look at the brand new Raspberry Pi Zero 2 W which has just been released by the Raspberry Pi Foundation. So let’s go and take a closer look.

        Raspberry Pi Zero 2 W is a tiny low-cost computer with a massive user base that is perfect for embedded projects. But let’s start with the name. The number 2 indicating second generation and the W meaning that it’s got wireless connectivity.

      • Raspberry Pi Zero 2 W is Here! - It's FOSS News

        Raspberry Pi Zero W is one of the most affordable single-board computers that include wireless and Bluetooth connectivity.

        While there are some differences between the Raspberry Pi Zero vs. Raspberry Pi Zero W, both were pretty solid deals considering they launched for $5 and $10, respectively.

        Now, Raspberry Pi has unveiled the successor to this lineup after about six years, i.e., Raspberry Pi Zero 2 W priced at $15.

      • $15 Raspberry Pi Zero 2 W launched with quad-core CPU, 512MB RAM - CNX Software

        Raspberry Pi Zero 2 W is the first quad-core SBC from the Raspberry Pi Foundation with the Raspberry Pi Zero form factor. Based on the RP3A0 system-in-package (SiP) comprised of a Broadcom BCM2710A1 quad-core Cortex-A53 processor and 512MB LPDDR2, the new Pi Zero W 2 board offers the exact same interfaces as its predecessor.

        This includes a MicroSD card socket, a mini HDMI port, two micro USB ports, a MIPI CSI-2 camera connector, as well as an unpopulated 40-pin GPIO header. The wireless module appears to have changed but still offers WiFi 4 and Bluetooth 4.x BLE, and it’s using the same VideoCore IV GPU to handle 3D graphics and video encoding and decoding up to 1080p30.

      • Raspberry Pi Zero 2 W and Zero W features comparison - CNX Software

        So the main reasons to get a Raspberry Pi Zero 2 W over a Raspberry Pi Zero W is the extra performance enabled by the quad-core Cortex-A53 processor and possibly better wireless performance. The downsides are at the new board costs $5 more, and power consumption might be higher, but this would have to be tested under various scenarios. Another reason you may end up getting the Zero 2 W board that is not shown in the specifications is the recent shortage of chips, so the new board may be more likely to be in stock at your local distributor.

      • A Tidy Clamshell Keyboard For The Pinephone | Hackaday

        Something a lot of people don’t realise about modern smartphones is that many of them have fully-featured USB interfaces. Perhaps the best of all is the Pinephone, which is a fully open-source smartphone that gives end users total control over their phone experience. [silver] has such a phone, and set about building himself a neat keyboard setup for the platform.

        The build is based around an RCA RKT773P tablet keyboard case, which uses USB to interface with a tablet via pogo pins. [silver] modified this by soldering on a USB cable to the pins, paired with a USB-C host adapter on the Pinephone. Paired with a few 3D printed parts to hold everything in place, it almost turns the assembly into a cute little Pinephone laptop.

      • Open Hardware/Modding

        • Low-cost, highly accurate piano tuner made with an Arduino Due | Arduino Blog

          Electronic instrument tuners have existed now for several decades, but the ones with a great amount of precision can cost over a thousand dollars to the consumer, which is far above what many are willing or able to pay. To address this issue of high prices while still maintaining a high degree of accuracy, Jan Herman built his own device that utilizes just a few relatively common parts.

          Within the housing of his tuner is an Arduino Due, which was selected because of its 32-bit architecture (for precision when measuring frequencies), faster speeds, and a large amount of GPIO pins. Apart from that, Herman included an AD9833 waveform generator breakout, a PAM8302 amplifier circuit, a pair of rotary potentiometers and switches for getting user inputs, and a transducer/speaker setup along with various passive components for power input.

        • Picovoice Cobra Voice Activity Detection Engine shown to outperform Google WebRTC VAD - CNX Software

          Picovoice Cobra Voice Activity Detection (VAD) engine has just been publicly released with support for Raspberry Pi, BeagleBone, NVIDIA Jetson Nano, Linux 64-bit, macOS 64-bit, Windows 64-bit, Android, iOS, and web browsers that support WebAssembly. Support for other Cortex-M and Cortex-A based SoCs can also be made available but only to enterprise customers.

          Picovoice already offered custom wake word detection with an easy and quick web-based training and offline voice recognition for Raspberry Pi, and even later ported their voice engine to Arduino. Cobra VAD is a new release, and, like other VADs, aims to detect the presence of a human voice within an audio stream.

        • Halloween-Themed Talking Clock Relies On Pi Pico | Hackaday

          Many of us learn to read clocks at a young age, however, talking clocks eliminate the need to do that entirely. [Alberto] whipped up one of his own, in this case designed with some Halloween holiday spookiness.

          A basic clock movement is used to display the time in the typical fashion. However, the movement also features a built-in trigger signal, which it sends to an attached microcontroller on the hour, every hour. The build relies on the Raspberry Pi Pico for sound, chosen for its USB programming interface and its 2 MB of onboard flash storage. Sound is stored in simple 16-bit WAV files, and played out to a speaker via a PWM output. Alternatively, a CircuitPython version of the code is available that uses MP3s instead. A light sensor is used to avoid triggering any sounds at night time that could disturb one’s sleep. The entire circuit can be built on a single-sided board. [Alberto] etched one at home in the old-fashioned way, though one could also order one online, too.

        • Ubuntu Desktop freezing with Raspberry PI: how to fix

          With the new Ubuntu Desktop 21.10 coming in production, I’ve found random freeze problems with my Raspberry PI 4 model B computer. After tests and googling the problem, I was able to solve it

          In this tutorial I’m going to show you how to fix the screen freezing problem with some Ubuntu Desktop kernels on Raspberry PI 4 / 400.

        • Passive Buzzer with Raspberry PI Pico and MicroPython

          With Passive Buzzer you can give your Raspberry PI Pico a cheap way to emit sounds and modulated them according to your needs. It is so flexible that you can also let you RPI Pico singing!

        • Track Contacts Relation with Monica CRM and Raspberry PI (Self Hosted)

          Building a strong friend and customer relationship is a key factor to create trust and getting better life and job results. When you have a lot of contacts, it is really hard to remember all of their info. Monica CRM and Raspberry PI allow creating a cheap solution to make all these data secure (self hosted) and well organized

          In this tutorial, I’m going to show you how to install Monica CRM on Raspberry PI with docker.

          Monica is an open source CRM that helps in organizing social interactions. It is built to manage family/friends relations. But, in my honest opinion, it has great potential with managing relations with customers when it comes to creating a strong relationship and trust.

      • Mobile Systems/Mobile Applications

    • Free, Libre, and Open Source Software

      • Top 18 Open-source todo.txt apps and managing solution in 2021

        Aside from TiddlyWiki, we have been using the todo.txt format in our projects for some time now, and it is proven to be portable, reliable, and works with many clients.

        In this article, we collected the best todo.txt apps for Windows, macOS, and Linux.

      • Events

        • New training couse: Real-Time Linux with PREEMPT_RT - Bootlin's blog

          In the field of embedded systems, a number of applications need real-time guarantees, and the Linux ecosystem has been offering for a long time a number of solutions to address those needs, either by improving the Linux kernel itself using the PREEMPT_RT approach, or by using a co-kernel approach such as the one offered by Xenomai. Bootlin training’s portfolio already has an initial coverage of these topics in our Embedded Linux system development course.

        • OpenUK Open Technology for Sustainability and OpenUK Awards 2021

          This week sees COP26, the UN conference which is probably the last chance for humanity to mitigate the worse effects of the climate emergency.

          At Akademy earlier this year KDE had a talk about Towards Sustainable Computing. Open tech can make a difference.

          OpenUK will be hosting a venue on 11 November with a day of events about sustainability with technology emphasising why open tech is the most effective way to do that.

      • Web Browsers

        • Chromium

          • ‘Buffer’ Social Networking Tool Having Issues With Chrome-Based Browsers

            The popular social networking tool Buffer has been having trouble trouble working and playing well with Chrome-based browsers today. Specifically, users of the browser plugin for Chrome are unable to use the tool’s right-click function which allows them to post links to Tweeter, Linkedin, Facebook, and other social sights. The functionality has not been affected for those using Firefox.

            The functionality has been down since at least shortly before 9 am Eastern Standard Time, which is when FOSS Force discovered the problem, which seems to affect all Chrome-based browsers, including Google Chrome, Vivaldi, and Brave. FOSS Force suspects but hasn’t been able to verify that other Chrome-based browsers such as Microsoft Edge and Chromium are also affected.

            Typically, the context menu brought up by right-clicking anywhere on a web page will include the option to “Buffer this page” for those who have the browser extension installed, which if selected will bring up a screen for composing posts to all social networks the user has configured to work with the tool.

        • Mozilla

          • Implementing Global Privacy Control

            We’ve taken initial steps in experimenting with the implementation of Global Privacy Control (GPC) in Firefox.

            GPC is a mechanism for people to tell websites to respect their privacy rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA) and legislation in other jurisdictions.

            At this moment, GPC is a prerelease feature available for experimental use in Firefox Nightly. Once turned on, it sends a signal to the websites users visit telling them that the user doesn’t want to be tracked and doesn’t want their data to be sold. GPC is getting traction both in California and in Colorado. Now that we expect websites to start honoring GPC, we want to start providing this option to Firefox users.

          • Mozilla’s Firefox named in inaugural Brands That Matter

            Mozilla’s Firefox is thrilled to be named one of the nearly 100 brands within Fast Company Magazine’s inaugural and high-profile, Brands That Matter 2021 ranking and recognition program for companies and nonprofits that have had an undeniable impact on business and culture.

            Mozilla’s Firefox was recognized by Fast Company specifically for “continuing to do what it can to put itself forward as the browser that seeks to protect against disinformation and take digital responsibility as hallmarks of its brand.” Fast Company also noted that, “The Unfck campaign and YouTube Regrets work embody its mission perfectly, illustrating Mozilla’s David vs. Goliath relationship with Big Tech, and its work for people over profits and humanity over technology. As these issues become front-page concerns, Firefox’s position and brand has only grown stronger.”

      • Productivity Software/LibreOffice/Calligra

        • GTK4: Toolbars in Sidebar

          GTK4 port of Libreoffice now supports the "widebutton" Toolbar MenuButtons that show a preview of the selected color.

      • FSF

        • GNU Projects

          • Mike Gran: May you live in interesting times

            My hope is to get Lonely Cactus up and running on a different set of technologies, as a learning exercise. Maybe a GNU/Hurd VM. Maybe Guix. Because if you're going to do something weird, might as well go all the way.

        • Licensing/Legal

          • Empowering users of GPL software

            There are some other ways this lawsuit stands out from previous efforts. For one thing, it comes with an extensive press kit to help media outlets (and others) understand the suit and its ramifications. The press kit fills in some of the details from the complaint, but also provides a "Q&A" section, biographies of SFC spokespeople, quotes from various industry experts, a glossary, and more. It is an excellent summary of the background for those who are not well-versed in our community and its licenses, but there is quite a bit of interest in that document even for LWN readers and others who are generally knowledgeable about such things.

            The press kit makes clear that an additional goal of the lawsuit is to educate users about their rights under the GPL and why those rights should matter to them. The lawsuit could be seen as something of an attention-grabbing effort to try to help ensure that the benefits of licenses like the GPL actually end up reaching the users who are supposed to be the beneficiaries of the source-code disclosure required. Doing so is in keeping with the public-benefit role of charities like SFC, but is typically not part of the strategy embodied in lawsuits, which are clearly targeted at the legal system—and the defendant, of course.

            Unlike many high-profile lawsuits, SFC's suit is not asking for monetary damages from Vizio; instead it is asking the court to order Vizio to comply with the terms of the GPL and LGPL that cover code in its TVs. Beyond that, it is asking the court to declare that the terms and conditions of the GPL licenses require source-code disclosure, effectively determining that the GPL operates the way that the free-software community believes that it does—and that Vizio is in breach of the license. The only monetary requests are for reimbursements of the costs and attorney fees needed to pursue the lawsuit.

      • Programming/Development

        • Top 5 Programming Languages for Developing Linux Desktop Applications

          The IT industry is the quickest developing industry. It is befuddling to choose the one appropriate and useful choice as it has bunches of language choices. It could be a troublesome inquiry for an entrepreneur who needs to foster a work area application or somebody new to writing computer programs is which language ought to be your inclination.

          Linux on work area, Linux developers and programming engineers are investing more energy and difficult work in creating work area applications that will coordinate with applications on Windows and Mac OS X work areas. This is valid, particularly with an endless number of Linux dispersions that are centered on making it simple for new Linux clients to handily adjust to the working framework.

        • Vercel boss Guillermo Rauch on Next.js 12 ● The Register
        • Qt Creator 6 Beta2 released

          We are happy to announce the release of Qt Creator 6 Beta2!

        • Qt Creator and clangd: An Introduction

          As I hinted at recently, we have spent the last couple of months implementing a new clangd-based back-end of our C/C++ code model. With the second beta of Qt Creator 6 having been released, I feel we can now in good conscience ask you to enable this feature and take it for a test drive.

        • Python

          • A viable solution for Python concurrency

            Concerns over the performance of programs written in Python are often overstated — for some use cases, at least. But there is no getting around the problem imposed by the infamous global interpreter lock (GIL), which severely limits the concurrency of multi-threaded Python code. Various efforts to remove the GIL have been made over the years, but none have come anywhere near the point where they would be considered for inclusion into the CPython interpreter. Now, though, Sam Gross has entered the arena with a proof-of-concept implementation that may solve the problem for real. The concurrency restrictions in the CPython interpreter are driven by its garbage-collection approach, which uses reference counts on objects to determine when they are no longer in use. These counts are busy; many types of access to a Python object require a reference-count increment and (eventually) decrement. In a multi-threaded program, reference-count operations must be performed in a thread-safe manner; the alternative is to risk corrupted counts on objects. Given the frequency of these operations, corruption in multi-threaded programs would be just a matter of time, and perhaps not much time at that. To avoid such problems, the GIL only allows one thread to be running in the interpreter (i.e. to actually be running Python code) at a time; that takes away almost all of the advantage of using threads in any sort of compute-intensive code.

        • Rust

          • Niko Matsakis: Rustc Reading Club

            Ever wanted to understand how rustc works? Me too! Doc Jones and I have been talking and we had an idea we wanted to try. Inspired by the very cool Code Reading Club, we are launching an experimental Rustc Reading Club. Doc Jones posted an announcement on her blog, so go take a look!

            The way this club works is pretty simple: every other week, we’ll get together for 90 minutes and read some part of rustc (or some project related to rustc), and talk about it. Our goal is to walk away with a high-level understanding of how that code works. For more complex parts of the code, we may wind up spending multiple sessions on the same code.

          • This Week In Rust: This Week in Rust 414
    • Standards/Consortia

      • Embedded DisplayPort 1.5 Specification Published - Phoronix

        It's been six years already since VESA published the Embedded DisplayPort 1.4b specification while finally it's been succeeded by eDP 1.5.

        Embedded DisplayPort 1.5 retains backwards compatibility with v1.4 but adds an improved Panel Self Refresh (PSR) protocol, better Adaptive-Sync capabilities, and more. Embedded DisplayPort is commonly used by laptop panels.

      • The HTML <video> element needs to go back on the drawing board

        We’ve had the HTML <video> element for over a decade. Yet, everyone still defaults to embedding YouTube frames instead of hosting their own videos. The underlying problem is that the <video> element isn’t suitable for embedding short video files on webpages.

        [...]

        HTML doesn’t provide web authors any affordances to send a high-resolution video to a desktop or tablet, and a lower resolution to a mobile phone. You can send an oversized video to mobile devices, but at potentially high data and battery costs. Or you can send an undersized video and scale it up (with ugly upscaling artifacts) to desktops. A 720p (720×405 px) video suitable for desktops and tablets contains ×2,25 times more pixels (roughly ×2,1 times more data) than a 480p (480×270 px) video file for mobile.

        You can turn to JavaScript and have it pick the right video, but it’s a complicated problem. Choosing the right codec, handling full-screen mode switches, subtitles, adaptive quality changes, network conditions, pixel density, preloading, … it all adds up. It’s not a quick job to write the logic required to choose choose an appropriate video resolution, and handle changes on the fly.

        The average JavaScript library for handling video resolutions and full-screen mode switching is about 600 KB. It’s a small overhead for a 15 minute+ video. However, it’s way too much for a short animation or a minute-long presentation.

        You also have to spend time learning and integrating a complicated new library into your documents. Serving video is still relatively expensive, so you might also need a separate library to reduce the hosting costs (e.g. WebTorrent). If you’re planning on publishing many videos, it might be worth it. However, it’s too much overhead just to add a few minutes of video to a blog post every once in a while.

  • Leftovers

    • Hardware

      • VCF East 2021: Preserving Heathkit’s 8-Bit Computers | Hackaday

        To say the Heathkit name is well known among Hackaday readers would be something of an understatement. Their legendary kits launched an untold number of electronics hobbies, and ultimately, plenty of careers. From relatively simple radio receivers to oscilloscopes and televisions, the company offered kits for every skill level from the post-war era all the way up to the 1990s.

      • Ethernet Cable Turned Into Antenna To Exploit Air-Gapped Computers | Hackaday

        Good news, everyone! Security researcher [Mordechai Guri] has given us yet another reason to look askance at our computers and wonder who might be sniffing in our private doings.

        This time, your suspicious gaze will settle on the lowly Ethernet cable, which he has used to exfiltrate data across an air gap. The exploit requires almost nothing in the way of fancy hardware — he used both an RTL-SDR dongle and a HackRF to receive the exfiltrated data, and didn’t exactly splurge on the receiving antenna, which was just a random chunk of wire. The attack, dubbed “LANtenna”, does require some software running on the target machine, which modulates the desired data and transmits it over the Ethernet cable using one of two methods: by toggling the speed of the network connection, or by sending raw UDP packets. Either way, an RF signal is radiated by the Ethernet cable, which was easily received and decoded over a distance of at least two meters. The bit rate is low — only a few bits per second — but that may be all a malicious actor needs to achieve their goal.

      • Taking A Stroll Down Uncanny Valley With The Artificial Muscle Robotic Arm | Hackaday

        Wikipedia says “The uncanny valley hypothesis predicts that an entity appearing almost human will risk eliciting cold, eerie feelings in viewers.” And yes, we have to admit that as incredible as it is, seeing [Automaton Robotics]’ hand and forearm move in almost human fashion is a bit on the disturbing side. Don’t just take our word for it, let yourself be fascinated and weirded out by the video below the break.

        While the creators of the Artificial Muscles Robotic Arm are fairly quiet about how it works, perusing through the [Automaton Robotics] YouTube Channel does shed some light on the matter. The arm and hand’s motion is made possible by artificial muscles which themselves are brought to life by water pressurized to 130 PSI (9 bar). The muscles themselves appear to be a watertight fiber weave, but these details are not provided. Bladders inside a flexible steel mesh, like finger traps?

      • Speakers from my life | Random thoughts of Peter 'CzP' Czanik

        As you might have already noticed from my blogs, I am a music maniac. One of the factors influencing your music listening experience is what speakers you use. I was lucky right from the beginning, my parents are music maniacs as well. In this blog I introduce you to the speakers I listened while living at my parents, and three pairs of speakers I bought myself.

        I must admit that I never did a really thorough research about speakers and acoustics. I always listened to my ears, how much I like what I hear. This made my journey in listening to music a bit of a crisscross :-)

    • Health/Nutrition

      • COVID-19: Moderna Gets Its Miracle

        In late 2019, the biopharmaceutical company Moderna was facing a series of challenges that not only threatened its ability to ever take a product to market, and thus turn a profit, but its very existence as a company. There were multiple warning signs that Moderna was essentially another Theranos-style fraud, with many of these signs growing in frequency and severity as the decade drew to a close. Part I of this three-part series explored the disastrous circumstances in which Moderna found itself at that time, with the company’s salvation hinging on the hope of a divine miracle, a “Hail Mary” save of sorts, as stated by one former Moderna employee.

        While the COVID-19 crisis that emerged in the first part of 2020 can hardly be described as an act of benevolent divine intervention for most, it certainly can be seen that way from Moderna’s perspective. Key issues for the company, including seemingly insurmountable regulatory hurdles and its inability to advance beyond animal trials with its most promising—and profitable—products, were conveniently wiped away, and not a moment too soon. Since January 2020, the value of Moderna’s stock—which had embarked on a steady decline since its IPO—grew from $18.89 per share to its current value of $339.57 per share, thanks to the success of its COVID-19 vaccine.

        Yet, how exactly was Moderna’s “Hail Mary” moment realized, and what were the forces and events that ensured it would make it through the FDA’s emergency use authorization (EUA) process? In examining that question, it becomes quickly apparent that Moderna’s journey of saving grace involved much more than just cutting corners in animal and human trials and federal regulations. Indeed, if we are to believe Moderna executives, it involved supplying formulations for some trial studies that were not the same as their COVID-19 vaccine commercial candidate, despite the data resulting from the former being used to sell Moderna’s vaccine to the public and federal health authorities. Such data was also selectively released at times to align with preplanned stock trades by Moderna executives, turning many of Moderna’s highest-ranking employees into millionaires, and even billionaires, while the COVID-19 crisis meant economic calamity for most Americans.

      • One Year Under COVID-19 Contact Tracing Apps: What Has Europe Learned? – A report by Access Now and Liberties

        A year after the introduction of COVID-19 Contact Tracing Apps in Europe, Access Now and Liberties look at their impact on digital rights.…

      • TLAV: Your Never-Ending COVID-19 Booster Cycle & Moderna’s Miracle

        Whitney joined TLAV to discuss the never-ending “booster” cycle of COVID-19 injections that is already under way, and her recent article about Moderna’s mRNA shots and the miraculous timing of their “success”.

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

        • Security

          • ISC Releases Security Advisory for BIND

            The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

          • CISA warns of remote code execution vulnerability with Discourse
          • 2021 CWE Most Important Hardware Weaknesses

            The 2021 Hardware List is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in hardware. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

          • Security updates for Thursday

            Security updates have been issued by openSUSE (salt), Slackware (bind), SUSE (salt), and Ubuntu (php5, php7.0, php7.2, php7.4, php8.0).

          • Enhance the security of your open-source applications and share feedback

            Are you spending time on high-impact, high-value activities, or are you constantly derailed by maintenance, support, and deployment challenges?

            Does your organisation consume open-source software that needs security patching? Where do you get the security updates from, and how do you track what’s available?

            Are you responsible for vulnerability management, compliance, and long term maintenance of the software running on top of Ubuntu in your organisation? Do you have reliable processes, tools, and metrics to ensure that you have the visibility needed to run all of your stack securely?

          • Cisco Releases Security Updates for Multiple Products

            Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisory

          • Privacy/Surveillance

            • Explained: RBI's Account Aggregator Framework

              The Reserve Bank of India’s Account Aggregator framework went live on 2nd September this year. The government has claimed that the framework will have a transformative impact on the financial ecosystem, and the financial sector is abuzz with hype about the revolutionary potential of Account Aggregators. However, are things really going to be that hunky dory? In this explainer, we take a look at what this framework really is and highlight certain issues that may arise.

            • Kenya’s data protection is not yet the shining example it could be - Access Now

              Recently, Kenya’s High Court suspended the rollout of the government’s digital ID system, Huduma Namba, citing its disregard for data protection frameworks — a win for privacy, but a warning signal that the country must do more to understand, and protect, human rights.

              Kenya’s two-year-old Data Protection Act was touted as a regional standard, often compared to the EU General Data Protection Regulation. Yet, in a similar style to its European counterpart, implementation is proving to be less effective and robust than planned in the initial stages.

              These legislations are central to the protection of human rights in the digital age, and decision-makers must dedicate resources to make them a success. To help pave the way for an improved, and truly rights-centric approach to data protection in Kenya, Access Now is publishing Data protection in Kenya: how is this right protected?

    • AstroTurf/Lobbying/Politics

      • The Secretive Group Steering the Dems - The American Prospect

        How did Democrats in the House of Representatives decide that the top House recipient of corporate PAC money should run the tax code-writing committee, or that the top recipient of defense industry cash in their caucus should be in charge of Armed Services?

        There’s no way to know, because House Democrats have not made public the rules that govern its powerful Steering and Policy Committee, which nominates committee chairmen and the Democratic members of all committees besides Rules and Administration, which get chosen by the speaker. In fact, the Democratic Steering and Policy Committee has not even released its list of members.

        The House Democrats’ 117th caucus rules, which were posted online this session after a lengthy campaign from government transparency activists, explains that the Steering and Policy Committee “shall adopt its own rules, which shall be in writing,” and that it “shall keep a journal of its proceedings.” Without the caucus releasing those records or someone with access making them available, these documents are inaccessible to the public because the legislative branch is exempt from federal public records law.

    • Censorship/Free Speech

      • Roku Losing YouTube Apps After Dispute with Google

        There’s been much said over the past few years about the dominance of the big tech companies. This kicks the interest level up a notch when there is in-fighting between the companies. Google and Roku are currently in a dispute culminating in the search giant packing up its toys and going home. Google is pulling its YouTube apps away from Roku, a smaller player in the tech game, but a player nonetheless.



Recent Techrights' Posts

Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
 
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024
Gemini Links 21/11/2024: Alphabetising 400 Books and Giving the Internet up
Links for the day
Links 21/11/2024: TikTok Fighting Bans, Bluesky Failing Users
Links for the day
Links 21/11/2024: SpaceX Repeatedly Failing (Taxpayers Fund Failure), Russian Disinformation Spreading
Links for the day
Richard Stallman Earned Two More Honorary Doctorates Last Month
Two more doctorate degrees
KillerStartups.com is an LLM Spam Site That Sometimes Covers 'Linux' (Spams the Term)
It only serves to distract from real articles
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 20, 2024
IRC logs for Wednesday, November 20, 2024