Mind you, long before Google integrated Linux into Chromebooks, you could run desktop Linux distros on Chromebooks. With the open-source Crouton program and its chroot container, you could run Debian, Ubuntu, and Kali Linux. Or, you could run Gallium OS, a third-party, Xubuntu Chromebook-specific Linux distribution.
Or, you could do what I've been doing for the last three years, just running Debian Linux using Google's Crostini. This KVM virtual machine (VM) system with its LXD Linux containers may have been a beta but I never -- I repeat -- never had any trouble running Linux with it on all the many Intel-based Chromebooks I've used in the last few years.
But, now that Linux is officially supported, you can run multiple Linux instances at once on your Chromebook. This will be a big deal. Do you want to compile your code in one container while playing Tux Racer in another? You can do that.
Well, sort of. In practice, even on my maxed Pixelbook Go with its i7 processor and 16GBs of RAM, both containers stutter a bit. You see this feature is still a beta with a capital B.
To make it work, you need to enable the new 'crotini-multi-container' flag. There's also a new Chrome OS Settings section, "Manage extra containers". This both tells you what your current containers are, lets you create a new one, and enables you to stop or delete your existing containers. In my early testing, I've been stopping a lot of misbehaving containers.
In short, this new feature is far from ready for ordinary use. But, if you like playing on the bleeding edge of technology, it's well worth a try. Eventually, when this new functionality is perfected, this will make high-end Chromebooks as useful for Linux power users as a top-of-the-line Linux laptop like a Dell XPS 13 Linux Developer Edition.
Recently, I've to the realization that I don't love technology. I actually hate it! Technology causes far more frustration in life rather than actually easing the burden of life. Am I the only one that feels this way?
We are all impressed by an obscure open source OS. Plus your feedback about duplicated effort by app devs, ignoring the modern web, Flathub confusion, a positive way to view of the FOSS future, and more.
Hello and welcome to the 438th episode of Linux in the Ham Shack.
It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.
Shared storage enables you to set up a single storage repository, and provide access to that repository from multiple servers. If you eventually set up a Proxmox cluster, then shared storage gives you even more flexibility.
In this video, we are looking at how to install OSU! Lazer on Elementary OS 6.0.
New Raspberry Pi hardware has a few surprises, the most impressive things in Linux 5.15, and our reaction to classic functionality under consideration for removal from Fedora.
I don't have Javascript blockers but LibreJS is absolutely at the bottom of the tier list for but I did a video about Jshelter recently so I figured I should talk about this one before we talk about NoScript which is actually really good.
In this nineteenth episode, WordPress’s Executive director, Josepha Haden Chomphosy, discusses and expresses gratitude for the inspiration behind the People of WordPress series, HeroPress.
Linus Torvalds, the principal developer of the mainline Linux branch, released version 5.15 of the open source kernel over the Halloween weekend, and it has just been tagged as the next Long Term Support (LTS) release.
The kernel designates one release every year as an LTS release, which the developers and the community commit to maintain for at least two years.
By this logic, Linux 5.15 will not reach end-of-life before October 2023. However, of late, the kernel has adopted a policy of supporting LTS releases for as long as its commercial users are willing to put up the required resources to maintain it.
Linux 5.15 was released yesterday as the new Long Term Support (LTS) kernel release. Here’s what’s new and how to install in Ubuntu.
Linus Torvalds announced the release of Kernel 5.15 on Sunday...
As we approach the end of the calendar year there was some uncertainty whether Linux 5.15 would be this year's Long-Term Support (LTS) kernel or if it would be Linux 5.16 albeit not likely releasing until the start of 2022...
Well, Greg Kroah-Hartman has decided on Linux 5.15 being the LTS kernel for 2021. The Kernel.org release page has been updated to reflect the newly-released Linux 5.15 kernel being an LTS branch.
At the moment the LTS period projects Linux 5.15 LTS to be end-of-life in October 2023. However, as is usually the case, this can be extended by years given enough industry support. If enough users/developers and organizations step up for committing to testing the new point releases and actually using the LTS kernel in production, the LTS period can be extended by several years.
The neofetch command in Linux will output system information, distribution information, and an ASCII logo of the distro in terminal. The command is often seen in screenshots from users that wish to show off their system specs or the Linux distribution they’re using.
In this guide, you’ll see how to install Neofetch on Linux, and use the neofetch command to see system information and get that cool screenshot you’re hoping to post somewhere.
During the night from Sunday to Monday, Linus Torvalds released version 5.15 of the Linux kernel. The new version is not just a maintenance release, but brings with it new features. The release offers a huge plus in the form of a new NTFS driver, especially for cross-platform data exchange with other systems. Other important innovations: Samba in the kernel and optimizations in the area of ââ¬â¹Ã¢â¬â¹the file systems. In the following, we take a brief look at the highlights mentioned in Linux 5.15.
Linux 5.16 is adjusting its default Spectre mitigation behavior around Spectre V2 for user-space tasks as well as Speculative Store Bypass Disable (SSBD) for Spectre V4 mitigation.
Rather than the existing default behavior of applying the mitigations by default to all SECCOMP threads and those opting into those mitigations per-thread via the Linux kernel's prctl() interface, with Linux 5.16 the default is being pulled back to just the prctl() opt-in behavior. This change has been talked about over the past year and previously covered within Linux Preparing To Slightly Loosen Its Spectre Defaults.
Check out these surprising interesting facts about Linux and its comprehensive use today. If there is anything to add, feel free to share it in the comments.
Today, the Linux operating system powers supercomputers, bullet trains, Hollywood films, submarines, International Space Station, the New York Stock Exchange, and so on. However, the birth and journey of Linux have many thought-provoking and amazing facts.
The big set of block changes for Linux 5.16 were merged today with the opening of the new kernel cycle. While the massive I/O optimizations tackled recently has been a main focus, there is also much more to the block subsystem coming with Linux 5.16.
Fwupd 1.7.1 is packed with several new features, including the ability to allow you to specify the fwupdmgr device-test foo --json command for unattended testing, support for inhibiting the ModemManager device in mbim-qdu, support for loading remotes from /var/lib/fwupd/remotes.d, as well as the ability to use a file name when using set-approved-firmware.
There are plenty of download managers available for Linux. If you want to download something and have the ability to manage them, you can choose any of the download managers available.
However, if you want a good-looking download manager that offers a modern user experience without compromising on the feature set, I’ve something that you might like.
Motrix is a no-nonsense download manager that provides a clean look out of the box. It is free and open-source software.
FWUPD 1.7.1 is out today as the newest release of this leading open-source solution for allowing firmware updates from UEFI motherboards to various peripherals under Linux and other platforms.
FWUPD 1.7.1 is just a point release but has improvements for unattended automated testing, support for loading remotes from /var/lib/fwupd/remotes.d, and other core improvements. There is also a variety of bug fixes in FWUPD 1.7.1 affecting different plug-ins.
Legendary is a free, open-source journaling web system for writers who want to formulate their ideas into a book.
It features a Markdown editor, books and chapters manager, photo and file uploader, and more.
The system works seamlessly offline, as you can download it and run it on a local server on your machine.
MPV 0.34 is now available as the newest version of this popular Linux video player that is powered by FFmpeg and forked originally from MPlayer/mplayer2 code.
mpv is a free (as in freedom) media player for the command line. It supports a wide variety of media file formats, audio and video codecs, and subtitle types. Updated to version 0.34.0.
ProcessWire is a free and open-source content management system (CMS). It’s a PHP-based platform that can be used as a standalone or as a module for other platforms like Drupal and WordPress.
ProcessWire provides you with different features to build websites, apps, and APIs that are secure, fast, flexible, and easy to use. It’s a nimble system that can be used for any type of website, including blogs, businesses, news sites, and even e-commerce apps.
Processwire is also faster than other CMS platforms. It’s built with Bootstrap and uses modern technologies like HTML5, AngularJS and CSS3 to make your app experience smoother and faster.
sysPass is a web-based password management application written in PHP. It is secure, reliable, and runs in a multiuser environment for business and personal use. It saves passwords using bidirectional encryption with a master password to a database. It provides an intuitive web UI that helps you to set options like LDAP auth, mail, auditing, backup, import/export, etc.
The mechanism of taking backup in Elasticsearch is called Snapshot. A snapshot is a backup taken from an Elasticsearch cluster that is in a running state. There is no need to take down the cluster which helps avoid maintenance windows of the applications. A snapshot of an individual index or of the entire cluster can be taken and stored in a repository on a shared file system.
Snapshots in Elasticsearch are taken incrementally. This means that when it creates a snapshot of an index, Elasticsearch avoids copying any data that is already stored as part of an earlier snapshot of the same index. Therefore it can be efficient to take snapshots of the cluster on a regular basis.
In the same way we can take a backup of the cluster in running state, we can also restore a snapshot into a running cluster. When we restore an index, we can even alter the name of the restored index as well as some of its settings.
One of the reasons why some users avoid installing Flatpak apps is that most Flatpak apps don’t change their appearance as per the current system theme. This makes the applications look out of the place in your otherwise beautiful set up.
Ruby Version Manager is a command-line tool for installing & managing multiple Ruby interpreters and versions as well as gem sets simultaneously on the same computer. Installing RVM on Debian 11 bullseye or 10 buster will also help the users to get the latest version of Ruby instead of sticking to the one supplied through the Debian default repository.
Therefore, this Ruby Version Manager offers flexibility to developers working on various projects with different requirements.
Today we are looking at how to install Friday Night Funkin on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.
Bacula is a set of computer programs that permits the system administrator to manage backup, recovery, and verification of computer data across a network of computers of different kinds.
It is an open source network backup solution that allows you create backups and perform data recovery of your computer systems. It is very flexible and robust, which makes it, while slightly cumbersome to configure, suitable for backups in many situations. A backup system is an important component in most server infrastructures, as recovering from data loss is often a critical part of disaster recovery plans.
Bacula can also run entirely upon a single computer and can backup to various types of media, including tape and disk.
Hi guys ! today we will install bracula on centos 8.
In this tutorial, we will show you how to install Telegram on Debian 11. For those of you who didn’t know, Telegram is a free, open-source messaging app with a focus on privacy, security, and speed. It comes with lots of features and better security options than WhatsApp. Hence if you already have the Telegram app on your smartphone and want to access your chats and media files directly on Desktop, then we can install the Telegram Desktop application on Linux, Windows, and macOS easily.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Telegram desktop on a Debian 11 (Bullseye).
Hi guys ! In this write up, we will see how to automate the mysql backup using the cronjob.
In a previous article we talked about Ansible, a very useful provisioning free and open source software written in Python, which we can use to automate tasks on multiple machines. We saw how to install it on some of the most used Linux distributions and the basic concepts behind its usage. In this article we focus on how to use loops inside Ansible playbooks in order to perform a single task multiple times with different data.
In this article mirrored filesystem will be configured, using storage local to each of the 3 nodes and shared with Flexible Storage Sharing (FSS). This filesystem will ensure that data will be available to all nodes in the cluster should a failover event occur.
with use the space of a physical disk to build VxVM volumes, you must place the disk under Volume Manager control. Before a disk can be placed under Volume Manager control, the disk media must be formatted outside of VxVM using standard operating system formatting methods. SCSI disks are usually preformatted. After a disk is formatted, the disk can be initialized for use by Volume Manager. Disks must be detected by the operating system, before VxVM can detect the disks
Linux kernel 5.15 was released on Halloween, October 31st, 2021, and it brings some interesting new features, such as a new NTFS file system implementation that doesn’t require you to rely on third-party software like NTFS-3G to fully manage your NTFS formatted external disk drives.
It also brings some new features for users of the Btrfs and XFS file systems, support for Nintendo Wii consoles, support for per-VLAN multicast, an in-kernel SMB server, a new r8188eu Realtek wireless LAN driver to replace the old rtl8188eu driver, and many other goodies.
Linux kernel 5.15 is out with many new features, support, and security. The Linux 5.15 kernel release further improves the support for AMD CPUs and GPUs, Intel’s 12th Gen CPUs, and brings new features like NTFS3, KSMBD (CIFS/SMB3), and further Apple M1 support, amongst many other changes and additions.
In the following tutorial, you will learn how to install the latest 5.15 Linux Kernel on Rocky Linux 8.
In this tutorial we are going to learn how to upgrade Linux Kernel 5.13 to 5.15 on Ubuntu 21.10.
Linux 5.15 mainline was released recently by Linux Torvalds with better new features to try out. Mainline tree is maintained by Linus Torvalds and It is where all new features are added and releases always comes from.
SSH is a network protocol for securely logging into a remote machine and executing commands. It is designed and created to provide the best security when accessing another computer remotely. Whenever data is sent by a computer to the network, ssh will automatically encrypt it.
To use SSH, the destination machine should have an SSH server application installed because SSH is a client-server model. An SSH server, by default, listens on the standard TCP port 22. SSH client is by default available on all Linux distributions.
These terms are enough to confuse a docker beginner because many of these docker-compose commands seem to behave in a very similar fashion.
In fact, it can be especially difficult at first to right away tell the difference between docker-compose up and docker-compose start.
Isn’t starting a container via Docker Compose the same as running the up command? Not exactly.
A command timeout is a command line utility that executes a specified command and stops it if it is still running after a certain period of time. In other words, the command timeout lets you run the command with a timeout that you specify. The command timeoutis part of the core GNU utility package that is installed on almost all Linux distributions.
This command is useful when you want to run a command that doesn’t have a built-in timeout option, or stop a process after a certain amount of time running.
In this article, we will explain how to use commands timeout in Linux Terminal.
Portainer is a program that helps you manage your docker containers. If you want to delete , stop, or restart a docker container; you can easily do so with the portainer user interface (rather than going SSH and typing all kinds of commands). You can adjust containers settings, manage resource, and manage from within inside the container to gain perspective.
Just think of Portainer as the GUI version to manage your containers compared to using CMD Line; while having powerful functions such as replication or amending containers on the go!
Also Portainer enables centralized configuration, management and security of Kubernetes and Docker environments, allowing you to deliver ‘Containers-as-a-Service’ to your users quickly, easily and securely.
In this article, we will install Portainer with Docker in Ubuntu 20.04
Just a few days ago Mario Party Superstars was released for the Nintendo Switch. Of course, like with most new Switch games that come out these days, this game in particular has no problem running on either Ryujinx or Yuzu.
Today (or yesterday, depending on your time zone) though, marks an update to Ryujinx’s LDN build — the build that allows fellow Ryujinx-ers to play games together via the game’s local wireless menu, whether you’re on Linux or Windows. The last time we got an update for this was the 2.3 version back in May. The 2.4 release improves the emulator quite a bit — it’s based on the latest commit from the master branch, meaning it has incorporated the numerous bug fixes, graphical/performance improvements, and new features from the vanilla build over the last six months. The changelog also mentions faster shader compilation times, quicker boot times, “performance increases across the board,” and workarounds for AMD and NVIDIA on certain graphics drivers (these bugs has been reported by others, but I personally haven’t come across any issues specific to NVIDIA so far). Unfortunately Vulkan hasn’t been baked into this release, but I would imagine that’s around the corner and going to be in the next version.
Hi, I'm Yuri (Chaosus), and I made a number of changes this past 18 months to upgrade the shader language in Godot 4.0 to a better level.
There are changes to the editor usability, to the shader language itself, and to visual shaders.
As we approach launch for the Steam Deck in December, Valve has begun ramping up their info for developers with the announcement of a Steamworks Virtual Conference.
Even before the creation of these graphing calculators, the z80 processor behind them was first produced over four decades ago and was ubiquitous in the computer scene at the time, which also lends to its hackability. There’s plenty to catch up on here, too, from custom TI games that trick the two-tone display into grayscale to Game Boy emulators that can play Zelda since the TI and Game Boy share the same processors. There are also several methods of running native code or otherwise “jailbreaking” these devices to run arbitrary code.
Gaming on Linux is now a term that we can no more address a very complex task. Moreover, we can say that many developers and Linux enthusiasts are building up more suitable games for Linux and setting up arrangements to play the most popular PC games on Linux systems. To spread the Linux gaming news and guide the gamers with proper instructions, gaming websites for Linux are playing a vital role in the Linux gaming sector. On the web, there are a few Linux gaming websites that are built by actual Linux gaming enthusiasts.
The Spectre Update is live now for Warzone 2100, the real-time strategy game originally developed by Pumpkin Studios and published by Eidos Interactive that's nowadays free and open source.
Absolutely great strategy game, I can't tell you of my joy being able to play this easily on modern systems after originally discovering it on the first PlayStation such a long time ago. The open source community that's built up around it just keeps on bringing out fantastic enhancements that keep the essence of the game but just make it nicer overall.
Published by tinyBuild and developed by Lazy Bear Games, Better Save Soul is the third story DLC for the medieval graveyard building and management game.
With an extra 6-12 hours of story-driven gameplay, Better Save Soul introduces you to Euric, a new and slightly sketchy friend with an assortment of gravely important missions to complete, this time centred around the sinful souls of the deceased and how you might improve them before putting them six feet under.
Another big free upgrade for the extreme sports biking game Descenders is live with Grand Tour, attending plenty of new goodies for all players.
With this new update there's three whole new bike parks with Llangynog Freeride, Rival Falls, and Island Cakewalk. A new mission system to expand the challenges, each giving a unique objective for you. New rewards were added too with a bunch of new items to unlock. You also get new custom lobby options, so you can really set things up exactly how you want. Quite a big update then overall, nice to see they're still giving this quality game plenty of love two years after release.
The month of October 2021 brought some great application releases for users of the lightweight Xfce desktop environment, starting with the powerful Ristretto image viewer, which has been updated to version 0.12.0, a release that introduces the ability to choose the default scale, support for entering full-screen mode by double clicking on the image, and the ability to keep the scale in memory for each loaded image.
antiX 21 Update Available to Download, antiX 21 is a lightweight, Debian-based distribution. The project’s latest release is based on Debian 11 “Bullseye” and features the SysV init software along with both recent and older kernels for wider hardware support.
A list of key packages is available in the project’s release announcement: ” Based on Debian 11 (Bullseye), but without systemd and libsystemd0. eudev instead of udev. Customised 4.9.0-279 kernel with fbcondecor splash. Customised 5.10.57 kernel (x64 full only). LibreOffice 7.0.4-4. Firefox-esr 78.14.0esr-1 on antiX-full. Seamonkey 2.53.9.1 on antiX-base. claws-mail 3.17.8-1. CUPS for printing. XMMS – for audio. Celluloid and mpv – for playing video. SMTube – play youtube videos without a using a browser. streamlight-antix – stream videos with very low RAM usage. qpdfview – pdf reader. arc-evopro2-theme-antix.” The distribution is available in four editions, ranging in size from largest to smallest: Full, Base, Core, and Net.
Many thanks to all of you for supporting our open-source projects. Your donations help keeping them alive.
Linux Mint is based on Ubuntu -- that is pretty common knowledge. But did you know there is a different version of the operating system that is instead based on Debian? It's true! Called "Linux Mint Debian Edition," or "LMDE" for short, it is far less popular than the "regular" Mint. Then why does it exist? Believe it or not, it exists (partly) to serve as a contingency plan in case Ubuntu ever stops being developed.
Today is November 1, and the Linux Mint developers have shared some monthly development news that is largely boring. One small tidbit of information is interesting, however; Linux Mint Debian Edition 4 (code-named "Debbie") will ditch the Mozilla Firefox ESR web browser. LMDE 4 will instead move users to the normal "rapid release" variant.
Speaking of Firefox ESR, Mozilla says that version of the web browser "receives major updates on average every 42 weeks with minor updates such as crash fixes, security fixes and policy updates as needed, but at least every four weeks. In addition to different update cycles, the ESR currently has access to additional policies that are not available on rapid release."
Following some of the discussions we had here on this blog and your feedback in the comments section, the upcoming versions of Xed and Xreader will feature an option to hide the menubar. When it is hidden the application uses less space and fits in smaller screen resolution. Pressing the Alt key makes the menubar visible momentarily.
Xed also gained the ability to switch between opened tabs using Ctrl-Tab and Ctrl-Shift-Tab.
The System Reports tool will check systems to ensure they’re merged (i.e. according to usrmerge specs) and warn users when this isn’t the case.
In LMDE 4, Firefox 78 ESR will be upgraded to version 94. LMDE will no longer follow the ESR version. It will use the same version of Firefox as Linux Mint.
Canonical has updated its lightweight distribution of Kubernetes, known as MicroK8s, to add support for version 1.22 of Kubernetes in addition to making available in beta a version that now runs on IBM Z mainframes.
In addition, Canonical has made it simpler to employ Kata containers based on a lightweight hypervisor on MicroK8s via a single command.
You don’t necessarily need to pay for fully functional conferencing software. Jitsi is a complete free-to-use open-source option that includes end-to-end encryption and integration with Google, Microsoft products and Slack. First appearing under the name SIP communicator in the early 2000s, it’s now run by communications specialist 8x8, which supports the ongoing development of Jitsi alongside its commercial hosted videoconferencing solution.
The biggest new feature of the Firefox 94 release is the enablement of the EGL (OpenGL) API for handling graphics context management on X11 for Intel/AMD users using recent Mesa graphics stacks.
This feature replaces the old GLX implementation and promises to offer a performance boost on Intel/AMD hybrid machines. After upgrading to Firefox 94, Intel/AMD users should notice faster WebGL rendering, more effective rendering, and possibly VA-API video decoding in the near future.
In September I finally landed work to ship Glean through GeckoView. Contrary to what that post said Fenix did not actually use Glean coming from GeckoView immediately due to another bug that took us another few days to land. Shortly after that was shipped in a Fenix Nightly release we received a crash report (bug 1733757) pointing to code that we haven’t touched in a long time. And yet the change of switching from a standalone Glean library to shipping Glean in GeckoView uncovered a crashing bug, that quickly rose to be the top crasher for Fenix for more than a week.
When I picked up that bug after the weekend I was still thinking that this would be just a bug, which we can identify & fix and then get into the next Fenix release. But in data land nothing is ever just a bug.
The Free Software Foundation has opened nominations for the Free Software Awards. Nominations are open until November 30.
Welcome to the November 2021 edition of the monthly Fortran newsletter. The newsletter comes out at the beginning of every month and details Fortran news from the previous month.
Today is a big milestone for PHPStan after 6 years of development. I realized it reached a level of maturity worthy the major version that’s 1.0. Going multiple years [1] without the need for a BC break while delivering improvements in almost streaming fashion with a release every 7 days on average qualifies as being stable enough to deserve it.
PHPStan 1.0 was released today as the first stable release for this leading open-source PHP static analysis tool.
After being in development more than a half-decade, PHPStan developers felt finally comfortable declaring a 1.0 stable release. Besides feeling confident to mark it v1.0, PHPStan 1.0 does deliver on a new level 9 mode, precise try-catch-finally analysis, generic array function stubs, detecting unused private properties / methods / constants, and much more.
In this guide we are are going to check a simple implementation Revel Framework REST API. In this tutorial we create will be a simple posts CRUD app that will connect to the Postgres Database. Feel free to checkout the repo where the full code is hosted here.
This week the Raku Community on Reddit makes it to main article on the Rakudo Weekly News. In the roughly two years since the rename, the number of subscribers made it to a 1000! Which does not really reach the number of subscribers on the previous reddit just yet, but on the other hand that had been in use for almost 9 years! And to all new Rakoons: welcome to the Raku Programming Language.
The Rust team has published a new point release of Rust, 1.56.1. Rust is a programming language that is empowering everyone to build reliable and efficient software.
United States college enrollment is on track to drop by half a million students, according to data released last week by the National Student Clearinghouse Research Center. This rate is on track with 2020’s, when there was a drop of 400,000 students nationally, largely attributed to the coronavirus; if we continue apace, we’ll witness the largest drop-off in U.S. college enrollment in 50 years.
But it’s not just because of COVID: This follows a multiyear trend of declining enrollment, due in part to — you guessed it — the cost of college. The numbers are showing that Gen Z is asking a legitimate question: What is the price of a college education really worth in the U.S.?
Security updates have been issued by Arch Linux (bind, chromium, freerdp, opera, webkit2gtk, and wpewebkit), Debian (cron, cups, elfutils, ffmpeg, libmspack, libsdl1.2, libsdl2, opencv, and tiff), Fedora (java-latest-openjdk, stb, and thunderbird), Mageia (cairo, cloud-init, docker, ffmpeg, libcaca, php, squid, and webkit2), openSUSE (busybox, chromium, civetweb, containerd, docker, runc, dnsmasq, fetchmail, flatpak, go1.16, krb5, ncurses, python, python-Pygments, squid, strongswan, transfig, virtualbox, wireguard-tools, and xstream), Red Hat (binutils, devtoolset-10-gcc, and flatpak), SUSE (libvirt, opensc, and transfig), and Ubuntu (webkit2gtk).
Laravel is an open-source development platform that contains a PHP framework, which is one of the most used scripting languages of the 21st century. In spite of its numerous advantages, most Laravel development Agencies are still looking for ways to make the platform and applications made from it more secure.
Laravel has a good name for assurance to protect the website and applications. However, if any potential loophole is detected, a capable team within Laravel is always ready to take care of it promptly. Furthermore, there are multiple ways to improve the security of Laravel as no framework can ever claim to have guaranteed security.
With the growing popularity and prominence of Laravel, it is crucial to understand the ways to secure the website and applications. Therefore, in this article, we will talk about the Top effective Laravel-based security practices that as a developer you should know to ensure full security!
Josh and Kurt talk about Josh’s electric car and new job. We then talk about the recent UAParser.js malware incident. There have been a lot of calls to do more to secure open source, but nobody seems to have any concrete proposals or suggestions to fund any of these activities.
Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about.
Today we are releasing Trojan Source: Invisible Vulnerabilities, a paper describing cool new tricks for crafting targeted vulnerabilities that are invisible to human code reviewers.
Until now, an adversary wanting to smuggle a vulnerability into software could try inserting an unobtrusive bug in an obscure piece of code. Critical open-source projects such as operating systems depend on human review of all new code to detect malicious contributions by volunteers. So how might wicked code evade human eyes?
We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic. We’ve verified that this attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python, and suspect that it will work against most other modern languages.
This potentially devastating attack is tracked as CVE-2021-42574, while a related attack that uses homoglyphs – visually similar characters – is tracked as CVE-2021-42694. This work has been under embargo for a 99-day period, giving time for a major coordinated disclosure effort in which many compilers, interpreters, code editors, and repositories have implemented defenses.
Microsoft says Windows customers are experiencing issues with network printing after installing the Windows 11 KB5006674 and Windows 10 KB5006670 updates issued with this month's Patch Tuesday, on October 12.
Users attempting to connect to printers shared on Windows print servers might encounter multiple errors preventing them from printing over the network.
The latest branded and trademarked vulnerability type is called "Trojan Source". By playing tricks with Unicode bidirectional support, an attacker can create malicious code that appears to be benign to reviewers.
Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique. We are constantly investing in the security of the Linux Kernel because much of the internet, and Google—from the devices in our pockets, to the services running on Kubernetes in the cloud—depend on the security of it. We research its vulnerabilities and attacks, as well as study and develop its defenses.
Google announced today that now through at least the end of January they will be providing higher payment amounts for security researchers disclosing new vulnerabilities affecting the Linux kernel.
For the next three months Google will pay out $31,337 USD for vulnerabilities that can exploit privilege escalation. Or if demonstrating a previously unpatched vulnerability or a new exploit technique, they will pay out $50,337 USD.
it all could have been so well
an ARM based router, with HDMI (!) with SATA (!) with enough power, but adding a second interface (every router needs at least LAN (can be layer 2 switch) and WAN (should be physically separate NIC) with an USB-ETHERNET adapter is a low quality (unreliable) option, that one is pretty much against.
These are a few of the best- and worst-case scenarios for augmented reality, a technology that some of the world’s biggest tech companies are spending billions to promote as the future of computing. Over the last decade, AR hardware designers have laid the groundwork for a new generation of mass-market products, even as technical hangups still limit its viability. Over the next one, AR threatens to supercharge existing crises of privacy, trust, and consent. But it’s also a chance to deliberately reset how we approach computing.
Instead of accountability for the mayor and police brass, the historic judicial inquiry into the 2014 killing instead focuses on low-level cops.
Input costs have been rising globally, across industries, fueled by a confluence of events: extreme weather that’s destroying global crops, a labor shortage that’s crippling the transport sector, shipping logjams at many of the world’s biggest ports and a worsening energy crisis in Europe and Asia. But the run-up in commodity costs couldn’t have come at a worse time for the global beer sector, which is just starting to recover from the coronavirus pandemic that shuttered bars, restaurants and sporting venues around the globe.
The UK's 44% reduction refers to 'territorial emissions'.
These measure what happens within a country's borders - including things such as heating and powering homes, transport, domestic industry and agriculture.
But they exclude emissions from international aviation, shipping and imports.
The UK is not unique in producing its figures like this, though.
Each year, countries that are signed up to an international agreement called the Kyoto Protocol submit their overall emissions figures to the UN. That reporting is all done on a territorial basis - so they all exclude international aviation, shipping and imports.
Human activity and climate change-fueled disasters have turned 10 of the planet's internationally recognized forests, also known as World Heritage sites, from carbon absorbers into carbon emitters, researchers have found.
The report from UNESCO found these sites can absorb approximately 190 million tons of carbon dioxide from the atmosphere each year -- roughly half the amount of the United Kingdom's annual fossil fuel emissions. But in the past 20 years, many of these sites showed an increase in emissions, some even exceeded how much carbon they were removing from the atmosphere.
Now the banking industry is racing to catch up. Banks want to compete in this new world and profit from it. Their approach is two-pronged: experimenting with cryptocurrency offerings and lobbying regulators to create rules that work in the banks’ favor. Some are offering cryptocurrency investments to their wealthy clients. Others are weighing trading desks for Bitcoin. JPMorgan even started its own digital currency in 2019.
And instead of warning regulators away from cryptocurrencies, banking industry representatives now complain that regulators have not acted quickly enough and that their inaction is costing banks valuable time in their mission to compete.
Many divers believe the kelp will eventually return. Some scientists are hopeful too, though others see the divers’ efforts as a game of whack-a mole against climate change. But even though their attempts to contain the crisis may prove futile, for the divers, taking any kind of action is comforting in itself.
The Debt Collective, which has focused on other forms of debt, is turning its attention to the crushing financial burden on formerly incarcerated people.
France is in an extremely serious situation today. There are more than 700 "no-go zones" (Zones Urbaines Sensibles) ruled by ethnic gangs and radical imams. The police can only intervene in these zones through commando operations. A new kind of disturbance, defined by sociologists as "gratuitous violence" -- violence practiced for the pleasure of injuring and killing -- has been spreading. Hundreds of assaults take place every day; police reports show that the majority of them are committed by "suburban youths"....
The location is also contentious — close to Pha That Luang, the gold-plated Buddhist stupa in the heart of the city.
"It would be unacceptable that a large statue was built in the That Muang Marsh SEZ to attract tourism not far from Pha That Luang stupa, a symbol of Lao sovereignty," said Adisorn Semyaem of Thailand’s Chulalongkorn University, suggesting the anxiety may be as much political as religious.
This landmark project, built with Chinese loans, has seen Laos sink further into a sea of debt. Reports early this year revealed that Laos' $20 billion economy carries an estimated $12.6 billion in foreign debt. Of that, China accounts for nearly half of the loans, or some $5.9 billion.
China is funding an infrastructure building spree in Laos, ranging from large hydropower projects and special economic zones to the country's first bullet train.
Over the years, I’ve written a lot about€ Mike Adams€ and his medical misinformation website€ Natural News. Regular readers know that Mike Adams€ has long been one of the most prolific promoters€ of medical pseudoscience, misinformation, and conspiracy theories dating back nearly two decades. Over the last couple of weeks, Adams, who only occasionally makes the news, has found himself in the spotlight as a result of a story published last month at€ Ars Technica€ by Ax Sharma entitled€ “Hacker X”—the American who built a pro-Trump fake news empire—unmasks himself. Basically, it’s the story of “Hacker X,” whose real name is Robert Willis, coming forward to describe how he had become the mastermind of one of the biggest fake news systems in the world but had decided to “come clean” and describe how he had used his skills to promote all manner of conspiracy theories and build a pro-Trump network of websites and social media.
So to recap: The situation went from schools trying to protect the health of their students and faculty by requiring masks, to parents threatening the lives of school officials over these mandates, to it getting so bad that the National School Boards Association described the threats as “domestic terrorism” in a letter to Biden, to a fringe Republican like Brnovich equating “terrorism” to “Guantanamo Bay,” to Fox News inviting him on the air, to countless of Americans now believing the Biden administration is going to send parents to an island to be tortured because they said something at a school board meeting.
We tend to talk about moderation politics as something that happens between platforms and users (i.e., who gets banned and why), but the Trump debacle shows there’s another side. Like all companies, social platforms have to worry about the politics of the countries they operate in. If companies end up on the wrong side of those politics, they could face regulatory blowback or get ejected from the country entirely. But moderation is politically toxic: it never makes friends, only enemies, even as it profoundly influences the political conversation. Increasingly, platforms are arranging their moderation systems to minimize that political fallout above all else.
The problem is much bigger than just Twitter and Trump. In India, Facebook has spent the last seven years in an increasingly fraught relationship with Prime Minister Narendra Modi, cultivating close ties with the country’s leader while violence against India’s Muslim minority continued to escalate. In Myanmar, a February coup forced Facebook to welcome groups it had previously counted as terrorists and suppress groups that mounted military opposition to the new regime.
To make the situation even more troubling, the right is increasingly embracing the view that they should be allowed to use violence to silence political opponents. Many red states have basically legalized the use of cars as weapons for conservatives who wish to violently attack protesters, especially Black Lives Matter protesters. Laws allowing people to run over protesters — so long as they pretend, in the aftermath, to be afraid — have resulted, according to the Boston Globe, in "scores of people hit, dozens of injuries, at least three deaths, but precious little justice, much less sympathy, for the demonstrators injured, killed, or just plain terrified."
Facebook, Instagram, and Twitter suspended hundreds of influential pro-Sandinista journalists and activists days before Nicaragua’s November 7 elections, falsely claiming they were government trolls. The Grayzone interviewed them to reveal the truth.
Shaikat Mandal confessed before a magistrate that it was his Facebook post that led to the violence in Rangpur, during Durga Puja festivities in the country.
Accountability and openess are important attributes of cyberspace, he said, adding that in India, the biggest stakeholders of [Internet] are millions of Indians who are using it.
The cyberspace "cannot be, should not and will not be" a space where laws do not reach, he asserted.
On the requirement for messaging platforms to trace the originator of messages where needed and privacy-related concerns that followed, the minister explained that government's view on first originator is that when a criminality occurs online, the source of criminality needs to be traced, backed by a legal valid order.
A Cambodian court sentenced an autistic teenager to eight months in prison on Monday, with part of the term suspended, for sending Telegram messages that were deemed insulting to the government, his mother said.
The son of an opposition figure, 16-year-old Kak Sovann Chhay was arrested in late June after posting messages on a private Telegram group, and has been detained for more than four months.
Speaking on Hill TV’s “Rising,” Higgins said there are “some things” that should be considered as the U.S. seeks Assange’s extradition, but it’s “hard to say” if the report would have an impact.
The message of this short list was clear: Silicon Valley doesn’t really need East Coast media anymore.
It has been more than half a decade since coverage of the tech industry, once known for its boosterism, turned adversarial, with Facebook often at the center of the story. As the battle between tech companies and the news media continues, Mr. Zuckerberg appears to be acting on the view, increasingly common in his circle, that journalists are just another hostile interest.
As the opposing sides were digging into their trenches, I thought it would be interesting to talk with Jessica Lessin, a journalist and media executive who often finds herself in an awkward spot somewhere between the battle lines, and who also has an unusually charitable view into both camps. She is the founder and editor of The Information, which started in 2013 as the Silicon Valley’s savvy and nimble answer to The Wall Street Journal, where she had been a star reporter.
Prosecutors in Acapulco said Friday that Cardoso, who worked for a news portal, had been found sitting on a city street with gunshot wounds and was taken to a hospital. According to the National Union of Press Editors and information from the family relayed by CPJ, Cardoso had been taken from his home earlier Friday by armed men.
A ballot measure is asking voters if the city should amend its charter to replace the police department with the Department of Public Safety, which would take a "comprehensive public health approach."
The new department could include police officers, but there wouldn't be a required minimum number to employ. The MPD had 588 officers as of mid-October and was authorized for up to 888, according to The Associated Press.
All the government must do to win is link assets to wrongdoing, essentially putting inanimate objects on trial rather than humans. The law enforcement maneuver forces property owners into civil court, rather than criminal court, where they have no right to counsel and fewer protections against weak allegations.
As digital services continue to be a legislative target, some bills being considered in Congress stand to cause permanent harm to widely used services. Two weeks ago, Senators Klobuchar, Grassley, and other cosponsors introduced S. 2992, the “American Innovation and Choice Online Act” (AICOA). This bill is the companion to Rep. Cicilline’s similarly named House bill, H.R. 3816, the “American Choice and Innovation Online Act,” (ACIOA), introduced earlier this summer.
While the Senate version contains minor variations, both bills would have similar deleterious effects on the U.S. economy and consumers in general. Both target leading tech companies with onerous regulations, and would have serious consequences for consumers. One consequence would be the dissolution of Amazon Prime as it is currently known. This post examines why that would be the case.
AICOA and ACIOA would target three key activities that enable Amazon Prime to be such an attractive and useful service for consumers: (1) self preferencing; (2) conditioning preferential status on the purchase of another service; and (3) curating recommendations for Amazon customers. According to the Senate proposal, each violation would result in a fine up to 15% of total revenue during the pendency of the violation (more than double Amazon’s net profit margin) and companies would be precluded from raising traditional pro-competitive or pro-consumer affirmative defenses. What this means in the case of Prime is that despite a wealth of evidence that consumers get great value out of free two-day shipping bundled with other services, none of that evidence is relevant to whether regulators impose penalties.
On Friday, German-based pharmaceutical company Bayer said the European Patent Office (EPO) announced the extension of the company’s patent expiration of the best-selling stroke prevention pill Xarelto (rivaroxaban), according to Reuters.
The EPO, which is a legislative body of the European Union, extended the patent’s expiry date by almost two years.
Suits against GM, Toyota and Honda are not the NPE’s first run-in with automakers, but this campaign looks different because of the technologies involved
Stefanie Parchmann of Maiwald considers the long-awaited referral to the Enlarged Board of Appeal regarding plausibility
The EPO allows applicants to seek patent protection in up to 44 countries via a single, centralised patent application process. As part of this streamlined offering the EPO also operates a centralised procedure by which third parties can seek invalidation of patents granted by the EPO. This process is referred to as ‘opposition’. The ability to attack a granted patent centrally with a view to limiting or revoking it in all designated countries simultaneously is extremely efficient. It is therefore no surprise that the opposition system is well used by businesses wanting to manage risk against third-party patents.
Any person wishing to object to a patent granted by the EPO has a nine-month window, starting from the publication of the grant of the patent, in which to file an opposition. The costs associated with bringing an opposition are typically an order of magnitude lower than performing a patent challenge before a national court of a single country. As such, EPO oppositions are a very cost-effective method of invalidating patents in Europe.
In our previous article, we reported that the EPO’s Boards of Appeal were expected to request clarification from the Enlarged Board of Appeal on the important issue of whether post-filed data may continue to be used as evidence of an inventive step which is already ‘plausible’ from the application as originally filed.
In common with many patent offices around the world, some inventions that are implemented in software may be patented before the EPO.
In this chapter, we explore software patentability covering why only some software inventions are patentable before the EPO, the requirements for an invention to be patentable and how patent practice before the EPO with respect to software inventions may evolve in the future.
In this co-published article, Haseltine Lake Kempner’s Kimberley Bayliss takes a practical look at drafting the specifications of different types of machine learning inventions in view of the EPO’s patent eligibility requirements
As discussed in our earlier article, there are, broadly speaking, three types of machine learning (ML) inventions: applied-AI, core-AI and hardware inventions. In this article we look at drafting considerations for each in turn.
Last year the feds indicted three alleged members of the hacking group Team-Xecuter, which marketed and sold various Nintendo hacks. One of the defendants, Canadian Gary Bowser, initially denied the allegations but has since changed his mind. In a plea agreement, Bowser admits his role in the conspiracy. In addition, Bowser also agrees to pay Nintendo $4.5 million in restitution.
Tokyo-based manga publisher Shueisha has filed an application at a court in the US seeking help from Google and Hurricane Electric to identify alleged copyright infringers. Central to the case is Mangabank, a massive manga indexing platform servicing around 80 million visits per month.