Bonum Certa Men Certa

Links 17/11/2021: Proxmox VE 7.1, Qubes OS 4.1 RC2, Microsoft Stealing People’s Passwords



  • GNU/Linux

    • Tux’s Favorite Recipes: Enticing Snippets from the New ‘Linux Cookbook, 2nd Edition’
      In Why I Wrote the Linux Cookbook, 2nd Edition, I discussed how much Linux has changed in a short time, and how I updated the Linux Cookbook to include some of these changes. Now I will share some snippets from the new book, so you can get a taste of how fabulous it is, and inspire you to dash out and buy many copies.

    • Sick of Windows? Here's how easy it is to install Linux

      Linux isn't nearly as challenging as you've been led to believe. In fact, it's just as easy to use as any other operating system. But what about the installation? Wouldn't installing an operating system be a challenge that's way above the paygrade of the average user? Not necessarily. And now that you know how to test-drive Linux, it's time you learned how to install the open-source operating system.

      Like the previous entry in this series, I'm going to focus on elementary OS because it's one of the more user friendly distributions, and the installation is fairly indicative of the average Linux installation.

    • Desktop/Laptop

      • The 5 best Linux desktops for beginners in 2021

        Some people still insist that using Linux is hard. Sure, it was difficult -- when I started with the Linux desktop back in the 1990s. But that was a long time ago. Today, the easiest desktop of all, Chrome OS, is simply Linux with the Chrome web browser on top of it. The more full-featured Linux desktop distributions are as easy to use in 2021 as Windows or macOS.

        Yes, you can get a lot more from Linux if you know how to do shell programming and the like. But that's also true of Windows and PowerShell. With both operating systems, you don't need to know the deep ins and outs of either one to get your work done.

      • AWS adds Linux app streaming alongside Windows to 'greatly lower' cost

        Amazon Web Services has added support for streaming Linux applications and desktops to its AppStream service, which was previously Windows-only, claiming that it will "greatly lower the total streaming cost."

        AppStream 2.0 has been running since late 2016 and enables users to stream GUI applications or entire desktops to a local PC either via a web browser or using a Windows client. Although running applications remotely has some drawbacks – such as latency, dependency on a strong internet connection, and potential snags accessing local resources like printers and storage – it also has advantages.

      • Unsplash Wallpapers Is An Unsplash Desktop Open Source App

        You may have heard about Unspalsh; a very famous online service that provides high-quality images and wallpapers under a semi-open license.

        Unsplash is important for website creators, app designers and basically anyone who wants to get free wallpapers without having to deal with licensing issues (No attribution required, and even commercial usage of Unsplash images is allowed). It was a revolution in stock images when it first started.

        For the average user, though, nothing more is needed than setting these beautiful wallpapers as a background image for his/her operating system’s desktop. And for that, a desktop application is going to be needed.

    • Audiocasts/Shows

      • In Conversation with Matthias Ettrich, Founder of KDE

        On occasion of KDE's 25th anniversary, Matthias Ettrich, the founder of KDE, talked to Lydia Pintscher, Vice President of KDE e.V., about how KDE came to be, what has changed since and how he sees the future of Linux desktops., To learn more about KDE, the Free Software we create, the Community and the history of our project, visit our 25th Anniversary site.

      • mintcast 374 – Mounted Archery

        First up in the news, Linux Mint Monthly News, Firefox 94 released, Steam OS announcement, System76 Desktop announcement, Intel has been doing this for a long time and Nvidia released a fix

        In security, A Dutch newspaper gets hacked, Azure is vulnerable, and AMD and Intel have more security flaws

        Then in our Wanderings, Joe works on an xbox, Josh remodels a bathroom, Tony got a new phone and Norbert tells us about running arch

      • Three Tumbleweed Temptations | LINUX Unplugged 432

        Can we live with openSUSE Tumbleweed?

        We try three different builds and prepare ourselves for our journey into SUSE land. Our setups, what we liked, and what we still need to figure out.

    • Kernel Space

      • Sound Open Firmware For AMD Audio Hardware Arrives, Initially For Renoir ACP - Phoronix

        Back in 2018 Intel founded Sound Open Firmware as their effort to provide an open-source audio DSP firmware and software development kit. AMD has begun supporting Sound Open Firmware too now, initially for the Renoir audio co-processor (ACP).

        Sound Open Firmware as a Linux Foundation project has been maturing over the past three years and now supports a wide-range of Intel hardware with other audio hardware also becoming supported. Ultimately it's about having open-source audio DSP firmware and a SDK to better support modern audio processing. In the SOF documentation it's summed up rather broadly, "The Sound Open Firmware SDK is comprised of many ingredients that can be customized for use in the firmware/software development lifecycle. Customization allows for a “best fit” development approach where the SDK can be optimized for a particular process or environment. Some SDK ingredients are optional while there can be more than once choice for other ingredients."

      • Linux 5.17 To Support Temperature Monitoring For New AMD Zen Generation - Phoronix

        The Linux 5.17 kernel next year will support temperature monitoring for a "new generation" of AMD Zen processors.

        While AMD has often been late to the game in supporting CPU temperature reporting under Linux for Zen processors, it's nice to see them out in front ahead of their next launch. Even in cases where new IDs simply need to be added to the k10temp driver, unfortunately they have often not added them until post-launch or in some cases where those in the community (including cases like I when getting hands on review samples) have the hardware and find the support not working until making some trivial driver alterations.

      • Linux 5.14.19
        I'm announcing the release of the 5.14.19 kernel.
        
        

        All users of the 5.14 kernel series must upgrade.

        The updated 5.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

        thanks,

        greg k-h
      • Linux 5.4.160
      • Graphics Stack

        • NVIDIA Looks To Improve Power Management For Linux VFIO PCIe Devices - Phoronix

          NVIDIA is looking to enable run-time power management for the VFIO PCI Linux driver to allow for better power-savings.

          For PCIe devices assigned to the vfio_pci driver for passing through to a guest virtual machine, a NVIDIA engineer sent out a patch series allowing for run-time power management. The VFIO PCI driver code currently has very limited power management handling and with this series the hope is moving the PCIe device from D3hot to D3cold state when appropriate to save on power consumption.

    • Instructionals/Technical

      • Sending logs from syslog-ng store box to Splunk - Blog - syslog-ng Community - syslog-ng Community

        One of the most popular applications to feed Splunk with syslog messages is syslog-ng. However not everyone is happy to work on the command line anymore. This is where syslog-ng store box (SSB), an appliance built around syslog-ng, can help. The SSB GUI provides you not only with an easyto-use interface to configure most syslog-ng features, but also a search interface and complete log life cycle management. It can forward log messages to several destinations, recently also to Splunk’s HTTP Event Collector (HEC).

        From this blog you can learn about how SSB fits into your logging infrastructure and how to configure SSB for Splunk.

      • Clean empty job groups in openQA - openQA bites

        In this blog post I present you a small script, which can help you to remove empty job groups from your own openQA instance. This is helpful if you have a development instance with a lot of job groups, that you never use. This script can help you to tidy the list of dangling job groups.

      • How to check if an RHEL system is vulnerable to a CVE

        Most companies scan infrastructure devices for vulnerability every quarter, but the duration may vary depending on the company’s ITSM policy.

        After the security scan, if the security team finds vulnerabilities in a specific support group, such as Linux, Windows, Middleware or Network, it will be sent to them.

        Once assigned, the team will create a CR (Change Request) based on the environment such as TEST, DEV, UAT or PROD and mitigate it to make their systems more secure.

      • How to Install MariaDB 10.7 on Ubuntu 20.04 - LinuxCapable

        MariaDB is one of the most popular open-source databases next to its originator MySQL. The original creators of MySQL developed MariaDB in response to fears that MySQL would suddenly become a paid service due to Oracle acquiring it in 2010. With its history of doing similar tactics, the developers behind MariaDB have promised to keep it open source and free from such fears as what has happened to MySQL.

        MariaDB has become just as popular as MySQL with developers, with features such as advanced clustering with Galera Cluster 4, faster cache/indexes, storage engines, and features/extensions that you won’t find in MySQL.

        In the following tutorial, you will learn how to install MariaDB 10.7 on Ubuntu 20.04 LTS Focal Fossa.

      • How to Install PHP 8.1 on Fedora 35 - LinuxCapable

        PHP 8.1 is a significant update of the PHP language that will be “officially” released on November 25, 2021. This is a standard upgrade going forward from the existing PHP 8.0 release with the new PHP 8.1 is bringing enums, fibers, never return type, final class constants, intersection types, read-only properties amongst the long list of new features and changes.

        In the following tutorial, you will learn how to import the REMI Module and install PHP 8.1 on your Fedora 35 system.

      • How to install a full desktop on a Multipass virtual machine for easier Linux development - TechRepublic

        Multipass is still one of my favorite virtual machine systems. With this command-line tool, I can very quickly spin up a virtual instance of Ubuntu in seconds. These VMs can be used for testing, development and other use cases.

      • How to Install PHP 8.1 on Rocky Linux 8 - LinuxCapable

        PHP 8.1 is a significant update of the PHP language that will be “officially” released on November 25, 2021. This is a standard upgrade going forward from the existing PHP 8.0 release with the new PHP 8.1 is bringing enums, fibers, never return type, final class constants, intersection types, read-only properties amongst the long list of new features and changes.

        In the following tutorial, you will learn how to import the REMI Module and install PHP 8.1 on your Rocky Linux system.

      • How to Install MongoDB with Podman on Rocky Linux 8 – NextGenTips

        In this tutorial I will be showing you how to install MongoDB with Podman on Rocky Linux.

        Mongodb is an open source NoSQL database that provides high throughput for data driven applications. Unlike relational databases such as MySQL, Oracle and SQL server which store data in tables according to a rigid schema, MongoDB stores data in documents with flexible schema.

        Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Container Initiative (OCI) containers and container images.

      • How To Install Hugo on Debian 11 - idroot

        In this tutorial, we will show you how to install Hugo on Debian 11. For those of you who didn’t know, Hugo is a free and open-source website framework written in developed in Go. Hugo provides a reliable and modern static site generator. It is capable of generating a site at a speed of less than 1 ms per page. It works by shipping pre-made templates to make a quick work of SEO, analytics, commenting e.t.c. Hugo sites can run without any expensive run times like PHP, Python, Ruby and don’t need any database.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Hugo static site generator on a Debian 11 (Bullseye).

      • How To Find All Files Containing Specific Text On Linux From The Command Line - Linux Uprising Blog

        This article explains how to find all files containing specific text on Linux. For this we'll use grep, a standard Unix program.

        grep is a command-line utility which prints lines that match a given pattern, and should be installed by default.

        Let's start simple. Say you want to search for the word text (case-sensitive!) in all the files in the current directory and its subdirectories. To do this, you need to open the terminal, navigate to the folder where you want to perform the search, and run...

      • 20 one-line Linux commands to add to your toolbox | Enable Sysadmin

        Many Linux users have experienced a lasting sense of accomplishment after composing a particularly clever command that achieves multiple actions in just one line or that manages to do in one line what usually takes 10 clicks and as many windows in a graphical user interface (GUI). Aside from being the stuff of legend, one-liners are great examples of why the terminal is considered to be such a powerful tool.

      • What is a Hypervisor? What's Difference Between Type 1 & 2?

        Before you see difference between Type 1and Type 2 Hypervisor and which one is better (if that's even a case), let's first see what a Hypervisor is.

      • Monitoring bandwidth on Linux with Nethogs - Unixcop the Unix / Linux the admins deams

        Hello, colleagues. It is the task of any computer scientist to know how to manage the bandwidth of a computer. Especially if this computer is a server or a production computer that needs to know how the bandwidth is spent. So, in this post, you will learn how to monitor bandwidth in Linux. For this, we will use a CLI tool called NetHogs. Sounds interesting? So, let’s go for it.

      • How to Install Python 3.11 on Ubuntu 20.04 - LinuxCapable

        Python is one of the most popular high-level languages, focusing on high-level and object-oriented applications from simple scrips to complex machine learning algorithms. Python is famous for its simple, easy-to-learn syntax, emphasizes readability, and reduces program maintenance costs and more straightforward conversion to newer releases. Python supports modules and packages. One of the many is the popular PIP package manager.

      • How to install MongoDB 4.4 on Fedora 35 – NextGenTips

        In this tutorial we are going to explore how to install MongoDB on fedora 35.

        MongoDB is a free and open source document database designed for ease of application development and scaling.

        Every record in a mongoDB document, which is a data structure composed of field and pair values. MongoDB stores documents in collection. Collections are analogous to tables in relational databases.

      • How to use grep to search for strings in files on the shell

        The grep command, which stands for global regular expression print, is one of the most versatile commands in a Linux terminal environment. It is an immensely powerful program that allows the user to sort input according to complex rules, which makes it a rather popular link in numerous command chains. The grep command is primarily used to search text or any file for lines that contain a match to the specified words/strings. By default, grep displays the matched lines, and it can be used to search for lines of text that match a regular expression(s), and it outputs only the matched lines.

      • How to create an SQS Queue on AWS

        Amazon Simple Queue Service (SQS) is a managed message queuing service of AWS which enables us to decouple and scale microservices, distributed systems, and serverless applications. Using SQS, we can send, store, and receive messages between software components at any volume, without losing messages. Standard queues offer maximum throughput, best-effort ordering, and at least-once delivery. FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent.

        SQS Eliminates administrative overhead, provides Reliably delivery of messages, keeps sensitive data secure, and scales elastically and cost-effectively.

        Security, Durability, Availability, Scalability, Reliability, Customization are a few of the benefits of using SQS.

        There are 2 types of SQS Queues on AWS.

      • How To Install Apache with Let’s Encrypt on RHEL 8

        In terms of popularity and usage, the Apache webserver engine tops all other web server software systems, and for good reasons. The Apache Software Foundation ensured that this cross-platform web server software is attributed as free, open-source, and easy to configure.

        Its user-friendly footprints make it an ideal web server software alternative even for beginners that want to experience how their websites/applications will perform under HTTP and HTTPS protocols.

      • 3 interesting ways to use the Linux cowsay command | Opensource.com

        Most of the time, a terminal is a productivity powerhouse. But there's more to the terminal than commands and configurations. Among all the outstanding open source software out there, some of it has been written just for fun. I've written about fun commands before, but this article is about just one: the venerable cowsay command.

    • Games

      • SteamVR Overlay not working on Arch or Manjaro Linux? Here's a fix | GamingOnLinux

        Sadly, SteamVR on Linux continues to have quite a lot of quirks and over time it's gotten a little rough, here's a way to fix the SteamVR Overlay not working.

        One of the most annoying bugs right now is how the SteamVR Overlay doesn't seem to work. Not just that, but even the settings menu from the main SteamVR menu doesn't seem to work either. This appears to be a problem on any Arch-like Linux distribution (EndeavourOS, Manjaro etc) and seems to originate with the vrwebhelper.

      • Baba Is You gets a level editor, new levels and more | GamingOnLinux

        Baba Is You, the puzzle game where you push word blocks around to link them and change all the rules has a big free update out now with a level editor. I've said it before and I'll say it again: it's absolutely amazing. It's easily one of the best puzzle games ever made. Don't just take my word for it, on Steam it has an Overwhelmingly Positive score from over 12,000 players. It's good!

        This new free update brings with it a level editor, online level sharing with codes and built-in options to view them, a curated Featured Levels list, two new fully level packs from the developer with over 150 new puzzles and more.

      • Duke Smoochem 3D is turning into a hilarious look at Britain in Doom

        What started off as a joke, Duke Smoochem 3D now seems to be turning into something of an actual game. The joke was around former UK Secretary of State for Health and Social Care, Matt Hancock, who was famously captured on CCTV kissing an aid which broke COVID-19 social distancing restrictions.

        [...]

        Meanwhile, if you're after another good bit of retro-fuelled gaming with a British edge to it, there was also the Thatcher’s Techbase release from September that sees you take down an evil reincarnation of Maggie Thatcher.

      • The Polaris 15 and 17 from Tuxedo Computers: Linux Notebook Full Review - Invidious

        Tuxedo Computers sent over both the 15" and 17" versions of their new 3rd-gen Polaris notebook, and in this video I'll review both! I'll compare the two models side-by-side, and I'll give you my thoughts

      • Ready, player anyone? China's gaming ban left cloud providers looking for someone to play with

        China's decision to limit minors to three hours of gaming each week has proven problematic for the nation's clouds, which find themselves with unused capacity.

        So said Steve Brazier, CEO of channel-centric analyst firm Canalys, at the company's Asia-Pacific Forum

        "25 to 30 per cent of Chinese cloud capacity was for gaming," Brazier said. Chinese clouds like Alibaba are now trying to figure out what to do with that capacity. Some have even deferred datacentre builds as a result, Brazier said.

      • Experiences of configuring and using a ‘hackendeck’ homemade Steam Deck

        Valve recently released information about developing for the Steam Deck if you didn’t have a Dev-Kit which is an engineering verification test build (EV2) version of their device. Included in the documentation is a suggestion to build your own Steam Deck, or ‘hackendeck’ using a mini PC. Whilst I didn’t have the exact brand they picture in the article I did have a mini PC with the required specifications so I set about following the instructions to see how it performed.

      • Everything we learned from the Steam Deck Developer's Conference - Invidious
      • First-person shooter RPG 'Beyond Sunset' looks awesome in the new trailer | GamingOnLinux

        With a graphical style inspired by classic DOS games, Beyond Sunset is probably one of the absolute most promising looking retro shooters coming.

        "SUNSET CITY, CALIFORNIA - 20XX: You've been awakened from cryostasis. Your name, your identity, your memories… All lost in the confusing fog of hypersleep. Not only a stranger in a strange place, you begin to manifest powerful abilities. Lightning-fast reactions. Innate combat skills. Near-supernatural agility. You’re not like everyone else.

      • Kingdom Come: Deliverance gets shown off on the Steam Deck | GamingOnLinux

        Sadly, this is a game that was supposed to offer up native Linux support years ago as a result of the Kickstarter crowdfunding campaign. When the release was coming up, the developer cancelled both Linux and macOS support for launch and then just never ported it. A huge shame but at least with Steam Play Proton around there is another option to play Windows versions on Linux through Steam.

      • Sci-fi point and click adventure Warp Frontier released for Linux | GamingOnLinux

        Originally released in September, developer Brawsome has now ported over their space sci-fi point and click adventure War Frontier over to Linux.

        "Vincent Cassini, decorated war hero, but still just a Captain in the police force he started, is patrolling the orbital slums of his home planet Cetus, when he stumbles across a lead in a war crime that resulted in the mysterious disappearance of thousands of Cetans, including his first wife and best friend. Captain Cassini and his robot partner MAC, must ally with morally questionable characters to stop an old enemy before their crimes are erased forever.

      • Squid Game knock-off Crab Game now has a Linux version | GamingOnLinux

        Squid Game, the huge Netflix hit, was always going to inspire others and it clearly did with the free multiplayer title Crab Game and the developer has now put up a Linux build on Steam.

        It looks completely ridiculous of course but it's surprisingly fun to play and watch. Crab Game has been quite a big hit on Twitch too, with tens of thousands watching people spectacularly fail at it.

      • Take down the enemy capital ship in Deep Space Battle Sim out now | GamingOnLinux

        Deep Space Battle Simulator, a game where two opposing sides battle it out in space with their capital ships has now left Early Access on Steam.

        It's a round-based multiplayer first-person online game, one that allows a fair amount of freedom in how each team goes about conquering the other side. Each team is made up of actual players (8-16 on each side), who will fly around in fighters and board the enemy ship to try and take it down. A fun idea if you're a space sci-fi fan.

      • You'll be able to save the bees together online in APICO | GamingOnLinux

        APICO is an upcoming casual wholesome game about saving the bees, breeding them and building up your own beekeeping dream and the developer recently revealed online multiplayer support.

    • Desktop Environments/WMs

      • JWM version 2.4.0 compiled

        JWM, Joe's Window Manager, has been in the pups since the very early days. JWM is not just a window manager, it also manages one or more trays and one or more menus.

      • K Desktop Environment/KDE SC/Qt

        • Evolving 3D desktop effects in Plasma

          The latest Plasma release dropped a few desktop effects: the cube family, CoverSwitch and FlipSwitch. All of those effects were written back in 2008, the early days of KDE 4.x and the early days of desktop effects in KWin. The effects were implemented by me and when Vlad asked about removing them I saw the need for this and supported this step for technical reasons. With this blog post I want to share a little bit of why it was needed to remove them and why this means that they can come back in better ways than ever before.

          To really understand this we need to time travel back to 2008 and the years before when desktop effects were introduced. This can help to understand how the hardware architecture changed and how that influenced design decisions in the effects API which are nowadays problematic. First of all CPUs. The Intel Core 2 Duo architecture was launched in 2006 as the brand new thing which had multiple (namely 2) cores which slowly replaced the NetBurst architecture which dominated Desktop computing for the beginning of that decade.

      • GNOME Desktop/GTK

        • Clapper – GNOME media player built using GJS with GTK4 toolkit

          GTK is a free and open-source cross-platform widget toolkit for creating graphical user interfaces (GUIs). Offering a complete set of widgets, GTK is used from small one-off tools to complete application suites.

          GTK 4.0 was released in December 2020 with components that rely on GTK4 following promptly. The GNOME desktop is built on the GTK toolkit. GNOME 40 released in March 2021 supports GTK4. Many distros include GNOME 40 such as Ubuntu 21.10, Arch, Debian, Fedora, and Gentoo to name a few.

        • Cinnamon 5.2 Desktop Environment Released, This Is What’s New

          Cinnamon 5.2 is packed with an improved Menu applet that now features better keyboard navigation for RTL (Right-to-Left) languages, symbolic icons for all apps, the ability to hide the app buttons by default and when the menu is closed, support for displaying completion results only when the file system path entry is enabled, and the ability to show refreshed menu items while the menu is open.

        • China has now used a major Safari/Webkit zero day vulnerability against Hong Kong activists for at least the second time.

          On GNOME Web (especially in Flatpak), it’s actually quite a bit safer because of advanced Linux sandboxing techniques, and additional hardening options available to the GNU Compiler, which simply either don’t exist or are broken, or fake (report success, do nothing) in Apple’s Clang/LLVM. In many cases, the browser would simply crash rather than arbitrary code execution.

          I really can’t tell you how much I dislike Clang/LLVM. Apple switched over to it from GCC not due to maturity or technical excellence, but to get away from the GNU GPLv3, and now it’s democracy protesters in China who get to pay for that.

          When Fedora’s engineering steering committee was debating switching to LLVM based on anti-GNU FUD coming from Mozilla, I was preparing to apply two patches to Firefox (someone else quickly wrote them to make Firefox build on GCC with the features Mozilla said weren’t possible in GCC 8, to justify their switch to an inferior compiler) and build it under some other name and put it in my COPR repo instead. Now I don’t use Fedora or Firefox.

          If that had been the only thing going wrong with it, I might have groused a little and stayed in the end, but IBM has moved Fedora in a direction where it’s even less stable than Debian Sid!

          And Mozilla has turned into a political party of extremism (wokeness/corporate leftism) and Cancel Culture, and a thrall of Big Tech.

        • Strong passwords, 2FA, and GNOME Authenticator.

          About a year ago, I noticed that I kept getting emails that some of my accounts had been taken over.

          Nothing very important. An old Disney rewards account I signed up for to get free DVDs forever ago, an unused Spotify account from I don’t know when.

          But it got me thinking about security.

          Up until that point, I had dodged bullets. I hated passwords, I used bad practices without even considering it (like reusing weak passwords over and over again), and I decided to clean house.

    • Distributions

      • MX Linux MX-21 KDE - Now, here's a verily splendid distro

        Luck is a combination of two factors: probability and time. Case in point, my foray with MX Linux MX-21 KDE. As you well know, I'm a great fan of this small yet feisty distro. So far, I've mostly tested (and liked) the Xfce flavors. My one quick brush with its KDE build was largely unsuccessful. In fact, with the release of MX-21 Wildflower, I wasn't even thinking of testing the KDE version.

        But then, as luck would have it, the official download page didn't have the Xfce release available for my Lenovo IdeaPad box. To be able to run on modern systems with UEFI, AMD Ryzen processors and NVMe, you need the AHS release - I discovered this with MX-19.3. However, at the time of writing, or rather testing, there was only the regular Xfce edition sans modern stuff, the Xfce AHS in almost-but-not-quite Release Candidate (4), and the KDE version, with all the right bits in place! So I thought, let's go for it.

      • New Releases

        • Qubes OS 4.1-rc2 has been released!

          We’re pleased to announce the second release candidate for Qubes 4.1!

          Qubes 4.1-rc2 contains fixes for bugs that were discovered in the first release candidate (4.1-rc1). For existing Qubes 4.1-rc1 users, a regular update is sufficient to upgrade to 4.1-rc2.

      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

        • Audacity €» PCLinuxOS

          Audacity is an open source, freely distributed, cross-platform and easy-to-use software project designed from the offset to act as an audio editor and recorder for personal computers. Updated to 3.1.2.

      • IBM/Red Hat/Fedora

        • CentOS Alternative Rocky Linux 8.5 Is Out Now

          Rocky Linux 8.5 is now availlable for the download. Based on Red Hat Enterprise Linux 8.5. It inherits many of the new features from RHEL 8.5. This is the first release of Rocky Linux with official Rocky Linux signed Secure Boot shim.

        • Customize Python dependency resolution with machine learning | Red Hat Developer

          It has not been that long since pip, the Python package installer, introduced a new resolver. A resolver is a critical piece of programming infrastructure, responsible for locating and selecting versions of packages to use when building an application. The new pip resolver uses a backtracking algorithm that works considerably better than the old one, according to community feedback.

          This article introduces a new cloud-based Python dependency resolver created by Project Thoth. Running in the cloud, Thoth uses reinforcement learning techniques and your desired criteria to resolve Python library dependencies. Moreover, a pluggable interface lets you fix underpinning and overpinning issues (that is, where specified versions of packages are too strict or too lax) and make additional adjustments to the resolution process. The process takes into consideration the runtime environment, hardware, and other inputs to the cloud-based resolver.

        • From Godot to RPM - Fedora Magazine



          With more games being developed with the Godot engine, we need to learn how to package these games for Fedora.

          Developing a game is complex. The requirements for each game differ. In the past developers created new game engines for each game. Over time game engines become more generic. They adapt to cover a style of game. Some engines can create a wide variety of games.

          Godot is a well known open source game engine. Both open source and closed source games use the system. The Godot packages for Fedora run these games but no RPM package examples exist.

          Much of the packaging is the same regardless of the application. RPM spec files need summary, version, license, description, etc. For build requirements, you need the godot-headless package. Godot publishes a pck file but requires a graphical user interface to run. Godot headless builds a project without needing a graphical user interface.

        • Managing persistent volume access in Kubernetes | Red Hat Developer

          Data storage gets complex in the world of containers and microservices, as we discussed in Part 1 of this series. That article explained the Kubernetes concept of a persistent volume (PV) and introduced Red Hat OpenShift Data Foundation as a simple way to get persistent storage for your applications running in Red Hat OpenShift.

          Beyond the question of provisioning storage, one must think about types of storage and access. How will you read and write data? Who needs the data? Where will it be used? Because these questions sound a bit vague, let's jump into some specific examples.

          I ran the examples in this article on Developer Sandbox for Red Hat OpenShift, a free instance of OpenShift that you can use to begin your OpenShift and Kubernetes journey.

        • The office's next chapter: How CIOs can shape a positive workplace experience | The Enterprisers Project

          When the pandemic hit, the first wave of transformation was about moving employees home and supporting remote workers. The result of that transformation has forever changed our workforce – today, people are able to get work done from anywhere.

          It’s also forever changed the role of the physical workplace. The office will always have an important role in work. And as employees continue to return to the office, it’s time to think about how we can make it a place where people want to be – not just need to be – and a place where they can work effectively.

          Creating an enticing workplace experience is nothing new; years ago, tech companies in Silicon Valley began offering perks such as chef-prepared meals in the cafeteria and massages to attract and retain top talent. Today, the pandemic has employees reflecting on what benefits are important to them and which jobs align with their values, wants, and needs in a career. The perks that get them excited to come into the workplace might change. After working from home, for example, they likely crave time for collaboration and socializing in the workplace. And it’s up to us to help rethink that workplace experience with sustainability and employee needs in mind.

          After the warp-speed transformation CIOs have experienced over the last two years, now is not the time to slow down. As you look toward the near future, focus on improving the workplace experience, including by leveraging data from sensors and forming stronger cross-functional partnerships that can drive your organization forward.

        • 3 things CIOs should know about developers in the cloud era

          What do today’s developers wish CIOs and IT leaders knew about the realities of the cloud era? What do developers want in order to advance their careers? For my first episode hosting Red Hat’s livestreaming show, In The Clouds, I was excited to dig into these and related questions around the role of developers in the enterprise. I was joined by the leaders of the Red Hat Developer Business Unit: Vice President and General Manager Mithun T. Dhar and Senior Director of Developer Marketing and Strategy Ignacio Riesgo Pablo. We had an excellent discussion about how Red Hat works with developers and the unique culture and opportunities that brought all three of us to join the company.

      • Debian Family

        • Proxmox VE 7.1 released!

          we're excited to announce the release of Proxmox Virtual Environment 7.1. It's based on Debian 11.1 "Bullseye" but using a newer Linux kernel 5.13, QEMU 6.1, LXC 4.0, Ceph 16.2.6, and OpenZFS 2.1. and countless enhancements and bugfixes.

          Proxmox Virtual Environment brings several new functionalities and many improvements for management tasks in the web interface: support for Windows 11 including TPM, enhanced creation wizard for VM/container, ability to set backup retention policies per backup job in the GUI, and a new scheduler daemon supporting more flexible schedules..

      • Canonical/Ubuntu Family

        • The future of documentation at Canonical

          We’ve understood the importance of this for some time, but actually finding a way to express those values in our practice is less easy.

          One thing that has made it difficult at Canonical is the complexity of our engineering, product and services portfolio. Our software spans a range from single-purpose command-line tools to vertical ecosystems composed of dozens of discrete component products, created by dozens of independent engineering and product teams.

          We’ve been able to create unified and coherent software product lines, but we’ve been less successful doing the same for documentation. We want to do better for our documentation users – this is how we’re going to do it.

        • Ubuntu Maker Canonical Planning To Vastly Improve Its Documentation

          Back in the day Ubuntu's Wiki was a great resource for Linux documentation but less so these days while the Arch Linux Wiki is often viewed as a gold standard for open-source documentation. Canonical though is now hoping to radically improve the documentation for Ubuntu and its other software offerings.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Karl Dubost: Browser regression and tools

            In simplified terms, there is a regression when a code used to work and is not working properly after a specific release. For websites, a webpage would stop having the right behavior after updating to a new version of the browser.

          • Firefox Relay is Now Out of Beta & Adds New Premium Plan to Help Protect Your Real Email Address - It's FOSS News

            Firefox Relay aims to help you protect your real email address by providing email aliases.

            While good options like Simplelogin, and AnonAddy already exists, Mozilla’s Firefox Relay can encourage more users to use email aliases.

            For a while, it was in the beta phase with limited access to features. Now, as per the official announcement, it is available for all users, out of beta, and introduces a premium plan to unlock all features.

          • Safeguard Your Email Address from Spam Using Firefox Relay. Here's How.

            You can now protect your email addresses from spammers using Firefox Relay with premium service + unlimited aliases. Everything you need to know.

          • Support.Mozilla.Org: Introducing Firefox Relay Premium

            If you’re a fan of Firefox Relay, you may have been waiting for the day when you can add more aliases. After a long wait, you can now celebrate because we’re launching Firefox Relay Premium today.

            As a refresher, Firefox Relay is a free service available at relay.firefox.com where you’ll get five email aliases to use whenever you sign-up for an online account. Today, Firefox Relay is launching as a premium subscription where you can unlock unlimited aliases and additional features.

      • Productivity Software/LibreOffice/Calligra

        • Use atan2 function instead of atan – EasyHack

          When working with shapes and charts in LibreOffice, there are several occasions that you have to calculate tan -1 x . But is atan function always the best choice? Here we discuss using atan2 function instead of atan in C++ code. When used in correct place, atan2 can have a lot of benefits when calculating atan ( y / x ).

        • OSS News: Enterprise Linux, Microsoft Replacements, Fuzzy Linux Solutions

          The Document Foundation on Nov. 4 announced the release and general availability of LibreOffice 7.1.7 as the last point release in the LibreOffice 7.1 office suite series.

          The LibreOffice 7.1 office suite was released in February. It is supported until the end of November, after which the LibreOffice 7.1 series reaches the end of life. No new maintenance updates will be published.

          LibreOffice 7.1.7 is a minor update to address 27 bugs across the office suite’s various core components. You can see details about them in the RC1 and RC2 changelogs.

          This renders your installation vulnerable and outdated. No new maintenance releases for the 7.1 series will be issued. It is being replaced with LibreOffice 7.2, which is supported until June 12th, 2022. You can download it here. Or you can wait for it to be available in the various Linux distribution repositories.

          LibreOffice 7.2 brings many new features and improvements, as well as better support for proprietary formats created with the MS Office suite. The latest point release is LibreOffice 7.2.2, but version 7.2.3 is expected to arrive by the end of the month.

        • Collabora Online Partners Shine at Open Source Experience Paris 2021

          The Open source Experience 2021 in Paris was wonderful. Of course we met a large number of people, but various of Collabora Online partners too! We love to tell you about them.

      • Programming/Development

        • Nasah Kuma: open source is flexible

          I had as main objective when I started my Coding Experience(CE) to get to grips with C or C++ since I am convinced that understanding one or both languages will help me become a better developer. Cog is developed in C which explained my excitement when I was introduced to the project. The first couple of tasks assigned to me were challenging but quite beginner-friendly.

          Like it usually happens to many developers, I got stuck on an issue. After weeks of working on it, I couldn’t complete it. My mentor and I had a couple of meetings/coding sessions which helped me move ahead though not to the point of finishing the work. I could feel that there was a knowledge gap I had to bridge in C which studies and practice hadn’t given me that ability yet. Cutting the long story short I got really exhausted and anxious and suggested to my mentor that we move to something else and revisit this issue later.

          After a couple of days, I was presented with a new program that can help me make the most of the CE. It turns out I will be moving back to contributing actively on GJS since there was good progress when I previously contributed to it. The only difference is most of my contributions will be in C++ and will probably include more core stuff.

        • Hacking Multiplication with Karatsuba’s Algorithm

          People tend to obsess over making computer software faster. You can, of course, just crank up the clock speed and add more processors, but often the most powerful way to make something faster is to find a better way to do it. Sometimes those methods are very different from how a human being would do the same task, but it suits the computer’s capabilities. [Nemean] has a video explaining a better multiplication algorithm known as Karatsuba’s algorithm and it is actually quite clever. You can see the video below.

          To help you understand the algorithm, the video shows a simple two-digit by two-digit multiplication. You can see that the first and last digits are essentially the result of one multiplication. It is all the intermediate digits that add together. The only thing that might change the first digit is a carry.

        • Rust

  • Leftovers

    • Hardware

      • Tuned Out

        We’ve lost a lot of things in recent years, but one that we haven’t talked about too much is the demise of the children’s radio station. Yes, this is not exactly a surprise—how is radio going to compete with YouTube and Roblox? But back in April, the only real player in the kid-centric terrestrial radio space, Radio Disney, which started life on the airwaves 25 years ago this week, quietly wound down as Disney made the decision to focus on, well, every other part of being Disney. But it’s worth noting that Radio Disney was not the only one to embrace this phenomenon. Kids’ music makes a lot of money even to this day—it’s part of the reason why traditionally adult-centric bands like They Might Be Giants have embraced it. Today’s Tedium looks back at the many attempts to sell kids on radio—a market that has basically faded away by this point.

    • Integrity/Availability

      • Proprietary

        • Splunk CEO jumps ship, share price slumps despite surging growth
        • Security

          • Hardware security flaw impacts Intel Apollo Lake & Gemini Lake processors - CNX Software

            A few years go the Spectre and Meltdown hardware security vulnerabilities impacted a wide range of processors from Intel, AMD, Arm, and others. But a newly discovered hardware security flaw impacts specifically the Atom, Celeron, and Pentium from the Apollo Lake, Gemini Lake, Denverton … low-power processors we often feature on CNX Software.

          • Alibaba’s Linux-based cloud servers exploited for use by cryptojackers | SC Media [Ed: But is it the fault of "Linux"? No. Journalism has become a mixture of FUD and advertising.]
          • Free Android Penetration Testing Toolkit & Risk Assessment - blackMORE Ops

            zANTI is an Free Android Penetration Testing Toolkit & Risk Assessment application that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using your mobile device for free download. zANTI lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.

          • Security updates for Wednesday

            Security updates have been issued by CentOS (389-ds-base and libxml2), Debian (atftp, axis, and ntfs-3g), Fedora (digikam, freerdp, guacamole-server, and remmina), openSUSE (java-11-openjdk, kernel, samba, and tomcat), SUSE (firefox, java-11-openjdk, kernel, libarchive, samba, and tomcat), and Ubuntu (accountsservice, hivex, and openexr).

          • Google launches open source fuzzing tool to tackle SolarWinds-style attacks

            Google has announced a new open source project designed to assist software developers find vulnerabilities in their code, without much effort, in order to help enhance the security of the software supply chain.

          • Is Microsoft Stealing People’s Bookmarks?



            I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late.

            Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

            [...]

            It’s actually worse than I thought. Edge urges users to store passwords, ID numbers, and even passport numbers, all of which get uploaded to Microsoft by default when synch is enabled.

          • Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities

            CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran. FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.

          • Linux has a serious security problem that once again enables DNS cache poisoning

            The sleight of hand worked because DNS at the time relied on a transaction ID to prove the IP number returned came from an authoritative server rather than an imposter server attempting to send people to a malicious site. The transaction number had only 16 bits, which meant that there were only 65,536 possible transaction IDs.

            Kaminsky realized that hackers could exploit the lack of entropy by bombarding a DNS resolver with off-path responses that included each possible ID. Once the resolver received a response with the correct ID, the server would accept the malicious IP and store the result in cache so that everyone else using the same resolver—which typically belongs to a corporation, organization, or ISP—would also be sent to the same malicious server.

          • Privacy/Surveillance

    • Environment

      • Wildlife/Nature

    • Internet Policy/Net Neutrality

      • No centralised, verifiable record on internet shutdowns, says parliamentary panel: Reports

        In its report, the committee on information and technology noted that there were no rules to dictate these clampdowns.

      • No verifiable records of Internet shutdowns available: parliamentary panel - The Hindu

        There were no verifiable, centralised records of Internet shutdowns in the country. Neither the Ministry of Home Affairs nor the Department of Telecom maintain such a record, the parliamentary standing committee on information and technology pointed out in its report adopted on Tuesday.

        The committee, headed by senior Congress leader Shashi Tharoor, pressed for a detailed study on the economic impact owing to frequent and prolonged Internet shutdowns.

        Advocacy group Access Now, in a study published in March last, reported that India topped the list of countries that resorted to government imposed Internet clampdown.

        The report, as per sources, said that in absence of the database there was no mechanism to review whether the Internet clampdowns followed the laid down rules or the Supreme Court guidelines.

    • Digital Restrictions (DRM)

    • Monopolies

      • Copyrights

        • 28 New Prints Up On Our Online Shop – The Public Domain Review

          New delights for your walls, including works by Blake, Grandville, Redon, Hiroshige, and lots of stunning Japanese firework illustrations.

        • Imaging Inscape: *The Human Soul* (1913) – The Public Domain Review

          In The Human Soul: Its Movements, Its Lights, and the Iconography of the Fluidic Invisible, originally published in French in 1896, Dr. Hippolyte Baraduc (1850–1909) postulates the existence of “the fluidic invisible” — a “vital cosmic force”, which he calls Odic liquid, that extends across the universe and “saturates the organism of living beings and constitutes our fluidic body”. Instead of all things being composed of one elementary substance, as in philosophical accounts of the monad, in this cosmic vision, we all live in a sea that we cannot see, which Baraduc names Somod.



Recent Techrights' Posts

Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024