Why would you want to go to the trouble? Because you're a programmer, an engineer, or a system administrator who wants to get the most from Linux. Or, you're a power user, and you want to push your computer as far as you can take it. If that's you, then these are the distributions for you.
The Xen Project, an open source hypervisor hosted at the Linux Foundation, announced the release of Xen Project Hypervisor 4.16, which introduces various features allowing for improved performance, security, functionality, and hardware support. The Xen Project community continues to be active and engaged, with a wide range of developers from many companies and organizations contributing to this latest release. Additionally, community-wide initiatives, including Functional Safety and VirtIO for Xen, continue to make valuable progress.
“The Xen Project continues to make progress in order to expand its use cases into the embedded world while keeping the mature enterprise support. This release has seen the broadening of hardware support for both Arm and x86, together with an increase of the automated testing support and the addition of a new community initiative.”
Xen 4.16 delivers on various performance improvements to this hypervisor, improved Trusted Platform Module support in working towards TPM 2.0 compatibility, support for Intel x86 hardware lacking a programmable interval timer, initial support for Arm Performance Monitor Counters, improved support for Arm 64-bit heterogeneous big.LITTLE systems, continued work towards bringing up RISC-V support, and various security improvements.
When debugging graphics driver/API issues or performance profiling and relying on shader dumps, the size of such dumps can quickly add up due to all of the state collected, etc, but also inefficiencies when not within contiguous memory. Fortunately for Mesa's Radeon Vulkan driver "RADV" for pairing with the Radeon GPU Profiler there is a significant improvement that just landed for yielding smaller file sizes.
The change that landed in Mesa 22.0-devel is for uploading shader binaries of a pipeline contiguously in memory. AMD's Radeon GPU Profiler expects shaders to be in contiguous memory otherwise the captures are quite huge with many holes. With the change by Valve developer Samuel Pitoiset, the RADV driver will now provide them in contiguous memory.
At the end of November was a big update to Intel's Graphics Compiler while out today is IGC 1.0.9441 as the first update since to this open-source, cross-platform graphics compiler.
Going along with recent activity around DG2/Alchemist from this Intel compute stack code down through other activity around Intel's kernel graphics driver and their Mesa OpenGL/Vulkan drivers, that frenzy of work has continued this week along with specifically calling out changes for "PVC" -- Ponte Vecchio (Xe HPC).
One of the extensions released as part of Vulkan 1.2.199 was VK_EXT_image_view_min_lod extension. I’m happy to see it published as I have participated in the release process of this extension: from reviewing the spec exhaustively (I even contributed a few things to improve it!) to developing CTS tests for it that will be eventually merged to the CTS repo.
This extension was proposed by Valve to mirror a feature present in Direct3D 12 (check ResourceMinLODClamp here) and Direct3D 11 (check SetResourceMinLOD here). In other words, this extension allows clamping the minimum LOD value accessed by an image view to a minLod value set at image view creation time.
There are many kernels to choose from on Linux and installing a new one isn't that difficult but there are some steps you will need to take.
Redis is a free, and open-source in-memory data structure store used as a message broker and database cache. You can use it with streaming solutions such as Apache Kafka to process, and analyze real-time data with sub-millisecond latency. Redis supports a lot of data structures including, Hashes, Strings, Hyperloglogs, Bitmaps, Geospatial indexes, sorted lists, and more. It is popular due to its wide language support, high availability, and automatic partitioning.
In this post, we will show you how to install and configure Redis 6 on Debian 11.
Mozilla’s Firefox is one of the most popular desktop browsers and is used by many users as their default browser. One of the reasons for its popularity is the user-friendly interface and the general functionality that the browser offers.
However, the fact that Firefox cannot be run natively on a Chromebook was why some opt-out.
SCP (Secure Copy) is a command-line based utility for securely transferring files between a local and a remote system, or between two remote systems.
this script is suppsed to be started in a folder full of images that need sorting.
Some of you may know this (as I’ve written about in the past), but if you’re new to my RF travels, I’ve spent nights and weekends over the last two years doing some self directed learning on how radios work. I’ve gone from a very basic understanding of wireless communications, all the way through the process of learning about and implementing a set of libraries to modulate and demodulate data using my now formidable stash of SDRs. I’ve been implementing all of the RF processing code from first principals and purely based on other primitives I’ve written myself to prove to myself that I understand each concept before moving on.
This post is part of a series called "PACKRAT". If this is the first post you've found, it'd be worth reading the intro post first and then looking over all posts in the series. When working with SDRs, information about the signals your radio is receiving are communicated by streams of IQ data. IQ is short for “In-phase” and “Quadrature”, which means 90 degrees out of phase. Values in the IQ stream are commonly treated as complex numbers because it helps greatly when processing the IQ data for meaning.
In this guide we will learn how to manage FreeIPA users and groups.
After installing FreeIPA server and initializing kerberos ticket, you would want to do identity management next, which starts with creating groups and users.
RethinkDB is a free and open-source, distributed document-oriented database originally created by the company of the same name. It is a free and open-source NoSQL database system that makes it easier for building realtime apps. It comes with a graphical user interface that can be accessible from the web browser and used to manage the database. It uses JSON to load the applications into and read the database. RethinkDB is built to store JSON documents and you can scale it to multiple machines easily. It is easy to set up and has a simple query language that supports table joins and group by.
In this video, I am going to show how to install Ubuntu MATE 21.10.
In today’s guide, I am going to take you through the installation of node.js on Fedora 35.
Node.js is an open-source cross-platform, backend javascript runtime environment that runs on the V8 engine and executes javascript code outside of a web browser.
A Node.js app runs in a single process, without creating a new thread for every request. It provides a set of asynchronous I/O primitives in its standard library that prevent javascript code from blocking and generally, libraries from node.js are written using non-blocking paradigms, making blocking behaviour the exceptions rather than the norm.
When Node.js performs an I/O operation, like reading from the network, accessing a database or the filesystem, instead of blocking the thread and wasting CPU cycles waiting, Node.js will resume the operations when the response comes back. This allows Node.js to handle thousands of concurrent connections with a single server without introducing the burden of managing thread concurrency, which could be a significant source of bugs.
In this tutorial, we’ll learn the difference between a Django project and a Django app, and how to start a new Django project.
Django is the Python web framework of choice for building web applications. It’s a mature, full-featured, flexible and open-source framework that lets you build anything from a simple CRUD application to a more complex, multi-app project like a photo-sharing app.
Here’s how to keep iptables firewall rules persistent between reboots, so you don’t lost them after the system is rebooted.
Iptables is a command-line firewall utility in Linux operating system that uses policy chains to allow or block traffic. However, by default iptables rules will not survive through a server reboot. They are reset when you reboot your Linux system. So, how do I persist iptables rules?
The iptables store the rules in the system memory. In other words, it do not save these rules persistently to the disk as a file. Fortunately, there is a very easy way to keep these iptables rules persistently to a disk, which I will show you now.
In this guide we are going to learn how to install Telegraf and configure InfluxDB v2 output on a Rocky Linux server 8. This guide also works for any RHEL 8 based server like Alma Linux 8, Centos 8, Oracle Linux 8 etc.
Telegraf is a plugin-driven server agent for collecting & reporting metrics, and is the first piece of the TICK stack. Telegraf has plugins to source a variety of metrics directly from the system it’s running on, pull metrics from third-party APIs, or even listen for metrics via a statsd and Kafka consumer services. It also has output plugins to send metrics to a variety of other datastores, services, and message queues, including InfluxDB, Graphite, OpenTSDB, Datadog, Librato, Kafka, MQTT, NSQ, and many others.
HardInfo is a graphical system information (hardware, system info, software) and benchmark tool. Since there have not been any new HardInfo releases since 2009 (but the tool is still under development), I have created a PPA to easily install HardInfo 0.6 alpha (from Git) built with GTK3 on Ubuntu, Pop!_OS and Linux Mint. At the end of the post, you'll also find links with newer, third-party HardInfo packages for Arch Linux and Fedora.
Hardinfo system hardware information Linux The application can display system hardware information such as CPU (cores, frequencies, cache, etc.), RAM (available RAM, memory sockets, etc.), motherboard and BIOS, GPU, disks, peripherals, temperatures and much more.
What's more, the tool can also show software information like the used Linux distribution and version, kernel information and loaded modules, installed development tools versions, as well as system information like boot history, memory usage, filesystem usage, display (e.g. the screen resolution, the session type: X11 or Wayland, etc.), and more.
In this tutorial, we will show you how to install MariaDB on Fedora 35. For those of you who didn’t know, MariaDB is an open-source one of the most popular relational database management systems (RDBMS) that is a highly compatible drop-in replacement of MySQL. It offers a better storage engine along with faster caching and query performance.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the MariaDB 10.6 on a Fedora 35.
Cassandra is an open-source distributed database management system with a wide column store and a NoSQL database that can handle massive amounts of data across many commodity servers with no single point of failure. It was created by the Apache Software Foundation and is written in Java. In this article, we will go through the step-by-step process to install Cassandra in CentOS 7 Linux.
The news in brief: Simulation developers can now create 3D content with the new Open 3D Engine (O3DE) Linux editor and engine runtime, and a new Debian package and Windows installer provide a faster route to getting started with the engine.
[...]
In July, we formed the Open 3D Foundation and released the Developer Preview of Open 3D Engine—a modular and extensible engine free from commercial license requirements that includes a multi-threaded photorealistic renderer, a 3D content editor, a server authoritative networking stack with native cloud integrations, and a programmable asset processing pipeline. The Developer Preview gave the community early access to a source-only version of the engine in order to evaluate the core set of capabilities, provide feedback on the project, and begin contributing to O3DE’s development and governance.
With today’s release, developers can build 3D games and simulations, or a customized game engine on a stable foundation with support from the O3DE community and O3DF. Developers using Linux can now install a native version of the engine with the Debian-based Linux package distribution. Teams using Windows can get started even faster with a verified Windows installer. This release also adds new developer features such as performance profiling and benchmarking tools, an experimental terrain system, a Script Canvas integration for the multiplayer networking system, and an SDK to facilitate engine customization with platform support for Windows, Linux, MacOS, iOS, and Android. In addition to core engine capabilities, Open 3D Foundation members have contributed new capabilities to O3DE through the extensible Gem system. Kythera released an update to their artificial intelligence Gem to add support for pre-built O3DE SDK, enabling creators to include AI behaviors in their games and simulations. Cesium released a geospatial 3D tile extension. PopcornFX released a Gem for particle visual effects. The Gem system has also been extended to enable external Gem repositories, making it even easier to add capabilities from third party contributors.
This summer there was the surprise announcement of Amazon's Lumberyard game engine being open-sourced and it being developed as the Open 3D Engine by the then newly-created Open 3D Foundation as part of the Linux Foundation.
Amazon's Lumberyard served as the basis for the Open 3D Engine as an Apache 2.0 licensed game engine available without any commercial terms or other obstacles. In the months since this code has continued to be refined, initial Linux support added after embarrassingly not having this at time of announcement for this Linux Foundation hosted effort, and growing industry/developer interest in this open-source game engine option.
Open 3D Engine (O3DE) from the Open 3D Foundation is what was once Amazon Lumberyard, now open source it's just had a first major stable release.
The Linux Foundation welcomed the Open 3D Foundation into its community of families in July of 2021. The first project in the foundation was the Open 3D Engine known as O3DE. Amazon Web Services donated it under an Apache 2.0 and MIT licensing model. The mission of the Open 3D Engine is to make an open source, fully-featured, high-fidelity, real-time 3D engine for building games and simulations available to every industry.
Since its inception, it has raised $2.7 million in commitments from 26 partners in over two years. It has received signed commitments from a range of companies such as Adobe, Intel, AWS, Niantic, Huawei, SideFX, HERE, and others.
The foundation is focused on industries that utilize 3D technologies. This includes video games, automotive, simulation, robotics, energy, real estate, training, film, special effects, machine learning, aerospace, and many other verticals.
Since its inception, it has grown to over 3600 stars, 1100 forks of the repository, 1,500 Discord users, and 500+ active members are online. It has increased to over 130 authors of code, 7000 file changes, 2,000,000 changes to lines of code, and a vibrant & active self-sustaining support community averaging 500 messages & minutes per day.
Valve has written up a short blog post going over how their Steam Next Fest has improved things for developers, and it seems by a huge amount in some cases.
For users who haven't seen one before, Steam Next Fest is a regular event Steam now runs a few times a year, that gives developers some extra time in the spotlight. Developers can offer up limited-time demos, do livestreams and talks - all in the name of pulling in my wishlists and sales.
Despite the Epic Games Store not offering Linux support at all, it still seems to be somewhat popular with Linux users as the unofficial Heroic Games Launcher hit a big downloads milestone. Taking into account that the project does now also support Windows and macOS, it was originally Linux-only up until July 2021 where it gained initial support for the others.
In early November developer Flávio F Lima noted Heroic had hit 100,000 downloads, and less than a month later it's hit another 10,000+ according to the GitHub project page.
Admittedly in November, there was only a very slight uptick of 0.03%, but that’s still an increase, taking Linux to 1.16% as mentioned.
Let me start by saying.... I DO NOT KNOW WHAT I AM DOING.
Literally, developing a game engine is not on my resume... yet! So any code or ways of doing anything you read here, is just what I've figured out and works for me, which by no means should suggest to you that it is the proper way to do what ever it may be. Please consult your local guru first.
OK, now that we have that established... Please consider the following as entertainment and should you learn along the way with me, that's wonderful!
Now, by the time of writing this article, I am several months into this undertaking. I'll describe in future posts what the engine is capable of, but for today, let me tell you about what happened over the last 2 weeks. I will likely break them up into separate posts for easier consumption.
It's been a while since I've had to look at system logs in Linux OpenSuSE. I used to remember just doing a tail -f /var/log/messages or what ever log file you wanted to watch. I guess at some point since then they switched to using systemd journal service and you can now view everything using journalctl
This is where things get interesting. After finally getting the computer together, I downloaded the OpenSuSE ISO for 64bit. I went with Tumbleweed again. It worked well with the last server, so I'll just go with what I know. Tumbleweed is a rolling release linux, which means I shouldn't have to reinstall when a new version is released and I should still stay up to date. I created a bootable USB from ISO in Ubuntu 20.04 (My Desktop). Booted the new computer, installed OpenSuSE, and was happy... until I tried to reboot.
When I rebooted, I pulled out the USB stick and the BIOS said no boot drives. I knew of UEFI, and started reading. I found that in /boot/efi/ there was no EFI directory. If you don't know anything about UEFI (No worries, neither do I) ..apparently there is supposed to be a Fat32 partition marked as type EFI. The BIOS checks for this location and attempts to load the OS this way as apposed to using the MBR for booting like in the old days.
After doing some quick reading, I came to understand that Perl uses architecture specific ways to save content to files when using Storable. Specifically if you use lock_store and store. These are part of Perl's core system and what I use throughout the engine for working with the file structure.
I had to carefully re-read the perldoc's to discover that you can avoid architecture incompatibility by simply using nstore and lock_nstore The method you use for retrieving the stored files doesn't matter, only when storing the data into files does it matter.
I tried to find ways of being able to convert the stored files from 32bit architecture to 64bit, but ultimately the only real option was to use the old server to re-store the files with lock_nstore.
Let’s start with some history. GTK 4 has been in development since 2016 and it’s been expected that the Files application would be ported, obviously.
In 2018, a Google Summer of Code project from Ernestas Kulik produced a port of Files to GTK 3.9x, the development version of what would become GTK 4. It included a port of the custom EelCanvas widget (used to implement the Files icon view).
Although it was not meant for general use, Ernestas’s port was very useful, both for the development of GTK 4 itself, as well as the preparation of the Files app for the future. Many compatible changes were applied to the master branch, which both improved the code design and laid the preparations for a later port to GTK 4.
NixOS is a bit different than most Linux distributions, because of a unique approach to package and configuration management. NixOS uses the NIX package manager to build everything…even the kernel. And even the entire system configuration (from fstab, users, services, firewalls, and more) is taken care of from within a single, global configuration file. This one-two punch makes NixOS very complex. In fact, many consider it on the same level as Gentoo.
In other words, NixOS is not for the faint of heart.
The monthly Nitrux releases continue, and Nitrux 1.7.1 is here as what would appear a minor point release to last month’s Nitrux 1.7 update, but, in fact, it’s an important milestone as it ships with the latest and greatest Linux 5.15 LTS kernel by default.
On top of that, this release comes with the KDE Plasma 5.23.3 desktop environment, which is accompanied by the KDE Frameworks 5.87 and KDE Gear 21.08.2 software suites.
Released this summer was openSUSE Leap 15.3 using the same binary packages as SUSE Linux Enterprise for its SLE 15 SP3 release. Looking forward to next year, openSUSE Leap 15.4 alpha builds have begun spinning for that next installment.
OpenSUSE Leap 15.4 alpha builds have begun for this minor update to Leap 15 / SUSE Linux Enterprise 15. The upstream SUSE Linux Enterprise 15 cycle drags on with the openSUSE Wiki even mentioning the possibility of a 15.5 release.
openSUSE 15.4 Alpha Build Available to Download and Test, The openSUSE team have announced the avilability of a new development snapshot for openSUSE Leap. The new snapshot is lablled openSUSE 15.4 Alpha: “Alpha releases of openSUSE Leap 15.4 are now available for download on get.opensuse.org.
The fourth minor release of Leap 15 has entered its alpha development stage. During the Alpha phase, regular Alpha images will be built on a rolling basis until mid-February when the point release is scheduled to transition to a Beta build phase. The beta submission deadline is February 16, according to the roadmap. The Beta phase has a similar model until the General Availability of the release. The rolling builds stop after the Beta phase is complete and Leap transitions into a maintenance and security update phase upon beoming public available.” Additional information can be found in the project’s release announcement. Please note that at the time of writing the net-install download links do not work, but off-line install media are available.
Forlinx announced a “FET3399K-C SOM” that runs Android 7.1 or Linux on a Rockchip RK3399K with up to 4GB LPDDR3 and 32GB eMMC plus -20 to 80ââÆ support. An “OK3399K-C” SBC based on it offers GbE, 4x USB, HDMI, MIPI DSI/CSI, M.2, and mini-PCIe.
Forlinx announced an update to its FET3399-C SOM and OK3399-C SBC that advances from the the Rockchip RK3399 to the RK3399K, enabling a wider -20 to 80ââÆ operating range instead of 0 to 80ââÆ . The FET3399K-C SOM and OK3399K-C SBC appear to be otherwise identical to the year-old originals. Since we missed that announcement, we cover the boards in detail below.
If you go to purchase an Android phone, then what would be your requirement that needs to be fulfilled? I would say; a smart and sleek design, good camera quality, convenient user experience, and so on. On top of these, if you’re knowledgeable about tech, then you’ll probably be looking for a good-performing processor, chipset, RAM, ROM, and more. But interestingly, it doesn’t matter from which category of people you’re in; you’ll definitely look for an Android phone that has a long battery life along with an app battery saver feature in it.
Because there will be a bunch of apps you’ll be using on your Android; thus you’ll obviously go for a long battery life phone. But if you’ve got a phone that has a battery life that can’t meet your expectations, then the app’s battery saver feature on your Android will be the cure for sure.
There’s no other alternative to using the app’s battery saver feature if you’re an Android gamer. So, if you’re a gamer, then you’re going to love this feature on your Android phone.
FOSDEM 2022 will be a virtual event, taking place online on Saturday, February 5, and Sunday, February 6. The LibreOffice DevRoom is scheduled for Sunday, February 6, from 9AM to 7PM (times to be confirmed). If we will get more interesting talk proposals than the maximum number we can fit in one day, we will have the opportunity to extend the DevRoom to Saturday, February 5, in the afternoon.
The FinOps Foundation team is beyond excited to launch the 2022 State of FinOps Survey. Yes, there are plenty of self-published industry reports out there, but what makes this one different is that it’s built by and for the FinOps community.
OLF, previously known as Ohio Linuxfest, has been one of the most popular community-run open source events for nearly two decades. The event brings together individuals from around the country and world to gather and share information about Linux and open source software. This year’s event takes place December 3-4 in Columbus, Ohio, and The Linux Foundation is proud to be one of the event sponsors.
Even if you cannot join us in Columbus, you can help support the event and community by entering an online raffle fundraiser. You can purchase tickets for the raffle and choose the prize you would like to win. The raffle will take place at 7 pm Eastern on December 4. The Linux Foundation has donated the following prizes to the raffle:
A fresh and new minor release of drat arrived on CRAN overnight. This is another small update relative to the 0.2.0 release in April followed by a 0.2.1 update in July. This release follows the changes made in digest yesterday. We removed the YAML file (and badge) for the disgraced former continuous integration service we shall not name (yet that we all used to use). And we converted the vignette from using the minidown package to the (fairly new) simplermarkdown package which is so much more appropriate for our use of the minimal water.css style.
drat stands for drat R Archive Template, and helps with easy-to-create and easy-to-use repositories for R packages. Since its inception in early 2015 it has found reasonably widespread adoption among R users because repositories with marked releases is the better way to distribute code. See below for a few custom reference examples.
I can't think of anything terribly interesting I've been doing recently, mostly being settled in my new flat and tinkering away with things. The latest "new" code was something for controlling mpd via a web-browser...
Version 1.57.0 of the Rust language is out. "Rust 1.57 brings panic! to const contexts, adds support for custom profiles to Cargo, and stabilizes fallible reservation APIs."
The Rust team is happy to announce a new version of Rust, 1.57.0. Rust is a programming language empowering everyone to build reliable and efficient software.
It’s been over 20 months since the first COVID lockdown kicked in here in Northern Ireland and I started working from home. Even when the strict lockdown was lifted the advice here has continued to be “If you can work from home you should work from home”. I’ve been into the office here and there (for new starts given you need to hand over a laptop and sort out some login details it’s generally easier to do so in person, and I’ve had a couple of whiteboard sessions that needed the high bandwidth face to face communication), but day to day is all from home.
Early on I commented that work had taken over my study. This has largely continued to be true. I set my work laptop on the stand on a Monday morning and it sits there until Friday evening, when it gets switched for the personal laptop. I have a lovely LG 34UM88 21:9 Ultrawide monitor, and my laptops are small and light so I much prefer to use them docked. Also my general working pattern is to have a lot of external connections up and running (build machine, test devices, log host) which means a suspend/resume cycle disrupts things. So I like to minimise moving things about.
I spent a little bit of time trying to find a dual laptop stand so I could have both machines setup and switch between them easily, but I didn’t find anything that didn’t seem to be geared up for DJs with a mixer + laptop combo taking up quite a bit of desk space rather than stacking laptops vertically. Eventually I realised that the right move was probably a desktop machine.
Having already started with replacing the Real Time Clock with his own creation, [Necroware] looked for other opportunities to make the Asus P/I-P55TP4XEG more capable than Asus did. And, he succeeded. Realizing that the motherboard has the ability to have an external voltage regulator board, [Necroware] made one so that the Socket 7 board could supply more than a single voltage to the CPU- the very thing keeping him from upgrading from a Pentium 133 to a Pentium MMX 200.
Special thanks to [Maarten], who stumbled upon this old gem of a geekhack thread by [suka]. It’s essentially a show and tell of their DIY keyboard journey, complete with pictures. [suka]’s interest started with a yen for ergonomic keyboard layout alternatives. They soon found the geekhack forum and started lurking around, practicing layouts like Neo and AdNW, which [suka] still uses today.
Whitney is joined by Dr. Meryl Nass to discuss the FDA’s role in the current COVID-19 vaccine Emergency Use Authorizations and the mandate situation as well as how the FDA’s conflicts of interest with Big Pharma led to the creation of the EUA system and has resulted in unethical, illegal behavior from the agency during the COVID-19 crisis.
Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts.
The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. “Project owners can list their tokens without the burden of capital requirements and focus on using funds for building the project instead of providing liquidity,” MonoX company representatives say here. “It works by grouping deposited tokens into a virtual pair with vCASH, to offer a single token pool design.”
An accounting error built into the company’s software let an attacker inflate the price of the MONO token and to then use it to cash out all the other deposited tokens, MonoX Finance revealed in a post. The haul amounted to $31 million worth of tokens on the Ethereum or Polygon blockchains, both of which are supported by the MonoX protocol.
To me, this is reason enough never to use smart contracts for anything important. Human-based adjudication systems are not useless pre-Internet human baggage, they’re vital.
Mozilla has released security updates to address a vulnerability in Network Security Services (NSS). An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review the Mozilla Security Advisory for NSS and apply the necessary update.
A cryptographic library set NSS Mozilla (Network Security Services) has been identified in the critical vulnerability (( CVE-2021-43527 CVE-2021-43527)) that could lead to malicious code execution when processing DSA or RSA-PSS digital signatures specified using the DER ( Distinguished Encoding Rules). The issue codenamed BigSig has been fixed in NSS 3.73 and NSS ESR 3.68.1. Distribution package updates are available for Debian, RHEL, Ubuntu, SUSE, Arch Linux, Gentoo, FreeBSD. Updates for not yet available Fedora are.
The problem manifests itself in applications that use NSS to handle CMS, S / MIME, PKCS # 7 and PKCS # 12 digital signatures, or when verifying certificates in TLS, X.509, OCSP, and CRL implementations. The vulnerability could surface in various client and server applications with TLS, DTLS and S / MIME support, email clients and PDF viewers that use the CERT_VerifyCertificate () NSS call to verify digital signatures.
as examples of vulnerable applications are mentioned LibreOffice, Evolution and Evince . Potentially, the problem can also affect projects such as Pidgin, Apache OpenOffice, Suricata, Curl, Chrony, Red Hat Directory Server, Red Hat Certificate System, mod_nss for the Apache http server, Oracle Communications Messaging Server, Oracle Directory Server Enterprise Edition. At the same time, the vulnerability does not appear in Firefox, Thunderbird and Tor Browser, which use a separate library for verification mozilla :: pkix , which is also part of NSS. Chromium-based browsers (unless specifically compiled with NSS), which used NSS until 2015, but then were transferred to BoringSSL, are not affected by the problem.
Over on the Project Zero blog, Tavis Ormandy has a lengthy postmortem on a vulnerability that he found in the Network Security Services (NSS) cryptography library. The vulnerability is a bog-standard buffer overflow that has existed in the library since 2012 despite various kinds of static analysis, testing, and fuzzing that Mozilla and others have applied to it over the years.
This is an unusual blog post. I normally write posts to highlight some hidden attack surface or interesting complex vulnerability class. This time, I want to talk about a vulnerability that is neither of those things. The striking thing about this vulnerability is just how simple it is. This should have been caught earlier, and I want to explore why that didn’t happen. In 2021, all good bugs need a catchy name, so I’m calling this one “BigSig”.
First, let’s take a look at the bug, I’ll explain how I found it and then try to understand why we missed it for so long.
CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305.
Cybersecurity researchers set up a tempting cloud honeypot to examine how cyber attackers work.
Teachers have long known that most kids learn better when they are in a classroom with a teacher — and not on a computer — but the closure of schools during the coronavirus pandemic showed that to those who might have thought otherwise. When the pandemic hit in spring 2020 and most students learned from home, school districts purchased Chromebooks and other devices, and kids learned by working on screens of varying sizes. But now that most schools have reopened five days a week, the technology is still in use — and some experts are concerned about its continued use among younger children. This post, written by clinical psychologist Annalise Caron, explains why it is time to take technology out of elementary school. Caron (@AnnaliseC_PhD) is director of CBT Westport, a private psychology practice in Westport, Conn., and is half of the Parenting Pair, an initiative dedicated to creating online parenting resources for science-informed, compassionate and connected parenting. She is also a mother of an eighth-grade son and a fifth-grade daughter, who are bringing their Chromebooks to and from school daily.
Activists want Defense Secretary Lloyd Austin to open new investigations of past airstrikes, apologize for civilian deaths, and compensate relatives.
The Taliban executed dozens of members of the Afghan security forces after they surrendered following the militants' seizure of Afghanistan in late summer, new research released by Human Rights Watch (HRW) on Tuesday alleges.
The HRW report detailed "the summary execution or enforced disappearance" of 47 former members of the Afghan National Security Forces (ANSF), including military personnel, police, intelligence service members and paramilitary militia, who had surrendered to or were apprehended by Taliban forces between August 15 and October 31.
HRW says the report is based on a total of 67 interviews, including 40 in-person interviews with witnesses, relatives and friends of victims, and Taliban fighters. Some people were granted anonymity by HRW for their report. In some cases, families report stories of people who simply disappeared.
The findings of the investigation would make a mockery of the Taliban's previous claims to the international community that it would lead a more inclusive government than it did two decades ago. Its leaders had promised a reprieve for those who collaborated with US forces during the American presence in the country.
Last week at iFixit we did a teardown of the Fairphone 4, which earned an exceedingly rare 10/10 on our repairability scale. During that teardown, I was impressed with many of the decisions the Fairphone design team made. With repair legislation around the corner in most markets around the world (and already in effect in some places like France) there has never been a better time for smartphone makers to take a few notes from Fairphone 4’s design, and this company’s methods. Here are some that stuck out to me during our teardown.
Windows 11 rolled out on October 5th on new computers. Users with existing compatible Windows 10 computers should be receiving it soon, if they have not already. No, technically, the upgrade to Windows 11 is not optional. All I can tell you is to check with Microsoft to see if your computer is compatible, because the requirements have been in such flux over the past few months that no one seems to really know for sure which computers will eventually be able to run Windows 11. One thing is clear, however, Windows 11 functionality is pretty much the same as Windows 10 functionality. But, while the ability of users to get things done on their PC's will not change much, Microsoft will have more control over your PC than ever before. Correction, Microsoft will have more control over "its" PC than ever before, because that is how Microsoft has thought of your PC since Windows Vista stopped asking for your permission to update itself on your hard drive.
The roll-out of Windows 11 is the perfect time to re-evaluate your stand on Windows. Do you want to continue using an operating system that becomes more controlling and invasive every year? Do you want to continue using an operating system with annoying bugs that have existed for years, if not decades? With bugs that may never be fixed? With an operating system with such a huge attack surface that it cannot be made even relatively secure? Do you want to continue playing Microsoft's shell game, where menus and applications and terminology are constantly changing, likely solely to trick you into believing that Windows is improving somehow? Do you want to continue giving your money to a company that seems to treat you as nothing more than a faceless "consumer" to be manipulated? Or, do you want to refuse to give Microsoft any more of your money for its buggy, hard-to-use software? Might the roll-out of Windows 11 be the perfect time to bite the bullet and finally decide to switch to a better operating system?
As you enter a hoarder's house the first thing that hits you is the smell. Perhaps a musty paper aroma from a ton of books and newspapers touching the ceiling, or worse, rotting food and waste piled everywhere.
On this day it was the phenolic smell of circuitry and cooking electronics that met me. Duty had called to help a friend's relative in distress. Depressed and perhaps close to suicide, they were entombed in their own home by walls of technology. A year of pandemic lockdown compounded problems that clearly went deeper.
In every direction were phones, gadgets, computer parts, game consoles, more phones, cameras, clocks, LED lamps and various toys, keyboards, remotes… and more phones. Drawers were filled. Every surface overflowed. It took five days, almost 200 waste sacks and €£700 in e-waste disposal fees for us to transform the house from an imminent fire hazard to a liveable dwelling.
It’s inspiring to see members in revolt against two-tier at the farm equipment maker John Deere, the hospital chain Kaiser Permanente, the cereal maker Kellogg’s, and the parcel giant UPS.
Two-tier isn’t just an unfair idea—it’s also a union-killer.
In case your employer hasn’t acquainted you with this repugnant policy, a two-tier system means that everyone hired after today has it worse than everyone hired before today—whether it’s lower pay, weaker benefits, no pension, or unlimited forced overtime.
Typically it’s sold as an alternative to taking concessions for yourself; you agree to pass them on to the “unborn.”
Pfizer is among the Big Pharma companies trying to block legislation strengthening whistleblowers’ ability to report corporate fraud.
ASWAD KHAN DIDN’T understand why people were congratulating him. On a February morning in 2017, rolling out of bed at his home in an upper-middle class area of Karachi, Pakistan, Khan saw a flurry of text messages, mostly from old college and high school friends, many living in the United States, that had arrived the night before. They were wishing him well about some good news that he had not yet received. Groggily, he scrolled through his phone and scanned the messages.
Khan, then age 31, soon came across a text that revealed what was going on. “Congrats bro your best friend is getting married!” the message read. “You must be so happy man.”
He could not believe what he had just read.
Khan immediately logged onto Facebook to check the page of his childhood best friend, Ahmed. He quickly realized that Ahmed had unfollowed him and restricted his access to the profile. Meanwhile, the pages of his other friends were congratulating Ahmed on his engagement and the wedding that he had apparently announced for that summer. Ahmed, whose full name is being withheld at Khan’s request and who did not respond to requests for comment, had shared every moment of his life with Khan since they were kids. Yet he had not even told Khan about his engagement.
We, the undersigned Mauritanian, regional and international civil society organisations, express our deep concern about the adoption, by the Mauritanian parliament, of the Law on the protection of national symbols and criminalisation of offenses against the authority of the state and the honour of the citizen on November 9, 2021. We fear that the entry into force of this law will negatively impact the exercise of freedom of expression in Mauritania.
Yesterday, Access Now and a coalition of civil society organizations filed an amicus brief in support of New York’s Affordable Broadband Act (ABA) currently challenged by broadband providers. The ABA requires New York internet service providers (ISPs) to offer a sorely needed $15 low-income broadband service.
The ABA is critical in closing the digital divide and connecting more low-income people. Despite programs like Lifeline and the Emergency Broadband Benefit, in New York only 77% of residents access broadband at home. This means that nearly 25% of New Yorkers lack high-speed internet.
An odd little book about frogs and fishes raining down from the sky and the reasons why they do so.