Kubernetes’ final release for the year 2021 is ready: Version 1.23.
The Christmas edition of Kubernetes comes with 45 new enhancements to make it more mature, secure and scalable. There are some critical changes grouped into the Kubernetes API, containers and infrastructure, storage, networking and security in this latest release.
PostgreSQL is an open-source, object-relational database system that lets you store and scale complicated data workloads safely. In this article, we discuss PostgreSQL, its uses, and benefits.
AlmaLinux OS Foundation, the nonprofit that stewards the community owned and governed open source CentOS alternative, today announced that Codenotary has joined its governance board as the first Platinum member.
As a former CentOS user, Codenotary is investing in AlmaLinux to support its growth. The company brings easy-to-use trust and integrity into the software lifecycle using its own super fast, immutable, and cryptographically verifiable ledger database to underpin its notarization and verification product for creating Software Bill of Materials (SBOM). Codenotary also stewards immudb, its open source key value, SQL database with over 3,300 stars on GitHub.
Technical errors with the US-EAST-1 region of Amazon Web Services have caused widespread woes for customers, including difficulty accessing the management console and some other service problems.
Digital technology can give you freedom; it can also take your freedom away. The first threat to our control over our computing came from proprietary software: software that the users cannot control because the owner (a company such as Apple or Microsoft) controls it. The owners often take advantage of this unjust power by inserting malicious features such as spyware, back doors, and Digital Restrictions Management (DRM) (referred to as “Digital Rights Management” in their propaganda).
Our solution to this problem is developing free software and rejecting proprietary software. Free software means that you, as a user, have four essential freedoms: (0) to run the program as you wish, (1) to study and change the source code so it does what you wish, (2) to redistribute exact copies, and (3) to redistribute copies of your modified versions.
With free software, we, the users, take back control of our computing. Proprietary software still exists, but we can exclude it from our lives, and many of us have done so. However, we now face a new threat to our control over our computing: Software as a Service. For our freedom’s sake, we have to reject that too.
Chaos Mesh is a cloud native chaos engineering platform that orchestrates chaos experiments on Kubernetes environments. It allows you to test the resilience of your system by simulating problems such as network faults, file system faults, and Pod faults. After each chaos experiment, you can review the testing results by checking the logs.
But this approach is neither direct nor efficient. Therefore, I decided to develop a daily reporting system that would automatically analyze logs and generate reports. This way, it’s easy to examine the logs and identify the issues.
Sometimes it's fun too theorycraft about how a type of software could work if it existed and I found this post doing just that with a GUIfied terminal.
The recent activity around x86 (x86_64 included) straight-line speculation mitigation handling is set to culminate with this security feature being set for mainline with the upcoming Linux 5.17 cycle.
Recent weeks have seen x86 straight-line speculation mitigations underway by compiler developers and the Linux kernel folks. This is similar to the Arm straight-line speculation "SLS" vulnerability and mitigation of last year but now seeing similar activity on the x86/x86_64 front for Intel and AMD.
The issue at hand is over processors speculatively executing instructions linearly in memory past an unconditional change in control flow. GCC 12 landed its compiler mitigation option and LLVM Clang is doing the same. The compilers are introducing a "-mharden-sls" option to add INT3 instructions after function returns and indirect branches to protect against possible straight-line speculation.
A patch to improve the boot times on massively parallel Linux systems is currently being prepared and initial performance numbers are extremely impressive. The patch isn't exactly new though and has been in the making since at least February of this year.
It will improve the effective utilization of many-core/thread server and workstation processor systems, like those based on AMD's EPYC / Ryzen Threadripper, and Intel's Xeon, while booting. On a 96-threaded Skylake system, the patch reduced the Bringup time (wake up time) for the cores from 500ms down to just 34ms, which is around a factor of 15.
Linux is an attractive platform for professional audio production. It is an extremely stable operating system that has good support for audio hardware. Using a Linux machine as the focus of your recording setup opens a world of possibilities for an affordable price.
Software that creates music can often be expensive. The heavyweight Cubase, Apple LogicPro, FL Studio, Adobe Audition, and Sony ACID Pro are all impressive software music production environments. Unfortunately, they cost hundreds of dollars and are released under a proprietary software license. Fortunately, there is a good range of open source software that lets you produce professional quality recordings.
Corel Corporation is a Canadian software company specializing in graphics processing. They are best known for developing CorelDRAW, a vector graphics editor. They are also notable for purchasing and developing AfterShot Pro, PaintShop Pro, Painter, Video Studio, MindManager, and WordPerfect.
Corel has dabbled with Linux over the years. For example they produced Corel Linux, a Debian-based distribution which bundled Corel WordPerfect Office for Linux. While Corel effectively abandoned its Linux business in 2001 they are not completely Linux-phobic. For example, AfterShot Pro has an up to date Linux version albeit its proprietary software.
This series looks at the best free and open source alternatives to products offered by Corel.
Digital painting is an art form all its own. It obviously emulates the discipline it's named for, but painting in the physical world and a digital environment is unique. Krita is a digital paint application that's seen use at major film production houses, book publishers, and art studios. It specializes in materials emulation, allowing the artist to adjust and fine-tune their tools through a brush engine so that they can achieve exactly the look and drawing feel they need. Krita won't make you a great painter, but if you love to paint, Krita can help you make sure your artwork looks its best.
Blender 3.0 the highly anticipated next generation 3D modelling software is now available to download providing a free open source application for anyone to create both 2D and 3D content. The Blender Foundation has been working on the 3rd generation of Blender for some time and now the software cycles even faster than ever. The Cycles GPU kernels have been rewritten for better performance, rendering between 2x and 8x faster in real-world scenes and Blender 3.0 now features a more responsive viewport thanks to new display algorithms and scheduling systems.
Fix not selecting second icon in search results (Issue #50) Fix incorrect selection when leaving treeview Fix skipping first treeview item Fix unnecessary button size changes Translation updates: Catalan, Greek
Call of Duty: Black Ops III is a military FPS game developed by Treyarch and published by Activision. It is the 12th game in the COD franchise. Here’s how you can play this game on Linux.
XanMod is a free, open-source general-purpose Linux Kernel alternative to the stock kernel with Pop!_OS 20.04. It features custom settings and new features and is built to provide a responsive and smooth desktop experience, especially for new hardware.
XanMod is popular amongst Linux Gaming, streaming, and ultra-low latency requirements and often boasts the latest Linux Kernels, having multiple branches to choose from the stable, edge, and development.
Oracle Java 17 is not available to install on Ubuntu 20.04 or 22.04 LTS using the default main repository of these Linux. Hence, here we will know the steps to set up the same using the command terminal.
There are several ways to install deb files in Ubuntu. Here I’ll show you the two easiest ways, closely following best practices.
For Ubuntu users, software can come from many sources. There’s official repos, PPAs, Snap store, Flathub, and more. However, you won’t find every app you want in one of those.
Sometimes, you may have to visit an website to download and install file with a .deb extension. So let’s first answer the question, what is a .deb file?
In this tutorial, we are going to explore how to install Go 1.17 on Ubuntu 20.04.
Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast.
Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions.
Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection.
DevOps has greatly changed the way software engineers and developers develop and deploy applications. One of the technologies at the heart of this revolution is Kubernetes.
Let's explore how you can install a local instance of Kubernetes on Ubuntu using MicroK8s (MicroKates). With this setup in place, you can easily host container applications in a secure, reliable, and highly scalable manner.
You must have heard about the term “TTY” when it comes to Linux and UNIX. But, what is it?
Is it useful to you as a desktop user? Do you need it? And, what can you do with it?
In this article, let me mention everything essential to get you familiar with the term TTY in Linux.
Do note that there’s no definitive answer to this, but it relates to how input/output devices interacted in the past. So, you will have to know a bit of history to get a clear picture.
There have been many false dawns for Linux gaming, but in recent years things have been improving unabated. The launch of the Proton compatibility layer meant that thousands of DirectX-only games can now be translated to Vulkan and therefore work on Linux, while new Linux-compatible games continue to be released as well.
If you want to play Windows-only games on Linux, see our guide on how to set up Proton and Steam Play. If, however, you just want to check out all the best native Linux games in 2021 you can play, then read on below.
Nate Graham, KDE developer, is arguing that KDE needs simpler defaults – without losing the customisability that makes KDE, well, KDE. I think this is a good goal – especially since many distributions can opt for different defaults anyway. KDE is an amazing collection of software, but there’s no denying its plethora of options and customisation can also be intimidating and a little bit overwhelming, even for experienced users such as myself.
The KDE Plasma Desktop application packages have been updated to 21.12.0. This is a service release update.
In the last year I've seen some really good musician that performs all the instruments in a song with just a loop machine, recording each instrument one by one in tracks and looping.
I was thinking that it should be easy to have a desktop application that does exactly the same, just some tracks to record some sounds and the playback with a loop option, and that's what I created during this week.
I have synced my local OpenEmbedded with the latest release in the Dunfell series, now version 3.1.12 (only coincidentally similar to EasyOS versions).
Xsystems, a global leader in Open Storage solutions, today announced five predictions expected to shape enterprise storage spending in 2022. The predictions come as new research from IDC shows enterprise spending on storage systems accelerated in 2021, with total storage capacity shipped rising 13.8% year over year to 88.7 exabytes.
According to the 2021 Worldwide Quarterly Enterprise Storage Systems Tracker by International Data Corporation (IDC), “The global market revenue for enterprise external OEM storage systems grew 9.7% year over year to $6.9 billion during the second quarter of 2021 (2Q21). Total external OEM storage capacity shipped was up 27.9% year over year to 22.1 exabytes during the quarter.”
This is the first post about the state of Fedora Kinoite since the release as part of Fedora 35. The goal is to have at least one post before or shortly after each release to help track the progress of Fedora Kinoite, the new features and the missing ones.
For a live updating version of this, you can follow the list of known Kinoite bugs issue in the Fedora KDE SIG tracker or on the Kinoite Board.
For a video version of this, see the Fedora Kinoite talk I made for the Fedora 35 release party (slides).
This is a guide covering how to work on applications on Fedora Silverblue and Fedora Kinoite. Depending on the case, it may be easier to work with Flatpak, with RPM packages or directly from the source repository thus I will cover all three options.
Note that while this guide focuses on Fedora Silverblue and Fedora Kinoite, it also applies to all rpm-ostree based Fedora variants and in a lesser form to all distributions that feature Flatpak and toolbox.
As always, make sure to backup your data before attempting system wide changes that could result in the loss of your personal cat picture collection.
If you encounter issues with this guide, reach out to me in one of the following Matrix rooms: Flatpak, KDE Flatpaks, Fedora Silverblue, Fedora KDE.
Try to avoid contacting me privately as there is a high chance that other people from those rooms will also be able to help you with your issue.
If you want to work on building images of Fedora Silverblue, Fedora Kinoite or other desktop variants, you should follow the steps from the README in the workstation-ostree-config repo.
According to Red Hat’s 2021 State of Enterprise Open Source Report, 90% of IT leaders are using enterprise open source, and 79% expect their use of enterprise open source software for emerging technologies to increase over the next two years. With most businesses using some form of open source, there is still varying maturity along the spectrum from consuming to producing and embracing open source.
18 months. That’s the amount of time spent by Volumio’s software team in developing the latest version of its music playback platform: Volumio 3 (no space).
What’s new? As well as offering functionality for Roon, Spotify Connect and Tidal Connect, Volumio 3 features a brand new UI called ‘Manifest’ and the much-requested multi-room (synchronized) playback when streaming UPnP-derived content. Like the previous generation, Volumio3 is built around a Linux operating system, this time tapping Debian Buster for its zippier performance.
Under the hood, Volumio 3’s audio playback engine has also been reworked to feature what the Italian company calls an Advanced Audio Modular Processing Pipeline (AAMPP): approved third-party plugins can be inserted into the playback chain to perform digital signal processing on the music signal before it is handed off to the endpoint/s for playback.
Here’s my (twenty-sixth) monthly but brief update about the activities I’ve done in the F/L/OSS world.
Learning how to fly. Again. Because certain technologies and processes can always be optimized. Take laptops, for instance (I always wanted to become a laptop designer!). From foldable screens to computers that incorporate e-readers, we are always pushing for new designs that address ergonomic requirements but also improve the way we work.
We are doing the same with drones. This month features innovations that dare to challenge the status quo of how we fly.
The seat belt sign is on, and we’re cleared for takeoff. Let’s go!
The Raspberry Pi company has decided to expand its Raspberry Pi OS releases from one to two branches of Debian to better support all users.
The Raspberry Pi OS legacy release will be based on Debian Buster, the 2019 release before Debian Bullseye, which was made the basis of current Raspberry Pi OS in November.
RISC-V is a free and open source standard instruction-set architecture (ISA) for computer chips, and RISC-V International, the foundation behind it, has been around since 2015. As Calista Redmond, RISC-V’s CEO, said during a talk at the Linux Foundation Member Summit, “this is about creating commercial success, changing the game and disrupting the status quo for semiconductors.”
The growth of both RISC-V’s adoption and membership in RISC-V International’s foundation have grown exponentially recently. Membership in the foundation doubled in just the first six months of 2021, and includes chip manufacturers, software and firmware companies and the makers of connected devices. Meanwhile, nearly a quarter of hardware designs incorporate the RISC-V open ISA, including 40% of CPU designs.
Part of the increased demand for open hardware has to do with just an increased demand for hardware, period. As more and more connected devices hit the market, there are more places to incorporate open hardware. “Let’s think about that 50 billion connected IoT devices by 2030,” Redmond said. “This skyrocketing opportunity means we’re putting microprocessors in corners we never imagined.”
As RISC-V has made it easier to bring up processor chipsets, the need for compiler engineers in the RISC-V ecosystem has increased. In fact, RISC-V adoption globally has been growing at a rapid pace for several years with no end in sight, meaning this need will only grow more acute as time goes on.
That is why RISC-V International and Linux Foundation Training & Certification have partnered to release a new, free online training course on the edX platform, RISC-V Toolchain and Compiler Optimization Techniques (LFD113x). The new course, which was officially announced today at RISC-V Summit in San Francisco, is designed for engineers working with RISC-V vendors who are designing their own architectures, and those using RISC-V development boards to build applications. It is also useful for RISC-V application developers looking to improve performance or reduce the code size of their applications, toolchain developers, compiler engineers/performance engineers, and computer science students aspiring to major in systems software.
China's been scammed for billions by rogues in its chase to become a chip powerhouse, though ironically, a free, open-source CPU architecture is emerging as its best bet to create a powerful homegrown chip.
China was a winner at this week's RISC-V Summit, with many organizations introducing CPUs based on RISC-V, an open-source chip architecture sometimes called the Linux of chips. The government-backed Chinese Academy of Sciences, which is on the US Entity List, and StarFive Technology released new RISC-V chip designs for PCs and servers.
China is gut punching Moore's Law and the roughly one-year cadence for major chip releases adopted by the Intel, AMD, Nvidia and others.
The government-backed Chinese Academy of Sciences, which is developing open-source RISC-V performance processor, says it will release major design upgrades every six months. CAS is hoping that the accelerated release of chip designs will build up momentum and support for its open-source project.
RISC-V is based on an open-source instruction architecture, and is royalty free, meaning companies can adopt designs without paying licensing fees.
CAS' first XiangShan chip, called Yanqihu, was taped out in July 2021. Its successor, called Nanhu, was announced on Monday with major performance and architectural upgrades, and will be out early in 2022.
The activity around creating a legit graphics processor for RISC-V chip designs, an emerging competitor to x86 and ARM, is gaining steam.
Special interest groups at RISC-V next year will expand the focus on extensions for shaders and advanced matrix operations, which is important for artificial intelligence and machine learning, Mark Himelstein, chief technology officer at RISC-V, told The Register.
RISC-V International, which developed the instruction set architecture, has interest groups develop extensions that users can add to their chip designs.
In 2021, 16 RISC-V extensions were ratified, Himelstein said, and that number will grow next year. Many new extensions were part of mainstream computing chips announced this year at the RISC-V Summit.
We’ve previously covered Hisilicon Hi3861V100 32-bit RISC-V microcontroller, but HiSilicon Hi3731V110 32-bit RISC-V processor designed for Full HD televisions, the company has gone up the scale with its RISC-V offerings.
The processor is equipped with an M-LVDS interface for TCON panels, CVBS output, YPbPr, VGA, and multiple HDMI 1.4 video inputs. The processor also comes with a 1080p30 VPU supporting H.265, H.264, MPEG4, MPEG2, and other codecs.
The libreboot website is currently only available in English.
I’ve recently added support for translations to the Untitled Static Site Generator, which the Libreboot website uses. Pages on libreboot.org are written in Markdown, and this software generates HTML pages.
This very page that you are reading was created this way!
SeaBIOS 1.15 is the open-source project's first release in sixteen months. Highlights of SeaBIOS 1.15 include better support for USB devices with multiple interfaces, support for USB xHCI devices using direct MMIO access, NVMe support improvements, and increased "f-segment" RAM allocations for BIOS tables. Plus there is the usual assortment of bug fixes and code clean-ups that have come about over the past year.
Today’s a Firefox Tuesday, when the latest version of Mozilla’s browser comes out, complete with all the security updates that have been merged into the product since the previous release.
We used to call them Fortytwosdays, because Mozilla followed a six-weekly coding cycle, instead of monthly like Microsoft, or quarterly like Oracle, and seven days multiplied by six weeks gave you the vital number 42.
There are two new applications available for Sparkers: Firefox Mozilla builds
The Mozilla Foundation published the financial report for the year 2020 today, revealing that it earned $496 million in 2020. The Foundation earned $828 million in 2019, but $338 million came from a legal dispute with former search engine provider Yahoo.
Revenue increased by about $6 million in 2020 as a consequence if you ignore the $338 million one-time payment.
This is an advent calendar for techies. In the fully commercialized digital world, almost everything belongs to a large Internet corporation. Their software is neither open nor free. As an alternative, there is this small island of the open source world: software whose code is publicly visible and can be independently checked for possible security gaps and backdoors. Software that can be freely used, distributed and improved. Often the drive for work is simply the joy of providing something useful to society.
The Eclipse Foundation, the world’s largest open source foundation focused on the Internet of Things (IoT), today announced results from its 2021 IoT & Edge Developer Survey. Administered by the Eclipse IoT Working Group, the Eclipse Edge Native Working Group, and the Eclipse Sparkplug Working Group, the survey provides essential insights into IoT and edge computing industry landscapes, the challenges developers are facing, and the opportunities for enterprise stakeholders in the IoT & edge open source ecosystem. Now in its seventh year, the survey is the IoT & edge industry’s leading technical survey.
“The IoT and edge computing go hand-in-hand with each technology influencing the other,” said Mike Milinkovich, executive director of the Eclipse Foundation. “Once again, this survey provides significant insights into what developers are working on and what challenges they face as we move into 2022.”
Rust support
This is the patch series (v2) to add support for Rust as a second language to the Linux kernel.
If you are interested in following this effort, please join us in the mailing list at:
rust-for-linux@vger.kernel.org
and take a look at the project itself at:
https://github.com/Rust-for-Linux
As usual, special thanks go to ISRG (Internet Security Research Group) and Google for their financial support on this endeavor.
Cheers, Miguel
"In 2022 we will very likely see the experimental Rust programming language support within the Linux kernel mainlined," writes Phoronix, citing patches sent out Monday "introducing the initial support and infrastructure around handling of Rust within the kernel."
The Linux kernel has maintained portability due to reliance on the C programming language, but serious adoption of Rust now threatens its dominance.
Mozilla’s decade old technology has become a major force, offering the same level of flexibility afforded by classic compiled languages, while offering interoperability with C. Kernel developers have long discussed the possibility of bringing Rust to Linux, and the Linux kernel now includes a stable Rust compiler. This has led Kernel developer Miguel Ojeda to introduce a patch that would make Rust its second official language.
Instead, I will help Autoliv Research’s ML/AI team to help them build awesome detection tools to help save more lives. This means working with a group of very smart people ranging from domain experts on things such as psychology, bio-mechanics, machine learning, embedded systems, mechatronics and more. I’m really really excited about this – so much fun to learn.
Even if they don’t have one themselves, we’d wager the average Hackaday reader is at least vaguely aware of how a vacuum former works on a fundamental level. You heat up a plastic sheet until it’s soft, then use a vacuum pump to pull the ductile material down onto an object and hold it there while it cools off. It’s easy to build a vacuum forming rig yourself, but small commercial units are cheap enough that it might not be worth your time. If everything goes to plan, the technique is a quick and effective way of duplicating items around the home and shop.
[...]
But that’s not really the most interesting part. With printed sheets loaded into the vacuum former, you’ve got access to a much wider array of materials to work with. For example, [Nathan] shows off some very interesting flexible pieces he was able to produce using sheets of TPU. You can also experiment with different surface textures. These can not only be used to give your vacuum formed pieces a bit of interesting visual flair, but could actually have some practical applications. In the video we see how a printed mesh could be formed over a piece to create a conformal air vent or filter.
Castellated PCB edges are kind of magical. The plated semicircular features are a way to make a solid, low-profile connection from one board to another, and the way solder flows into them is deeply satisfying. But adding them to a PCB design isn’t always cheap. No worries there — you can make your own castellations with this quick and easy hack.
We are living in great times for DIY, although ironically some of that is because of all the steps that we don’t have to do ourselves. PCBs can be ordered out easily and inexpensively, and the mechanical parts of our projects can be ordered conveniently online, fabricated in quantity one for not much more than a song, or 3D printed at home when plastic will do. Is this really DIY if everything is being farmed out? Yes, no, and maybe.
It all depends on where you think the real value of DIY lies. Is it in the idea, the concept, the design? Or in its realization, the manufacturing? I would claim that most of the value actually lies in the former, as much as I personally enjoy the many processes of physically constructing the individual parts of many projects.
For instance, I designed and built a h
Dr Lynn Woods, Professor in the Department of Doctoral Programs, School of Nursing, Azusa Pacific University, discusses the challenges of dementia and caregiving within the Latino community
Twenty-one percent of Latinos are caregivers to someone with dementia., generally a family member. They spend more time and experience increased burdens compare to their White or Asian-American counterparts. The stress that caregivers experience can, and frequently does, lead to negative emotional (depression) and physical (cardiovascular, hypertension) events. The increased stress associated with caring for someone with behavioural symptoms of dementia (BSD) elevates this risk further.
Managing a business during the plague years has been tough for many, but one plucky CEO has found a clever and efficient way to execute such an unpleasant task: fire 900 workers at once in a Zoom meeting.
In an exercise completely devoid of sensitivity, Better.com CEO Vish Garg gathered around 900 of his staff onto a five-minute Zoom call during the month of Christmas to tell them their jobs were officially nonexistent.
"If you are on this call, you are part of the unlucky group being laid off. Your employment here is terminated, effective immediately," the CEO said.
Better CEO Vishal Garg, best-known for firing 900 employees over one giant Zoom call, is taking time off work while the company hires a third-party to perform a “leadership and cultural assessment.”
After video footage of the meeting was leaked, the Softbank-backed digital mortgage biz was suddenly thrust into the limelight. Garg was blasted for not only laying off nine per cent of staff in such an abrupt manner just weeks before Christmas, but for his stunning lack of empathy.
"The last time I did it, I cried," he told stunned staffers. "This time I hope to be stronger."
His previous treatment of employees was also dug up. He once called some staff “dumb dolphins” or “too damn slow” and “embarrassing.” He urged people to not take Indigenous Peoples' Day off because time should be spent working towards “capital, and therefore our freedom.”
Google confirmed there was, indeed, a software issue that affects devices running on Android 10 and above from reaching 911. It appears to only affect emergency calls; other phone numbers are fine. The glitch seems to stem from the Microsoft Teams app, according to a response posted on Reddit from an official Google account.
Microsoft has settled with the US Justice Department over immigration-related discrimination claims.
At the heart of the investigation were allegations that the Windows giant discriminated against non-US citizens based on their citizenship status as well as against lawful permanent residents.
Users of Windows 11 are complaining about slow write speeds on NVMe SSD drives, a problem which persists even though it was acknowledged by a Microsoft engineer three months ago.
A critical vulnerability has been discovered in Apache Log4j 2, an open-source Java package used to enable logging in many popular applications, and it can be exploited to enable remote code execution on countless servers.
The Apache Software Foundation (ASF) has identified the vulnerability as CVE-2021-44228; LunaSec has dubbed it Log4Shell. (And security researcher Kevin Beaumont was kind enough to create a logo for it, too.) ASF says Log4Shell receives the maximum severity rating, 10, on the Common Vulnerability Scoring System (CVSS) scale.
A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit affecting a popular Java logging library. The vulnerability, dubbed “Log4Shell” by researchers at LunaSec and credited to Chen Zhaojun of Alibaba, has been found in Apache Log4j, an open source logging utility that’s used in […]
An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers.
Infosec firm Randori summarised the vuln in a blog post, saying: "Effectively, any scenario that allows a remote connection to supply arbitrary data that is written to log files by an application utilizing the Log4j library is susceptible to exploitation."
Crafted proof-of-concept code snippets are already doing the rounds.
A software vulnerability exploited in the online game Minecraft is rapidly emerging as a major threat to internet-connected devices around the world.
Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to a 'ubiquitous' zero-day exploit, cybersecurity researchers have warned, leaving IT security teams at several companies scrambling to patch the vulnerability called 'Log4Shell'.
ALPHV BlackCat also uses the Windows Restart Manager API to close processes or shut down Windows services keeping a file open during encryption.
"The Malware infection was the result of the user of the Patient Zero Workstation clicking and opening a malicious Microsoft Excel file that was attached to a phishing email sent to the user on 16 March 2021."
Git cybersecurity startup GitGuardian SAS has announced that it has raised $44 million in new funding to accelerate growth strategies, extend its secret detection solution to become a comprehensive code security platform, expand its go-to-market and increase its headcount.
It’s called FontOnLake and, as they tell about Security Week , this new malware can attack Linux systems. A somewhat unprecedented issue for this malware is the fact that developers are constantly tweaking modules so that they evolve to infect as many systems as possible.
The extensive PDF that ESET researchers published details the ways in which the malware works. Once the system is infected, in addition to collecting personal information, such as the history of commands, sshd credentials, it loads backdoors and rootkit modules, to make the system available to the attacker.
The British arm of Dutch supermarket chain Spar has shut hundreds of shops after suffering an "online attack," the company has confirmed to The Register.
"This has not affected all SPAR stores across the North of England," a Spar spokesman told us, "but a number have been impacted over the past 24 hours and we are working to resolve this situation as quickly as possible."
LancsLive, a local news website for Lancashire, reported that a "total and widespread IT outage" hit the chain at the weekend, along with "security breach" problems today.
The publication reported that food distie James Hall & Co, which provides services to 600 Spar stores was also down - the company website is serving up only an Error 20 code, indicating a general network failure.
The Biden administration announced on Thursday an initiative to prevent the use of technology for surveillance by authoritarian governments, the Wall Street Journal reports.
The Chinese government is among many authoritarian governments that rely on imported technology to conduct state surveillance.
U.S. technology has been used in China to surveil citizens, modernize its military and target Uyghurs in Xinjiang.
When former Mayor Michael B. Coleman's business-backed push to share Columbus City Schools property-tax revenue with charter schools was shot down by voters in 2013, he nonetheless moved forward with his promised new city Department of Education.
This fall, county officials mailed out property tax bills to the owners of a 10-bedroom, 10.5-bath Houston-area mansion, an 8,000-square-foot residence in a historic San Antonio neighborhood, an elegant Highland Park estate in Dallas and a house on more than an acre overlooking Corpus Christi Bay. The homes are worth millions of dollars. In each case, their 2021 tax bill was identical:
Zero.
Most people know that religious organizations pay no property taxes on their houses of worship. Lesser known is that many also get a valuable break on residences for their clergy as well.
The word “parsonage,” as these residences are called, conjures images of humble, spartan rooms attached to drafty churches. A few still are.
Yet in many places across Texas, parsonages are extravagant estates nestled in the state’s most exclusive enclaves. Like their wealthy neighbors, the clergy occupants enjoy spacious and well-appointed homes, immaculate grounds, tennis courts, swimming pools, decorative fountains and serene grottos.
Samsung Electronics nicely rearranged some deck chairs, but unhelpfully left a big one in place. As part of a significant restructuring, the $435 billion company will combine https://news.samsung.com/global/samsung-electronics-announces-new-leadership-2 its mobile and consumer electronics units into one division overseen by rising star Han Jong-hee, who was also elevated to vice chairman and chief executive.
Meta was sued on Tuesday for a whopping $150 billion in a class-action lawsuit for allegedly amplifying hate speech and aiding the Myanmar military in the genocide of the Rohingya people.
The case, led by an anonymous Rohingya refugee living in the US, accuses the entity formerly known as Facebook of inciting hatred and inflicting real harm on the predominantly Muslim group for years. Not only did the social media platform ignore hate speech posts, it's alleged that the service's algorithms actively promoted anti-Rohingya propaganda as hundreds of thousands of people fled from Myanmar to escape persecution.
network of academics influencing Government policy on ‘free speech’ in universities is being steered by pro-Donald Trump lobbyists and donors linked to Republican billionaire venture capitalist Peter Thiel – the chairman and co-founder of CIA-backed data analytics giant Palantir Technologies, a special investigation by Byline Times can reveal.
Sources at Cambridge University have confirmed to Byline Times that the network of conservative academics – many of whom ended up mobilising around Toby Young’s Free Speech Union (FSU) and writing for Claire Lehmann’s Quillette magazine – has been supported from its inception by Peter Thiel’s top chief of staff.
Throughout 2021, Russia’s Internet censors mounted a systematic attack on technologies that could be used by the country’s users to bypass censorship.
In the summer, Roskomnadzor blocked the first two VPNs, then the popular browser Opera killed support for its VPN. In September, eight more popular VPNs were blocked. And then Apple turned off its Private Relay service in Russia. Private Relay was designed to encrypt all the traffic leaving the user’s device so no one can intercept it. Apple has already been forced to turn it off in China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda and the Philippines, citing ‘regulatory requirements’ in those countries. Now it is Russia’s turn.
TOR was Russia’s next natural target because the software allows users to access websites and pages blocked by the authorities. But the significance of this development is much bigger.
Many technologies the users use today to avoid censorship were developed as commercial tools. VPNs, or virtual private networks, were developed when companies understood they needed a secure way to share data between different offices, and to allow employees to access sensitive files remotely and safely.
Julian Assange will be sent stateside for trial on criminal charges after the US government won an appeal against an earlier court order that released him from the threat of extradition.
The former WikiLeaks editor-in-chief lost the latest stage of his attempt to avoid being sent to the US after the Lord Chief Justice and Lord Justice Holroyde accepted US assurances that he would be treated humanely in their prisons.
The High Court has quashed a previous court order "freeing" Assange*, meaning the case will now join the growing pile on Home Secretary Priti Patel's desk awaiting her decision on whether to extradite.
After Judge Baraitser formally discharged Assange in January, the US filed an immediate appeal. Baraitser had thrown out all of Assange's arguments except one: that he would kill himself if sent abroad to stand trial.
Whitney joined TLAV to discuss her perspectives on the recent UK ruling regarding Julian Assange’s potential extradition, the utter facade that is the Ghislaine Maxwell trial, and how the Omicron variant has exposed an inherent hypocrisy in the stance of those calling for “vaccine equity” while pretending to be anti-imperialists.
Between 2018 and 2021, more than one in 33 U.S. residents were potentially subject to police patrol decisions directed by crime prediction software called PredPol.
The company that makes it sent more than 5.9 million of these crime predictions to law enforcement agencies across the country—from California to Florida, Texas to New Jersey—and we found those reports on an unsecured server.
The Markup and Gizmodo analyzed them and found persistent patterns.
Residents of neighborhoods where PredPol suggested few patrols tended to be Whiter and more middle- to upper-income. Many of these areas went years without a single crime prediction.
By contrast, neighborhoods the software targeted for increased patrols were more likely to be home to Blacks, Latinos, and families that would qualify for the federal free and reduced lunch program.
These communities weren’t just targeted more—in some cases they were targeted relentlessly. Crimes were predicted every day, sometimes multiple times a day, sometimes in multiple locations in the same neighborhood: thousands upon thousands of crime predictions over years. A few neighborhoods in our data were the subject of more than 11,000 predictions.
When you love your country, you do things to keep them free from the new age of imperialism. Imperialism has come to the point that anyone who wishes to be promoted is requested to speak and write in a language which they don’t natively speak. All of this is in the name of international recognition. Various offers — be they — calls for a paper or a book, invitations to webinars on how to publish in high impact journals, bundled subscription for access to databases and paywalled journals, to editing services — are flowing to the email inbox of Indonesian academics practically daily. The senders are publishers, paid database indexing service, and also companies providing editing services. Not only individuals are targeted, but also institutions.
Academics are now merely the object, not the subject, in the development of knowledge.
Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.
The nonprofit Electronic Frontier Foundation announced Thursday that it had filed a lawsuit in U.S. federal court on al-Hathloul's behalf against former U.S. officials Marc Baier, Ryan Adams and Daniel Gericke, as well as a cybersecurity company called DarkMatter that has contracted with the United Arab Emirates.
In the lawsuit, al-Hathloul alleges that the trio oversaw a project for DarkMatter that hacked into her iPhone to track her location and steal information as part of broader surveillance efforts targeting dissidents within the UAE and its close ally Saudi Arabia. She said the hacking of her phone led to her "arbitrary arrest by the UAE's security services and rendition to Saudi Arabia, where she was detained, imprisoned, and tortured."
Federal Communications Commissioner Brendan Carr says that proper planning on increased spectrum release and infrastructure reform is necessary for the FCC to ensure a smooth rollout of 5G technology.
From 2024, an internet connection with a download speed of 80 Mbit/s and upload speed of 8 Mbit/s will replace the current standard of 10 and 1 Mbit/s, it suggested when putting the proposal out for public comment which runs until March.
Nextcloud has asked the European Commission to stop Microsoft from pre-installing OneDrive and Teams on Windows to give competitive services a fair chance to appeal to PC users.
"Microsoft is integrating 365 deeper and deeper in their service and software portfolio, including Windows," Nextcloud says on a web page dedicated to its antitrust complaint against Microsoft. "OneDrive is pushed wherever users deal with file storage and Teams is a default part of Windows 11. This makes it nearly impossible to compete with their SaaS services."
Amazon was slapped with a whopping €1.13bn (€£963.7m or $1.3bn) fine by Italy’s antitrust regulator on Thursday for “abusing its dominant position” and handicapping sellers that aren’t using its logistics service.
The ecommerce giant offers to pack, ship, and deliver goods sold by third-party vendors under its Fulfillment by Amazon (FBA) platform. Sellers only have to send their products to an Amazon warehouse, and its workers will handle everything else from there. Although the service is handy, it cuts into their profits.
Facebook whistleblower, Frances Haugen described the company as “morally bankrupt” before a panel of the US Senate Commerce Committee on 5 October. From her position on the company’s civic misinformation team, she witnessed its leadership consistently resolve conflicts between the company’s profits and users’ safety in favour of the former. This was true across a range of issues from hate speech to teenage mental health, ethnic violence and differential treatment for VIP users.
She has also called for greater government regulation and oversight but has dismissed claims that tougher action is needed against the tech giant. In Europe, greater oversight is fast approaching. The proposed Digital Services Act will change the rules for how digital platforms handle content that has been flagged as illegal and will regulate digital gatekeepers to prevent anti-competitive behaviour.
Nvidia's CEO Jensen Huang continues inventing, as if his role in the rise of GPUs wasn't enough.
A patent application published on December 2 credits Huang as one of the inventors of a system to open and share a file in the cloud without the need for a corresponding application on local devices.
Instead, the opened file is encoded and presented through a video stream, with everything happening in the cloud. To be clear, the application is a continuation of filings and patents granted dating back to 2012 related to graphics processing in the cloud and network-attached GPUs. The new patent hasn't been granted yet.
A coalition of nurses unions representing well over 2.5 million health care workers from 28 countries around the world, coordinated by Global Nurses United (GNU) and the Progressive International (PI), have filed a complaint with the United Nations alleging human rights violations by the European Union, the United Kingdom, Norway, Switzerland, and Singapore during the Covid-19 pandemic, whose end, they write “is nowhere in sight.”
In their complaint addressed to Dr. Tlaleng Mofokeng, the UN’s Special Rapporteur on Physical and Mental Health, the nurses charge that “these countries have violated our rights and the rights of our patients — and caused the loss of countless lives” through “continued opposition to the TRIPS waiver ... resulting in the violation of human rights of peoples across the world.”
Clearview’s controversial facial recognition technology is getting closer to being patented by the US Patent and Trademark Office.
The USPTO has given Clearview a “notice of allowance”, a sign that the startup’s patent application will be approved once it pays administrative costs, Politico reported. Clearview said it has scraped ten billion photos from public social media accounts. Although companies like Instagram and Twitter disapprove, Clearview has continued to download these images without permission.
A copyright battle over a decades-old series of Andy Warhol prints of music legend Prince has reached the steps of the U.S. Supreme Court, with Warhol's foundation arguing that the high court has "repeatedly made clear" that a work can be transformative when it conveys a different meaning from the preexisting work.