At SUSE, we partner with several top-notch managed service providers to deliver the whole enterprise package — our open, interoperable offerings backed by their proven ops teams. We help MSPs more easily and securely deliver objectives despite the increasing complexity of the cloud and Kubernetes, while they help our enterprises get up and stay up, running faster, while cutting costs. We provide that much needed abstraction layer so they can focus on your enterprise modernizing securely.
Infrastructure security is important to get right so that attacks can be prevented—or, in the case of a successful attack, damage can be minimized. It is especially important in a Kubernetes environment because, by default, a large number of Kubernetes configurations are not secure.
Securing Kubernetes at the infrastructure level requires a combination of host hardening, cluster hardening and network security.
[...]
I have listed 10 best practices for securing Kubernetes at the infrastructure level. While this is certainly not an exhaustive list by any means, it should give you the foundation to make a good start. I recommend reading chapter two of Kubernetes security and observability: A holistic approach to securing containers and cloud-native applications, an O’Reilly book I co-authored, to learn about these best practices in further detail and to discover additional best practices for infrastructure security.
Kubernetes has seen a surge of adoption over the past few years as companies have pivoted towards containers and cloud-native deployment methods. The platform’s become the leading orchestration solution for running containers in production. This means people who are skilled in using and managing Kubernetes clusters are now in-demand across the industry.
In this article, we’ll look at whether you should learn Kubernetes based on your current role and future objectives. If you’re not being tasked with managing a cluster, the decision ultimately comes down to the skill set you want to acquire and the areas you might move into down the line.
Kubernetes is usually described as a declarative system. Most of the time you work with YAML that defines what the end state of the system should look like. Kubernetes supports imperative APIs too though, where you issue a command and get an immediate output.
In this article, we’ll explore the differences between these two forms of object management. The chances are you’ve already used both even if you don’t recognize the terms.
Alex has a new high-quality self-hosted music setup, and Chris solves complicated Internet problems.
YouTube Shorts are the response of the Video Giant to the Tik Tok. They are 1 minute in length or less and have to be in portrait format to be a “short.” I don’t have nor do I want a Tik Tok so this sort of intrigues me, but I do wonder if it will actually go anywhere. For fun, I thought I would do some YouTube Shorts in preparation for the next Linux Saloon live stream where we will be talking about Solus, an independent Linux distribution that has been known for its speed and efficiency. I haven’t given it a spin since late 2018 so it is well over due for me. It will be quite fun to try it out and see how things have changed. I have historically liked its flagship desktop environment, Budgie but it has been a while.
Join Hackaday Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi on another whirlwind tour of the week’s top stories, hacks, and projects. We start off with some breaking Linux security news, and then marvel over impeccably designed pieces of hardware ranging from a thrifty Z table for the K40 laser cutter to a powerful homebrew injection molding rig. The finer technical points of a USB device that only stores 4 bytes at a time will be discussed, and after taking an interactive tour through the internals of the 555 timer, we come away even more impressed by the iconic 50 year old chip. We’ll wrap things up by speculating wildly about all the bad things that can happen to floating solar panels, and then recite some poetry that you can compile into a functional computer program should you feel so inclined.
In this video, I am going to show an overview of Linuxfx 11.1.1103 and some of the applications pre-installed.
DXVK-NVAPI as the open-source project implementing support for NVIDIA's NVAPI within the realm of DXVK is out with a new release, which is exciting for NVIDIA Linux gamers.
DXVK-NVAPI is an important project for NVIDIA Linux gamers enjoying Valve's Steam Play (Proton) or outside of it as well if using DXVK otherwise. DXVK-NVAPI provides an NVAPI library implementation that can be used by the Windows games that make use of this NVIDIA API. DXVK-NVAPI is already used for Deep Learning Super Sampling (DLSS), NVAPI D3D11 extensions, and other features.
Wayland Protocols 1.25 was released today as the collection of testing and stable Wayland protocols. New to Wayland Protocols 1.25 is the session-lock-v1 protocol being experimental and responsible to handle session locking.
The session-lock-v1 protocol is the main addition of Wayland Protocols 1.25 and allows for privileged Wayland clients to lock the session and display arbitrary graphics while in the locked mode. That authenticated client is responsible for handling user authentication and interfacing with the compositor for disabling the session lock when appropriate.
Ahead of the Intel Arc "Alchemist" graphics cards shipping this year, Intel's open-source developers have continued ironing out the Linux driver support. The most recent kernel patches are for getting their Resizable BAR "ReBAR" support in order.
Sent out this week were a set of patches for small BAR recovery support for the Intel kernel graphics driver on Linux.
The GStreamer team is excited to announce the first release candidate for the upcoming stable 1.20 release series.
This 1.19.90 pre-release is for testing and development purposes in the lead-up to the stable 1.20 series which is now feature frozen and scheduled for release very soon. Any newly-added API can still change until that point, although it is extremely unlikely for that to happen at this point.
Depending on how things go there might be more release candidates in the next couple of days, but in any case we're aiming to get 1.20.0 out as soon as possible.
The first release candidate of GStreamer 1.20 is now available for testing of this widely-used, open-source multimedia framework.
GStreamer 1.20 is going to be a large feature release while to ensure it's stable and in good standing, the first release candidate is out today. Among the changes worked on for GStreamer 1.20 include:
- GstPlay as a new high-level playback library to replace GstPlayer.
- WebM alpha decoding support.
Multipass has a new workflow tailored to run Docker containers on macOS, Windows or Linux. One single command, no dependencies, full flexibility.
Multipass exists to bring Ubuntu-based development to the operating system of your choice. Whether you prefer the GUI of macOS (even on M1), Windows or any other Linux, the unmatched experience of developing software on Ubuntu is there at your fingertips, just one “multipass launch” away. Today, the Multipass team is delighted to enhance this experience for developers working with containerised applications!
ONLYOFFICE Docs is an open-source office suite distributed under GNU AGPL v3.0. It comprises web-based viewers and collaborative editors for text documents, spreadsheets, and presentations highly compatible with OOXML formats.
ONLYOFFICE Docs can be integrated with various cloud services such as Nextcloud, Seafile, Redmine, Alfresco, etc., as well as embedded into your own solution. The editors can also be used as a part of the complete productivity solution ONLYOFFICE Workspace. With the latest major update, the ONLYOFFICE developers added online form functionality allowing users to create, collaborate on and fill in forms to create documents from templates. Forms can be exported in fillable PDF and DOCX.
In this tutorial, we’ll learn how to create a fillable form with ONLYOFFICE Docs.
On Linux, the Terminal is used quite often to maintain the system. But besides doing serious work, there are also some funny commands, which I will show you below.
Here, we are using Ubuntu 20.04, but you can basically use any other Linux operating system.
Today we are looking at how to install Muck by Dani on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
Today we will see how to install Raspberry Pi with VirtualBox. The famous Linux OS comes as an embedded system which usually utilized in projects. For testing and simulation environments having Pi in VirtualBox will be a good idea. As per official documentation, this Debian derivative can be a buildup for Microsoft, Apple OS, and Linux-based environments. For Linux Ubuntu can be customized as a Pi- environment. But, here we are discussing to buildup a dedicated os with the help of Virtual Box. Let’s take a brief on Pi’s features.
Linux Containers have been around for some time but were introduced in the Linux kernel in 2008. Linux containers are lightweight, executable application components that combine app source code with OS libraries and dependencies required to run the code in different environments.
Developers use containers as an application packaging and delivery technology. One key attribute of containers is combining lightweight application isolation with the flexibility of image-based deployment methods.
RHEL based systems like CentOS and Fedora Linux implements containers using technologies such as control groups for resource management, namespaces for system process isolation, SELinux for security management. These technologies provide an environment to produce, run, manage and orchestrate containers. In addition to these tools, Red Hat offers command-line tools like podman and buildah for managing container images and pods.
In this tutorial, we will show you how to install ELK Stack on AlmaLinux 8. For those of you who didn’t know, The ELK Stack is an acronym for a combination of three widely used open-source projects: E=Elasticsearch, L=Logstash, and K=Kibana. With the addition of Beats, the ELK Stack is now known as the Elastic Stack. the ELK platform allows you to consolidate, process, monitor, and perform analytics on data generated from multiple sources in a way that is fast, scalable, and reliable.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the ELK Stack on an AlmaLinux 8. You can follow the same instructions for Rocky Linux.
minikube is an open-source tool, also a local Kubernetes focusing on making it easy to learn and develop for Kubernetes.
This tutorial will be helpful for beginners to install minikube on Ubuntu 20.04 LTS, Ubuntu 22.04.
There are a couple of reasons why you should know your Linux kernel version, It could be a handful when you want to install the Linux header, and even it’s a pretty common error for the VMware Workstation to fail in case of a missing Linux header.
In this article, you will see how to check the kernel version, alongside you will see the steps to install Linux header on your system.
It’s pretty easy to run a batch file on windows.
Just just create a file, change the extension to .bat, and either call the script in PowerShell or double click to execute it. Windows users are spoiled.
If you want to create a script and run it in Ubuntu, a few extra steps are involved.
In this tutorial, we will learn the steps to install Puppet Server on AlmaLinux or Rocky Linux 8 distros using the command terminal.
Puppet is an open-source project with enterprise support, it allows admins to automate the configuration of a single server or computer to a large network of systems; Ansible and Foreman are a few of its alternatives.
When developers and administrators have to configure multiple servers at a time with similar configurations then instead of repeating the same tasks on each system one by one they use special configuration managers such as Puppet. Ideally, many tasks can be automated with it using Puppet’s Domain-Specific Language (DSL) — Puppet code — which you can use with a wide array of devices and operating systems. It was developed in 2005 by Puppet Labs, Portland, Oregon; written in Ruby and designed to be cross-platform. Any login term enterprise operating system can be used to host Puppet servers such as OracleLinux, RedHat, SuSE, Ubuntu, Debian AlmaLinux, and Rocky Linux. Systems running Windows can also be configured and managed with Puppet, with some limitations.
Sentry is a popular error-tracking platform that gives you real-time visibility into issues in your production environments. GitLab’s Error Reporting feature lets you bring Sentry reports into your source control platform, offering a centralized view that unifies Sentry errors and GitLab issues.
The feature originally relied on an integration with an existing Sentry service, either the official Sentry.io or your own self-hosted server. This changed with GitLab 14.4 which added a lightweight Sentry-compatible backend to GitLab itself. You no longer need an actual Sentry installation to get error reports into GitLab.
Here’s how to get started with the integrated Sentry backend. Before we proceed, it’s worth mentioning that this capability might not be right for you if you’re already acquainted with the Sentry dashboard. GitLab’s backend is a barebones solution which surfaces errors as a simple list. It’s best for smaller applications where you don’t want the overhead of managing a separate Sentry project.
Android Studio is Android’s official development environment. The tool is designed specifically for Android devices to help you build the highest quality apps. Android applications are built on a setup developed by Google, which is known to all Android users. The IDE replaced the Eclipse tool, which was primarily used for Android development. AS IDE has been used to develop some of the most well-known Android applications.
Chromebooks are great, inexpensive machines that work via a connection to Google services and seem like the perfect platform for game streaming. That’s why it’s not too much of a surprise that the rumor mill is suggesting that Google is working on gaming Chromebooks.
Managing various games and applications installed on Linux using Wine can be a hassle, and while there's stuff like Lutris available perhaps Bottles might be a better dedicated option just for Wine directly.
Version 2022.1.28 has rolled out, with an aim to make the experience more stable thanks to a whole new Wine backend. The new system is split across three components (WineCommand, WineProgram, Executor), that should allow for easy extensions to what Bottles can offer. One useful change with this is that you can run commands without other things interfering (like Gamescope and GameMode).
There's also now the ability to show / hide programs inside each Bottle, their new build of Wine (Caffe) is based on Wine 7.0 with support for the newer Futex2 code, an improved view with a search bar for installers like Epic Games and GOG Galaxy and some other minor features.
Wadjet Eye Games seem to be on a roll lately for Linux support. First we saw upgrades and new ports of The Blackwell Bundle, then Gemini Rue and now we have Unavowed. A good time to be a point and click adventure game fan.
"A demon possessed you one year ago. Since that day, you unwillingly tore a trail of bloodshed through New York City. Your salvation comes in the form of the Unavowed – an ancient society dedicated to stopping evil.
Wadjet Eye Games continue getting their older published titles upgraded for Linux, after doing the same for The Blackwell Bundle we now have a modern port of Gemini Rue for Linux.
"Azriel Odin, ex-assassin, arrives on the rain-drenched planet of Barracus. When things go horribly wrong, he can only seek help from the very criminals he used to work for.
Meanwhile, across the galaxy, a man called Delta-Six wakes up in a hospital with no memory. Without knowing where to turn or who to trust, he vows to escape before he loses his identity completely.
Version 0.2.9 launched earlier in the week, and it includes the addition of an in-game item called the Nduja Fritta Tanto – or, NFT for short.
“From game patch 0.2.9, the Nduja Fritta Tanto can randomly drop from candles/braziers to add 10 spicy seconds to your runs. Terrible pun, great item. We’re against NFT practices if that wasn’t clear,” reads the patch notes.
Aside from Poncle’s choice “to jump on the hottest trends in gaming,” there are several other changes made to Vampire Survivors with the patch.
This includes a Garlic evolution, one additional new evolution, and two more achievements.
It’s time for the Linux Gaming predictions for 2022! Last year in early 2021 we collected predictions from numerous actors of the Linux Gaming Sphere, and it was a lot of fun. And very useful too: our combined predictions ended up being more right than not (as documented) and we hope to be able to repeat this feat again this year.
It’s been a while since I last blogged about the state of Fractal-next. Even though I’m not great at writing updates we’ve been making steady and significant progress on the code front. Before we dive into our progress I want to say thank you to all contributors, and especially Kévin Commaille.
Update on what happened across the GNOME project in the week from January 21 to January 28.
Some other noteworthy news within Tumbleweed is that Wicked is being phased out. New installations of Tumbleweed are all using NetworkManager by default. This is not only for desktops, but also for server installs. However, upgraders are not planned as of yet to be migrated away from Wicked.
The latest Tumbleweed snapshot is 20220126. Samba updated twice this week; this snapshot brought in the 4.15.4 version, which provided a bit of cleanup and configuration changes. The 5.16.2 Linux Kernel quickly went from staging to snapshot. The updated kernel had multiple Advanced Linux Sound Architecture fixes for newer Lenovo laptops and KVM fixes for s390 and x86 architectures. The text editor vim had several fixes along with some additional changes for the experimental vim9 fork in its 8.2.4186 version. xlockmore, which is a screen saver and X Window System package, updated an xscreensaver port and fixed some modules in its 5.68 version. The 3.74 version for mozilla-nss replaced four Google Trust Services LLC root certificates, added a few iTrusChina root certificates and added support for SHA-2 hashes in CertIDs in Online Certificate Status Protocol responses.
Dear Tumbleweed users and hackers,
The week has passed without any major hiccups, which also shows in the number of Tumbleweed snapshots released during this week. Not the highest count ever achieved, but we are at a solid 6 snapshots (0121.0126), with the next one already in QA.
As Kubernetes users know, Rancher is a popular complete software stack for running and managing multiple Kubernetes clusters across any infrastructure. Now, since Linux and cloud-power SUSE acquired Rancher, it's launched its first new program: Rancher Desktop 1.0
In the pre-pandemic past, time and budget often limited which industry events people could attend. While time will always be a factor, the shift towards virtual gatherings has made that commitment much easier for many people. Pair a more flexible schedule with reduced costs for travel and tickets, and you have the most accessible industry landscape in history.
Sysadmins are known as "jack-of-all-trades" technologists who need broad and deep knowledge to do their jobs well. But this makes it hard for them to choose which conferences—many aimed at specific tech audiences—to attend.
Like everything in life, it comes down to your priorities. Want to focus on your automation skills this year? AnsibleFest it is. Want to bridge the gap between sysadmins and developers? Try DevConf or All Things Open (which, in my experience, leans towards developers). What about container technology? Well, there's Kubecon for that...
You see my point. There are a lot of events to choose from. So it raises the question, what is your number one must-attend tech event for 2022?
There are probably not too many people that need to do disk partitioning and storage space management on a daily basis. For most of us it is something low level that needs to be set up just once and then promptly forgotten.
Strangely enough the Ansible Storage Role can be very useful for both of these groups of people. Here, I would like to try and explain why and how to use it.
Please remember that Storage Role operations are often destructive – the user can easily lose data if he is not being careful. Backup, if possible, think twice if not.
Open banking requirements add complexity to protecting customer data. Banks need to juggle the complexity of keeping customer data safe and adhering to privacy requirements and expectations -- while also sharing data with authorized institutions. These regulations also inform the software development process, which must implement ever increasing functional capability and efficiencies while adhering to the prescribed directives. The question is, how?
Software development efforts are not conducted independently of regulatory requirements. While ultimately banks must ensure that customer data is not stolen or altered in the process of sharing and that customer privacy is not compromised - violations can risk a bank’s reputation and incur financial penalties from regulators - there is a clear need for developers to contribute significantly to better privacy engineering standards.
In mid-December, the Council one Foreign Relations sponsored a virtual roundtable with Joseph Nye, - former dean of Harvard’s Kennedy School of Government, - to discuss his recent Foreign Affairs article The End of Anarchy?: How to Build a New Digital Order. Professor Nye has long been regarded as one of America’s preeminent strategic thinkers and political scientists. In the 1970s he chaired the National Security Council Group on Nonproliferation of Nuclear Weapons, and over the past decade he’s brought his expertise to the study of conflict and deterrence in cyberspace.
Cybersecurity is an increasingly important aspect of the of US national security strategy, including global trade and the protection of our critical infrastructures. In June of 2021, FBI Director Christopher Wray compared the danger of ransomware attacks on US firms by Russian criminal groups to the September 11 terrorist attacks. And, in a July editorial, the NY times said that ransomware attacks have emerged as “a formidable potential threat to national security,” given “their ability to seriously disrupt economies and to breach strategically critical enterprises or agencies,” urging governments that “It is a war that needs to be fought, and won.”
At an MIT conference in February of 2019, former US Secretary of State Henry Kissinger was asked if we need cybersecurity control agreements with Russia, China and other nations similar to the nuclear arms control agreements that he spent so much time negotiating during the Cold War. Dr. Kissinger replied that for arms control to be effective, the two sides needed to share information and agree to inspections. But such mechanisms are harder to apply in the digital world, because the transparency that was essential for arms control would be very hard to establish for cyber threats. In addition, while controls of physical arms are relatively explicable and negotiable, the variety and speed of cyber attacks make it much harder to develop adequate control agreements.
given the fact – that once installed – GNU Linux Debian can boot (almost) anywhere, the fastest and easiest way to “install” it is to simply 1:1 copy it on whatever the user wants to boot from (harddisk or usb stick (some sticks can not be made bootable, try at least 3 different vendors)).
So… this install script 1:1 copy installs Debian 11 (non-free) on any laptop/desktop/server (depending on internet speed) very fast & easy.
The process can be automated (on similar hardware or on hardware where /dev/sda is always the device the user wants to 1:1 overwrite).
Now, my psychic powers aren’t as sharp as they used to be but I can sense that most of you are staring at this page struggling to recall what this is —oh, and someone with a H in their name is reading this post in their underwear. Go put trousers on dude, honestly…
I’ll save you scraping the back of your minds: the Canonical Partner repo is where software vendors could provide proprietary apps for easy install by Ubuntu users. Skype, for instance, used to be an apt-get away thanks to this repo.
For Ubuntu PC or laptop with a low resolution monitor, some app windows may be bigger than screen height, thus it’s NOT fully accessible especially for the bottom part.
This usually happens in some Qt apps and Gnome Extension settings dialog in my Ubuntu laptop with 1366Ãâ768 screen resolution. A workaround is moving the app window above the top of the screen. Here’s how to do the trick in Ubuntu!
 The new Raspberry Pi OS release (dated 2022-01-28) is here about three months after the previous update, which rebased the distribution on the Debian GNU/Linux 11 “Bullseye” operating system series to add various improvements to the raspi-config application that lets you configure Raspberry Pi system settings.
Both the raspi-config command-line tool and its rc_gui GTK graphical user interface received enhancements. For example, rc_gui no longer ships with the camera interface switch and features a combo box to allow users to set the resolution for VNC (Virtual Network Computing) connections. In addition, Mutter is now automatically disabled when the VNC server is running and the system falls back to Openbox.
This electronic keyboard is completely designed and built from scratch, including the structure of the instrument and the keys themselves. [Balthasar] made each one by hand out of wood and then built an action mechanism for them to register presses. While they don’t detect velocity or pressure, the instrument is capable of defining the waveform and envelope for any note, is able to play multiple notes per key, and is able to change individual octaves. This is thanks to a custom 6Ãâ12 matrix connected to a STM32 microcontroller. Part of the reason [Balthasar] chose this microcontroller is that it can do some of the calculations needed to produce music in a single clock cycle, which is an impressive and under-reported feature for the platform.
The build relies on a CANserver, an ESP32-based device specifically built for hooking up to the CAN bus on Tesla vehicles and sharing the data externally. The data can then be piped wirelessly to an Android phone running CANdash to display all the desired information. With the help of an aftermarket dash clip or a 3D printed custom mount, the phone can then be placed behind the steering wheel to display data in the usual location.
All these people have conflicts of interest. For example, Molly herself was secretly sleeping with Chris Lamb when he was leader of Debian. Imagine a woman comes to Molly's team to make an abuse complaint about Lamb or one of his close friends.
[...]
Women trusting women simply because they are women is not a good choice.
There are numerous examples of women like Molly who have been sympathetic to or even in cahoots with male abusers.
Happy International Data Privacy Day! While January 28 marks a day to raise awareness and promote best practices for privacy and data protection around the world, we at Mozilla do this work year-round so our users can celebrate today — and every day — the endless joy the internet has to offer.
We know that data privacy can feel daunting, and the truth is, no one is perfect when it comes to protecting their data 24/7. At Mozilla though, we want to make data protection feel a bit easier and not like something else on the never-ending life to-do list. We build products that protect people online so they can experience the best of the web without compromising on privacy, performance or convenience. The internet is too good to miss out on — we’ll take care of securing it so you can focus on exploring and enjoying it.
To accomplish this, we started with square one: our Firefox browser — enhancing its privacy and tracking protections over the past year, while improving its user experience to make surfing the web less dangerous and more carefree.
[...]
Despite how it sounds, you don’t need to be a hacker to make use of an encrypted connection. Whether you’re online shopping or want to make sure your login credentials are safe from attackers, we’re working on ensuring your browsing experience is secure from start to finish. That’s why, when you open up a Private Browsing tab on Firefox, you can be confident that your information is safe thanks to our HTTPS by Default offering, which ensures the data you share with and receive from a website is encrypted and won’t be able to be intercepted, viewed or tampered with by a hacker. To take this one step further, we’re also working with Internet Service Providers like Comcast and other partners through our Trusted Recursive Resolver program, to begin making DNS encryption the default for Firefox users in the US and Canada.
MongoDB is the most common and widely used NoSQL database. It is an open-source document-oriented DB. NoSQL is used to refer to ‘non-relational’. This means that the MongoDB database is not based on tabular relations like RDBMS as it provides a distinct storage and data retrieval mechanism.
The storage format employed by MongoDB is referred to as BSON. The database is maintained by MongoDB Inc. and is licensed under the Server-Side Public License (SSPL).
I discovered that 'gst-editing-services' is another dependency of Pitivi, added to these: https://bkhome.org/news/202201/more-dependencies-for-pitivi-video-editor.html There is no recipe in OE, so I attempted to compile it on the host system. Stuffed around for about 3 hours, unable to compile, ninja is doing something stupid.
This morning I posted about a complete recompile in OpenEmbedded, "revision 7":
https://bkhome.org/news/202201/what-to-expect-in-the-next-release-of-easyos.html
This included bumped gstreamer version, suitable to run Pitivi.
Wasmer 2.2-rc1 is out today as the WebAssembly run-tme to "run any code on any client" with its broad platform coverage and allowing numerous programming languages from Rust to PHP to C# being able to be compiled into WebAssembly and then running on any OS or embedded into other languages for execution.
Wasmer continues as one of the leading open-source WebAssembly runtimes with a diverse feature-set. Its project site at Wasmer.io talks up Wasmer for use from "supercharged blockchain infrastructure" to "portable ML/AI applications". Buzzwords aside, Wasmer has been a very interesting WebAssembly open-source project.
This is a list of free/libre open source software (FLOSS) alternatives to Visual Basic (part of Microsoft Visual Studio) computer programming platform. If your school is still teaching VB 6, or if you now use Ubuntu for programming classroom, we strongly suggest you to switch to either one of these alternatives. With these, one can create computer programs visually by drag and drop as well as coding just like what one can do with VB.
JEDEC Solid State Technology Association, the global leader in the development of standards for the microelectronics industry, today announced the publication of the next version of its High Bandwidth Memory (HBM) DRAM standard: JESD238 HBM3, available for download from the JEDEC website. HBM3 is an innovative approach to raising the data processing rate used in applications where higher bandwidth, lower power consumption and capacity per area are essential to a solution’s market success, including graphics processing and high-performance computing and servers.
HBM3 memory doubles the per-pin data rate of HBM2 to now provide 6.4 Gb/s per-pin or up to 819 GB/s per device. HBM3 also doubles the independent channels to 16 while virtually supporting 32 via two pseudo channels per channel, between 8Gb to 32Gb per memory layer, symbol-based ECC on-die, and improved energy efficiency. The specs aren't too much of a surprise with SK Hynix having announced their first HBM3 memory back in Q4. HBM3 has been in development the past several years, originally under the "HBMnext" name, for improving upon HBM2 memory.
f you are old enough, you may remember that, for a time, almost every year was the year that home video was going to take off. Except it never was, until VHS tape machines appeared. We saw something similar with personal computers. Nowadays, we keep hearing about the home robot, but it never seems to fully materialize or catch on. If you think about it, it could be a problem of expectations.
What we all want is C3PO or Rosie the Robot that can do all the things we don’t want to do. What we usually get is something far less than that. You either get something hideously expensive that does a few tasks or something cheap that is little more than a toy.
Labrador Systems is trying to hit the middle ground. While no one would confuse their Caddie and Retriever robots with C3PO, they are useful but also simple, presumably to keep the cost down which are expected to cost about $1,500. The robots have been described as “self-driving shelves.” You can watch a video about the devices below.
Among the great engineers of the 20th century, who contributed the most to our 21st-century technologies? I say: Claude Shannon.
Shannon is best known for establishing the field of information theory. In a 1948 paper, one of the greatest in the history of engineering, he came up with a way of measuring the information content of a signal and calculating the maximum rate at which information could be reliably transmitted over any sort of communication channel. The article, titled “A Mathematical Theory of Communication,” describes the basis for all modern communications, including the wireless Internet on your smartphone and even an analog voice signal on a twisted-pair telephone landline. In 1966, the IEEE gave him its highest award, the Medal of Honor, for that work.
If information theory had been Shannon’s only accomplishment, it would have been enough to secure his place in the pantheon. But he did a lot more.
At a time when there were fewer than 10 computers in the world, Shannon speculated on their use beyond numerical calculation, including language translation and logical deductions, which arguably led to the rise of machine learning.
We’re no strangers to [Ivan]’s work and this time he’s building a relatively small CNC machine using extrusion, 3D printed parts, and a Makita router. The plans are available at a small cost, but just watching the accelerated build is fascinating.
You might think you could just attach something to an existing 3D printer frame that cuts like a Dremel tool. You can do that, but for most purposes, you need something stiffer than most desktop printers. You can see how solid this build is with multiple extrusions forming the base and very rigid axes.
There’s an unknown piece of military electronic gear being investigated over on [Usagi Electric]’s YouTube channel (see video below the break). The few markings and labels on the box aren’t terribly helpful, but along with the construction and parts, seem to identify it as relating to the US Navy from the WWII era. Its central feature is a seeing-eye tube and an adjustment knob. [David] does a bit of reverse engineering on the circuit, and is able to fire it up and get it working, magic eye squinting and all.
But there’s still the unanswered question, what was this thing supposed to do? Besides power, it only has one input signal. There are no outputs, except the “data” presented visually by the magic eye tube. Commenters have suggested it was used with sonar equipment, calibration tool, RTTY tuning aid, light exposure meter, etc. But if you dust off your copy of Navships 900,017 “Radar Systems Fundamentals” from 1944 and turn to page 249, there’s a section entitled Tuning Indicator that describes this circuit, almost.
Qualys just published CVE-2021-4034 which is trivial to exploit and impacts a large variety of distributions and versions. In a nutshell, the vulnerability, also called PwnKit, allows for a local escalation of privilege (LPE), due to out-of-band writing, in Polkit’s Pkexec, an alternate solution to the “sudo” privilege management tool. Pkexec is installed by default on most popular Linux distributions. A successful exploit can lead to handing admin/root privileges to unauthorized users.
While everybody loves a fine LPE, it’s mostly an excuse for us to take a look at another aspect of CrowdSec: pure alerting capabilities along with remediation.
Linux systems are known for being solid when it comes to security. Since most Linux programs come from trusted sources and are usually reviewed by the community, it's pretty unusual to encounter very high-impact bugs. However, this doesn't mean Linux is free from such problems altogether. The recent discovery of the PwnKit system service bug is one such example.
The PwnKit vulnerability is a serious bug that gives root privileges to any local user. This bug is especially dangerous because it affects almost all major Linux distributions.
So what’s the story with pkexec? NULL argv. OK, Linux programming 101 time. When a program is launched on Linux, it’s passed two parameters, normally named argc and argv. These are an integer, and an array of char pointers respectively. If you’re not a programmer, then think of this as the number of arguments, and the list of arguments. This information is used to parse and handle command line options inside the program. argc is always at least one, and argv[0] will always contain the name of the binary as executed. Except, that isn’t always the case. There’s another way to launch binaries, using the execve() function. That function allows the programmer to specify the list of arguments directly, including argument 0.
So what happens if that list is just NULL? If a program was written to account for this possibility, like sudo, then all is well. pkexec, however, doesn’t include a check for an empty argv or an argc of 0. It acts as if there is an argument to read, and the way the program initialization happens in memory, it actually accesses the first environment variable instead, and treats it like an argument. It checks the system PATH for a matching binary, and rewrites what it thinks is it’s argument list, but is actually the environment variable. This means that uncontrolled text can be injected as an environment variable in pkexec, the setuid program.
Security updates have been issued by CentOS (java-1.8.0-openjdk), Debian (graphicsmagick), Fedora (grafana), Mageia (aom and roundcubemail), openSUSE (log4j and qemu), Oracle (parfait:0.5), Red Hat (java-1.7.1-ibm and java-1.8.0-openjdk), Slackware (expat), SUSE (containerd, docker, log4j, and strongswan), and Ubuntu (cpio, shadow, and webkit2gtk).
The diffoscope maintainers are pleased to announce the release of diffoscope version 202. This version includes the following changes:
[ Chris Lamb ] * Don't fail if comparing a nonexistent file with a .pyc file (and add test). (Closes: #1004312) * Drop a reference in the manual page which claims the ability to compare non-existent files on the command-line. This has not been possible since version 32 which was released in September 2015. (Closes: #1004182) * Add experimental support for incremental output support with a timeout. Passing, for example, --timeout=60 will mean that diffoscope will not recurse into any sub-archives after 60 seconds total execution time has elapsed and mark the diff as being incomplete. (Note that this is not a fixed/strict timeout due to implementation issues.) (Closes: reproducible-builds/diffoscope#301) * Don't return with an exit code of 0 if we encounter device file such as /dev/stdin with human-readable metadata that matches literal, non-device, file contents. (Closes: #1004198) * Correct a "recompile" typo.
[ Sergei Trofimovich ] * Fix/update whitespace for Black 21.12.
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
A German activist is trying to track down a secret government intelligence agency.
[....]
In a similar story, someone used an AirTag to track her furniture as a moving company lied about its whereabouts.
Transparency and inclusivity are critical to a successful Tech Envoy appointment, and, as applications close, Access Now is calling on the United Nations (U.N.) to publish all key information in relation to processes, candidates, and final decisions.
Access Now shared the world’s excitement when the U.N. Secretary-General Antonio Guterres created a new position, the Tech Envoy, to lead the U.N. into the digital age. However, the Secretary-General chose an opaque appointment process for the inaugural U.N. Tech Envoy, and the first candidate left the position ignominiously last November.
Yesterday, January 27, marked the application deadline for the next U.N. Tech Envoy, and civil society is pushing for an improved process. Access Now joined over 90 non-state stakeholders in urging the U.N. Secretary-General to ensure an open and transparent U.N. Tech Envoy appointment process, and commit to human rights and multi-stakeholder engagement. Reiterating the joint Position Paper of November 2020, the letter underscores that transparency is integral to support a trustworthy, inclusive relationship with all stakeholders.
“To rebuild trust, transparency that centers on the diverse voices of civil society is essential. We demand that such transparency start with the appointment process itself,” said Laura O’Brien, U.N. Advocacy Officer at Access Now.
We, the undersigned 15 press freedom and human rights organizations, write to urge you to withdraw opposition to pre-trial bail for Nusrat Shahrin Raka, a homemaker and sister of exiled Bangladeshi journalist Kanak Sarwar, and to work cooperatively with Raka’s lawyers and the relevant courts to facilitate her immediate release from jail.
We also request that you cease the judicial harassment of Kanak Sarwar by dropping all unwarranted charges brought against him in relation to his journalistic work. Further, we call on the Bangladesh government to repeal the Digital Security Act unless it can be promptly amended in line with international human rights law and standards with regard to the fundamental right of freedom of expression.
We have reviewed credible allegations that authorities have targeted Raka in retaliation for Sarwar’s criticism of the Bangladesh government on his YouTube channel, Kanak Sarwar News. The persecution of Raka signals that authorities will use drastic means to silence critical reporting, whether in Bangladesh or abroad, amid an intensifying assault on the fundamental right to freedom of expression.
We, the undersigned civil society organizations and members of the #KeepItOn Coalition — a global network of human rights organizations that work to end internet shutdowns — strongly condemn the recent targeting and destruction of telecommunication infrastructure in Hodeidah by Saudi- and UAE-led airstrikes. These unjustified attacks claimed the lives of hundreds of people while others remain missing in the rubble. Survivors have been unable to communicate with, or confirm the wellbeing of, those targeted.
On Friday, January 21, 2022, activists and technology experts reported that internet access had dropped significantly across the country, except for people using internet service provider, AdenNet, in the region of Aden, which was not impacted by the shutdown. The telecom facility which was heavily affected by the airstrike connects Yemen to the FALCON international cable, thereby cutting off millions of people from the internet. The shutdown lasted for about three and a half days with full internet access completely restored on January 24 at approximately 01:00 local time.
Recently, I have been working on implementing a parser for media types (commonly called MIME types) and a database which maps media types to file extensions and vice-versa. I thought this would be an interesting module to blog about, given that it’s only about 250 lines of code, does something useful and interesting, and demonstrates a few interesting xxxx concepts.
The format for media types is more-or-less defined by RFC 2045, specifically section 5.1. The specification is not great. The grammar shown here is copied and pasted from parts of larger grammars in older RFCs, RFCs which are equally poorly defined. For example, the quoted-string nonterminal is never defined here, but instead comes from RFC 822, which defines it but also states that it can be “folded”, which technically makes the following a valid Media Type:
text/plain;charset="hello world"Or so I would presume, but the qtext terminal “cannot include CR”, which is the mechanism by which folding is performed in the first place, and… bleh. Let’s just implement a “reasonable subset” of the spec instead and side-step the whole folding issue.1 This post will first cover parsing media types, then address our second goal: providing a database which maps media types to file extensions and vice versa.
DNS is a very centralized system. The management of domain names is controlled by ICANN, the Internet Corporation for Assigned Names and Numbers. And since DNS records must be served from a server with authority, the root DNS naming zones are controlled by only a few centralized servers.
While this works well to protect malicious actors from taking over the internet and wreaking havoc, it does present a few problems. You can’t purchase domain names directly from ICANN—you must go through an accredited registrar. This means you must give money to third party companies that you may not want to do business with, and it also means you’re subject to those companies’ rules and regulations; services like GoDaddy have been known to revoke domain names for problematic content.
Central authority for DNS also means central control, and a big part of the cryptocurrency movement is having decentralized control through peer-to-peer networks. This is what Handshake Domains are trying to fix.
By having the root DNS information stored in the blockchain—an immutable collection of data hosted by many individual users—DNS queries can be securely resolved without the need for any special root DNS name servers.