Bonum Certa Men Certa

Links 22/2/2022: GNOME 42 Beta and Istio Flaw



  • GNU/Linux

    • Istio

      • ISTIO-SECURITY-2022-003

        The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.

      • Istio / Announcing Istio 1.13.1

        This release fixes the security vulnerabilities described in our February 22nd post, ISTIO-SECURITY-2022-003. This release note describes what’s different between Istio 1.13.0 and 1.13.1.

      • Istio / Announcing Istio 1.12.4

        This release fixes the security vulnerabilities described in our February 22nd post, ISTIO-SECURITY-2022-003. This release note describes what’s different between Istio 1.12.3 and 1.12.4.

      • Istio / Announcing Istio 1.11.7

        This release fixes the security vulnerabilities described in our February 22nd post, ISTIO-SECURITY-2022-003. This release note describes what’s different between Istio 1.11.6 and 1.11.7.

    • Audiocasts/Shows

    • Kernel Space

      • Graphics Stack

        • Ray Tracing On A Modern TI Graphing Calculator | Hackaday

          Something being impractical isn’t any reason not to do it, which is why just about anything with a CPU in it can run Doom by now. For the same reason there obviously is a way to do ray tracing of 3D scenes on a modern-day TI-84 Plus CE graphical calculator. This is excellent news for anyone who has one of these calculators, along with a lot of time, perhaps during boring classes, to spare.

          As [TheScienceElf] demonstrates in a video, also embedded after the break, it’s not quite the real-time experience one would expect from an NVidia RTX 30-series GPU. Although the eZ80-based CPU in the calculator is significantly more efficient than a Z80 as found in many 1980s home computers, the demo scene at standard resolution takes about 12 minutes to render, as also noted on the GitHub project page.

    • Applications

      • ‘AppImage Pool’ – Software Center for Linux Apps as AppImage Packages | UbuntuHandbook

        Prefer running Linux apps via AppImage package format? ‘AppImage Pool’ is an app center for searching and downloading your favorite apps as AppImage.

        More and more apps today publish Linux packages via universal Flatpak, Snap and AppImage. The former two are easy to install since they are well integrated in Ubuntu or other Linux. But, AppImage is a non-install portable package. It uses one file per application. Just run the file will launch the app.

        To make it easy to find out and download an app as AppImage, the free libre and open-source software ‘AppImage Pool’ is created as a simple, modern AppImageHub client.

    • Instructionals/Technical

      • Multi-environment deployments with Jenkins and Octopus - Octopus Deploy

        During a deployment process, an artifact is built by a build server before being deployed. Jenkins is a build server designed for multi-environment settings. Jenkins can package and push your artifact to a central repository. From here, a Continuous Delivery (CD) tool can take the artifact and deploy it.

        Octopus Deploy is a best in class CD tool that helps with this process. Octopus can interface with and deploy to major cloud providers like Azure, Google, and Amazon.

        In this post, I show you how to build and push the Octopus underwater app to Amazon Elastic Container Registry (ECR). Jenkins will trigger a deployment in Octopus Deploy. Octopus will then deploy the app to Amazon Elastic Kubernetes Service (EKS).

      • How To Install Arduino IDE on AlmaLinux 8 - idroot

        In this tutorial, we will show you how to install Arduino IDE on AlmaLinux 8. For those of you who didn’t know, Arduino is free, open-source software that is used for writing, uploading, and compiling the programming code to Arduino boards. It consists of an editor and a compiler that enables better and assisted editing and compiling. The Arduino IDE is supported by many operating systems such as Linux, Windows, and macOS.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Arduino IDE on an AlmaLinux 8. You can follow the same instructions for CentOS and Rocky Linux.

      • How to Install Ubuntu Desktop from Ubuntu Server – VITUX

        Ubuntu is one of the most widely used Linux distributions, developed by Canonical inc. Ubuntu comes in several flavors, the Ubuntu Desktop Edition, which ships with a GNOME-based desktop by default, and the Ubuntu Server edition, which is mainly meant to be run on headless servers. Ubuntu server edition does not install a GUI. This tutorial will show you how to install an Ubuntu 20.04 Desktop from the command line on an Ubuntu server system.

      • Install Bitwarden password manager on Ubuntu 22.04 - kifarunix.com

        In this tutorial, you will learn how to install Bitwarden password manager on Ubuntu 22.04. Bitwarden is an “open-source password manager which provides an easiest and safest way for individuals to store, share and secure sensitive data”. Follow through to learn how to install Bitwarden on Ubuntu 22.04.

      • How to Install PageEdit XHTML Editor on Ubuntu 20.04 LTS

        PageEdit is a powerful and intuitive ePub visual XHTML editor. It helps system admins and developers to write documentation in the best way possible. PageEdit is a cross-platform application. Here we are going to discuss how to install PageEdit on Ubuntu. PageEdit is powered by Sigil that helps technology authors to write technical documentation easily. It makes use of XML and HTML.

        Today this tut will make sure that you learn to install PageEdit on Ubuntu 20.04 LTS edition. Most of the instructions are also valid for other variants of Ubuntu distribution and Debian.

      • How to install Minetest on a Chromebook in 2022

        Today we are looking at how to install Minetest on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

        If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

      • How to install Windows software on Linux with Bottles | TechRepublic

        Once upon a time, installing Windows software on Linux was an impossibility. Then, thanks to Wine (the software, not the libation), it became possible (although challenging). As time went on, Wine made it much easier to succeed with this task.

        But then came a software called Bottles, which makes installing Windows software on Linux incredibly easy. The way Bottles works is by creating environments that are a combination of ready-to-use settings, libraries and dependencies that are bundled together to make the installation and running of Windows applications incredibly easy.

      • How to Install Garuda Linux on Your PC

        Garuda Linux, an Arch-based distro, is the one to heed. From simplifying Arch's learning curve to providing a series of different desktop environments, Garuda Linux has it all. This aesthetically pleasing distro is every Linux user's delight, as it's relatively easy to install on your PC.

        If you are toying with the idea of installing the distro, but aren't sure how to do it, then here's a simple guide to help you through the process.

      • More than 720 Games (Playable and Verified) Ready for the Steam Deck Now - Boiling Steam

        The verification dance continues for the Steam Deck. We have now passed 720 titles (725 at the time of writing) after a big push today.

      • Crowns and Pawns: Kingdom of Deceit gets a new story trailer | GamingOnLinux

        Crowns and Pawns: Kingdom of Deceit is an upcoming colourful adventure headed up by the art director from Broken Sword 2.5. It's due for release sometime in Q2 and there's a fresh look at it.

        The developers explain this intriguing adventure will offer up a mystery rooted in real history. Featuring brain-teasing puzzles and memorable characters, backed up by a hand-painted rendition of Eastern Europe. With the new trailer below, you get introduced to the protagonist Milda and a backdrop that delves not only into her intriguing personal tale, but the rich history of the developers’ home country of Lithuania and its significance to Europe.

      • City-builder Nebuchadnezzar adds Gods, Festivals and more | GamingOnLinux

        Nepos Games continue to expand their Pharaoh-like city-builder Nebuchadnezzar, with another big free update out.

        Nebuchadnezzar is a classic isometric city builder game inviting players to experience the mysterious history and culture of ancient Mesopotamia. In the campaign, players get to rule over influential historical cities filled with magnificent monuments.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE Plasma 5.24.2, Bugfix Release for February
          Today KDE releases a bugfix update to KDE Plasma 5, versioned 5.24.2.

          Plasma 5.24 was released in February 2022 with many feature refinements and new modules to complete the desktop experience.

          This release adds a week's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important and include...

        • It’s normal and it works – Adventures in Linux and KDE

          We can ignore the argument to which this is a response, and forgive alcade for confusing the name of the community with the desktop environment. Regardless, “KDE is normal and it works” is in a nutshell what I think makes KDE Plasma such a unique and shining point of light in the FOSS world.

          Plasma uses a normal, familiar layout: Panel on the bottom with an app launcher, pinned apps, system tray, and clock; desktop icons; visible buttons that mostly have text labels; minimize/maximize/close buttons on windows. You know, normal stuff. You can change everything, but it starts out normal, unlike other desktop environment projects that are explicitly abnormal–being controversially opinionated about matters of design or having an unusual component layout. This is fine! Their departures from what’s normal may in fact be better, and their developers and users they certainly think so. But tons of people out there don’t want “may be better”, they want “normal.” And that’s fine too. Our software is for them.

      • GNOME Desktop/GTK

        • GNOME 42.beta released

          Hello,

          GNOME 42.beta is now available. It also marks the start of the UI, feature and API freezes (collectively known as The Freeze). String freeze is also in effect now. If you'd like to target the GNOME 42 platform, this is the best time to start testing your apps or extensions.

          You can use the 42beta branch of the flatpak runtimes, which is now available on Flathub beta.

          This release adds libadwaita, which contains building blocks for modern GNOME applications. It also adds gtksourceview version 5 and libsoup version 3.

          Clutter libraries, which were deprecated in GNOME 41, have been removed. gtksourceview version 4 (for use with gtk 3) and libsoup version 2.4 are still in the runtimes but they are deprecated and will be removed in a future release.

          An installer image is also available for testing and porting extensions

          https://os.gnome.org/download/42.beta/gnome_os_installer_42.beta.iso

          This is meant to be installed in a virtual machine with EFI support (such as the GNOME Boxes version available on Flathub). You can also try to install it on bare metal but be warned that hardware support is very limited.

          If you want to compile GNOME 42.beta yourself, you can use the official BuildStream project snapshot:

          https://download.gnome.org/teams/releng/42.beta/gnome-42.beta.tar.xz

          The list of updated modules and changes is available here:

          https://download.gnome.org/core/42/42.beta/NEWS

          The source packages are available here:

          https://download.gnome.org/core/42/42.beta/sources/

        • Check Battery Status on Ubuntu Using This GNOME Extension - OMG! Ubuntu!

          Looking for an easy way to get a top-level overview of your laptop’s battery health on Ubuntu? If so, check out Battery Status by Spanish blog Atareao.

          They’ve created a GNOME extension that reminds me a lot of the fancy menu bar apps available for macOS. Y’know, the ones that convey laptop battery health via a well designed panel applet replete with colourful graphs and reams of info.

          Battery Status provides something similar for the Ubuntu desktop (though it works wherever GNOME Shell does). While it’s not quite as detailed as, say, something like Coconut Battery its still a solid start (especially keeping in mind that it’s a GNOME extension too and not a full-blown desktop app).

    • Distributions

      • New Releases

        • Linux Release Roundup #22.8: Slax 11.2, OBS Studio 27.2, Kali Linux 2022.1, and More Releases - It's FOSS News

          Slax 11.2 is a major update after 2 years of any previous significant development activity.

          This release is based on Debian 11.2 Bullseye and adds/removes a couple of packages. You can learn more about it in our coverage.

        • Slax 11.2 Released | Itsubuntu.com

          Slax 11.2 is now available for the public as it is the major update from the developer. This is the first release of the distribution in more than two years. Slax 11.2 is based on Debian GNU/Linux. Slax 11.2 features EFI support for USB booting.

        • Slax 11.2 Released After 2 Years of Development

          For fans of the lightweight Slax Linux distribution, version 11.2 is now available and is re-based against upstream Debian 11.2 Bullseye.

          Slax is one of the smallest portables and fast Linux operating systems with a modular approach and outstanding design built to run from a USB stick. It is based on Debian, which gives you the ability to benefit from its entire ecosystem.

          Slax works with a plethora of filesystems including NTFS, FAT, EXT4, and Btrfs. Thanks to apt command, tens of thousands of prebuilt packages with applications are all within reach. The distro also features the ability for Persistent Changes which means the modifications will be saved if you run the OS from a writable storage media such as USB stick.

          This way, you will be able to boot from flash to perform your daily tasks, save your work, and then continue your work on a completely different workstation without any hiccups because your changes are saved to the writable media.

      • BSD

        • iXsystems Announces TrueNAS SCALE 22.02.0

          iXsystems has announced the general release of TrueNAS SCALE 22.02.0, after 18 months of development and testing effort including contributions from nearly 10,000 community users. TrueNAS SCALE software enables hyperconverged infrastructure and unified scale-out storage that is also easy to deploy and manage. TrueNAS SCALE is built on Linux, offers existing TrueNAS features, plus new Linux-specific capabilities including Docker Containers, Kubernetes, KVM, and Scale-Out ZFS through the Gluster file system.

      • IBM/Red Hat/Fedora

        • How to integrate VMWare resources with Red Hat Satellite

          In this installment of our series on setting up Red Hat Satellite for VMware to provision virtual machines (VMs) from Satellite, we are going to work on integrating the VMware resources with Red Hat Satellite.

          First, we're going to pre-define hardware settings for a virtual machine in Satellite by creating a compute profile. On the Satellite Console chose Infrastructure -> Compute Profiles.

        • Load Balancer Services backed by Octavia in Red Hat OpenShift running on OpenStack

          One of the most common methods to expose OpenShift applications to traffic from outside of the cluster is by using a load balancer service. In Red Hat OpenStack Platform 16, Amphora is the reference driver for Octavia and is the default provider driver for that service.

          In this post, we introduce you to the OVN Octavia driver, the alternative driver that is offered in Red Hat OpenStack Platform 16. It is lightweight, fast to provision, and less resource-heavy than Amphora.

        • New CentOS Director – Celeste Lyn Paul

          Every six months (in January and August) the CentOS board has the opportunity to reelect, or replace half of the directors. This staggered approach was adopted so that we are never in a situation where the entire board (or even a significant majority) is replaced, leaving no experienced directors.

          In the January 2022 board meeting, the CentOS Board selected two new directors to replace outgoing directors Jim Perrin and Karanbir Singh - Celeste Lyn Paul and Amy Marrich. In the February meeting, these new directors attended as full members for the first time.

          Last week I had the pleasure of speaking with Celeste about how her journey has brought her here, and her vision for her time on the board.

        • 4 levels of DevOps documentation maturity | Opensource.com

          DevOps and DevSecOps require agile documentation practices to deliver quality documentation on time with an iterative software delivery cycle. It's a similar journey to DevOps with a move to automation and a more agile approach to content. If documentation is only now entering your organization's DevOps discussions, it's time to catch your documentation practices up to DevOps.

        • Sysadmin life: How I set up my remote office hardware and software | Enable Sysadmin

          My workspace consists of a height-adjustable desk, private workstation, cable monster under the worktop, and associated input and output devices (on the left in the picture). My work equipment is on the right.

          Aside from Rambox, I use the same applications on this machine as on the laptop. This machine also serves as a KVM/QEMU hypervisor. The virtual machines running on it serve as home lab, development, and test environments. I currently do not host any productive services on it.

        • Fedora Community Blog: Join the Fedora Ambassadors Call kick-off!

          The Fedora Community Outreach Revamp Objective(FCOR) co-leads Mariana Balla and Sumantro Mukherjee have been working on documentation for the last six months with the support of Marie Nordin(FCAIC). New documentation has been created and outdated documentation has been revised with valuable help from the community at Nest with Fedora 2021. Most of this documentation has landed on the CommOps docs page. The updated documentation is still a work in progress and the FCOR team plans to wrap this up in the upcoming months with feedback from Ambassadors and folks who are interested in outreach.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Discourse is the Future of Web Forums | Linux Journal

        Web forums allow its users to connect with one another via posting messages. Forum posts can be seen by any number of anonymous visitors, but to post messages, you need to have an account in that particular web forum. Within a web forum, you can either create a new post or post replies on other users’ posts, also called Threads. Many web forums go well beyond typical threads and messages with advanced features and tools. Some of these extras may include blogging, file management, photo galleries, and much more.

      • Contacting the syslog-ng team: reporting problems, asking questions - Blog - syslog-ng Community - syslog-ng Community

        Recently I got some complaints that it is difficult to figure out how to contact the syslog-ng team to get help or report problems.

      • A New Library for Network Optimization

        Networks are all around us from the electrical circuits inside our computers to the multitude of internet servers that route packets of data around the globe. Even the web itself is a network of pages connected to each other by a myriad of blue links.

      • Events

      • Web Browsers

        • The web is overrun and pop-up blockers haven’t worked in years

          Virtually all web browsers have a built-in feature to suppress an annoyance from the early days of the web: pop-ups. However, the pop-up blockers of yesteryear no longer work on today’s web. There are pop-ups everywhere gating our entry into virtually all websites. What happened to the pop-up blocker?

          To answer the leading question right away: nothing happened to the pop-up blocker. It still works mostly unchanged from how it worked over a decade ago. That’s also the problem; the pop-ups have changed but the pop-up blockers haven’t kept pace with the problem.

          Just about every website you visit will display a pop-up for a time-limited coupon, email newsletter sign-up, customer support chat window, interstitial advertising, cookie disclaimer, or an intentionally confusing privacy-violation consent dialog. You’re lucky if the website only shows you one of these at the same time instead of all stacked on top of each other.

          Modern pop-ups aren’t separate pop-up windows, though. They’re not opened through the — easily blocked — window.open() function in JavaScript. Traditional pop-up blockers work by imposing restrictions on how and when this function can be used.

          The modern-day pop-overs covers up the page using a much more diverse and complex array of different layout and scripting functions. Instead, they’re overlays or pop-overs that are a part of the main website window you visit. It’s no longer enough to just impose restrictions on calls to a single function.

          Interstitial dialogs blocking your view of a page is now the expectation when visiting a webpage. While these web pop-ups have become endemic, this isn’t an abuse of Web APIs: they’re all working as intended. It’s still an abuse of the time and attention of the web’s millions of end-users.

        • Browse Anonymously Using Tor Browser on Ubuntu – OSNote

          The Onion Router, or Tor, is a free and open-source service that allows users to surf the web anonymously. It may be used to prevent websites and apps from tracking or attempting to identify your whereabouts. This is accomplished by routing your network traffic across a global network of servers and removing identifying information from packet headers. It’s frequently used to get around region restrictions. It is popular among users since it stops ad tracking businesses from creating a profile of you based on your surfing activities and presenting tailored adverts to you.

          Others, on the other hand, are concerned about their privacy in this digital age and welcome the comfort of knowing that no one is watching their online activities.

        • The Best Open Source Lightweight Browsers for Linux in 2022

          This web browsers are not benchmarked, the opinion in this articles is based on personal use and experience. Keep in mind that a browser to be lite it needs to have some things excluded from itself like extensions and plug-ins example.

      • Productivity Software/LibreOffice/Calligra

      • Content Management Systems (CMS)

        • WordPress 5.9.1 Maintenance Release

          This maintenance release features 82 bug fixes in both Core and the block editor.

          WordPress 5.9.1 is a short-cycle maintenance release. The next major release will be version 6.0.

          You can download WordPress 5.9.1 from WordPress.org, or visit your Dashboard → Updates and click “Update Now”.

          If you have sites that support automatic background updates, they’ve already started the update process.

        • Best free WordPress themes for 2022

          Knowing the best free WordPress themes for 2020 is the first step for anyone who is creating a website for their new business. In addition to the templates being free, they provide the essential design, navigability and loading speed . More than creating a beautiful website, it is essential that it be responsive. This is because more and more people are using mobile devices , such as tablets and smartphones, to do their research and purchases.

          To have an idea, the estimate is that, in 2020, there will be 2.87 billion smartphone users in the world. Of these, 57% say they do not recommend a company that has a poorly designed website, according to socPub .

          The good news is that the best WordPress themes for 2020 are responsive, free and have customization options that are super easy to handle.

      • FSFE

        • Command line tool lover and Free Software enthusiast Sven Guckes died
          On Sunday 20 February, Sven Guckes died. Sven was a long term member of the Free Software community and an great advocate for command line tools.

          The first time I got an e-mail from Sven was, when he was scolding me because of an e-mail I sent to the mutt-user mailing list. Sven complained about my horrible English and told me that I have to take more time to edit e-mails before sending them to a public mailing list out of respect to all the readers.

      • FSF

        • GNU Projects

          • GNU Parallel - News: GNU Parallel 20220222 ('Ukraine') [Savannah]

            GNU Parallel 20220222 ('Donetsk Luhansk') has been released. It is available for download at: lbry://@GnuParallel:4 This release has a major change in the remote code. This makes this release beta quality.

          • Binary Tools Summit 2022: schedule published

            The Binary Tools Summit 2022 (https://binary-tools.net/summit) is an informal, technical, online event oriented to authors, users and enthusiasts of FLOSS programs that deal with binary data. The schedule of the conference is now published and everything is ready for an exciting and fun first weekend of March full of zeros, ones and hopefully not many segmentation faults. We still have some room to squeeze in one or two more presentations/activities, so you can still send one if you missed the CFP.

      • Programming/Development

        • Shell/Bash/Zsh/Ksh

          • Online shopping and a one2many tweak

            Online commerce sites often show a selection of items below the one you're after, with a caption something like "People who bought this item also bought..." It's a marketing ploy, the aim being to encourage you to buy something else while you're visiting the site. It also suggests an interesting question: what product combinations are bought most and least frequently by individual shoppers?

        • Rust

          • 1.59.0 pre-release testing | Inside Rust Blog

            The 1.59.0 pre-release is ready for testing. The release is scheduled for this Thursday, February 24th. Release notes can be found here.

          • Rust Compiler Ambitions for 2022

            Some people have been wondering about what the Rust Compiler Team has planned for 2022. This note is to let you all know what activities the team plans to focus on this year.

            This document is structured into three parts: our Overall Themes for this year, the Concrete Initiatives we have resources to drive, and Aspirations for what we could do if given more help.

            [...]

            Reading over this list, the number of items on it seems quite daunting! We believe these initiatives will provide the highest impact to the Rust community by helping to fulfill Rust's promise, delighting Rust developers and improving our contributor workflows and aligns well with the results of the 2021 Rust Survey.

            While we think we will be able to make signficant progress on these initiatives this year, project estimation is a difficult and inexact science, especially for open source projects. What we will achieve is ultimately a result of who decides to contribute. Our aspirational goals are currently just that: aspirations.

            This is where you all, the Rust community (including future members of that community) come into the picture. Each item has one or two people listed with it; if you're feeling inspired, please do contact us!

  • Leftovers

    • Science

      • 3D Printing Livers | Hackaday

        The University of Utrecht has a team that is successfully bioprinting “liver units” that are able to do some of the functions of a human liver and may open the door to new medical treatments. This isn’t simply printing a fake liver in a jar though, instead the technique uses optical tomography to rapidly create small structures of about 1 cc of volume in less than 20 seconds.

        Apparently, one problem with printing hydrogels full of biological structures is that passing them through a nozzle tends to disturb the delicate structures. This technique uses no nozzle or layers, which makes it useful in this situation.

    • Hardware

      • I2C Breathes New Life Into Casio Pocket Calculator | Hackaday

        When is a pocket calculator more than just a calculator? [Andrew Menadue] has been pushing the limits of his 1970s Casio FX-502P by adding all sorts of modern functionality via the calculator’s expansion port.

        Several older Casio calculators included an expansion port for connecting cassette tape storage and printing functionality. Data on the FX-502P could be saved on cassette tape using the well-known Kansas City standard, however this signal was produced by Casio’s FA-1 calculator cradle, not the FX-502P itself. To interact with the calculator itself would require an understanding of whatever protocol Casio designed for this particular model.

      • Super Simple Camera Slider With A Neat Twist | Hackaday

        With a few tweaks, the slider can be vertically mounted, to give those up-and-over shots. Super simple, low tech and not an Arduino in sight.

    • Integrity/Availability

      • Proprietary

        • WIN-911 2021 [Ed: Microsoft Windows TCO]

          The affected product is vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program.

        • Security

          • Linux security

            Linux is a more secure and agile platform than Microsoft Windows and Apple macOS, according to a study by Google’s Project Zero. While Windows and macOS were earlier believed to be safer than Linux, thanks to regular security patches and constant updates.

            The Project Zero team found out developers at Linux are faster at fixing security bugs compared to other platforms. The report showed Linux does a better job than Google’s own teams at Chrome, Chrome OS and Android. The study looked at data between January 2019 and December 2021 to determine how much time developers took to fix security issues.

            Linux developers took 25 days and Apple took 69 days to close security issues, while Microsoft took 83 days. Google and Mozilla took 44 days and 46 days respectively to fix bugs.

          • Security updates for Tuesday [LWN.net]

            Security updates have been issued by Fedora (java-1.8.0-openjdk-aarch32, radare2, and zsh), openSUSE (ImageMagick and systemd), Red Hat (kpatch-patch, Service Telemetry Framework 1.3 (sg-core-container), and Service Telemetry Framework 1.4 (sg-core-container)), SUSE (ImageMagick, kernel-rt, nodejs12, php74, systemd, ucode-intel, and xerces-j2), and Ubuntu (c3p0, expat, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-snapdragon, linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4 linux-oracle, linux-oracle-5.4, and linux-gke).

          • A New Cybersecurity “Social Contract” [Ed: Bruce Schneier as NSA megaphone (Inglis)]

            The devil is in the details, of course, but he’s 100% right when he writes that the market cannot solve this: that the incentives are all wrong. While he never actually uses the word “regulation,” the future he postulates won’t be possible without it. Regulation is how society aligns market incentives with its own values. He also leaves out the NSA — whose effectiveness rests on all of these global insecurities — and the FBI, whose incessant push for encryption backdoors goes against his vision of increased cybersecurity. I’m not sure how he’s going to get them on board. Or the surveillance capitalists, for that matter. A lot of what he wants will require reining in that particular business model.

          • IBM homomorphic encryption: A DASHing solution for healthcare data privacy

            In 2021, our team won third place in the second track of the iDASH workshop challenge on healthcare data privacy. Our solution classified 2000 viruses in less than 1 second with more than 99% accuracy by using the IBM homomorphic encryption HElayers library.

            In this blog, we describe the iDASH competition, our solution, and what makes it so effective. As a motivating scenario, think of a hospital that, after much research, has collected a large number of virus DNA sequences that are labeled as one of four possible strains. The hospital wants to provide local clinics with a service that classifies the DNA sequences taken from their patients. However, the hospital does not want to disclose the classification algorithm to the clinics for obvious business reasons.

            A simple solution would consist of a client/server system in which the local clinics serve as the client, and the hospital is the server. In such a solution, the client would send the DNA sequence to the server. The server would classify the sequence and send the label back to the client. The problem is that both the client and the server in this relationship want to avoid disclosing patient information, including the DNA sequences of the viruses that patients have contracted because doing so will require them to comply with extensive and exhausting regulations.

            Specifically, we want the server to be able to classify a virus without knowing what its DNA sequence is. Until recently, this seemed impossible. Today, this can be done by using homomorphic encryption (HE) technology. This encryption technology is the focus of the iDASH competition.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Ubuntu and other Linux distros at risk from Oh Snap! More Lemmings security exploit [Ed: FUD by Microsoft booster Sofia WyciÅ›lik-Wilson]

              Security researchers from Qualys have issued a warning about a Local Privilege Escalation Vulnerability Discovered in the snap-confine function of Canonical's Snap package manager.

              Known as Oh Snap! More Lemmings and tracked as CVE-2021-44731, the collection of security flaws can be exploited to gain root privileges.

            • 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

              On Tuesday, Feb. 8, the U.S. Senate Committee on Homeland Security and Governmental Affairs convened a hearing titled “Responding to and Learning from the Log4Shell Vulnerability.” The hearing’s intent was to facilitate discussion of Log4J vulnerability and industry’s response to it, along with the broader topic of software security.

            • Senate Hearing: Open Source a Foundation of the Global Economy

              At a recent U.S. Senate hearing, tech experts gathered to discuss the Log4j vulnerability, as well as the broader topic of open source software security, as reported by FOSSA.

              In the discussion, Apache Software Foundation President David Nalley noted that open source software “is one of the foundations of the modern global economy.”

          • Privacy/Surveillance

            • Veto the SIM Card Registration Bill, Protect Fundamental Human Rights - Access Now

              We, a group of concerned organizations and individuals from all over the world, call on Philippine president, Rodrigo Duterte, to veto the country’s proposed SIM Card Registration Act given the serious threat it poses to human rights, particularly the right to privacy and free expression.If enacted, it would require the registration of SIM cards as a prerequisite to its sale and activation in order supposedly “to deter the proliferation of SIM card, internet or electronic communication-aided crimes, such as, but not limited to: terrorism; text scams; unsolicited, indecent or obscene messages; bank fraud; libel; anomymous online defamation; trolling; hate speech; spread of digital disinformation or fake news as defined under pertinent laws.” It will also mandate all social media account providers to require real names and phone numbers from individuals creating accounts on their platforms.

            • No Privacy: Cloning the AirTag

              You’ve probably heard of the infamous rule 34, but we’d like to propose a new rule — call it rule 35: Anything that can be used for nefarious purposes will be, even if you can’t think of how at the moment. Case in point: apparently there has been an uptick in people using AirTags to do bad things. People have used them to stalk people or to tag cars so they can be found later and stolen. According to [Fabian Bräunlein], Apple’s responses to this don’t consider cases where clones or modified AirTags are in play. To prove the point, he built a clone that bypasses the current protection features and used it to track a willing experimental subject for 5 days with no notifications.

              According to the post, Apple says that AirTags have serial numbers and beep when they have not been around their host Apple device for a certain period. [Fabian] points out that clone tags don’t have serial numbers and may also not have speakers. There is apparently a thriving market, too, for genuine tags that have been modified to remove their speakers. [Fabian’s] clone uses an ESP32 with no speaker and no serial number.

    • AstroTurf/Lobbying/Politics

      • Technocracy: The Operating System For The New International Rules-Based Order

        In this article, we will explore the true nature of the international rules-based order (IRBO) and examine the forces that shape it. We will consider if the narratives we are commonly fed stack up.

        It is widely accepted that the IRBO is undergoing disruptive change. That transformation is often reported as an eastward shift in the balance of power between nation states.

        It is said that this new, emerging international order will be founded upon a global multipolar system of sovereign states and international law. This new system allegedly stands in opposition to the fading, western “rules-based” model.

        This time, rather than relying upon western imperialism, the new international law-based system will emphasise multipolar cooperation, trade and respect for national sovereignty. It will instead be led by a Eurasian economic and technological power-block.

        The apparent, ongoing antagonism of geopolitics looks likely to maintain the East-West divide we are familiar with. However, what is now being framed as the multipolar order is, in reality, the multistakeholder order.

        As we shall discover, nation states are not the driving force behind the current restructuring of global governance. The geopolitical narratives we are given are frequently superficial.

        Those leading the transformation have no allegiance to any nation state, only to their own globalist network and collective aspirations. In their hands, international law is no more of an impediment to their ambitions than a vague commitment to “rules.”

        National governments are partners within this network formed of both state and non-state actors. Despite professed animosities, they have collaborated for decades to fashion the global governance complex that is now emerging.

        No matter who is said to lead it, the IRBO is set to continue in a new form. As the post WWII system recedes, the framework being imposed to take its place is completely alien to the people who live in the former western, liberal democracies.

        Thus, we too must be transformed if we are to accept the realignment. We are being conditioned to believe in the promise of the new IRBO and the global technocracy it is built upon.

    • Freedom of Information/Freedom of the Press

      • ICIJ statement on Ericsson investigation

        Ericsson today released a public statement in response to questions from the International Consortium of Investigative Journalists and partners, including SVT in Sweden.

        The statement by the Swedish company addressed wrongdoing uncovered by ICIJ and its partners as part of a global investigation.

        The company said it was working with internal employees and external counsel to review misconduct raised to it by ICIJ.

    • Civil Rights/Policing

    • Monopolies

      • Copyrights

        • Albrecht Dürer’s Pillow Studies (1493) – The Public Domain Review

          In his early twenties, after years of wanderjahr-ing across Europe, Albrecht Dürer returned home to Nuremberg, now fully trained in his craft. During this moment of transition, the young artist completed a double-sided line-drawing in pen. On one side, we find a self-portrait of Dürer. The artist is bodiless, except for an outsized hand, posed as if holding a pen too thin to see. A pillow appears below his shoulder-length hair, pressed into a hatched shadow, which mirrors the darkness of his palm. While the artist’s portrait is believed to have been a preparation for Portrait of the Artist Holding a Thistle (1493) — considered “one of the earliest independent self-portraits in Western painting” — the presence of hand and cushion create an unlikely trinity. There is “a harmony that you wouldn’t expect at first”, says curator Stijn Alsteens, as the observing eye, recording hand, and object of study come into alignment. Yet there is also something uncanny about the chosen perspective, for the pillow “looms upward toward the viewer, unsupported, at an angle that is difficult to explain”. This spatial ambiguity, argues Freyda Spira, “brings to life a composition that could easily have looked like three isolated studies”.

          [...]

          Dürer’s treatment of the pillow can be neatly nested in the tradition of “drapery studies”, a vehicle for a young artist to explore the play of light on folds and its expressive possibilities. And yet, when viewed in relation to Dürer's self-portrait overleaf, the six pillows also read like notes toward the artist’s later aesthetic theories, articulated in the postscript to the third volume of The Four Books on Human Proportion, especially his concern with dream, reality, and the imagination’s recombinatory powers. “Therefore, if he [the artist] were to live many hundreds of years, and labor to the best of his abilities, if he so wished, through the power of God he would daily spill out and make new forms of men and other creatures that nobody had ever seen or thought of before.” Anticipating Samuel Taylor Coleridge’s description of the imagination’s esemplastic power — “a repetition in the finite mind of the eternal act of creation. . . [the imagination] dissolves, diffuses, dissipates, in order to re-create” — by several centuries, Dürer also admonishes the would-be Prometheus. An artist “should be cautious not to make something impossible that nature would not allow, unless it would be that one wanted to make a dream work [traumwerk], in which case one may mix together every kind of creature.” These pillows, then, might be viewed as a kind of memory foam, which not only preserves the partial imprints of a sleeper’s face, but also the fantastic, hybrid creatures that populate her dreamscapes.



Recent Techrights' Posts

Technology: rights or responsibilities? - Part XI
By Dr. Andy Farnell
GNU/Linux and ChromeOS in Qatar Reach 4%, an All-Time High
Qatar has money to spend, but not much of it will be spent on Microsoft, or so one can hope
This 'Article' About "Linux Malware" is a Fake Article, It's LLM Slop (Likely Spewed Out by Microsoft Chatbot)
They're drowning out the Web
Early Retirement Age: Linus Torvalds Turns 55 Next Week
Now he's almost eligible for retirement in certain European countries
 
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024
Links 22/12/2024: Election Rants and More Sites Available via Gemini
Links for the day
Links 22/12/2024: North Pole Moving and Debian's Joey Hess Goes Solar
Links for the day
Gemini Links 22/12/2024: Solstice and IDEs
Links for the day
BetaNews: Microsoft Slop is Your "Latest Technology News"
Paid-for garbage disguised as "journalism"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 21, 2024
IRC logs for Saturday, December 21, 2024
Links 21/12/2024: EU on Solidarity with Ukraine, Focus on Illegal and Unconstitutional Patent Court in the EU (UPC)
Links for the day
[Meme] Microsofters at the End of David's Leash
Hand holding the leash. Whose?
Deciphering Matt's Take on WordPress, Which is Under Attack From Microsofters-Funded Aggravator
the money sponsoring the legal attacks on WordPress and on Matt is connected very closely to Microsoft
Gemini Links 21/12/2024: Projections, Dead Web ('Webapps' Replacing Pages), and Presentation of Pi-hole
Links for the day
American Samoa One of the Sovereign States Where Windows Has Fallen Below 1% (and Stays Below It)
the latest data plotted in LibreOffice
[Meme] Brian's Ravioli
An article per minute?
Links 21/12/2024: "Hey Hi" (AI) or LLM Bubble Criticised by Mainstream Media, Oligarchs Try to Control and Shut Down US Government
Links for the day
LLM Slop is Ruining the Media and Ruining the Web, Ignoring the Problem or the Principal Culprits (or the Slop Itself) Is Not Enough
We need to encourage calling out the culprits (till they stop this poor conduct or misconduct)
Christmas FUD From Microsoft, Smearing "SSH" When the Real Issue is Microsoft Windows
And since Microsoft's software contains back doors, only a fool would allow any part of SSH on Microsoft's environments, which should be presumed compromised
Paywalls, Bots, Spam, and Spyware is "Future of the Media" According to UK Press Gazette
"managers want more LLM slop"
Google Has Mass Layoffs (Again), But the Problem is Vastly Larger
started as a rumour about January 2025
On BetaNews Latest Technology News: "We are moderately confident this text was [LLM Chatbot] generated"
The future of newsrooms or another site circling down the drain with spam, slop, or both?
"The Real New Year" is Now
Happy solstice
Microsoft OSI Reads Techrights Closely
Microsoft OSI has also fraudulently attempted to censor Techrights several times over the years
"Warning About IBM's Labor Practices"
IBM is not growing and its revenue is just "borrowed" from companies it is buying; a lot of this revenue gets spent paying the interest on considerable debt
[Meme] The Easier Way to Make Money
With patents...
The Curse (to Microsoft) of the Faroe Islands
The common factor there seems to be Apple
Electronic Frontier Foundation Defends Companies That Attack Free Speech Online (Follow the Money)
One might joke that today's EFF has basically adopted the same stance as Donald Trump and has a "warm spot" for BRICS propaganda
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 20, 2024
IRC logs for Friday, December 20, 2024
Gemini Links 21/12/2024: Death of Mike Case, Slow and Sudden End of the Web
Links for the day