Bonum Certa Men Certa

Links 23/2/2022: OpenSSH 8.9, Levente Polyak Cemented as Arch Project Leader, Intel Acquires Linutronix



  • GNU/Linux

    • Desktop/Laptop

      • The Best Linux Distros For Old Laptops

        A wise man once said that when a relationship gets old, you don’t throw it away. Instead, you fix it and learn to navigate that relationship in a new way.

        The same can be said about the relationships we have with our technology. If you have an old laptop lying around, don’t throw it away just yet; it can be revitalized and put to good use. All you need to do is find a lightweight Linux distribution that’s compatible with your device’s hardware and you’ll be all set. All these lightweight distros are a far better choice than Windows or macOS for old hardware. They’re even better than the most popular options like Ubuntu.

        With that in mind, here are a few lightweight Linux distros that can bring your old laptop back to life.

    • Kernel Space

    • Applications

      • Best Free and Open Source Alternatives to Atlassian Jira Service Management

        Atlassian Corporation Plc is a software company founded in 2002 that develops products for software developers, project managers and other software development teams. It employs over 7,000 people and is headquartered in Sydney, Australia.

        Atlassian produces a range of proprietary software including software for collaboration, development, and issue tracking software for teams. Atlassian dominates several markets where it still has intense competition.

      • How to Use Emacs As a USENET Reader With Gnus

        USENET is a decentralized global messaging system. It is considered to be the first global social network with more than 100,000 groups that are talking about various topics and specializations. This makes USENET a particularly good repository of knowledge and discussion for the interested reader.

    • Instructionals/Technical

      • How To Install DBeaver CE On Ubuntu / AlmaLinux & Fedora | Tips On UNIX

        This tutorial will be helpful for beginners to download and install DBeaver CE on Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Linux Mint 20.3, and Debian 8 via the official repository and via Flatpak also.

      • How to Install and Configure Zabbix Server 6 on Ubuntu 20.04

        Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines and cloud services. Zabbix provides monitoring metrics, among others network utilization, CPU load and disk space consumption. Zabbix has a rich set of features to enable users to monitor more than just hosts, offering great flexibility to administrators when it comes to choosing the most suitable option for each situation.

        Zabbix uses XML based template which contains elements to monitor. The backend of Zabbix is written in C programming and PHP is used for the web frontend. Zabbix can send you alerts to notify the different events and issues based on metrics and thresholds defined for your IT environment. It supports agent-based and agentless monitoring. But Zabbix agents installation can help you to get detailed monitoring e.g. CPU load, network, disk space utilization.

      • How to Install Zabbix Agent 6 on Rocky Linux/Alma Linux/Oracle Linux 8

        A Zabbix agent is a program that runs on a remote machine that needs to be monitored through the Zabbix server. The agent collects the data on the remote server and send back to Zabbix server when requested. Zabbix agent must be installed on all the remote systems that need to be monitor through the Zabbix server.

      • Listen to your favorite music on Linux with Juk | Opensource.com

        The KDE project doesn't just provide a famous desktop, it generates a lot of software, from tools for video editng, photography, and illustration, to graphing calculators, email, and office work. Those are all productivity tools, but KDE is also good for relaxing. It has games and media players, and the music player I use is known simply as Juk.

      • Two DHCP servers in a libvirt network - Lukáš Zapletal

        I write provisioning software that needs to integrate with DHCP servers. Libvirt is a great Linux virtual environment for development, but by default it runs its own DHCP server (dnsmasq). That is a very good feature for spawning ad-hoc VMs which get their IPs easily. But I want also to manage some VMs with my own DHCP server. How to do this?

      • Easy VM access with routed libvirt mode - Lukáš Zapletal

        By default, libvirt comes with a virtual network called “default” that is configured with NAT. That is a very sane default configuration, VMs are accessible from the host machine directly and they can also access internet via NAT. Many people, however, want to access VMs from outside - typically when libvirt is used as a server hypervisor. You will find many blog posts explaining how to setup a bridge. Configuration of bridge is complex, you need to shut down the main connection and it is a challenge for users who only have SSH access to the machine. Only if there was a better way…

        Big news if you did not know: you don’t need a bridge to access your VMs. You can use a regular (routed) network! In this article, I will describe how it works. Spoiler alert: it is easier than bridge!

      • How I Use NFS for Sharing Folders in My Homelab Setup

        When you have several systems in your network, especially if you virtualize them like in a homelab or through your organization, having shared folders is extremely convenient and useful to make your work easier and faster.

        I, for example, have a folder that I share among different virtual machines. This way, whatever gets downloaded in one system, is immediately available on the other system.

        I have the folder located at a centralized file sharing NFS virtualized server. This folder is shared to a container that runs a torrenting app where I download files which get available at the same time to another container that can also use these same files for processing.

        Basically, I centralize my files in a location that I later share among different devices and instances for convenience and functionalities.

      • Create GUI Dialog Boxes In Bash Scripts With Whiptail - OSTechNix

        A while ago, we briefly discussed about Zenity, a simple program that allows you to create graphical (GTK+) dialog boxes in command-line and shell scripts. In this article, we are going to discuss yet another GUI utility called Whiptail that can be used to create GUI dialog boxes in Bash scripts in Linux.

        Not every script that you write needs a frontend graphical interface. But sometimes it would be better if you create a graphical interface instead of relying on interacting with the command line. In my case, if there is a long list of responses needed in the script I would choose to go with a graphical interface.

        Whiptail is a friendly GUI utility that uses a newt programming library. Whiptail offers different dialog boxes for different purposes. Depending upon your use case you can use these dialog boxes to make your script more interactive.

      • How to Install and Configure Fail2ban on Alma Linux 8

        Fail2ban is a free and open-source Intrusion Prevention System written in Python. It is used to protect your system against brute-force attacks. It continuously monitors the SSH (and other) log files for authentication attempts, after a specified number of incorrect password attempts, the client's IP address is banned by Fail2Ban. It can be used to secure several services including, SSH, vsftpd, Apache, and Webmin. In this tutorial, I will show you how to install Fail2Ban firewall on Alma Linux 8.

      • How to Install Zulip Chat Server on Debian 11

        Zulip is an open-source chat server, similar to Microsoft Teams, Rocket Chat or Slack. It is written in Python and uses Django, PostgreSQL, and JavaScript. It integrates with over 90 third-party plugins, including Github, Jira, Stripe, Zendesk, Sentry, etc. You can expand the integrations by connecting them with Zapier and IFTTT. It comes with features like private messaging, group chats, threaded conversations, custom channels, video calls, drag-and-drop file uploads, custom emojis, Giphy integration, Image and Tweets preview and many more. Zulip comes with desktop and mobile apps for every platform, making it platform agnostic.

        In this tutorial, you will learn how to install and configure Zulip Chat on a Debian 11 based server.

      • How to Install and Play With RetroArch on Linux

        Video games have taken the world by storm. From the simple game of Pong created in the 1970s to the latest AAA titles available today, the industry has continued to be a source of entertainment for decades. This steady growth has allowed the video game industry to become one of the largest in the world, with the market reaching a net worth of $90 Billion in the year 2020.

        Different games are available on different platforms. These platforms compete with each other by offering video game titles that are exclusive to their console only. While this allows for market growth and competition, not everyone has the chance to purchase every console.

        Furthermore, some consoles and video game titles are no longer in production and it would mean that one would lose the chance to play these titles. This is where emulators come in.

      • How To Install Avidemux on Ubuntu 20.04 LTS - idroot

        In this tutorial, we will show you how to install Avidemux on Ubuntu 20.04 LTS. For those of you who didn’t know, Avidemux is a free and open-source software application for non-linear video editing and transcoding multimedia files. It supports many file types, including AVI, DVD compatible MPEG files, MP4, and ASF, using a variety of codecs.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Avidemux open-source video editing application on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • Make any device your second display on Linux

        Do you use Linux? Need an extra monitor but only have one that you can use? Good news! With Deskreen, you can turn any smartphone, tablet, or Laptop into a second screen. Here’s how it works.

      • How to use Rescuezilla to clone a Linux hard drive

        Do you need to clone a Linux hard drive? Unsure how to go about doing it? Check out the Rescuzilla live USB tool. What is Rescuezilla?

        Rescuezilla is a bootable live operating system that Linux users can use to “rescue” their system without dealing with complex, confusing options. In this guide, we’ll show you have to use Rescuezilla to clone a Linux hard drive.

        Note: you will need a USB flash drive of at least 1 GB in size to create a Rescuezilla live USB key. Additionally, you must have a source hard drive and a destination hard drive for the cloning process to work.

      • How to install the Brave nightly browser on Linux

        The people behind the Brave browser have a nightly release. The Nightly release allows users to get the latest features as soon as possible. Here’s how you can set up Brave nightly browser on Linux.

      • How To Monitor Your Linux Servers with Checkmk

        The Checkmk is one of the most used and user-friendly applications for monitoring Linux servers. It can check the server status, load, network status, applications, database, cloud server load, storage, and other IoT devices connected with your Linux server. The Checkmk tool works in a hybrid way in Linux. Once you have the tool installed on your Linux machine, you can easily access all the configuration and dashboard tabs through the web browser.

        Unlike other server monitoring tools, the Checkmk tool does not hog a huge amount of system resources on Linux. Installing and using the Checkmk tool on Linux is easy and straightforward Linux. If you’re a system administrator, you must try out this tool and enjoy all the features and plug-ins that can reduce your workload a bit.

      • How to install DaVinci Resolve 17 on Linux

        Davinci Resolve is a professional, high-end non-linear video editing tool. Best of all, it is available on Linux. So, if you require a good video editor, follow these installation instructions below to get Davinci Resolve to work on your system.

      • Network traffic analysis with tcpdump

        tcpdump is a data-network packet analyzer computer program. It allows the user to display network packets (including TCP/IP) being transmitted or received over a network. In this short article I will show how to do some packet capture for network traffic analysis with tcpdump.

      • How to Install Sublime Text 4 on AlmaLinux 8 - LinuxCapable

        Sublime Text 4 is an excellent choice as your go-to program to edit code. Sublime is known for its speed, ease of use, cross-platform, and community contribution. It natively supports many programming languages and markup tongues, but users can also expand its functionality with plugins!

        The Python API makes it easy; make sure you download from within Sublime, or they won’t show up in settings. Also, you can further customize and enhance it by installing additional features using package control and custom settings.

        In the following tutorial, you will learn how to install Sublime Text 4 on AlmaLinux 8.

      • Install ProcessWire on Ubuntu 22.04 - kifarunix.com

        Follow through this guide to install ProcessWire on Ubuntu 22.04. ProcessWire is an opensource PHP based content management system and framework.

    • Games

      • View Your Steam Deck Compatible Games through Steam - Boiling Steam

        We’re less than three days from the official launch of the Steam Deck (less than 51 hours left in EST) and Valve, in addition to partnering with iFixit to offer replacement parts, has now made an official tool to view the games in your Steam library as being Steam Deck Verified, Playable, unsupported, and untested. Simply go to this page, log into your Steam account, and you’ll instantly be able to see what your games are categorized under.

      • Valve adds official Steam Deck compatibility checker, 762 games Playable or Verified | GamingOnLinux

        While there's been a few unofficial ways to check your own Steam Library for the Steam Deck, Valve has now put up the official way. Plus, we're getting closer to a thousand Playable titles now. Things are really heating up, with only two days left until the official release on February 25!

        All you need to do is login with your Steam account and head to this page, which will give you an overview of what you can expect to work.

      • UnderRail is preparing for the Steam Deck, won't be perfect just yet | GamingOnLinux

        Released back in 2015, UnderRail from Stygian Software is an old school turn-based isometric indie role playing game that focuses on exploration and combat. Now, they're trying to get it looking good on a Steam Deck.

      • How to play Assassin’s Creed Unity on Linux

        Assassin’s Creed Unity is an action-adventure game developed by Ubisoft Montreal and published by Ubisoft. It was released in 2014 on Windows, PS4, and Xbox One. Here’s how you can play Assassin’s Creed Unity on Linux.

      • How to play Days Gone on Linux

        Days Gone is a post-apocalyptic video game developed by Bend Studio and published by Sony Interactive Entertainment. It was released for PC and PS4. Here’s how to play it on your Linux gaming PC.

      • Boosting a HP Z400 Workstation with a Modern GPU (GTX 1660 Ti) - Boiling Steam

        Let’s talk about hardware today! One of my machines at home happens to be an old HP Z400 workstation. A fairly old piece of hardware (manufactured sometimes in 2009-2010) that I use mainly for productivity because it’s built like a tank and is fairly silent – and really cheap second hand. I mentioned it before on Boiling Steam, back in 2017. While pre-built, you can replace and upgrade pretty much everything in it, be it the CPU, the RAM, and the GPU. It usually comes with a Quadro Nvidia GPU, but you can certainly switch it for a more modern card. Years ago I went for a Nvidia GTX 1060 (3GB, the weakest one) GPU to enjoy some decent gaming on that machine as well – unfortunately this card, along with Pascal generations cards in general, has issues with VKD3D and I wanted to do an affordable upgrade.

      • Wordle’s Digital Predecessors: The Evolution of Online Word Games

        I’m sort of at that age in my adulthood where I’m not really a heavy gamer, but my love of word games knows no bounds. So when Wordle became a thing, I became a fast fan as well as that annoying guy on Twitter who shares his playthroughs each morning. (Never really a heavy a Words With Friends player, though I enjoyed Scrabble as much as the next guy.) But in a lot of ways, Wordle one of many obsessions of this type, and I think the real secret is that it’s a fairly simple game, with reasonable restrictions on how it’s played, that has a surprising number of layers that emerge over time. In honor of Wordle’s success, Today’s Tedium looks back at the imprint word games have left on the world of technology in the decades prior. May your brain be teased.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE vs GNOME: What’s the Ultimate Linux Desktop Choice?

          When it comes to Linux, the desktop environment is a big deal.

          A desktop environment makes up the graphical user interface (GUI) along with a set of applications that you get on your Linux distribution.

          You can go through our article explaining what a desktop environment is.

          Choosing a good desktop environment can help you improve productivity, workflow, ease of use, and the overall experience.

    • Distributions

      • BSD

        • OpenSSH 8.9 released [LWN.net]
          OpenSSH 8.9 has just been released. It will be available from the
          mirrors listed at https://www.openssh.com/ shortly.
          
          

          OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.

          Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: https://www.openssh.com/donations.html

          Future deprecation notice =========================

          A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default.

          Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side.

          This creates one area of potential incompatibility: scp(1) when using the SFTP protocol no longer requires this finicky and brittle quoting, and attempts to use it may cause transfers to fail. We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug-compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol.

          Another area of potential incompatibility relates to the use of remote paths relative to other user's home directories, for example - "scp host:~user/file /tmp". The SFTP protocol has no native way to expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later support a protocol extension "expand-path@openssh.com" to support this.

          Security Near Miss ==================

          * sshd(8): fix an integer overflow in the user authentication path that, in conjunction with other logic errors, could have yielded unauthenticated access under difficult to exploit conditions.

          This situation is not exploitable because of independent checks in the privilege separation monitor. Privilege separation has been enabled by default in since openssh-3.2.2 (released in 2002) and has been mandatory since openssh-7.5 (released in 2017). Moreover, portable OpenSSH has used toolchain features available in most modern compilers to abort on signed integer overflow since openssh-6.5 (released in 2014).

          Thanks to Malcolm Stagg for finding and reporting this bug.

          Potentially-incompatible changes ================================

          * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar.

          * This release modifies the FIDO security key middleware interface and increments SSH_SK_VERSION_MAJOR.

          Changes since OpenSSH 8.8 =========================

          This release includes a number of new features.

          New features ------------

          * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) A detailed description of the feature is available at https://www.openssh.com/agent-restrict.html and the protocol extensions are documented in the PROTOCOL and PROTOCOL.agent files in the source release.

          * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method.

          * ssh-keygen(1): when downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default). Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs.

          * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys on tokens that provide user verification (UV) on the device itself, including biometric keys, avoiding unnecessary PIN prompts.

          * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to perform matching of principals names against an allowed signers file. To be used towards a TOFU model for SSH signatures in git.

          * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at authentication time.

          * ssh-keygen(1): allow selection of hash at sshsig signing time (either sha512 (default) or sha256).

          * ssh(1), sshd(8): read network data directly to the packet input buffer instead indirectly via a small stack buffer. Provides a modest performance improvement.

          * ssh(1), sshd(8): read data directly to the channel input buffer, providing a similar modest performance improvement.

          * ssh(1): extend the PubkeyAuthentication configuration directive to accept yes|no|unbound|host-bound to allow control over one of the protocol extensions used to implement agent-restricted keys.

          Bugfixes --------

          * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and PubkeyAuthOptions can be used in a Match block. PR#277.

          * sshd(8): fix possible string truncation when constructing paths to .rhosts/.shosts files with very long user home directory names.

          * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512 exchange hashes

          * ssh(1): don't put the TTY into raw mode when SessionType=none, avoids ^C being unable to kill such a session. bz3360

          * scp(1): fix some corner-case bugs in SFTP-mode handling of ~-prefixed paths.

          * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to select RSA keys when only RSA/SHA2 signature algorithms are configured (this is the default case). Previously RSA keys were not being considered in the default case.

          * ssh-keysign(1): make ssh-keysign use the requested signature algorithm and not the default for the key type. Part of unbreaking hostbased auth for RSA/SHA2 keys.

          * ssh(1): stricter UpdateHostkey signature verification logic on the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when RSA/SHA1 was explicitly negotiated during initial KEX; bz3375

          * ssh(1), sshd(8): fix signature algorithm selection logic for UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 signatures for RSA keys if the client proposed these algorithms in initial KEX. bz3375

          * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2). This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1) and sftp-server(8), as well as the sshd(8) listen loop and all other FD read/writability checks. On platforms with missing or broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is available.

          * ssh-keygen(1): the "-Y find-principals" command was verifying key validity when using ca certs but not with simple key lifetimes within the allowed signers file.

          * ssh-keygen(1): make sshsig verify-time argument parsing optional

          * sshd(8): fix truncation in rhosts/shosts path construction.

          * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364

          * ssh(1), ssh-agent(1): improve the testing of credentials against inserted FIDO: ask the token whether a particular key belongs to it in cases where the token supports on-token user-verification (e.g. biometrics) rather than just assuming that it will accept it.

          Will reduce spurious "Confirm user presence" notifications for key handles that relate to FIDO keys that are not currently inserted in at least some cases. bz3366

          * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to allow for the preceding two ECN bits. bz#3373

          * ssh-keygen(1): add missing -O option to usage() for the "-Y sign" option.

          * ssh-keygen(1): fix a NULL deref when using the find-principals function, when matching an allowed_signers line that contains a namespace restriction, but no restriction specified on the command-line

          * ssh-agent(1): fix memleak in process_extension(); oss-fuzz issue #42719

          * ssh(1): suppress "Connection to xxx closed" messages when LogLevel is set to "error" or above. bz3378

          * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing compressed packet data. bz3372

          * scp(1): when recursively transferring files in SFTP mode, create the destination directory if it doesn't already exist to match scp(1) in legacy RCP mode behaviour.

          * scp(1): many improvements in error message consistency between scp(1) in SFTP mode vs legacy RCP mode.

          * sshd(8): fix potential race in SIGTERM handling PR#289

          * ssh(1), ssh(8): since DSA keys are deprecated, move them to the end of the default list of public keys so that they will be tried last. PR#295

          * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match wildcard principals in allowed_signers files

          Portability -----------

          * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's implementation does not work in a chroot when the kernel does not have close_range(2). It tries to read from /proc/self/fd and when that fails dies with an assertion of sorts. Instead, call close_range(2) directly from our compat code and fall back if that fails. bz#3349,

          * OS X poll(2) is broken; use compat replacement. For character- special devices like /dev/null, Darwin's poll(2) returns POLLNVAL when polled with POLLIN. Apparently this is Apple bug 3710161 - not public but a websearch will find other OSS projects rediscovering it periodically since it was first identified in 2005.

          * Correct handling of exceptfds/POLLPRI in our select(2)-based poll(2)/ppoll(2) compat implementation.

          * Cygwin: correct checking of mbstowcs() return value.

          * Add a basic SECURITY.md that refers people to the openssh.com website.

          * Enable additional compiler warnings and toolchain hardening flags, including -Wbitwise-instead-of-logical, -Wmisleading-indentation, -fzero-call-used-regs and -ftrivial-auto-var-init.

          * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version is not reliable.

          Checksums: ==========

          - SHA1 (openssh-8.9.tar.gz) = 653310ba1a63959fe2df503fe7ad556445180127 - SHA256 (openssh-8.9.tar.gz) = mJigktP+Bk0sB7uRPuWgjcCOYZ+mIMdvRlZe66irtQA=

          - SHA1 (openssh-8.9p1.tar.gz) = 205cdf0040a238047e2c49f43460e03d76e5d650 - SHA256 (openssh-8.9p1.tar.gz) = /Ul2VLerFobaxnL7g9+0ukCW6LX/zazNJiOArli+xec=

          Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available from the mirror sites: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc

          Please note that the OpenPGP key used to sign releases has been rotated for this release. The new key has been signed by the previous key to provide continuity.

          Reporting Bugs: ===============

          - Please read https://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com
      • Arch Family

      • Canonical/Ubuntu Family

        • Ubuntu addresses Linux kernel vulnerabilities ● The Register

          Ubuntu has issued a batch of updates that cover the default as well as the AWS and KVM flavours for the current short-term release 21.10, both the original 5.04 and OEM 5.14 builds for the current 20.04 LTS release, as well as 18.04, and, surprisingly, even 16.04 and 14.04.

          While kernel releases trickle out all the time, the last two members of that list – 2016's Xenial Xerus and 2014's Trusty Tahr – emphasise that even very old releases in Extended Security Maintenance or ESM sometimes need a bit of TLC.

          It also might surprise some that multiple different Linux kernels are available for a single product release. Although Ubuntu pushes out a new Long-Term Support (LTS) release every even-numbered year, those get five years of bugfixes.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • OSI: Open source legal awareness needs to grow [Ed: Propping up BFT (scam) using a Microsoft-linked firm, OpenLogic [sic]]

        Second: respondents seem to be exploring blockchain and NFT at a surprisingly high rate. While NFTs got the lowest score of all as “not important”, more than 20% marked both blockchain and NFT as “very important”. I’d be interested to understand why.

      • Events

        • Call for Papers opens for Summit in Albania - openSUSE News

          The openSUSE community has opened the call for papers for a summit that will be held in conjunction with Open Source Conference Albania (OSCAL) 2022.

          People can submit a talk for the openSUSE Summit at OSCAL 2022 from now until April 26 on events.opensuse.org.

          OSCAL will take place from June 18 and 19 in Tirana, Albania, and will gather free (libre) open source technology users, developers, academics, governmental agencies and people who share the idea that software should be free and open for people to study, develop and customize. The conference is organized by Open Labs, which is a non-profit community that promotes the importance of an open source culture in Albania since 2012.

      • Programming/Development

        • JavaScript devs feel language moving in right direction ● The Register

          The State of JavaScript 2021 survey has arrived, a little later than planned (no jokes about language performance, please) and in the wake of a somewhat embarrassing data leak.

          2020's State of JavaScript report came from a survey of 23,000 developers. 2021's was the result of just over 16,000. And although the US leads the way, its share of survey respondents dropped to 14 per cent and Russia climbed to third place behind Germany with 4 per cent.

          Sadly, the vast majority (93.2 per cent) of those who answered the gender question listed themselves as male, up on last year's 91.1 per cent. 82.4 per cent chose to fill out the survey in English. JavaScript might be impressively diverse from a technological perspective, but the same cannot be said for the respondents to this survey.

        • Color Sensor with Arduino Uno: TCS34725 explaination, wiring and code

          To sort out the things with respect to the colors like different color balls, Arduino can interface the TCS34725 that is the cheap and best color sensor which can handle such application

          In this tutorial, I’ll show you how to interface the color sensor TCS34725 with Arduino, explaining with a wiring diagram, code, and components list.

        • Bend Your Vase Mode Prints By Hacking The GCode

          [Stefan] from CNCKitchen wanted to make some bendy tubes for a window-mountable ball run, and rather than coming up with some bent tube models, it seemed there might be a different way to achieve the desired outcome. Starting with a simple tube model designed to be quickly printed in vase mode, he wrote a Python script which read in the G-Code, and modified it allow it to be bent along a spline path.

          Vase mode works by slowly ramping up the Z-axis as the extruder follows the object outline, but the slicing process is still essentially the same, with the object sliced in a plane parallel to the bed. Whilst this non-planar method moves the Z-axis in sync with the horizontal motion (although currently limited to only one plane of distortion, which simplifies the maths a bit) it is we guess still technically a planar solution, but just an inclined plane. But we digress, non-planar in this context merely means not parallel to the bed, and we’ll roll with that.

        • Unreal Engine 5 is now available in Preview! - Unreal Engine

          This release builds upon the features exposed in last year’s Early Access offering, with improvements to performance, quality, and feature-completeness across the board.

        • Dev snapshot: Godot 4.0 alpha 3

          We're continuing on our fortnightly release schedule for alpha snapshots of Godot 4.0 - this time with 4.0 alpha 3. See past alpha releases for details (alpha 1, alpha 2).

          Be aware that during the alpha stage the engine is still not feature-complete or stable. There will likely be breaking changes between this release and the first beta release. Only the beta will mark the so-called "feature freeze".

          As such, we do not recommend porting existing projects to this and other upcoming alpha releases unless you are prepared to do it again to fix future incompatibilities. However, if you can port some existing projects and demos to the new version, that may provide a lot of useful information about critical issues still left to fix.

          Most importantly: Make backups before opening any existing project in Godot 4.0 alpha builds. There is no easy way back once a project has been (partially) converted.

        • 10 of our favorite Jenkins plugins - Octopus Deploy

          As an open-source Continuous Integration (CI) platform, one of our favorite things about Jenkins is its strong community. Nowhere is this more evident than in the Jenkins Plugins Index.

          There are over 1800 user-created plugins in the Index, allowing you to extend Jenkins’ features and change your instance to meet your team’s needs.

        • Perl/Raku

        • Shell/Bash/Zsh/Ksh

        • Java

          • How to create and call a method in Java

            A Java method contains a block of statements/instructions that perform some functionalities only when someone calls the method. When someone calls a java method, multiple statements executes at the backend to provide a certain output. The Java methods provide the reusability of the code, as we have to write/create a method once, and we can use it as many times as we want.

  • Leftovers

    • Hardware

      • Intel acquires Linutronix [LWN.net]

        The plan is evidently to continue to run Linutronix as an independent company rather than absorbing it into Intel.

      • Intel Acquires Linutronix

        Linutronix is comprised of a team of highly qualified and motivated employees with a wealth of experience and involvement in the ongoing development of Linux. Led by CEO Heinz Egger and CTO Thomas Gleixner, Linutronix is the architect of PREEMPT_RT (Real Time) and the leading technology provider for industrial Linux. Gleixner has been the principal maintainer of x86 architecture in the Linux kernel since 2008.

    • Integrity/Availability

      • Proprietary

        • Security

          • Privacy/Surveillance

            • Top U.S. Websites Run Afoul of European Data Privacy Law [Ed: And it's not properly enforced either]

              Leading U.S. websites have failed to abide by European data privacy law, according to research by regulatory compliance software vendor Zendata.

            • Counter Comments to the TRAI for the, "Consultation Paper on Regulatory Framework for Promoting Data Economy Through Establishment of Data Centres, Content Delivery Networks, and Interconnect Exchanges"

              IFF remains deeply committed to net neutrality and data privacy. On February 10th, 2022, IFF filed its main comments to TRAI's ongoing consultation on "Regulatory Framework for Promoting Data Economy Through Establishment of Data Centres, Content Delivery Networks, and Interconnect Exchanges". However, we were troubled by some requests made by telecom service providers and industry bodies. They called for a ‘light-touch’ regulatory framework for Content Delivery Networks as well as increased data monetization, with scant attention paid to regulatory oversight over data privacy and security. IFF has filed counter comments to rebut these suggestions and urged TRAI to develop robust mechanisms to enforce net neutrality and protect data privacy.

              [...]

              First, we called for urgency in creating a multi-stakeholder body (MSB) for the enforcement of net neutrality principles. While India has globally leading regulations on net neutrality on paper, it still lacks an institutional enforcement mechanism. In this regard, TRAI's recommendation in 2020 to set up an MSB was not positively received by the Department of Telecommunications (DoT) due to COVID-19 budget constraints. However, the expenditure curbs have since been relaxed and so budgetary cuts no longer stand in the way. The MSB will prevent Telecom Service Providers (TSPs) from abusing interconnection agreements, and keep technical forms of discrimination, like website blocking, slowing down of web services, etc. in check.

              Second, we cautioned against regulating Content Delivery Networks (CDNs) given existing market efficiency. TRAI and other global regulators have determined that the CDN market is working adequately; it is competitive and provides user benefit. There is also a lack of existing evidence (real data) on any prospective harms, specifically in the Indian market. Hence, to facilitate the growth of the local CDN industry, TRAI should commence a deeper study prior to devising regulation.

            • Bypassing Apple’s AirTag Security - Schneier on Security

              A Berlin-based company has developed an AirTag clone that bypasses Apple’s anti-stalker security systems. Source code for these AirTag clones is available online.

              So now we have several problems with the system. Apple’s anti-stalker security only works with iPhones. (Apple wrote an Android app that can detect AirTags, but how many people are going to download it?) And now non-AirTags can piggyback on Apple’s system without triggering the alarms.

            • Apple Airtags' anti-stalker features can be bypassed – claim ● The Register

              An infosec startup says it has built an Apple Airtag clone that bypasses anti-stalking protection features while running on Apple's Find My protocol.

              Source code for the clones were published online by Berlin-based infosec startup Positive Security (not to be confused with US-sanctioned cybersecurity outfit Positive Technologies), which said its tags "successfully tracked an iPhone user... for over five days without triggering a tracking notification."

              The user consented, added Positive's Fabian Bräunlein in a blog post explaining his findings.

    • Civil Rights/Policing

      • Go back to the drawing board: Kenya must scrap unconstitutional Huduma Bill 2021 - Access Now

        Civil society organizations are making their voices heard in Kenyan parliament, and the message is clear: the unconstitutional Huduma Bill 2021 must be scrapped.

        Currently sitting before parliament, the noxius draft bill that will transition the nation over to a new catch-all digital identity system stands to facilitate the violation of constitutionally guaranteed human rights including the rights to privacy, freedom from discrimination, freedom and security of the person, as well as socio-economic and citizenship rights.

        Huduma, which requires primary identification documents for registration, stands to potentially exclude people already affected by the shortfalls of the existing identification program — including border communities who are subjected to tough vetting processes to attain identification, and people at risk of statelessness.

        “The Kenyan parliament continuing to push the harmful Huduma bill through the legislative process is not only a waste of public resources, it’s telling the people of Kenya that their constitutional rights are nothing but words on paper,” said Elias Okwara, Africa Policy Manager at Access Now. “The government must withdraw this bill, and go back to the drawing board.”

      • Public petition: withdraw the Huduma Bill 2021 - Access Now
    • Monopolies



Recent Techrights' Posts

Congratulations to Debian Project Leader (DPL) Andreas Tille
It would not be insincere to say that Debian has issues and those issues need to be tackled, eventually
David Graeber, village wives & Debian Outreachy internships
Reprinted with permission from disguised.work
The Latest Wave of Microsoft Crime, Bribes, and Fraud
Microsoft is still an evil, highly corrupt company
Links 19/04/2024: Running a V Rising Dedicated Server on GNU/Linux and More Post-"AI" Hype Eulogies
Links for the day
[Video] Novell and Microsoft 45 Years Later
what happened in 2006 when Novell's Ron Hovsepian (who had come from IBM) sealed the company's sad fate by taking the advice of Microsoft moles
EPO “Technical” Meetings Are Not Technical Anymore, It's Just Corrupt Officials Destroying the Patent Office, Piecewise (While Breaking the Law to Increase Profits)
Another pillar of the EPO is being knocked down
 
Links 20/04/2024: Apple is Censoring China’s App Store for the Communist Party of China
Links for the day
Links 20/04/2024: Accessibility in Gemini and Focus Time
Links for the day
20 April: Hitler's Birthday, Debian Project Leader Election Results
Reprinted with permission from Daniel Pocock
September 11: Axel Beckert (ETH Zurich) attacks American freedoms
Reprinted with permission from Daniel Pocock
20,000 victims of unauthorized Swiss legal insurance scheme
Reprinted with permission from Daniel Pocock
Matthew Garrett, Cambridge & Debian: female colleague was afraid
Reprinted with permission from disguised.work
Neil McGovern & Ruby Central part ways
Reprinted with permission from disguised.work
Links 20/04/2024: Chinese Diplomacy and 'Dangerous New Course on BGP Security'
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 19, 2024
IRC logs for Friday, April 19, 2024
Gemini Links 19/04/2024: Kolibri OS and OpenBSD
Links for the day
[Meme] EPO “Technical” Meetings
an institution full of despots who commit or enable illegalities
Red Hat Communicates the World Via Microsoft Proprietary Spyware
Red Hat believes in choice: Microsoft... or Microsoft.
Sven Luther, Lucy Wayland & Debian's toxic culture
Reprinted with permission from disguised.work
Chris Rutter, ARM Ltd IPO, Winchester College & Debian
Reprinted with permission from disguised.work
[Video] Microsoft Got Its Systems Cracked (Breached) Again, This Time by Russia, and It Uses Its Moles in the Press and So-called 'Linux' Foundation to Change the Subject
If they control the narrative (or buy the narrative), they can do anything
Links 19/04/2024: Israel Fires Back at Iran and Many Layoffs in the US
Links for the day
Russell Coker & Debian: September 11 Islamist sympathy
Reprinted with permission from disguised.work
Sven Luther, Thomas Bushnell & Debian's September 11 discussion
Reprinted with permission from disguised.work
G.A.I./Hey Hi (AI) Bubble Bursting With More Mass Layoffs
it's happening already
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 18, 2024
IRC logs for Thursday, April 18, 2024
Coroner's Report: Lucy Wayland & Debian Abuse Culture
Reprinted with permission from disguised.work
Links 18/04/2024: Misuse of COVID Stimulus Money, Governments Buying Your Data
Links for the day
Gemini Links 18/04/2024: GemText Pain and Web 1.0
Links for the day
Gemini Links 18/04/2024: Google Layoffs Again, ByteDance Scandals Return
Links for the day
Gemini Links 18/04/2024: Trying OpenBSD and War on Links Continues
Links for the day
IRC Proceedings: Wednesday, April 17, 2024
IRC logs for Wednesday, April 17, 2024
Over at Tux Machines...
GNU/Linux news for the past day