Bonum Certa Men Certa

Links 2/3/2022: Windows Sliding Down and Procmail Considered Harmful

  • GNU/Linux

    • Desktop/Laptop

    • Audiocasts/Shows

    • Kernel Space

      • [LWN] Linux 5.16.12
        I'm announcing the release of the 5.16.12 kernel.
        
        

        All users of the 5.16 kernel series must upgrade.

        The updated 5.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

        thanks,

        greg k-h
      • [LWN] Linux 5.15.26
      • [LWN] Linux 5.10.103
      • [LWN] Linux 5.4.182
      • [LWN] Linux 4.19.232
      • [LWN] Linux 4.14.269
      • [LWN] Linux 4.9.304
      • What the Tech: The ‘2038 problem’ is real and threatens digital infrastructure worldwide

        Two events pose a threat to Americans’ ability to connect to the internet. Hackers have always posed a threat through DNS attacks, or denial of services. Another threat is known through the cyber security world as the “2038 problem” which may cause computer problems similar to the fears over the Y2K bug of 20 years ago. The year 2038 problem is 16 years in the future, but the threat can already be seen. Take your own smartphone. Open settings and try to change the date on the calendar to the year 2038. You can’t because a math glitch prevents many computers to see past 2037. When computer programmers built the Unix code in 1970, they used a 32-bit system that counted seconds. As other programs and systems built on the Unix code, they, in a sense, created an “expiration date of some 2.1 billion seconds.

      • Luca Ceresoli joins Bootlin team

        The entire team at Bootlin is extremely happy to welcome Luca Ceresoli, who started working with us on March 1, 2022. Based in Italy, Luca is the first employee of Bootlin based outside of France, and we plan to continue to expand our hiring in a similar way in the future.

      • Torvalds moves Linux to C11

        Old one out-of-date, but this one goes to 11 Linus Torvalds is about to shift Linux from a version of C which is so old it was written before the fall of the Soviet Union – C89. Torvalds has said that it is time to move to something more modern starting with kernel 5.18. Linux had planned to move to a newer standard eventually with C99 being the next version. However, a recent patch to a security problem revealed that there could be problems with C99.

    • Applications

      • [Make Use Of] The 5 Best System Cleaning Apps for Your Linux Desktop

        Linux-based operating systems have complex structures. When you add a file or install an app, the system performs some arrangements by making the right configurations files to support the file or application. These configuration files stack up and consume the system space. Similarly, when you install an update for the OS, it leaves backup files behind. This leftover data affects the system's performance. To remove these temporary files and keep your computer optimized, there are system cleaning apps available for Linux. So, let's look at five of the best system cleaning apps for Linux that are free to use.

    • Instructionals/Technical

      • How to Install SuiteCRM on Ubuntu 20.04 - RoseHosting

        SuiteCRM is an open-source Customer Relationship Management (CRM) software solution that provides a 360-degree view of your customers and business. It is a fork of the popular open-source SugarCRM Community Edition.

      • How to install Flightgear on Zorin OS 16 - Invidious
      • How To Install aaPanel on Debian 11 - idroot

        In this tutorial, we will show you how to install aaPanel on Debian 11. For those of you who didn’t know, aaPanel is a free and open-source hosting control panel for Linux. It’s easy to install & all the web hosting options are well-categorized for easily managing websites and databases. Currently, aaPanel supports Debian, Ubuntu, and CentOS. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the aaPanel free and open-source hosting control panel on a Debian 11 (Bullseye).

      • How to install Rosegarden on a Chromebook

        Today we are looking at how to install the Rosegarden DAW workstation on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • Touch Command on Linux: Tutorial and Examples - Linux Stans

        In this tutorial, we’re going to show you what the touch command is, how to use it, and include practical examples of using the command. Unlike other commands that you should never run on Linux, the touch command is actually recommended and often used by everyone on Linux.

      • Access and modify virtual machines disk images with libguestfs tools

        In a previous article, we saw how to create kvm virtual machines from the command line; in this tutorial, instead, we learn how to access and modify virtual machines disk images, using some utilities which are part of the libguestfs package on the most commonly used Linux distributions. Those tools let us perform a variety of tasks. We will focus on some of them, like virt-filesystems and guestmount, which can be used to list filesystems existing on guest disk images, and mount them on the host system, respectively.

      • Terraform Variable with Example

        We learned about the terraform variable in the previous article. Let’s start with an example. Let’s set the terraform provider to AWS with the access key, secret key, and region where we wish to build these resources, as usual.

      • Install OpenVAS – Open Vulnerability Assessment Scanner

        Today you will learn how to install OpenVAS. OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.

      • Suricata Network IDS integration€ with WAZUH

        This post is about Suricata Network IDS integration with WAZUH. Wazuh is an excellent HIDS (Host-based Intrusion Detection System) among other things. In addition to it’s rule-based analysis of log events from agents and other devices, it also performs file integrity monitoring and anomaly detection. This provides a great deal of insight into the security of your digital assets. However, some security issues are most successfully detected by inspecting a server’s actual network traffic, which generally is not accounted for in logs. This is where a NIDS (Network Intrusion Detection System) can provide additional insight into your security in a way that is highly complimentary to the HIDS functionality in Wazuh. Suricata is one such NIDS solution, which is open source and can be quickly deployed either on dedicated hardware for monitoring one or more transit points on your network, or directly on existing Unix-like hosts to monitor just their own network traffic. Because Suricata is capable of generating JSON logs of NIDS events, it integrates beautifully with Wazuh.

      • Terraform's Variable

        The customer receives a response as soon as he opens the URL. The request then uses a mapping of IP addresses from DNS records to identify its destination, landing on a server that owns this IP, and the server processes to give a response, which is then transmitted back to the request’s origin. Because we’re using Amazon Web Services (AWS), we’ll use an EC2 instance. In production, simply having an EC2 instance that can process requests is insufficient. Virtual private cloud plays an important role to separate networks and other virtual networks from the cloud(AWS).

      • Why should you use Terraform and how does it work?

        Terraform core works with two different input sources. Terraform configuration is the first source. You specify what needs to be created or provisioned in this section. Terraform’s second source for keeping up-to-date configuration files is state. As a result, terraform core analyses the data and implements a plan for finishing the work at hand. It compares the state, what is the present state, and the configuration you want as a final result. It decides what’s to be performed in accomplishing the configuration file’s desired state. To develop or provision the infrastructure, it estimates what has to be created, updated, and destroyed.

      • How to Open Ports in Linux

        Need to connect to an outside PC or server—or need another PC or server to connect to you? If you’re running Linux, you’ll need to make sure the right port is open. While other operating systems usually have some graphical tool for this, Linux isn’t so simple. We’ll walk you through how to open ports in Linux below.

    • Games

    • Distributions

      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

      • SUSE/OpenSUSE

      • IBM/Red Hat/Fedora

        • [Linux Magazine] Fedora 36 Beta Now Has a Release Date
          It's official, Fedora 36 now has two different release dates. If things go as planned, the beta of the distribution will become available on March 15, 2022. If there's a delay, Fedora 36 will be released on March 22, 2022. Once the public beta testing is complete, the official release will be April 19, 2022, or, if there's a delay, April 26, 2022. As for new features, the most notable will be the addition of GNOME 42, which improves both UI and functionality. The changes to GNOME 42 include a system-wide dark theme preference, wallpapers for both dark and light themes, updates to the folder icon theme, even more support for libadwaita, an improved System Settings application (thanks to GTK 4), a new default text editor (shifting from Gedit to GNOME Text Editor), and an improved screenshot tool and native screen recording.

        • Red Hat Training And Certification Expands Offerings For Partners

          Red Hat has announced that Red Hat Training and Certification is expanding its offerings for partners in order to advance their skills journey with open hybrid cloud technologies. Red Hat partners can now access Red Hat Training self-paced online courses at no cost in order to develop critical skills around Red Hat solutions in key areas such as cloud computing, containers, virtualization, automation and more.

        • David Cantrell: rpminspect-1.9 released

          rpminspect 1.9 is now available. The last release was in November of 2021, so this release includes a lot of new functionality and bug fixes. Among the many changes and bug fixes is the addition of the rpmdeps inspection. This inspection checks for consistency and expected changes in dependency tags in build comparisons. It also checks to ensure subpackages that gained automatic shared library dependencies also carry the appropriate explicit dependency on the providing package (in cases where the providing package is another subpackage in the build).

      • Debian Family

        • Ben Hutchings: Debian LTS work, February 2022

          In February I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 8 hours from January. I worked 16 hours, and will carry over the remaining time to March. I spent most of my time triaging security issues for Linux, working out which of them were fixed upstream and which actually applied to the versions provided in Debian 9 "stretch". I also rebased the Linux 4.9 (linux) package on the latest stable update, but did not make an upload this month.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • [Mozilla] How to secure your data in less than 10 minutes

            Data Privacy Day has come and gone. But here at Mozilla, helping educate people around online privacy is so important to us that we want to be your guide to protecting your data over the next four weeks. Save this page on Pocket, come back every Wednesday and find a couple of quick things you can do to help you live your best and most secure digital life. Don’t wait for the next data privacy settlement or breach. Put on a playlist and you’ll be done by the time your favorite song ends.

      • Productivity Software/LibreOffice/Calligra

    • Standards/Consortia

      • OGC Code Sprint: developing open standards and software

        The Open Geospatial Consortium (OGC) has organised a code sprint, along with two other organisations which promote open source software: the Open Geospatial Foundation (OSGeo) and the Apache Software Foundation (ASF). Both OSGeo and ASF have several projects which implement OGC data standards. At Ordnance Survey, we think it’s essential to encourage OS developers to be part of the conversation and development of the open data standards used in our products and services. That’s why we are sponsoring OGC’s code sprint event, and as an OGC member, we implement many OGC standards on the OS Data Hub.

      • War and the Power of Standards - ConsortiumInfo.orgConsortiumInfo.org

        The unleashing of unprovoked acts of violence against the people of Ukraine has both horrified and united much of the world against Russia. Even historically neutral Switzerland has condemned Putin’s aggression. And aid is flooding into the beleaguered democracy from around the world. Why? Not because the Russian Federation has breached any existing treaty, but because Putin has violated widely shared standards of conduct and decency. And while nations have the sovereign right to withdraw from written agreements, they are powerless to disavow an international consensus over what nations may and may not do. Or to avoid the consequences when they violate that consensus.

  • Leftovers

    • Science

      • [Hackaday] You Can Find Military Radars On Publicly-Available Satellite Data | Hackaday

        When it comes to hunting down military radar installations and associated hardware, we typically think of equipment that is firmly in the price bracket of nation states and their military forces. Whether it’s early warning radar, those used for air defence, or for naval purposes, you’d think it was relatively difficult to intercept or track these emissions. However, a new tool built by geocomputation lecturer Ollie Ballinger shows this isn’t the case. In fact, openly-available data captured via satellite can be used to find all manner of military radar emitters. Let’s explore how!

    • Hardware

      • [Hackaday] Electric Jet Engine Uses 3D Printed Compressor, Skips The Turbine Altogether. | Hackaday

        Turbojet engines are an incredible piece of 20th century engineering that except for some edge cases, have mostly been replaced by Turbofans. Still, even the most basic early designs were groundbreaking in their time. Material science was applied to make them more reliable, more powerful, and lighter. But all of those incredible advances go completely out the window when you’re [Joel] of [Integza], and you prefer to build your internal combustion engines using repurposed butane canisters and 3d printed parts as you see in the video below the break.

      • [Hackaday] Learn To Play Guitar, Digitally | Hackaday

        Learning to play a musical instrument takes a major time commitment. If you happened to be stuck inside your home at any point in the last two years, though, you may have had the opportunity that [Dmitriy] had to pick up a guitar and learn to play. Rather than stick with a traditional guitar, though, [Dmitriy] opted to build his own digital guitar which is packed with all kinds of features you won’t find in any Fender or Gibson.

    • Integrity/Availability

      • Proprietary

        • Security

          • [The Anarcat] procmail considered harmful - anarcat

            procmail is a security liability and has been abandoned upstream for the last two decades. If you are still using it, you should probably drop everything and at least remove its SUID flag. There are plenty of alternatives to chose from, and conversion is a one-time, acceptable trade-off.

          • Privacy/Surveillance

    • Defence/Aggression

      • [NewYorkTimes] A Group Founded by Colin Kaepernick Is Providing Free Second Autopsies

        A group founded by the former N.F.L. quarterback Colin Kaepernick started this week to offer free secondary autopsies for families of people who died under “police-related” circumstances. A certified autopsy can be prohibitive, sometimes costing $5,000 or more, so those without means have had to rely on the official inquiry conducted by a medical examiner or coroner. But proponents of a second autopsy argue that forensic pathology is not an exact science, and that medical experts can have differing opinions that are sometimes colored by bias. Not having the means for an independent autopsy — a second opinion, in medical speak — prohibits one’s access to equal justice, supporters of Mr. Kaepernick’s initiative said. “There is definitely a deep-seated subconscious bias — and in some instances a conscious bias — on the part of medical examiners vis-à-vis police-related deaths,” Dr. Cyril H. Wecht, one of country’s most famous forensic pathologists and one of the board-certified examiners who will be conducting autopsies as part of this effort, said in an interview on Thursday.

    • Environment



Recent Techrights' Posts

A Dozen Observations About "UEFI 9/11" Deflections
What we are expected to see, tentatively
The World's Richest Ponzi Scheme (Faking Value Using Net Waste)
The higher they go the harder they fall
We Could Dual-Boot Back in the 1990s, Why Has This Become So Difficult?
And prone to breakage
Slopwatch: Google News is Still Promoting Many Fake Articles About "Linux", in Effect Rewarding Misinformation and Plagiarism
things continue to deteriorate
They Say That People Are Afraid of or Worried About "Hey Hi", But the Worriers Should be the Fools Who Invested in It
At the end of the day nobody should worry more than those who invested their money in this bubble
 
Longtime Red Hat Staff: Maybe Just Disable 'Secure Boot'
A refreshing take from Adam Williamson
Gemini Links 11/09/2025: Playdate Console, Dichotomy between the Real and the Digital
Links for the day
The Microsoft AstroTurfing and Microsoft-Led Blame-Shifting Tactics Are Ahead of Us
Of course it has nothing to do with security, it's about control, i.e. them controlling everything
Celebrating Assassination is Bad Because It Legitimises Assassination of the People You Like, Too
Condoning or even celebrating political assassinations is bad optics (and taste)
Being Conditioned to Accept Unreliable Computer Systems That Fail With Black Screen of Death (BSoD)
Welcome to 2025
New Series: The Coup Against GNU/Linux Has Begun
today, this year in particular, we shall also focus on Secure Boot, which is sold based on a lie and tortures many computer user
New Paper on "BYOVD, but in firmware. Signed UEFI shells, vulnerable modules offer new paths for Secure Boot bypasses."
One might say digital "security theatre"
Links 11/09/2025: Oracle Layoffs, Drunk Pilots in Japan Airlines, US-Korea Tensions Grow
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 10, 2025
IRC logs for Wednesday, September 10, 2025
Xubuntu Site Compromised
Let's hope it is not a security breach
Links 10/09/2025: Retaliation at Facebook and Microsoft Reveals Almost 100 Security Holes
Links for the day
Gemini Links 10/09/2025: Annihilation of Self, The Future Eaters, and Leaving Academia
Links for the day
Harassment evidence: franceinfo's Clara Lainé report on Ubisoft prosecution
Reprinted with permission from Daniel Pocock
Links 10/09/2025: Microsoft Layoffs in "RTO" Clothing and Windows TCO, GitHub TCO
Links for the day
Blaming Everything on China
TikTok works for China. GAFAM works for fascists.
People Get Tired of "Hey Hi" (AI), Unlike the Subservient Money-Obsessed Media That Gets Paid to Pretend This Bubble Still Matters
"crash will be way bigger than dot.com burst in 90s. and that was Internet, actually transformative technology, not this expensive AI toy with direct dependency on the energy input which is not scalable"
Brett Wilson LLP Accepts That the Serial Strangler From Microsoft Filed a Case That Also Implicates My Wife (Everything is Connected)
They used to pretend that there were two separate cases
10 Reasons to Disable (or Enable) UEFI Secure Boot
Tomorrow the "trusted corporation" Microsoft will see a certificate expire
Gemini Links 10/09/2025: Hospital and Large Feeds
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 09, 2025
IRC logs for Tuesday, September 09, 2025
The Bluewashing of Red Hat is Being Completed, Many Staff Understand They'll be Made Redundant
Jim AllowHurst (Whitehurst) is meanwhile promoting Microsoft's agenda from within other companies
Throwing Away "Old" Computers (Mozilla and Other Climate Deniers)
Mozilla is not leftist
statCounter Sees GNU/Linux Exceeding 10% in Bulgaria This Month
What can Microsoft still do to stop GNU/Linux?
Dark Patterns
Microsoft saying "security" is like a Convicted Felon in the White House saying "law and order".
It's Almost Fall (Autumn)
To "Facebook prison" you are bound
Bruce Schneier About "Secure Boot"
Bruce Schneier isn't a fan of "Secure Boot"
Links 09/09/2025: Microsoft Mass Layoffs Again and "RTO" (Timed Like It Serves as a Distraction From the Mass Layoffs)
Links for the day
RMS Told Microsoft to Stop 'Secure Boot' (He Even Went There to Say That), But They Didn't Listen
Dr. Stallman (RMS) assumed that speaking to sociopaths would work
What Richard Stallman Told Me About 'Secure' Boot in 2012
"if the user doesn't control the keys, then it's a kind of shackle"
Those Who Helped Microsoft Weaponise "Secure Boot" Against GNU/Linux and BSDs Are Fleeing
Microsofters doing what they do best: they evade accountability
Simple is Better, Simplicity is Power
That is "the advantage of having commodity GNU/Linux systems," an associate notes
Much Ado About Nonsense
Microsoft Lunduke is still all dramatisation and sensationalism
Current Events in France
It needs to dump Microsoft and other GAFAM (US) giants, move to Free software
Further Media Cut-downs
media reporting about the media being cut
Links 09/09/2025: US-Korea Tensions and Meta Whistleblowers
Links for the day
Gemini Links 09/09/2025: Moon Eclipse and ROOPHLOCH Reports
Links for the day
Links 09/09/2025: “Torrents of Hate” and Political Crisis in France
Links for the day
Gemini Links 09/09/2025: "Dedigitizing" and Forgejo on FreeBSD
Links for the day
Google News (Not Just Google Search) Lets Itself by Gamed by One Slopfarm - to the Point Almost Half of "Linux" News is Bot-Produced Plagiarism (LLM Slop With Slop Images)
That says a lot about what Google thinks of quality, even in Google News
Bill Gates-Funded Media Inadvertently Refutes the Microsoft Lie That in 2025 Microsoft Had Just Two Waves of Layoffs
There were about 12 rounds of layoffs so far in 2025
Official SUSE Blog Still Uses LLM Slop (Bots) to Make Fake Articles (Marketing)
The company is all about sound bites
Companies Realise That Slop Doesn't Work as Advertised, Accordingly Dump It
"Hype dims as a country-wide survey of US corporations shows a sudden drop-off in AI use among firms with more than 250 employees."
Microsoft-Funded Lawsuits Against Critics of UEFI 'Secure Boot'
Remember that no company (or law firm) ever survives collaborations with Microsoft
From theregister.co.uk to theregister.com (US) to The Register MS (Run by Microsoft Operatives) and theregister.ai
The best way to break this racket (or cycle of hype and harm) is to break the chains of funding
Open Source Initiative (OSI) Culture of Censorship Necessitates More Speech
The OSI bans dissent or people who merely point out that the OSI is abusive
How to Reach Us Discreetly (Other Than Encrypted E-mail)
We're still managing to maintain a 100% source protection record. We soon turn 19.
LLMs Are Vastly Worse Than a Waste of Energy and the Externalities Are Huge
Worse than just higher power bills for everybody
LLMs Versus Search (Not Replacing Search But Engaging in DDoS Attacks Against Web Sites That Permit Searching)
The state of the Web isn't just bad; it's utterly terrible
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 08, 2025
IRC logs for Monday, September 08, 2025
It's Only the Second Week of September and Already Two Waves of Layoffs at Microsoft, Slopfarms and Microsoft-Funded Sites Spin It as "AI Investments" Rather Than Commercial Failure
A very large third one expected next week
The UEFI 9/11 - Part IX - Shunning Old Computers (in 2023 the Certificate Was Updated/Overridden, Underlying Aim May Be Herding/Forcing People to Get TPM and Other 'Novel' Restrictions)
the "upgrade treadmill"