Bonum Certa Men Certa

Links 12/3/2022: Lots of Microsoft Windows Ransomware in Ukraine and Arch Linux Turns 20

  • GNU/Linux

    • Tom's GuideHere's how I brought a 2010 MacBook Pro back to life | Tom's Guide

      It was a fun experiment, but I suddenly had a functioning Linux laptop, albeit an old one, that I had no idea what to do with. Other than a long boot process, the MacBook performs very well given its age. So I decided that I wanted to use it to learn Python, an intimidating process I have yet to start.

    • Audiocasts/Shows

    • Kernel Space

      • WCCF TechIntel's Third Xe-HPG Powered DG2 GPU Spotted: DG2-256 'SOC3' With 256 EUs, 2048 ALUs

        Intel's third DG2 GPU based on the Xe-HPG architecture, the SOC3, has been spotted within Intel's Graphics System Controller Firmware Update library in Linux.


        Spotted within the IGSCU FU in Linux, the Intel SOC3 which is the codename for the DG2-256 GPU has been spotted. As the name suggests, this chip features 256 Execution units, making up a total of 2048 ALUs. Simply put, the SOC3 is half the core configuration of the SOC1 which means that it will be smaller and easier to manufacture.

    • Applications

      • Ubuntu Pit8 Best Whiteboard Apps for Linux: Useful for Teachers & Project Planners

        When we are at a conference and want to present our projects in front of colleagues, a whiteboard is a mandatory tool we need for the presentation. But when it is a virtual conference, we cannot just use a manual whiteboard as people on another side of the device may not properly observe what’s on the board. However, there are many virtual whiteboards for Linux available to help in your virtual conference. These apps are also very essential for virtual classes too.

      • Linux Links8 Best Free and Open Source Wireless Security Tools

        Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network.

        To improve wireless security it’s important to be aware of measures that are used to bypass security. We cover software that’s useful for penetration testing and security assessment. Target users include security professionals and pentesters.

      • Make Use OfUlauncher: A Powerful Linux App Launcher to Improve Your Productivity

        App launchers enable you to launch apps and find files on your computer's local storage with ease. Apart from searching local storage, some app launchers even let you look up things on the web, perform calculations, run shell commands, and translate text, among other things.

        If you're on Linux, there are several app launchers you can use to streamline your system operations. Ulauncher is one of these. It's touted to be the fastest app launcher on Linux with an extensive extensions library.

        Let's dive right in and explore Ulauncher in more detail.

    • Instructionals/Technical

      • Automount USB storage with Raspberry PI OS Lite: fstab and autofs

        While Raspberry PI OS Desktop has the ability to automatically mount external USB devices on plug in, the Lite version doesn’t include this feature. For this reason, projects needing USB storage automounted on Raspberry PI must include some settings to find the storage ready from boot

      • Make Use OfA Complete Guide to Linux File Ownership and Groups

        When you run into a problem with file permissions on Linux, quite often the source of your frustration will have something to do with settings pertaining to either the file’s owner or group. It’s pretty much inevitable that if you use Linux regularly, at one point or another, you are going to have to change a file or directory’s owner or group setting to fix a problem.

        In this article, we’re going to demystify the concepts of Linux file owners and groups and show you how they affect who can access and manipulate the data on your system.

      • Generate Key Pair With OpenSSL And Import To PKCS#11 Token | Zamir's Board

        As I’m playing with PKCS#11 token a lot recently, I’m now thinking about generating all essential data off the card and then importing. This is less secure but makes backup possible. So I tried with OpenSSL to generate everything needed.

      • ID RootHow To Install LibreOffice on Debian 11 - idroot

        In this tutorial, we will show you how to install LibreOffice on Debian 11. For those of you who didn’t know, LibreOffice is a free and open-source office-suite productivity software. It is a free alternative for Microsoft Office. The LibreOffice suite comprises programs for Writer (word processing), Calc (spreadsheets), Impress (presentations), Draw (vector graphics and flowcharts), Base (databases), and Math (formula editing).

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of LibreOffice’s open-source cross-platform office suite on a Debian 11 (Bullseye).

      • Steinar H GundersonSteinar H. Gunderson: kitty rxvt-like config

        kitty is a terminal with some nice features (I particularly like the focus on low latency, and the best-in-class support for emoji) but with a rather unusual default configuration. Since everybody's opinions are bad, I will offer my own configuration so far to get a bit closer to classic terminals' defaults...

      • The New StackDeploy Portainer for Easier Container Management – The New Stack

        Containers can be a real challenge to manage. With so many moving parts and commands to work with, life can get a bit challenging. This is especially so as you scale up your deployments. One to make this a bit easier on you and/or your dev teams is to make use of a GUI tool that can be accessed from anywhere on your LAN. That way all of your developers can work much more efficiently, effectively, and reliably.

        One such tool for this task is Portainer. This GUI can be deployed on top of Kubernetes, Docker, or Docker Swarm works seamlessly on a third-party cloud host or can be used on-prem or even at the edge.

        Portainer gives you complete control over your containers, allowing you to pull images, create containers, networks and endpoints, and create registries. For anyone looking to employ a GUI to manage containers, you could do a lot worse than Portainer.

      • How to install TFTP server on Debian 11 | FOSS Linux

        Trivial File Transfer Protocol, well known as TFTP, is a simple lockstep File transfer protocol that lets a client get a file from or rather put a file onto a remote host. One of its basic uses is in the early phases of nodes booting from a local area network.

        In simple terms, the TFTP server is a depicted protocol that functions on user Datagram Protocol. However, unlike FTP, it does not utilize Transmission Control Protocol (TCP) to transfer data.

        Most preeminently, the implementation of the TFTP server protocol is enforced where security and authentication are not mandatory. This is the primary reason it is barely exercised in a computer network as it lacks the required security measures hence rendering it vulnerable over the internet.

        For that reason, its application is usually helpful in transferring boot and configuration files among linking PCs in a confined network setup.

      • How To Remove Files And Directories In Linux [Examples] |

        How To Remove Files And Directories In Linux With Examples. There are multiple ways to remove files and directories in Linux.

      • ID RootHow To Install Tixati on Ubuntu 20.04 LTS - idroot

        In this tutorial, we will show you how to install Tixati on Ubuntu 20.04 LTS. For those of you who didn’t know, Tixati is a simple yet powerful BitTorrent Client application. Tixati is used to download torrent files like Utorrent. This app supports a cross-platform application available to download on all popular operating systems (Microsoft Windows, Linux) excluding macOS.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Tixati torrent client on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • How to Enable OpenLDAP Audit Logging -

        In this tutorial, you will learn how to enable OpenLDAP audit logging. OpenLDAP uses Auditlog overlays to record any changes made to the database to a specified log file.

      • nixCraftHow to trim leading and trailing white space in bash

        So I have this specific use case where I get data in a comma-separated values (CSV) file. I pick up the company name, address, telephone, email, and some other data from that file. Once data is collected, I create a final pdf using a simple script.

      • Linux CapableHow to Install Python 3.11 on Fedora 36 Linux - LinuxCapable

        Python is one of the most popular high-level languages, focusing on high-level and object-oriented applications from simple scrips to complex machine learning algorithms. Python is famous for its simple, easy-to-learn syntax, emphasizes readability, and reduces program maintenance costs and more straightforward conversion to newer releases. Python supports modules and packages, and one of the many is the popular PIP package manager.

      • H2S MediaHow to install Telegram on Debian 11 Bullseye - Linux Shout

        Learn the easy steps to install Telegram messenger on Debian 11 bullseye Linux desktop for chatting, voice call, and much more…

        If you are familiar with WhatsApp, then Telegram would not require a detailed introduction because it is a similar kind of application. Similar to WhatsApp, users can install Telegram on their smartphone and get registered using the cell phone number to chat with other users of Telegram. You can share or download images, videos, documents and files very easily via it. Further, it is also possible to make video and voice calls, create polls, groups, and channels to connect with each other. Telegram is particularly popular because of the latter function.

        One of the popular features that make Telegram popular is its subscription system for channels, which works similarly to YouTube: according to your interests, you can subscribe to channels in Telegram. If the channel operator posts new content, you can see it in the chat overview. Users can easily select posted content and forward it to family and friends. This makes it clear from which user or channel the content originally comes. In this way, you can quickly find new channels for your own interests. Also, it offers broadcast functions as WhatsApp has.

      • Ubuntu freezing or not starting in VirtualBox

        Virtual Machines are like a gateway to enjoying multiple OSs on a single system. A Windows user can enjoy Linux, Mac, and other operating systems. However, a lot of users are complaining that Ubuntu is freezing in Oracle VirtualBox. We are going to resolve this issue with some simple solutions.

      • Make Use OfHelp! Backspace Doesn't Work in the Linux Terminal

        The Backspace key isn't something you normally think about too much, but sometimes you might find it doesn't work correctly in the terminal, especially when logged in to a remote machine, echoing "^H" instead of erasing what you've typed.

        Fortunately, this is easy to fix with a simple command.

    • Wine or Emulation

      • Ubuntu HandbookWine 7.4 Dev Released! Vkd3d bundle, Defauts to Light Theme | UbuntuHandbook

        Wine 7.4, the new development of the compatibility layer capable of running Windows apps on Linux, is out.

        The new release bundled Vkd3d, 3D graphics library built on top of Vulkan, for its implementation of Direct3D 12.

        Other changes include defaults to ‘Light’ theme, WineD3D, D3D12 and DXGI modules converted to PE, more large scale cleanups to support ‘long’ type. And, there more than a dozen of bug-fixes. See more here.

    • Games

      • Boiling SteamKingdom of the Dead: Obra Dinn FPS, Review on Linux - Boiling Steam

        I haven’t told you yet, but I have a great admiration for the game Return to Obra Dinn. When I saw that someone took the visual concept and re-implemented it inside a shooter called Kingdom of the Dead, I had to give it a try.

      • GamingOnLinuxSteam Deck Verified has issues, Grand Theft Auto V edition | GamingOnLinux

        As I continue to use the Steam Deck that Valve sent over for both work and play, I tried Grand Theft Auto V and the initial setup was a massive nuisance. See also: How Valve Can Make the Deck Verified Program Better

        This is a game that has gone through verification, to get a Deck "Playable" rating. This means it should work well but may have some minor annoyances like small text or a part requiring the touch screen. Here though, it was far worse and this is the short story of a semi-eventful Saturday night where I just wanted to play a game that I picked carefully enough — or so I thought.

        On first launch with Proton 7, what it was verified against, it tells you it needs to install the Rockstar Launcher before you can play. The annoyance begins here of course as I've already waited on a 100GB download. I was at least pre-warned on this since I read the compatibility note. Fine then, let's do it. Except during the launcher install Rockstar gave an error telling me that it simply couldn't proceed. It gave an option to retry with a button I clicked, but that totally failed again. Clearly not a good experience right away. Playable — apparently.


        Really, Valve needs to take another look at how they run Deck Verified if trust in it is to be a real thing. Otherwise, like my friend Nick from The Linux Experiment said in our big collaboration video, the green Verified tick will end up meaningless if strict standards aren't followed. The same of course applies to the Playable category too.

    • Distributions

      • Linux Links6 Best Open Source Firewall Distros (Updated 2022)

        Security is paramount. Security involves defense in depth. Approaching security one step at a time, with consistency and rigour, you can mitigate threats, and keep intruders at bay.

        Intruders use a variety of different techniques in an attempt to compromise a system. For example, systems can be attacked by denial of service, cracking, intrusion, snooping (intercepting the data of another user), or viruses/worms/Trojan horses. To have a secure box, a system therefore needs a variety of defenses.

      • New Releases

        • The Register UKAfraid of the big bad Linux desktop? Zorin 16.1 is here

          Zorin 16.1 has arrived, marking the first major update of the Linux distribution since August's release.

          Unashamedly user-friendly, with an interface unlikely to scare off Windows or Mac users, the most eye-catching element of the update is LibreOffice 7.3, replete with better Microsoft Office compatibility, improved performance, and tweaks for dark mode fans.

          Based on Ubuntu 20.04 LTS, the distribution also has improved hardware support. Handy for those with pockets deep enough for an Nvidia RTX 3050 or Apple Magic Mouse 2. 12th-generation Intel Core chips are also on the list as well as a range of printers and that bête noir of the Linux world: audio hardware. It being Ubuntu, the 5.13 Linux kernel is lurking under the hood.

          It's undoubted a nice thing to look at, certainly for users making their first tentative steps away the worlds of Apple and Microsoft, although as with our look at Zorin 16 last year, you will need to pay up if you want access to desktop interfaces styled on Windows and macOS, and what Zorin calls a "professional-grade suite of apps," "advanced productivity software," and access to installation support.

      • Arch Family

        • NeowinBTW, it's my birthday - Arch Linux becomes 20 years old today - Neowin

          There’s also a bit of aspirational foreshadowing for release 0.2, which can be found here.

          The advertised components are interesting. It shipped with Linux kernel 2.4.18 which many of the Linux old-timers (myself included) will remember was right before we started to get nice things like auto-mounting USB drives in kernel 2.6. XFree86 4.2.0 was also in stow, which is what we now call Xorg. If you wanted to build software, you had to use an absolutely ancient gcc toolchain (2.95.3). Web browsing was covered by the ghost of Netscape Navigator, Mozilla 0.9.9. Heady days, these were!

          Missing from this release were the contemporary desktop environments of the day, Gnome and KDE – you’d have to wait for version 0.4 in December that year or build this yourself using ABS (Arch Build System). However, the more things change, the more they stay the same. While the FOSS world is still transitioning to Wayland, Xorg (then XFree86) remains the dominant display server throughout the landscape. While Firefox replaced Mozilla less than a year later, Mozilla software like Firefox and Thunderbird are still defacto packages for most distributions. Lastly, KDE and Gnome are still the preeminent desktop environments all these years later.

        • Arch Linux Turns 20 - Slashdot

          "Arch Linux, the rolling Linux distribution that powers Valve's Steam Deck is now 20 years old," reports Neowin.

      • IBM/Red Hat/Fedora

        • The Register UKThe long-term strategy behind IBM's Red Hat purchase [Ed: IBM/Red Hat pay this publisher now; so puff pieces come out]

          IBM's senior veep of software reiterated for Wall Street this week that OpenShift is the linchpin of Big Blue's overall multi-cloud strategy.

          Speaking at Morgan Stanley's Technology, Media and Telecom conference, Tom Rosamilia said the OpenShift container management family, developed by Red Hat that IBM bought in 2019, was key to containerizing Big Blue's Cloud Pak software so that it's easier to run wherever customers choose. That could be on or off-premises, or a hybrid of the two.

          "By rebasing our Cloud Paks on OpenShift, we've now moved all of our middleware to an environment where I can deploy on AWS, I can deploy it on Azure, I can deploy it on the IBM Cloud, and I can deploy it on prem," Rosamilia said.

        • The Register UKRed Hat and SUSE latest to suspend sales in Russia

          Red Hat has joined the growing list of tech companies to withdraw from Russia over the war in Ukraine, stopping sales just a day after Linux rival SUSE announced a similar move.

          The IBM-owned open source business says it is discontinuing sales and services in Russia and Belarus, effective immediately. This withdrawal of service applies to organizations either located or headquartered in Russia or Belarus. Red Hat also said it is also ending partner relationships with organizations based or headquartered in the two countries.

          Red Hat president and CEO Paul Cormier confirmed the move in a blog post, where he condemned the Russian military's invasion of Ukraine and said the company stands in unity with everyone affected by the violence.

        • IBM CEO hails Big Blue progress: ‘We don’t just create business value; we create progress’ [Ed: How much do IBM and Red Hat pay the NC media to spread these lies and corporate propaganda? This isn't journalism, it's just embarrassing]
        • Open source on mainframes pushed

          Rocket Software (Rocket), a global technology leader that develops enterprise software for some of the world’s largest public and private sector companies, today unveiled an updated Rocket® Open AppDev for Z software, which breaks down existing siloes to unify DevOps for all platforms, including the mainframe, in a single pipeline. The enhanced offering provides a comprehensive DevOps/AppDev modernization solution entirely based in open source and updated to incorporate IBM® Open Enterprise SDK for Python—meeting market demand for modernization, cost reductions, and enablement of new talent.

        • The mainframe is dying: Long live the mainframe application!

          Much has been made of the perilous future CIOs whose organizations rely on mainframes may soon have to navigate, but the reality of mainframe infrastructure’s long-term outlook is a little more nuanced than that, as two recent news announcements attest.

          Fujitsu recently divulged it will end sales of its mainframes by April 2031, discontinuing support five years after that. But CIOs running workloads on Fujitsu’s GS21 mainframe family don’t need to cast around for a migration path just yet.

        • Dell builds containerised ObjectScale on ECS base

          The vSAN support means that ObjectScale can run on Dell’s VxRail hyperconverged infrastructure appliance nodes. OpenScale supports Red Hat Open Shift v4.6 and has a bare-metal CSI driver.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • SaaS/Back End/Databases

        • Computer WeeklyFive key points on file locking vs object locking

          We look at file vs object storage locking mechanisms, how different forms of storage ensure data consistency, and especially how object storage is tackling the challenge


          The traditionally conceived relational database epitomises the operation of file system locking – of byte regions within a file, in such cases – but more recent NoSQL databases have a better fit to, and are often backed by, object storage.

          NoSQL are non-relational databases. They are not used for the most demanding transactional workloads, and in fact can take semi- and unstructured data. So, they can successfully reside on object storage, and they implement their own locking mechanisms.

      • Productivity Software/LibreOffice/Calligra

      • Content Management Systems (CMS)

        • WordPressStrattic Acquires WP2Static Plugin, Plans to Relaunch on

          Strattic, a WordPress hosting company that creates static files managed via a headless install, has acquired WP2Static, an open source plugin for generating a static WordPress site. Leon Stafford, the plugin’s creator, has been working for the company for the past nine months and will continue to maintain WP2Static.

          In 2020, Stafford removed WP2Static from after the downsides of hosting in the directory began to outweigh the benefits for his project. He cited’s lack of a straightforward way to alert users to important updates, users abusing the Reviews section to file issues, the inability to disable support, and the cumbersome plugin release process.

      • FSF

        • IT WireiTWire - FSF appoints program manager Kooyman as executive director

          The Free Software Foundation, a non-profit dedicated to promoting user freedom, has appointed Zoë Kooyman as executive director.

          Kooyman, 38, joined the organisation as program manager in early 2019. The FSF said in a statement she had a diverse background as "an experienced international project manager and event producer with demonstrated skills in successfully organising and executing technology and social justice initiatives".

          She succeeds John Sullivan who resigned last March after 18 years in the job, with his exit taking place at a time when the organisation was mired in controversy over allowing its founder, Richard Stallman, back on to the board.

          When Stallman was reinstated, a campaign was launched to try and get him thrown out again; his supporters rallied to attempt to nullify this initiative.

        • GNU Projects

          • GNUDenemo 2.6 released [Savannah]
            Version 2.6 of Denemo has been released 
            New Features for release 2.6 
                Pitches First note entry method 
                    Notes are visualized on a special MIDI track 
                    Entering rhythms inserts notes from MIDI track 
                    Recorded MIDI is re-synchronized as each bar is entered 
                    Facilities to play, backup, advance, delete, restart recording 
                Support all system/markup spacing controls 
                Easy setting of conditional behavior of Denemo Directives 
                    Directives attached all objects (notes, chords, time/key signatures etc) 
                    Use e.g. for changes of clef only for certain instruments 
                Editing the LilyPond for individual objects 
                    Applies to all objects (notes, chords, time/key signatures etc) 
                    Use e.g. to create editions with chords for smaller hands 
                Support creating score/paper/header Directives at startup from Score Properties Editor 
                    Directives are created only where absent 
                Allow easy toggling between listening/playing-in pitches via Shift key. 
                Create Score and Parts in one PDF 
                Allow setting transposition on playback easily 
                Allow recording and attaching musical audio fragments to a score while composing 
                Easier setting of Movement Tempo 
                Improvements to Playback Controls 
                    Better control over playback volume 
                    Simplify setting playback start/end markers 
                    Better use of colors 
                Improve Legibility 
                    Paler Denemo Cursor 
                    Allow alteration of brightness of playback start/end markers 
                View Menu Improvements 
                    Turn various windows on/off by shortcut 
                    Switch back to Main Window with Esc or Ctrl-w 
                Staff Display Spacing Control 
                    Ctrl-Drag to loosen/tighten spacing in display 
                    Auto/Manual spacing available 
                    Allows tight spacing for small screens 
                Allow trailing staff lines at end of movement 
                Bug Fixes 
                    Fix setting of movement tempo in playback controls 
                    Fix Inserting Breve and Longa 
                    Fix display of dotted Breve and Longa after reload 
                    Fix spurious 0xffffff keypress on windows 
                    Fix setting/following links to source files esp. on Windows 
                    Fix display of key signatures for tenor and baritone clefs 
                    Prevent staff braces being attached to Marks/Dynamics staffs 
                    Fix sounding duration of grace notes on dotted notes 
                    Check part lists are same in all movements on Check Score. 
                    Fix Performance for case where there is an upbeat at the start 
                    Fix Performance View for LilyPond version 2.22 
                    Fix Hide Movement as Sketch 
                    Fix Duplicated Titles 
                    Fix staff heights in display not resetting 
                    Fix lyric pane not showing sometimes 
                    Fix lyrics clashing with beaming in display 
                    Hidden staff markers avoid clashes 
                    Arrow at right of display now reliably shifts the displayed measures 
                    Improvements in restoring window sizes on re-starting Denemo 
                    Playback Fixes 
                        Pause no longer hangs notes 
                        Reset places end play at end 
                        Initial Playbutton icon change when pausing fixed 
                        Playback markers in display now follow notes accurately 
                        Fix clutter in display at Playback Start marker 
                        Fix Pause for Windows version

      • Programming/Development

        • GTL v0.7.0

          GTL is a simple CLI / TUI software to read tinylog entries from multiple users in a timeline fashion.

        • Anti-Procrastination Update

          I'm doing well! My hatred for the node ecosystem has reached previously unimaginable heights. Definitely justified.

        • Three decades of easy public key cryptography

          Today I set up GPG in my mutt on account. It wasn't as easy, as it could be. As always it is need to search some manual on the Internet, and look under the hood of the car.

        • So how much time people spent on Gopher in nineties?

          It is also interesting that the survey was conducted within a group of secondary school and college teachers. So where we expected a lot of interest in Gopher. Additionally, school teachers in the US and their counterparts in the world were listed.

        • Rant: Ticket System

          This is the interesting point. If I don't need them Tasks, who does? Well, those poor souls called project managers, they need them. Their perspective on real life is totally different from mine. For them the mile-high pile of funny and not so funny details about my portion of real life is ... invisible. They know to some extent, that this pile exists, but not more. These poor souls are unable to survive dayjob without the perspective that these tickets hold. Fair enough.

        • Re: Rant: Ticket System

          Ticket systems are not for the people who have to use them. They're for people who want to know "What are those tech people DOING??"

        • Hacker NoonWhy Dockerizing Applications is the Key to Building Scalable Software

          One of the most popular container technology providers Docker registers in February 2022 a record-breaking 15+ million active users per month.

          The success of Docker is a testament to the impact that container technologies have on the entire IT landscape.

          But what causes more and more developers and organizations to move their applications and services into the container?

        • Dirk EddelbuettelDirk Eddelbuettel: RcppGSL 0.3.11: Small Maintenance

          A new release 0.3.11 of RcppGSL is now on CRAN. The RcppGSL package provides an interface from R to the GNU GSL by relying on the Rcpp package.

        • Thomas Koch - lsp-java coming to debian

          The Language Server Protocol (LSP) standardizes communication between editors and so called language servers for different programming languages. This reduces the old problem that every editor had to implement many different plugins for all different programming languages. With LSP an editor just needs to talk LSP and can immediately provide typicall IDE features.

          I already packaged the Emacs packages lsp-mode and lsp-haskell for Debian bullseye. Now lsp-java is waiting in the NEW queue.

        • The New StackDebate in JavaScript Community Over Proposed Types Syntax

          If a proposal unveiled this week gets its way, JavaScript developers will soon have something that many of them have long been asking for: a type system, of some sort at least.

          A blog post by TypeScript senior program manager Daniel Rosenwasser lays out the background and reasoning for the proposal for type syntax in JavaScript. He writes that “if we pull this all off, we have the chance to make one of the most impactful improvements to the world of JavaScript.”

        • Top three tips for ensuring software supply chain security
        • Computer WeeklyTech brands sign on to HackerOne responsible security drive

          Technology brands including GitLab, Starling Bank, TikTok and Wix have signed on to support a new corporate security responsibility pledge drive initiated by penetration testing and bug bounty specialist HackerOne.

    • Standards/Consortia

      • The Register UKThree Chinese web giants create streaming video 'standard' [Ed: Western media puts scare quotes around "standards" when the standards aren't set and imposed on the whole world with Western patents and monopolistic steering]

        Chinese web giants Alibaba, Tencent, and ByteDance – the latter through its Volcano Engine hyperscale cloud service – have teamed up to create, in their terms, a new video streaming standard.

        The project was announced at a Chinese conference in late February. The Register has now been able to confirm information revealed in Chinese media at the time.

      • Android Headlines30 Years Later The Idea Of The PDF Format Is Still Living

        The term “PDF” is so ubiquitous these days that some people may have forgotten (or may never have known) that it stands for “Portable Document Format.” It was invented in the early nineties, and Adobe has spent the past 30 years trying to stay caught up with the changing of the times – and it turns out that they were more than up to the task.

        By the time 2020 rolled around, the PDF should most likely have been rendered obsolete, as many other similar technologies have become over the past three decades. Instead, though, it received new updates that made it even more valuable – and usable – in today’s world of smartphones, tablets, and other devices.

  • Leftovers

    • IBM Old TimerIrving Wladawsky-Berger: The Rise and Fall of Nation-States

      Several weeks ago I attended The End of Nation-States, by technology executive and consultant Tomás Pueyo, - part of the Stanford Digital Economy Lab seminar series. In May of 2021, Pueyo launched Unchartered Territories, a newsletter he describes as aiming to explore the unchartered territories of a fast changing world “to know how we can prepare for them.”

      His seminar discussed the role of information technologies in the rise of nation-states throughout history, and how information technologies are likely to lead to the end of nation-states in the coming decades. Let me summarize Pueyo’s key arguments based on his talk and two related newsletters.

    • DTYou know you’ve been in Finland too long, when…
    • Science

      • The Register UKSPEC mulls benchmarks for ML processing performance

        Benchmarking organization SPEC has formed a committee to oversee the development of vendor-agnostic benchmarks for machine-learning training and inference tasks.

        SPEC, the non-profit Standard Performance Evaluation Corporation, produces a range of benchmarks that are widely used to evaluate the performance of computer systems, especially in the high performance computing (HPC) industry.

        According to SPEC, the newly formed Machine Learning Committee will develop practical methodologies for benchmarking artificial intelligence and machine learning performance in the context of real-world platforms and environments.

      • NatureAutomated analysis of activity, sleep, and rhythmic behaviour in various animal species with the Rtivity software

        Behavioural studies provide insights into normal and disrupted biological mechanisms. In many research areas, a growing spectrum of animal models—particularly small organisms—is used for high-throughput studies with infrared-based activity monitors, generating counts per time data. The freely available software to analyse such data, however, are primarily optimized for drosophila and circadian analysis. Researchers investigating other species or non-circadian behaviour would thus benefit from a more versatile software. Here we report the development of a free and open-source software—Rtivity—allowing customisation of species-specific parameters, and offering a versatile analysis of behavioural patterns, biological rhythms, stimulus responses, and survival. Rtivity is based on the R language and uses Shiny and the recently developed Rethomics package for a user-friendly graphical interface without requiring coding skills. Rtivity automatically assesses survival, computes various activity, sleep, and rhythmicity parameters, and performs fractal analysis of activity fluctuations. Rtivity generates multiple informative graphs, and exports structured data for efficient interoperability with common statistical software. In summary, Rtivity facilitates and enhances the versatility of the behavioural analysis of diverse animal species (e.g. drosophila, zebrafish, daphnia, ants). It is thus suitable for a broad range of researchers from multidisciplinary fields such as ecology, neurobiology, toxicology, and pharmacology.

    • Hardware

      • The Register UKCanada invests in semiconductors and photonics ● The Register

        The Canadian government is investing CA$240m ($187m) to boost the country's semiconductor and photonics segments in hopes of bolstering its role in the global market.

        The recently announced investments consist of a new CA$150m ($117m) fund called the Semiconductor Challenge Callout, which will lob loonies to proposals focused on research, commercialization and manufacturing, and CA$90m ($70m) in new funding for the Canadian Photonics Fabrication Centre.

      • The Register UKVendors want to expand in-car network, segment it: NXP Semi ● The Register

        Execs from chipmaker NXP Semicondcutor spoke in San Francisco this week about industry supply chain problems, but also noted the increasing complexity of in-car networking was working in the firm's favour.

        NXP has a portfolio that covers automotive components, communications, and industrial semiconductors, with product lines including microprocessors, power management, RF chips and wireless communications, many of which have seen high demand as the industry emerges from the pandemic.

        Speaking at the Morgan Stanley tech conference, NXP chief financial officer Bill Betz started by commenting on how NXP's Tianjin factory – where it does assembly and testing – was shut down for 10 days due to a COVID-19 outbreak, and this hit the firm to the tune of a cool $50m. "I'm very pleased that has been back up and running, and we should see that $50m worth of supply come back in Q2," he said.

      • The Register UKSpirent test kit targets 400 and 800Gbps Ethernet ● The Register

        Spirent Communications has announced availability of new test appliances for high-speed Ethernet networks, including what the firm claims is the industry's first 800G test platform.

        The new platforms comprise the Spirent A1 400G Appliance, B1 800G Appliance, and B2 800G Appliance, which target 400Gbps and 800Gbps Ethernet networks respectively.

        Spirent said the appliances will help in the design and development of new high-speed Ethernet, and enable providers to ensure their 400G infrastructure is up to the challenge of today's data growth needs, while preparing 800G to be the future "cloud backbone."

    • Integrity/Availability

      • The Register UKMitel VoIP systems used in staggering DDoS attacks

        Miscreants have launched massive, amplified distributed denial-of-service attacks by exploiting a vulnerability in Mitel collaboration systems.

        Their exploitation technique can, we're told, achieve an amplification factor of almost 4.3 billion to one, potentially, meaning a single malicious packet could bring down a stranger's network.

        An amplification attack typically involves sending a small amount of information to a vulnerable network service that causes it to reply with a much larger amount of data. By directing that response at a victim, an attacker can put in a relatively low amount of effort while making other people's machines do all the work of flooding a selected target offline.

        In this latest string of DDoS attacks, broadband ISPs, financial institutions, logistics and gaming companies, and organizations in other verticals were pummeled with network packets.

      • Proprietary

        • The Register UKAlleged REvil suspect extradited on ransomware spree charges [Ed: Microsoft Windows TCO]

          A Ukrainian national alleged to be a member of the REvil ransomware gang has been extradited to the US and charged with multiple criminal offences.

          Yaroslav Vasinskyi, 22, was charged in the US District of Northern Texas with carrying out ransomware attacks against 10 US-based organisations. The indictment [PDF] was unsealed last night.

          According to the unsealed complaint, prosecutors say he co-authored the Sodinokibi ransomware variant, as deployed by the infamous REvil crew.

          The US Department of Justice alleged the Ukrainian used a variety of online nicknames including Profcomserv, Robitnik and Yarik45.

        • Pseudo-Open Source

          • Openwashing

            • Seeking AlphaElastic: A Chance To Buy Near 2018 IPO Prices

              At a very basic level, Elastic offers open source software that makes it possible for users and developers to build their own search tools.

            • Computer WeeklySonatype’s sonar-smart sonata for open source

              Over time, Sonatype CEO E. Wayne Jackson says the company tracked the ‘staggering volume and variety’ of open source libraries in every development environment in the world. In this regard, it says it understands that when open source components are properly managed, they provide energy for accelerating innovation.

            • Industry-led initiative looks to create open-source automotive software platform

              The Eclipse Foundation, which champions open-source software development, has formed a new Software-Defined Vehicle (SDV) working group dedicated to developing a software platform for the automotive industry


              Eclipse asserts that electrification, autonomous vehicles, advanced driver assistance systems and ever-increasing consumer expectations about their in-car digital experience are dramatically transforming the system architectures embedded in vehicles. Automotive architectures are moving from networks of special purpose devices to something that more closely resembles servers on wheels, where more powerful general-purpose computers are responsible for implementing and coordinating the various systems in the automobile, including the ones which keep us and our families safe on the road. And these systems architectures are rapidly changing how automotive software needs to be built.

        • Security

          • DuoQ&A: Runa Sandvik | Decipher

            Runa Sandvik, who has previously helped journalists secure their devices and data at The New York Times, Freedom of the Press Foundation and the Tor Project, recently discussed her work on the Decipher Podcast. This is a condensed and edited version of the conversation.

          • Video CardzStolen NVIDIA certificates are now used to sign malware [Ed: Windows TCO]

            The hacking group LAPSUS$ gained access to internal NVIDIA systems two weeks ago. The group demanded a ransom in exchange for not publishing the stolen data. It was reported that as much as 200 GB of files related to hardware and 1 TB of data overall were stolen. This includes files referring to unreleased architectures such as RTX 40 “Ada” or future data-center products like Blackwell. To make matters worse, hackers also published source code for one of NVIDIA’s biggest secret, the DLSS AI upscaling technology.

          • Tech TimesMozilla Firefox New Update FIXES Two Actively Exploited Bugs

            Mozilla Firefox's new update fixes not one, but two zero-day vulnerabilities, which are actively exploited by [cra]ckers.

          • Make Use OfWhat Is a Pass the Hash Attack and How Does It Work?

            Entering your credentials each time you want to log into a system can be tiring, especially when you log into the system regularly. You may even forget your passwords.

            Implementing operating systems that provide a single sign-on experience for users saves you from re-entering your log-in details every single time. But there is a problem with it. Attackers can exploit your credentials saved in the system through a Pass-the-Hash attack (PtH).

          • The Register UKRagnar ransomware gang hit 52 critical US orgs, says FBI [Ed: The real cost of Microsoft Windows]

            The Ragnar Locker ransomware gang has so far infected at least 52 critical infrastructure organizations in America across sectors including manufacturing, energy, financial services, government, and information technology, according to an FBI alert this week.

          • The Register UKDell opts out of Microsoft's Pluton security for Windows [Ed: Just fake security]

            Yet another top-tier PC maker seemingly isn't interested right now in Microsoft's vision of hardware-level security for Windows 11 systems.

        • The Register UKFor those with zero trust in zero-trust networks, this industry alliance may help [Ed: Just more buzzwords and nonsense from NSA partners that sneak back doors into everything]

          Zero-trust security continues to be one of the hottest marketing phrases in an industry that loves its buzzwords. But despite so many so-called zero trust products from virtually every vendor, there's still a lot of confusion about what a zero-trust architecture looks like and how to deploy its key elements across an organization.

        • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

          • Dirty Pipe: The Latest Serious Linux Kernel Vulnerability is Being Patched [Ed: Microsoft-loving sites also love (bashing) Linux]

            Recently, a very serious vulnerability found in the Linux kernel received the name of Dirty Pipe. It is basically, an escalation of privileges that is put into check the system.

          • CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel | MarketScreener [Ed: Might be bot-generated]

            On March 7, 2022, CM4all security researcher Max Kellermann published technical details on CVE-2022-0847, an arbitrary file overwrite vulnerability in versions 5.8+ of the Linux kernel. Nicknamed "Dirty Pipe," the vulnerability arises from incorrect Unix pipe handling, where unprivileged processes can corrupt read-only files. Successful exploitation allows local attackers to escalate privileges by modifying or overwriting typically inaccessible files - potentially including root passwords and SUID binaries.

          • The Register UKWhere are the (serious) Russian cyberattacks? [Ed: Steven J. Vaughan-Nichols (SJVN) pushing Microsoft talking points. What a truly awful way to end his career.]
          • The Register UKWe're seeing 800% increase in cyberattacks, says MSP ● The Register [Ed: Windows TCO]

            There is some good news, Sayegh said, pointing to the extradition this week of an alleged ransomware slinger from Poland to the United States. Like the leak of the Conti information, that could help investigators learn more about how the organization is built and operates. That said, he expects Conti and other groups adapt and change.

          • The Register UKAnalysis of leaked Conti files blows lid off ransomware gang [Ed: Microsoft Windows TCO]

            It was a Ukrainian security specialist who apparently turned the tables on the notorious Russia-based Conti, and leaked the ransomware gang's source code, chat logs, and tons of other sensitive data about the gang's operations, tools, and costs.

            Since then, infosec researchers around the globe have been wading through this silo of intelligence, which reveals the inner workings of the criminal enterprise.

        • Privacy/Surveillance

          • The Register UKMoscow to issue TLS certificates to Russian websites ● The Register

            Moscow has set up its own certificate authority to issue TLS certs to Russians affected by sanctions or otherwise punished for president Putin's invasion of Ukraine.

            A notice on the government's unified public service portal states that the certificates will be made available to Russian websites unable to renew or obtain security certificates as a knock-on effect of Western sanctions and organizations refusing to support Russian customers. These certs are primarily useful for providing secure HTTPS connections. Delivery of the certificates is promised within five days of requests.

            The portal is silent on which browsers will accept the certs. This is a critical matter, because if browsers don't recognize or trust the certificate authority that issued a cert, a secure connection isn't generally possible. The Register cannot imagine any of the mainstream browser devs will rush to make these Russian certs work in their applications.

          • The MarkupWhat Does the “Connection Not Private” Warning Really Mean? – The Markup

            Each time you visit a website, your web browser (e.g., Chrome, Safari, or Firefox) first checks for the existence of one of two digital certificates: a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) certificate. These indicate two important things. First, they confirm the identity of the website, affirming that the website is who it says it is. Second, they verify that the information on the website—and any data you share with it—will be secure and encrypted. Encryption ensures that the information you share, whether it’s a credit card number or home address, will not be intelligible if intercepted.

          • Today in dystopian nightmare, Walgreens replaces glass freezer doors with advertisements.

            Today in dystopian nightmare, Walgreens replaces glass freezer doors with advertisements.

            The screens use cameras and a big tablet to show you what’s in the freezer or refrigerator.

            If that sounds annoying, wasteful, and unnecessary, it’s because it is.

            The company says it can’t figure out why customers are reacting negatively to being shown ads on the freezer doors.


            But putting “smart screens” in basically adds cost for the store, which they will pass along to all of you, which means that you’re literally paying jacked up prices at Walgreens (and who knows where else) to have them shove ads in your face before it’ll let you know where the iced tea is.

            With the current batch of managers at Walmart, I fear it’s only a time before the final nail in the low price strategy is here. You can’t eat (metaphorical) bullshit, so you shouldn’t have to pay for it.

            CNN goes further to quote some alleged Christians on Facebook, saying Walgreens is implementing the mark of the beast.

  • Environment

    • Energy

      • The Register UKBiden issues Executive Order to tame digital currencies [Ed: When the real economy is collapsing no wonder many run away to fake/parallel ones]

        President Joe Biden on Wednesday signed an Executive Order directing US government agencies to develop a framework to promote and police digital currencies.

        "The [Executive Order] will help position the US to keep playing a leading role in the innovation and governance of the digital assets ecosystem at home and abroad, in a way that protects consumers, is consistent with our democratic values and advances US global competitiveness," said NEC Director Brian Deese and National Security Advisor Jake Sullivan in a statement.

      • NewYorkTimesMicrosoft’s Pursuit of Climate Goals Runs Into Headwinds [Ed: OK, so the liars from Microsoft need to bribe Jim Zemlin and his friends some more to help with the greenwashing lies]

        Microsoft has an ambitious plan to cut its carbon emissions. But on Thursday, the company reported a big increase in the greenhouse gases emanating from its operations and its products, a reminder of the challenges that companies face as they try to clean up their businesses.

        Microsoft’s carbon emissions were up 21.5 percent in the 12 months through June 2021, after small declines in 2020 and 2019. The increase was almost entirely driven by emissions from energy used to build data centers and make devices — like the Xbox and the Surface tablet — and from the power that Microsoft estimates its products consume when people used them.

  • Finance

    • The Register UKCryptocurrency ATMs illegal right now in UK [Ed: When the real economy is collapsing people resort to fantasies and there are people looking to prey on them]

      All cryptocurrency ATMs are operating illegally in the UK and must be shut down now, the nation's Financial Conduct Authority said in an alert on Friday.

      Terminals accepting or dispensing crypto-coins in the country must be registered with the watchdog to make sure they comply with Blighty's Money Laundering Regulations (MLR), which came into effect for digital assets in 2020.

    • The Register UKToshiba investors signal strident opposition to split plan ● The Register

      Toshiba's plan to split itself into two companies has been opposed by two significant groups of investors.

      The Japanese conglomerate first planned to split into three entities, but that plan was poorly received, so management went back to the drawing board and came up with a new strategy to split into two companies.

      That plan has also earned investors' ire.

      Effissimo Capital Management – a Singapore-based firm that is thought to hold almost ten per cent of Toshiba stock and has in the past agitated strongly for change at the Japanese company – has popped out a press release stating it will vote against the split.

  • Censorship/Free Speech

    • Misinformation isn't a 'Russia problem' [Ed: Russia increasingly used as an excuse to break the Internet]

      Should we censor false information from Putin? The problem with censorship, in this case, is less about the rights of Russian propagandists as it is about the rights of other people to hear them.

  • Internet Policy/Net Neutrality

    • The Register UKInternet backbone provider Lumen quits Russia

      Lumen Technologies, the internet backbone provider formerly known as CenturyLink, has quit Russia.

      The biz's announcement is titled, "Lumen's readiness to meet global events," and does not take a position on the morality of the illegal invasion of Ukraine. Instead, it frames the decision as necessary "due to increased security risk inside Russia" and "to ensure the security of our and our customers' networks, as well as the ongoing integrity of the global internet."

  • Monopolies

    • The Register UKUK, EU regulators probe Google and Meta's 'Jedi Blue' ad deal

      Google and Meta are facing scrutiny from UK and EU competition regulators over their infamous "Jedi Blue" ad-slinging deal.

      Jedi Blue is the name Google gave to an agreement with Facebook (now Meta) over bidding for ad space. Header bidding is where sellers can offer online ad space to multiple buyers at the same time. Sellers can compare bids and buyers compete against each other for ad space.

    • Patents

      • The Register UKRussia mulls making software piracy legal ● The Register

        Russia is considering handing out licenses to use foreign software, database, and chip design patents, and legalizing software copyright violations, in response to sanctions imposed over its invasion of Ukraine.

        According to Russian business publication Kommersant, a government document drafted on March 2 outlines possible actions to support the Russian economy, which faces extensive trade restrictions from the US, the UK, and Europe, and business withdrawals.

        With companies like Apple, Oracle, Microsoft, and SAP halting sales (though not ending service to existing customers), Russia has instituted tax breaks for technology firms and conscription deferments for IT workers to retain its core resources and talent during the conflict.

Recent Techrights' Posts

Curation and Preservation Work
The winter is coming soon and this means our anniversary is near
Microsoft GitHub Exposé — In the Alex Graveley Case, His Lawyer, Rick Cofer, Appears to Have Bribed the DA to Keep Graveley (and Others) Out of Prison
Is this how one gets out of prison? Hire the person who bribes the DA?
Richard Stallman's Public Talk in GNU's 40th Anniversary Ceremony
Out now
Objections to binutils CoC
LXO response to proposed Code of Conduct
Conde Nast (Reddit), Which Endlessly Defamed Richard Stallman and Had Paid Salaries to Microsoft-Connected Pedophiles, Says You Must Be Over 18 to See 'Stallman Was Right'
Does this get in the way of their Bill Gates-sponsored "Bill Gates says" programme/schedule?
Techrights Was Right About the Chaff Bots (They Failed to Live up to Their Promise)
Those who have been paying attention to news of substance rather than fashionable "tech trends" probably know that GNU/Linux grew a lot this year
Selling Out to Microsoft Makes You Dead Beef
If all goes as well as we've envisioned, Microsoft will get smaller and smaller
Mobile Phones Aren't Your Friend or a Gateway to Truly Social Life
Newer should not always seem more seductive, as novelty is by default questionable and debatable
Links 29/09/2023: Disinformation and Monopolies
Links for the day
iFixit Requests DMCA Exemption…To Figure Out How To Repair McDonald’s Ice Cream Machines
Reprinted with permission from Ryan Farmer
Jim Zemlin Thinks the World's Largest Software Company Has 200 Staff, Many of Whom Not Technical at All
biggest ego in the world
Links 29/09/2023: Linux Foundation Boasting, QLite FDW 2.4.0 Released
Links for the day
Red Hat Does Not Understand Community and It's Publicly Promoting Microsoft's Gartner is basically lioning a firm that has long been attacking GNU/Linux in the private and public sectors at the behest of Microsoft
A 'Code of Conduct' Typically Promoted by Criminal Corporations to Protect Crimes From Scrutiny
We saw this in action last week
Techrights Extends Wishes of Good Health to Richard M. Stallman
Richard Stallman has cancer Still Going, Some Good News From Canada
a blow to software patents in Canada
The Debian Project Leader said the main thing Debian lacked was more contributors
The Debian Project Leader said the main thing Debian lacked was more contributors
IRC Proceedings: Thursday, September 28, 2023
IRC logs for Thursday, September 28, 2023
Links 28/09/2023: Openwashing and Patent Spam as 'News'
Links for the day
Links 28/09/2023: Preparing Red Hat Enterprise Linux 8.9 and 9.3 Beta
Links for the day
We Need to Liberate the Client Side and Userspace Too
Lots of work remains to be done
Recent IRC Logs (Since Site Upgrade)
better late than never
Techrights Videos Will be Back Soon
We want do publish video without any of the underlying complexity and this means changing some code
Microsoft is Faking Its Financial Performance, Buying Companies Helps Perpetuate the Big Lies (or Pass the Debt Around)
Our guess is that Microsoft will keep pretending to be huge, even as the market share of Windows (and other things) continues to decrease
Techrights Will Tell the Story (Until Next Year!) of How Since 2022 It Has Been Under a Coordinated Attack by a Horde of Vandals and Nutcases
People like these belong in handcuffs and behind bars (sometimes they are) and our readers still deserve to know the full story. It's a cautionary tale for other groups and sites
Why It Became Essential to Split GNU/Linux Stories from the Rest
These sites aren't babies anymore. In terms of age, they're already adults.
Losses and Gains in an Age of Oligarchy - A Techrights Perspective
If you don't even try to fix something, there's not even a chance it'll get fixed
Google (and the Likes Of It) Will Cause Catastrophic Information Loss Rather Than Organise the World's Information
Informational and cultural losses due to technological plunder
Links 28/09/2023: GNOME 45 Release Party, 'Smart' Homes Orphaned
Links for the day
Security Leftovers
Xen, breaches, and more
GNOME Console Won’t Support Color Palettes or Profiles; Will Support Esperanto
Reprinted with permission from Ryan Farmer
Let's Hope GNU Makes it to 100
Can GNU still be in active use in 2083? Maybe.
GNU is 40, Linux is Just 32
Today it's exactly 40 years since Richard Stallman sent a message regarding GNU
GNU/Linux and Free Software News Mostly in Tux Machines Now
We've split the coverage
Links 27/09/2023: GNOME Raves and Firefox 118
Links for the day
Links 27/09/2023: 3G Phase-Out, Monopolies, and Exit of Rupert Murdoch
Links for the day
IBM Took a Man’s Voice, Pitting Him Against His Own Work, While Companies Profit from Low-Effort Garbage Generated by Bots and “Self-Service”
Reprinted with permission from Ryan Farmer