Bonum Certa Men Certa

Links 19/3/2022: EasyOS 3.4.3 and Linux Mint Debian Edition 5



  • GNU/Linux

    • Desktop/Laptop

      • Kerala CM releases KITE’s new FOSS based Operating System suite
      • TechRadarChrome OS: “A better Linux than Linux” so you can forget about Windows | TechRadar

        Moving between operating systems is akin to moving to a new city or a different country: it takes a while for your mind to adjust to the new environment. Here is my experience of the surprises, annoyances and culture shock of moving to Google’s Chrome OS and how quickly I overcame it all.

        About a month ago, I decided to get rid of my trusty old laptop I had been using for years for writing articles. Since I wanted to play it safe and not spend too much in case the experiment failed, I switched from Windows 10 to the cheapest Chromebook I could find, the Asus C523NA.

        Weeks later, my Windows computer sits in a drawer and I'm typing on a Chromebook, which I intend to use for writing, editing images, and tinkering. Can we say goodbye to Windows? If so, at what cost? Follow along to hear my story.

    • Server

    • Audiocasts/Shows

    • Kernel Space

      • The first Asahi Linux Alpha Release is here! - Asahi Linux

        It’s been a long while since we updated the blog! Truth be told, we wanted to write a couple more progress reports, but there was always “one more thing”… So, instead, we decided to take the plunge and publish the first public alpha release of the Asahi Linux reference distribution!

        We’re really excited to finally take this step and start bringing Linux on Apple Silicon to everyone. This is only the beginning, and things will move even more quickly going forward!

        Keep in mind that this is still a very early, alpha release. It is intended for developers and power users; if you decide to install it, we hope you will be able to help us out by filing detailed bug reports and helping debug issues. That said, we welcome everyone to give it a try - just expect things to be a bit rough.

    • Applications

      • Linux Links8 Best Free and Open Source Ray Tracing Software - LinuxLinks

        Ray tracing is a technique for modeling light transport for use in a wide variety of rendering algorithms for generating digital images. This allows computers to accurately render things like shadows, reflections, highlights, and bounced light. The result is a scene that looks more realistic with less work.

        Shadows are softer, certain surfaces are more reflective and detailed, neon lights pop with more intensity. There are a wide variety of lighting effects ray tracing can handle: reflection, refraction, soft shadows, scattering, depth of field, motion blur, caustics, ambient occlusion, and dispersion phenomena.

        On a spectrum of computational cost and visual fidelity, ray tracing-based rendering techniques from ray casting, recursive ray tracing, distribution ray tracing, photon mapping to path tracing are generally slower and higher fidelity than scanline rendering methods. Ray tracing was therefore first deployed in applications where taking a relatively long time to render could be tolerated, such as in still computer-generated images, and film and television visual effects (VFX), but was less suited to real-time applications such as video games, where speed is critical in rendering each frame. A good graphics card can use ray tracing to enhance immersion, but not all GPUs can handle this technique.

    • Instructionals/Technical

      • Linux CapableHow to Install OpenRGB on Manjaro 21 Linux

        OpenRGB, better known as OPEN SOURCE RGB LIGHTING CONTROL, is free and open-source software used to control RGB lighting control that does not require manufacturer software. The software allows for RGB amber lighting, game integrations, music visualization, etc. OpenRGB also comes with a plugin interface that can extend the software’s functionality even further.

        In the following tutorial, you will learn how to install OpenRGB on Manjaro 21 Linux. The tutorial will use the command line terminal with yay AUR helper, ideally most users may be using some wrapper for Pacman, for new users, it is essential to install one to keep your packages up-to-date while you learn Arch/Manjaro.

      • Linux CapableHow to Install Slack on Manjaro 21 Linux

        Slack is one of the most popular collaboration communication platforms in the world. From it was initial launch in 2013, it has grown. It is now favored amongst development teams and corporations to integrate many services, run groups, meetings, etc. The way Slack works is to create channels for your teams, topics, customers, or co-workers. Slack also features voice and video calls, file sharing when face-to-face meetings are not possible.

        In the following tutorial, you will learn how to install Slack on Manjaro 21 Linux. The tutorial will use the command line terminal with yay AUR helper, ideally most users may be using some wrapper for Pacman, for new users, it is essential to install one to keep your packages up-to-date while you learn Arch/Manjaro.

      • How to Install Jitsi Meet desktop on Debian 11

        In the times in which we live, teleworking and distance learning has become very relevant. That is why many tools have emerged to help us with remote communications. However, not all of them are new, but they have now become relevant. Well, one of them is the Jitsi Meet desktop. Hot you will learn how to install it.

      • Market ScreenerInsightVM Scanning: Demystifying SSH Credential Elevation | MarketScreener

        The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset so that it can collect vital pieces of information, such as what software is installed and how the system is configured. For UNIX and UNIX-like systems, access to a target is primarily achieved through the Secure Shell Protocol (SSH). Thus, scan engines accessing these systems should have access to the appropriate SSH credentials.

      • 4 Essential NoSQL Interview Questions and Answers to Know

        NoSQL encompasses a wide variety of different database technologies that were developed in response to a rise in the volume of data stored about users, objects, and products. NoSQL databases are great at taking into account the frequency in which this data is accessed, and performance and processing needs. Relational databases, on the other hand, were not designed to cope with the scale and agility challenges that face modern applications, nor were they built to take advantage of the cheap storage and processing power available today.

      • H2S MediaHow to install Anydesk on Almalinux 8 - Linux Shout

        AnyDesk is a Teamviewer alternative that we can install on Linux, FreeBSD, macOS, Windows, iOS, Android, ChromeOS, and Raspberry Pi. It helps us to easily and quickly establish a connection between computers to remotely access and share the screen. Just like Teamviewer, the content can also be transferred between computers via screen transmission and you can interact with the connected computer as if the computer were at home.

        For Security, Anydesk uses the TLS 1.2 protocol, which is also used for online banking. 2-factor authentication is also possible using some authenticator apps, a code that is generated by the app is required for remote access. If you want to operate your own network of devices, you can Anydesk without access to the server from Anydesk or even the Internet. Also, in case a user requires unattended access to some PC, for example, a home PC from the office, he can do that as well by just configuring and setting a password for it.

      • Trend OceansHow to fix VMware Modconfig can not continue

        Recently, I installed a VMware workstation on a fresh Debian installation. After that, when I ran the VMware workstation to create a new virtual machine, I got the error message: Build environment error! A required application is missing, and Modconfig can not continue. XZ Check the log for more details.

      • ByteXDHow to Install XFCE Desktop or Xubuntu in Ubuntu 20.04/22.04

        While it is lightweight and fast, it also aims at being easy to use and visually appealing. XFCE also has a large number of plugins available.

        XFCE is a popular choice for remote desktops and older hardware, thanks to its low resource usage. However, thanks to its customizability, it is also a popular choice for Linux enthusiasts who prefer a lightweight desktop and a great amount of themes and configurations.

        At first glance it may not seem all that aesthetic, however some of the most beautiful Linux desktops use XFCE. You can find customization options at xfce-look.org.

        To find out more info on XFCE you can visit the official website xfce.org.

        In this tutorial we’ll cover how to install XFCE desktop environment or Xubuntu, which is an Ubuntu flavor, on Ubuntu 20.04/22.04.

        This is how the XFCE desktop environment looks like on my fresh Ubuntu 22.04 Jammy Jellyfish machine.

      • UNIX CopHow To Install Envoy Proxy on CentOS - Unix / Linux the admins Tutorials

        This post is about How to install Envoy Proxy on CentOS

        Envoy is a high-performance C++ distributed proxy designed for single services and applications.

        Envoy Proxy is a modern, high performance, small footprint edge and service proxy.Envoy is most comparable to software load balancers such as Nginx and HAProxy. Originally written and deployed at Lyft, Envoy now has a vibrant contributor base and is an official Cloud Native Computing Foundation project.

      • Deploy Elasticsearch and Kibana on Kubernetes with Helm

        We will install Elasticsearch and Kibana as well as set up basic security for the Elastic Stack plus secured HTTPS traffic.

      • UNIX CopHow to visualize disk usage on Linux using Baobab

        Disk Usage Analyzer, formerly known as Baobab, is a graphical disk usage analyzer for the GNOME desktop environment. It was part of gnome-utils, but has been a standalone application since GNOME 3.4.

        Disk Usage Analyzer (also known as baobab) scans folders, devices or remote locations and and reports on the disk space consumed by each element. It provides both a tree-like and a graphical representation.

        So, Baobab is a GNOME disk usage analyzer. Its biggest advantage is the intuitive visualization interface. Baobab can analyze the whole file system tree, a particular directory tree or even remote folders over network.

      • UNIX CopInstall Splunk 8 on CentOS

        In this article we will learn How to install Splunk 8 on CentOS 8. Splunk is a software platform to search, analyze and visualize the machine-generated data gathered from the websites, applications, sensors, devices etc. which make up your IT infrastructure and business.

      • UNIX CopEnvoy Proxy on Ubuntu 20.04 - How to install it

        Thanks to this post, you will learn How To Install Envoy Proxy on Ubuntu 20.04

        Envoy is an open source edge and service proxy, designed for cloud native Applications.

      • UNIX CopHow to install Firebird on Ubuntu 20.04.

        Today you will learn How To Install Envoy Proxy on Ubuntu 20.04. Hope you enjoy this post and enjoy it. Welcome.

    • Games

      • WCCF Tech[Older] Steam Deck Review - A Portable Console For Power Users

        Valve is no stranger to experimenting with different hardware to operate its extensive library of computer titles. From the Steam Link to the Steam Machine, there have been a variety of hardware products to bring the PC experience to a different platform. However, neither Valve (nor have most PC hardware manufacturers) attempted to breach the portable market, at least not at the price point that Valve is pushing their first generation of Steam Deck devices. Imagine being able to have an entire back catalog of Bethesda or Square Enix titles at your fingertips at cheaper than an Xbox Series S and monitor, but with the bonus of being able to take it on the go. Valve sent over a 256GB Steam Deck unit for our review, putting a $529 piece of hardware in our hands and allowing us free reign to play around with it as we see fit.

        [...]

        To keep the heat down and increase battery life on the go, Valve has implemented system-wide limiters to limit the TDP from 3-15W at a push of a button as well as the option to set a manual fixed GPU clock or even artificially limit the frame rate to 30 FPS across the board. These options are all as simple as pressing the Quick Access button (located below the right trackpad) to bring up the Performance and quick menu overlay.

      • Is building your own PC worth it for non-gamers? | CHOICE

        A free alternative is installing a Linux distribution such as Ubuntu, Manjaro or others.

      • GamingOnLinuxHumble have a Stand with Ukraine Bundle with 100% going to charity | GamingOnLinux

        Humble Bundle has jumped in to help Ukraine now too, with a pretty amazing bundle full of games and 100% goes to charity. Launched late last night, it's already hit over $3 million.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • This week in KDE: Back to those 15-minute bugs

          This week we got two good 15-minute bugs fixed, with a few more in progress that have a target merge date of next week! And of course there’s a good smattering of other positive changes as well...

      • GNOME Desktop/GTK

        • Its FOSSWhat's the Fuss About GNOME's Libadwaita Library in Linux World?

          Back in March 2020, the GNOME project announced a new library called Libadwaita. This promised to fix numerous fundamental issues with GTK, the library GNOME uses to build its desktop environment.

          Unfortunately, this announcement also resulted in some significant community backlash. While this hasn’t really slowed the adoption of Libadwaita, it seems that some users are now starting to boycott GNOME because of it.

        • GNOME Radio 16 for GNOME 42 – Ole Aamot

          GNOME Radio 16 is the successor to GNOME Internet Radio Locator built for GNOME 42 with Cairo, Clutter, Champlain, Maps, GStreamer, and GTK+.

    • Distributions

      • New Releases

        • EasyOS Dunfell-series 3.4.3

          EasyOS was created in 2017, derived from Quirky Linux, which in turn was derived from Puppy Linux in 2013. Easy is built in woofQ, which takes as input binary packages from any distribution, and uses them on top of the unique EasyOS infrastructure.

          Throughout 2020, the official release for x86_64 PCs was the Buster-series, built with Debian 10.x Buster DEBs.

          EasyOS has also been built with packages compiled from source, using a fork of OpenEmbedded (OE). Currently, the Dunfell release of OE has been used, to compile two sets of binary packages, for x86_64 and aarch64.

          The latter have been used to build EasyOS for the Raspberry Pi4, and first official release, 2.6.1, was in January 2021.

        • Barry KaulerEasyOS version 3.4.3 released

          Version 3.4.1 is the previous release, on February 22, 2022, see announcement...

      • IBM/Red Hat/Fedora

        • FedoraFedora Community Blog: Friday’s Fedora Facts: 2022-11

          Here’s your weekly Fedora report. Read what happened this week and what’s coming up. Your contributions are welcome (see the end of the post)!

          I have weekly office hours on Wednesdays in the morning and afternoon (US/Eastern time) in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. See the upcoming meetings for more information.

      • Debian Family

        • The Register UKLinux Mint Debian Edition 5 is here ● The Register

          The Linux Mint project has announced version 5 of its Debian edition, code-named Elsie.

          Linux Mint is one of the longest-running and most polished distros downstream of Ubuntu, and really took off after Ubuntu switched to the controversial Unity desktop with 11.04. Around that time, Mint 12 retained a Windows-like look and feel that later evolved into the Cinnamon desktop.

          This won it a lot of converts who didn't care for Ubuntu's more Mac-like look. Even thought Ubuntu killed Unity and switched back to GNOME, it's GNOME 3 – still very unlike Windows. Mint provides familiarity for the many people who feel more comfy with a taskbar, a start menu, and so on.

          We looked at Mint 20 when it came out a couple of years ago, and last January, the latest 20.3 release, too – which includes a natively packaged version of Firefox, direct from Mozilla, instead of Ubuntu's Snap version. In fact it's notable that Mint eschews Ubuntu's Snap apps altogether. Instead, you get Red Hat-style Flatpaks.

    • Devices/Embedded

      • Linux GizmosModule, SBC, and mini-PC tap Rockchip RK3568

        Mixtile’s “Core 3568” module runs the hybrid Android/Linux Mixtile OS on a quad -A55 RK3568. The module powers a 3.5-inch “Edge 2” SBC with M.2, mini-PCIe, and PCie 2.0 plus an optional enclosure (Edge 2 Kit).

        Earlier this month while covering the cluster-oriented, octa-core RK3588 based Mixtile Blade 3 Pico-ITX SBC, we saw that Mixtile had product and shopping pages for a recently introduced Mixtile Edge 2 SBC powered by a Core 3568 with a Rockchip RK3568. There is also a Mixtile Edge 2 Kit mini-PC based on the Edge 2 SBC.

        Although like the Blade 3, the $229-and-up Edge 2 has a U.2 connector with PCIe support, it is not designed to connect SBCs for stacking in cluster applications, as is the Blade 3. Like the Blade 3, the Core 3568 and Edge 2 products ship with a Mixtile OS BSP, which runs Linux in a container within Android 11.

      • Tom's HardwarePine64 Announce Rockchip RK3588 Powered QuartzPro64 Development Board | Tom's Hardware

        Pine64’s announcement also delved into the vexed issue of pricing, with the board likely to retail “north of $300”, putting it out of Raspberry Pi competitor territory. The manufacturer hasn’t yet settled on a price-point, but it is likely to be sold at cost or even subsidized. “Here’s the take-away,” the announcement concludes. “This is an amazing platform, but it will take time for it to mature.”

      • Russell CokerRussell Coker: More About the Librem 5

        I concluded my previous post about the Purism Librem 5 [1] with the phone working as a Debian/GNOME system with SSH access over the LAN. Before I published that post I managed to render it unbootable, making a new computer unbootable on the first day of owning it isn’t uncommon for me. In this case I tried to get SE Linux running on it and changing the kernel commandline parameter “security=apparmor” to “security=selinux” caused it to fail the checksum on kernel parameters and halt the boot. That seems to require a fresh install, it seems possible that I could setup my Librem5 to boot a recovery image from a SD card in such situations but that doesn’t seem to be well documented and I didn’t have any important data to lose. If I do figure out how to recover data by booting from a micro SD card I’ll document it.

        Here’s the documentation for reflashing the phone [2], you have to use the “--variant luks” option for the flashing tool to have an encrypted root filesystem (should default to on to match the default shipping configuration). There is an option --skip-cleanup to allow you to use the same image multiple times, but that probably isn’t useful. The image that is available for download today has the latest kernel update that I installed yesterday so it seems that they quickly update the image which makes it convenient to get the latest (dpkg is slow on low power ARM systems). Overall the flash tool is nicely written, does the download and install and instructs you how to get the phone in flashing mode. It is a minor annoyance that the battery has to be removed as part of the flashing process, I will probably end up flashing my phone more often than I want to take the back off the case. A mitigating factor is that the back is well designed and doesn’t appear prone to having it’s plastic tabs breaking off when removed (as has happened to several other phones I’ve owned).

      • Open Hardware/Modding

        • InfoQJava News Roundup: JDK 19 and Jakarta EE 10 Updates, Ansynch and Buffered Logging by Amazon Corretto

          JEP 422, Linux/RISC-V Port, has been promoted from Candidate to Proposed to Target for JDK 19. This JEP proposes to port the JDK to Linux/RISC-V, a free and open-source RISC instruction set architecture. The template interpreter, C1 and C2 JIT compilers, and all current mainline GCs, including ZGC and Shenandoah, will be supported. The main focus of this JEP is to integrate the port into the JDK main-line repository. The review is scheduled to conclude on March 17, 2022.

      • Mobile Systems/Mobile Applications

    • Free, Libre, and Open Source Software

      • OpenSource.comWhy academia chooses open source

        Open source software provides a concrete way for academic institutions to share the burden of common problems. Frequently, the quickest way to find a solution is to see what worked for somebody else, and humans naturally look at how others have handled a specific challenge. Successful open source solutions are visible because they have dynamic communities behind them. They represent a lower risk because transparency shows us how others solved issues.

        Even where communities focus on end-users rather than contributions, there can be immense value in the act of participation, sharing experiences, and targeting common goals. The way in which open source software can act as a catalyst for broader collaboration typically delivers value far beyond the software itself. Consider your own role in building and participating in open source initiatives, whether as a developer, user, or motivator.

      • Programming/Development

        • Document FoundationJoin the Indian LibreOffice community! - The Document Foundation Blog

          Across the globe, LibreOffice communities help to improve the software, translate the user interface, update documentation and spread the word. You can see a list of international projects on this page, and today we’re announcing communication channels for the Indian LibreOffice community!

        • KDE Frameworks 6 Android CI and Plasma 6 Sprint

          Time for another KDE Frameworks 6 update! Since the last post we got Android CI coverage and had the Plasma 6 sprint, among other things.

          [...]

          With Android we now have a second platform covered for continuous integration for KF6. This also gives us coverage for a second CPU architecture and, more importantly, cross-compilation.

          Android specific API in Qt as well as build system support required a number of changes, but fortunately there are only a few affected areas in KDE Frameworks.

        • Market ScreenerJFrog : Diving into CVE-2022-23943 – a new Apache memory corruption vulnerability

          mod_sed is an Apache module that provides the same functionality as GNU's stream editor tool, sed, allowing the manipulation of streams. It can be used as an input filter in order to modify HTTP POST requests' bodies, or alternatively as an output filter that modifies the server's responses before they're sent to the client.

        • The Register UKJavaScript library updated to wipe files from Russian computers [Ed: Incitement leads to sabotage; this one shipped by Microsoft]

          The developer of JavaScript library node-ipc, which is used by the popular vue.js framework, deliberately introduced a critical security vulnerability that, for some netizens, would destroy their computers' files.

          Brandon Nozaki Miller, aka RIAEvangelist on GitHub, created node-ipc, which is fetched about a million times a week from the NPM registry, and is described as an "inter-process communication module for Node, supporting Unix sockets, TCP, TLS, and UDP."

          It appears Miller intentionally changed his code to overwrite the host system's data, then changed the code to display a message calling for world peace, as a protest against Russia's invasion of Ukraine. GitHub on Wednesday declared this a critical vulnerability tracked as CVE-2022-23812.

        • IT News AU"Peacenotwar" npm module protests Russian invasion of Ukraine. [Ed: Microsoft shipping malware again; media blames everyone but Microsoft]

          Miller intended the module to be "protestware", to reflect people's opposition to war.

        • Dark ReadingCode-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks [Ed: No, Microsoft shipping malware does not "Expose Open Source Risks"; Microsoft and GitHub are proprietary software]
        • VideoBook Review: Machine Learning with PyTorch and Scikit-Learn - Invidious

          Packt recently sent me a review copy of their new machine learning book, Machine Learning with PyTorch and Scikit-Learn...

        • The Register UKMATLAB expands to reach self-driving, wireless biz [Ed: It is proprietary software bloat. Do not develop in it.]

          MathWorks, maker of the long-standing MATLAB suite, is focusing its latest software updates on reaching beyond its traditional scientific base – and eyeing up autonomous vehicle developers, makers of devices with wireless communications, and others.

  • Leftovers

    • The Register UKChinese Go Association suspends player 'for using AI' [Ed: Quit calling every computer program "Hey Hi"]

      The Chinese Go Association – the body that oversees professional and high-level amateur play of the board game – has suspended a player for apparently using artificial intelligence during a tournament.

      An announcement from the body states the cheating happened during online play in preliminary rounds of the Advocate Cup China Professional Go Championship – a top-tier tournament at which the winner goes home with €¥450,000 (about $70,000).

    • The Register UKGoogle uses deep learning to design faster, smaller AI chips [Ed: Even hardware is being marketed as "Hey Hi"]

      Googlers and UC Berkeley academics say they have devised a way to use artificial intelligence to design faster and smaller chips that accelerate artificial intelligence.

    • The Register UKCerebras brings wafer-size AI chips to medical data analysis
    • The Register UKUS biz to blow $120bn on AI by 2025, says IDC [Ed: In order to fake 'growth' more things get classified as "Hey Hi"]
    • The AtlanticTrolls Aren’t Like the Rest of Us

      Online jerks and offline jerks are largely one and the same. Here’s how to keep them from affecting your happiness.

    • Science

      • NatureResearch on integrated simulation platform for urban traffic control connecting simulation and practice [Ed: Privacy lapses and loophole for EPO to grant software patents]

        Though effective in theoretical simulation, the established traffic control models and optimization algorithms will result in model mismatch or even control strategy failure in actual application. However, they are commonly adopted in traffic signal control research, resulting in the unavailability of many exceptional control algorithms in practice. Simulation should function as a bridge between theoretical research and actual application, allowing the gap between the two to be communicated and made up for. However, an effective connection between the two has yet to be established to enable simulation methods in existing traffic control research. To this end, we designed and developed a simulation platform for "Online Application—HILS (Hardware-in-the-Loop Simulation)—Practice" integration over traffic signal control. In this paper, the architecture and characteristics of the integrated simulation platform were described. Besides, the function of each module of the platform was detailed, followed by listing simulation examples for six complex scenarios, with the active control scenario being selected for simulation comparison analysis. The findings demonstrated extensive road network simulation with the integrated simulation platform, multidimensional control variables, control strategies with support, as well as stable and reliable operation. It can be used to verify several sorts of traffic control simulation with variable dimensions.

      • The Register UKData poisoning can't beat facial recognition – research ● The Register

        If there was ever a reason to think data poisoning could fool facial-recognition software, a recently published paper showed that reasoning is bunk.

    • Hardware

      • as the tech joy rushes in



        Makes me think modern tech is massively narcissistic, essentially unhappy unless the star for better, or for much, MUCH worse....

      • A brief tour of the PDP-11, the most influential minicomputer of all time | Ars Technica

        The history of computing could arguably be divided into three eras: that of mainframes, minicomputers, and microcomputers. Minicomputers provided an important bridge between the first mainframes and the ubiquitous micros of today. This is the story of the PDP-11, the most influential and successful minicomputer ever.

        In their moment, minicomputers were used in a variety of applications. They served as communications controllers, instrument controllers, large system pre-processors, desk calculators, and real-time data acquisition handlers. But they also laid the foundation for significant hardware architecture advances and contributed greatly to modern operating systems, programming languages, and interactive computing as we know them today.

    • Integrity/Availability

      • Proprietary

        • 9to5MacApple @ Work: Windows file shares are still buggy on macOS; it’s time to fix it once and for all

          Apple @ Work is brought to you by Kandji, the MDM solution built exclusively for organizations that run on Apple.

        • Pseudo-Open Source

        • Security

          • LateWebSimple Ways to Generate a Random Password on Linux Shell

            Having a strong password when authenticating to a service by username and password is very important. Sometimes, you need to protect your account or server, and try to keep your data safe and secure. It is often said that a strong password must have a minimum of 14 characters with variations like you may have lowercases/uppercases in the characters and alphabets. Mostly the long password is considered to be much more secure than a short one since it is hard to get. In this tutorial, we will see many ways to generate a strong password from Linux command line. We will have a look at many different means to create a stronger password that is secure enough, using the Linux command line. You need to generate a stronger password from the command line so, it has various different methods and utilities that are already available. We will be discussing many of the methods and you may choose any of the ways for generation of a password as per your need.

          • Computing UKSecurity bug in Linux kernel netfilter lets attackers gain root access [Ed: So Linux has some privilege escalation flaws; meanwhile, Microsoft has remotely-exploitable flaws that require no account on the target]

            Sophos researcher Nick Gregory has uncovered a dangerous security bug in Linux's netfilter application which could enable a local attacker to escalate privileges...

          • CNX SoftwareGas pumps happen to be about as insecure as your typical router - CNX Software

            Gas pumps have a lot more in common with routers than I initially thought, as reported by FOX 8, many models come with a default passcode that may not always be changed by the gas station’s manager, and using a special remote it’s possible to change the price and other parameters. Some gas stations are also part of the Internet of Things with all gas pumps connected to the Cloud through gateways (called “embedded box” below) to enable remote monitoring, but that also introduces security vulnerabilities as noted in a Kaspersky study in 2018.

          • IndiaNOPEN Season: China Once Again Accuses US NSA of Cyber Espionage, Says Found Spying Tool

            When it comes to cybersecurity issues, hackers from China, Russia, and North Korea take the maximum attention due to their notorious activities over the years. But now some latest analyses are highlighting that another country may also be behind such data safety issues.

            According to a new report by the Chinese government mouthpiece Global Times, the National Computer Virus Emergency Response Center in China stated that the US National Security Agency (NSA) had deployed a spy tool capable of lurking in a victim’s computer and accessing sensitive information, as well as controlling global internet equipment and stealing large amounts of data from users.

            It was reported that NOPEN—a remote-controlled tool for Trojan horse for Unix/Linux computer systems—has been found. It is mostly used to steal files, get access to systems, divert network communication and examine information on a target device.

          • China detects spy virus developed by the US - Prensa Latina

            According to the Global Times newspaper, a specialized institution in the country discovered the Trojan, called Nopen, a tool operated remotely. The Trojan mainly attacks machines with Unix/Linux operating systems.

            It is capable of controlling Internet traffic on computers, stealing large amounts of user information and monitoring user activities.

          • The Register UKChina: Attacks from US IP addresses hit us, moved on to Russia and Ukraine

            China's Cyberspace Administration has claimed that "since late February" it has observed continuous attacks on the Chinese internet and computers in the nation by people who used the resources to also target Russia, Belarus, and Ukraine.

            The allegation, the title of which translates as, "My country's internet suffers from overseas cyber attacks," was posted on Friday and includes a list of IP addresses China's Cyberspace Administration (CAC) claims is the source or target of the attacks.

          • The Register UKViasat, Rosneft hit by cyberattacks ● The Register

            Until last week, when it emerged that Western spy agencies were investigating a large-scale satellite broadband outage affecting satellite communications provider Viasat, which began on 24 February – the day Russia invaded Ukraine.

          • The Register UKRussia's invasion of Ukraine tears open political rift between cybercriminals [Ed: The cost of using Microsoft in Ukraine; this article uses Microsoft proxies to distract from the role played by Windows]

            These political divides played out in the Conti leak. After the notorious ransomware group announced its unwavering support for President Vladimir Putin and his occupation of Ukraine, plus its intent to use "all possible resources to strike back" should anyone launch a cyberattack against Russia, the crew suffered a security breach of its own.

          • Bleeping ComputerNew Unix rootkit used to steal ATM banking data [Ed: ATMs are typically compromised due to Windows, so Microsoft boosting sites issue headlines like these, instead]

            LightBasin's new rootkit is a Unix kernel module named "Caketap" that is deployed on servers running the Oracle Solaris operating system.

          • The Register UKRussia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln [Ed: Microsoft Windows helps Russia attack nations digitally]

            State-sponsored threat actors from Russia over the last year breached a non-governmental organization (NGO) by leveraging multifactor authentication (MFA) defaults and exploiting the PrintNightmare vulnerability in Windows Print Spooler.

            The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint alert on March 15 warning organizations that state-backed criminals could use the MFA defaults and flaw to access networks.

            In this case, the unnamed cybercriminal gang took advantage of a misconfigured account to set default MFA protocols at the NGO.

            The bad actors enrolled a new device for MFA and accessed the NGO's network and then exploited the PrintNightmare flaw – tracked as CVE-2021-34527 – to run malicious code and gain system privileges, giving them access to email accounts and enabling them to move laterally to the organization's cloud environment and to steal documents.

          • Privacy/Surveillance

            • The Register UKControversial Clearview AI tech used by Ukraine, says CEO ● The Register

              The Ukrainian government is using facial recognition technology from startup Clearview AI to help them identify the dead, reveal Russian assailants, and combat misinformation from the Russian government and its allies.

              Reuters reported yesterday that the country's Ministry of Defense began using Clearview's search engine for faces over the weekend.

              The vendor offered free access to the search engine, which Ukraine is using for such tasks as identifying people of interest at checkpoints and identifying people killed during Russia's invasion, the news organization wrote, citing Lee Wolosky, who currently advises Clearview and formerly worked as a US diplomat under Presidents Barack Obama and Joe Biden.

              The newswire reported the company was one of a number of US-based artificial intelligence companies offering its aid in the wake of Russia's invasion, which began February 24. Speaking to both Wolosky and Clearview AI CEO Hoan Ton-That, the news site said the CEO had sent a letter to officials in Kyiv.

    • Defence/Aggression

      • NewYorkTimesOpinion | ‘We Live in a Different World Now’: Dispatch From a Changed Germany - The New York Times

        Nils Schmid, a member of Germany’s Parliament and a foreign policy spokesman for the Social Democratic Party, was explaining to me what a minor role the military plays in his country’s politics.

      • NewYorkTimesUkraine’s Architectural Treasures Face Destruction - The New York Times

        Russia’s invasion of Ukraine brought searing images of human tragedy to witnesses around the world: thousands of civilians killed and injured; broken families, as mothers and children leave in search of refuge while fathers and other men stay behind to defend their country; and millions of refugees having already fled to neighboring countries, after just two weeks of war.

        In addition to that human suffering, a second tragedy comes into focus: the destruction of a country’s very culture. Across Ukraine, scores of historic buildings, priceless artworks and public squares are being reduced to rubble by Russian rockets, missiles, bombs and gunfire.

    • Monopolies

      • The Register UKMicrosoft faces EU antitrust complaint from OVHcloud

        Microsoft is facing an antitrust complaint in Europe from France's OVHcloud.

        The French data centre provider, which sells web hosting, cloud computing and dedicated server instances, filed the complaint with the European Commission's (EC) antitrust arm in the summer of 2021.

      • The Register UKApple, Google urge UK antitrust watchdog to leave them alone ● The Register

        Apple and Google have defended their business practices in letters to the UK Competition & Markets Authority, while rival companies and third-party developers continue to push for mobile market reforms.

      • Patents

        • MondaqChina: AFD China Newsletter - March 2022

          The CNIPA on February 23 confirmed companies' subsidiaries as ineligible to be respondents to answer petitions in administrative patent cases, in the country's top IP authority's reply to the Zhejiang Intellectual Property Administration published on its official website.



Recent Techrights' Posts

Microsoft's Latest 'Novel' Approach, Trying to Prevent People Moving Away From Microsoft and From Windows
ads say a lot about their business strategy
Microsoft-sponsored "The New Stack" Publishing Microsoft Windows Articles in "Linux" Clothing
Just sayin'...
 
Microsoft Ends Support for Vista 10, So Relative Share of Vista 10 Goes Up, Vista 11 is Down
For 2 months in a row already
When Python is Basically Run by a 'Microsoft-Friendly' Mole Who Ousts People That Actually Contributed a Lot to Python for Many Years
Removing some of the best people
Syria: Microsoft Windows Down to 8% "Market Share" (It Was 99% Just 15 Years Ago)
it was even measured at less than 5% earlier this year
Links 08/12/2024: Boeing Leaks and Bluesky’s Business Model Dilemma
Links for the day
Gemini Links 08/12/2024: UK Winds and Ultraviolet Grasslands (UVG)
Links for the day
Links 08/12/2024: Conflicts, Misinformation, and Gutting of the Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 07, 2024
IRC logs for Saturday, December 07, 2024
Czech Republic: GNU/Linux Jumps Above 4%
data from the Czech Republic for 2024
IBM Engagement Surveys "Are Usually Useful for the Executives So They Know Which Things to Ignore"
This impacts Red Hat as well
Did Microsoft 'Write' (by Chatbots) This 'Article' About WINE?
The Web is drowning in garbage
Dictatorship Formalised: Python Software Foundation Violates Its Very Own Code Of Conduct (COC) or Code Of Censorship
Incoming Python Software Foundation Executive Director, Deb Nicholson, allegedly uses COCs to get ahead while violating COCs
[Meme] 'Self-Checkout' (and Banking 'Apps'): Passing All Accountability to the Customers
Stealing
Gemini Links 07/12/2024: Leasehold and NNTP
Links for the day
Fun Statistics About Techrights (Almost a Quarter Million Files)
Here are some raw numbers
PIP (Performance Improvement Plan) as an Instrumental But Largely Hidden (From the Public) Extra Layer of IBM's Workforce Reductions
The morale at IBM is really bad
Microsoft Money: From Bribing Bloggers to SLAPPing Bloggers
Microsoft money, different strategy?
Belgium: Windows Falls to Quarter of the Market, Mobile Devices Outsell or Overtake Desktops/Laptops on the Web
Microsoft has no operating system for 'smartphones'
Links 07/12/2024: CALEA Back Doors Backfiring, Fentanylware's (TikTok) U.S. Ban a Step Closer
Links for the day
statCounter: GNU/Linux Rises Sharply to All-Time High in Republic of South Korea
Notice how sharp the rise is!
It's FOSS? No, It's SPAM.
Another sellout
Another Massive Blow to the Web
This is awful news and it neatly relates to topics that we covered this morning
All the Latest Five Blog Posts at OSI's Blog Are Written by a Microsoft Operative Salaried by Microsoft
"Open Source" no longer means anything
Legacy of a Dying World Wide Web
Many people truly believe they're "stars" in social control media
Google Does Not Have a Search Engine Anymore
Google wants to "retain" users for more "screen time" and influence over their minds; it does not save you time, it's manipulating you
[Meme] Automattic: Host With Automattic, We'll Handle Our Own Complexity for You
The RHEL modus operandi (more so with systemd)
Finding Peace With Less
There seems to be a growing consensus (speaking to other editors helps confirm this) that the Web is going in a very bad direction
Links 07/12/2024: DEI Chopped by University of Michigan, French and South Korean Governments in Turmoil
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 06, 2024
IRC logs for Friday, December 06, 2024
Links 06/12/2024: Meal Changes and Internet Nostalgia
Links for the day
Brittany Day (linuxsecurity.com) Reposing Linux Foundation/Microsoft FUD Using LLMs, Probably Controlled by Microsoft
Plagiarised FUD by LLMs
Three Months
Next week on Tuesday our sister site turns 20.5
Links 06/12/2024: Promotion of Fake and Illegal Patent 'Court' (UPC), South Korean Strikes, and More Bailouts at Taxpayers' Expense
Links for the day
Links 06/12/2024: Alarm Raised in EU Over Meddling and Destabilisation by TikTok, Strong Criticism of 'Open'AI
Links for the day
In France, Android Skyrockets to 52%, Windows Falls to 26%
even in rich countries across Europe Windows is rapidly losing "market share"
When News Sites Become Shopping Catalogues Disguised as 'Reviews' or 'Articles'
Sometimes Fagioli uses HEY HI (AI, LLMs actually) to make 'articles' about HEY HI
[Meme] Hit and Run with SLAPP
Microsoft staff versus Techrights
[Meme] When You Go Against Corporate Front Groups and Shills of Moneyed Interests (EDRi is Microsoft-Compromised Now)
The "golden rule" is, follow the gold
The Register Exposed Many IBM Scandals, Lawsuits, and Secret Layoffs. Now IBM Pays The Register.
Hush money?
IBM Told the Media the Secret Mass Layoffs Would Carry on Till End of November, But They Still Happen This Month
"My team of 9 people had 4 regulars and 5 contractors. All contractors gone."
All the Red Flags in New Linux Foundation Report
How telling...
Gemini Links 06/12/2024: Shrinkflation and Working at Google
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 05, 2024
IRC logs for Thursday, December 05, 2024