Bonum Certa Men Certa

Links 01/06/2022: Istio 1.14 and elementary OS/Linux Mint Monthly Reports



  • GNU/Linux

    • Server

      • Announcing Istio 1.14

        This is the second Istio release of 2022. We would like to thank the entire Istio community for helping to get Istio 1.14.0 published. Special thanks are due to the release managers Lei Tang (Google) and Greg Hanson (Solo.io), and to Test & Release WG lead Eric Van Norman (IBM) for his help and guidance.

      • Istio 1.14 Upgrade Notes

        When you upgrade from Istio 1.13.x to Istio 1.14.0, you need to consider the changes on this page. These notes detail the changes which purposefully break backwards compatibility with Istio 1.14.0. The notes also mention changes which preserve backwards compatibility while introducing new behavior. Changes are only included if the new behavior would be unexpected to a user of Istio 1.13.x. Users upgrading from 1.12.x to Istio 1.14.0 should also reference the 1.13.0 change logs.

      • Istio 1.14 Change Notes

        This feature is intended primarily for use on VMs, where system administrators need to restrain interception of the outgoing traffic down to a few applications instead of intercepting all outgoing traffic.

        By default, as before, the Istio Sidecar will intercept outgoing traffic from all processes, no matter what user groups they are running under.

      • OpenSource.comA visual guide to Kubernetes networking fundamentals | Opensource.com

        Moving from physical networks using switches, routers, and ethernet cables to virtual networks using software-defined networks (SDN) and virtual interfaces involves a slight learning curve. Of course, the principles remain the same, but there are different specifications and best practices. Kubernetes has its own set of rules, and if you're dealing with containers and the cloud, it helps to understand how Kubernetes networking works.

    • Audiocasts/Shows

    • Instructionals/Technical

      • Make Use OfHow to Customize the Ubuntu Dock to Look Like macOS

        One of the major features of the GNOME 42 desktop environment is a highly-customizable dock or dash. Let's look at how you can customize the new dock in Ubuntu 22.04 LTS (Jammy Jellyfish) or later to have a similar look to that of macOS.

      • Linux Made SimpleHow to install Natron on a Chromebook in 2022

        Today we are looking at how to install Natron on a Chromebook in 2022. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • ByteXD8 Ways to Count Lines in a File in Linux - ByteXD

        Counting lines in a Linux file can be hectic if you don’t know the applicable commands and how to combine them. This tutorial makes the process comfortable by walking you through eight typical commands to count lines in a file in Linux.

        For example, the word count, wc, command’s primary role, as the name suggests, is to count words. However, since a group of words forms a line, you can use the command to count lines besides characters and words.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • DedoimedoPlasma System Monitor & custom graphs

          The new Plasma System Monitor is a great example of the wider Linux ecosystem. There was a tool, called KSysGuard, which worked pretty well. And so, a new tool was created, which for quite a while lacked the functional parity and was far buggier. This new tool was called Plasma System Monitor. Now, it has become the Plasma default, the old tool is gone, but you still don't quite get the functionality equivalence, and the graphs are significantly worse (by default and else). Feels like a lot of unnecessary effort. Linux, and modern software to boot.

          That said, Plasma System Monitor is an extensible program, and you can tweak its look & feel. You can add new custom graphs, edit the existing ones, and make it work the way you want it. This is great, for tinkering nerds who want to invest time in something like this. This is horrible for the average user, who just needs to see some basic metrics for their system. But hey. The wheel of code must forever turn. Hopefully, this tutorial slash rant provides the necessary guidance to help you tame Plasma System Monitor to your liking, so that you can have a reasonably productive and accurate experience. Now you have the tools to be your own ... whatever. Thank you for reading, and see you soon.

        • My week in KDE: Improvements to Tasks

          This past week I mainly worked on two things, getting Tasks to remember its window size and position and adding a way to search through tasks.

          [...]

          Next is the search feature, I thought it would be pretty cool if this worked similarly to the less command line utility. The way it works in less is after you type the / character, everything after that will be the search pattern.

        • KDE Gear 22.08 release schedule finalized
        • SCAM: Lightmoon IS NOT Kdenlive. Lightmoon is MALWARE.

          We have been notified of a site that is using Kdenlive’s name and likeness to distribute malware to users. We will not be linking to the site to avoid accidental downloads, but if a search lands you on a site offering “lightmoon”, “a free video editor” that looks in the screenshots identical to Kdenlive, this is malware.

  • Distributions and Operating Systems

    • elementary OS: Updates for May, 2022

      We’re now in the final stretch with just a handful of issues left to resolve before we can release elementary OS 7. This month there was a large focus on making new stable releases of packages so that we can prepare for building stable images of OS 7. As we’ve mentioned before, the primary development focus has shifted from OS 6 and some components can no longer be released there. But, for those things which can still be built on both versions, a trickle of updates has landed in OS 6.1 this month.

    • Linux Mint[Linux Mint] Monthly News – May 2022

      Many thanks to our sponsors and all the people who donated to us. Thank you for your generous donations!

      Many thanks also to our developers, moderators and all the people in our community who help us in different ways. This is a fantastic project, it’s a real pleasure to work with you.

    • NeowinLinux Mint project takes over development of Timeshift backup tool and makes it a XApp

      There has been an interesting development in this month’s Linux Mint news segment regarding the future of the backup utility Timeshift which has become a core part of the distro in recent years. It turns out that Tony George, the developer behind the project doesn’t have time to work on Timeshift any longer and has agreed for the Mint team to take over. As part of the plans, Timeshift will now become a XApp, a suite of apps developed by the Mint team.

      A core principle of Linux Mint is that things just work. To ensure things keep working after updates and upgrades, the Mint team started pushing, quite aggressively, for people to begin making system backups so they could restore their computers to an earlier state if anything went wrong. The tool of choice for backups in Mint was Timeshift and that utility has been bundled with the distro for quite a while now.

    • OMG UbuntuWarp: a Fantastically Simple File Transfer App for Linux - OMG! Ubuntu!

      Warp is a simple, no-fuss file transfer app for Linux desktops.

      Like, seriously simple.

      Built in GTK4, Warp offers the sort of clean, focused UI we more commonly associate with Mac apps than Linux ones.

      Not that user-friendly file transfer apps are unique or exclusive to Linux. Plenty exist. Yet Warp does something that tools I’ve written about in the past, like Linux Mint’s (terrific) Warpinator, don’t: it lets you send files outside of your local network.

      Or to quote the Warp page on Flathub: “Warp allows you to securely send files to each other via the internet or local network by exchanging a word-based code.”

      Which is kinda neat.

      The extra-LAN capability makes Warp the ideal tool to reach for when you want to share a file with friend/colleague but don’t want to go through the predictable hassle of uploading it to a cloud-based service, generating a shareable link, sharing the link, them complaining the link doesn’t work, you having to check again… and so on.

      Just open Warp, select the file to “send”, and copy the shareable code it generates. The recipient just opens Warp, clicks “receive”, punches in the code and… et voila: digital transference through the binary ether.

    • SUSE/OpenSUSE

      • SUSE's Corporate BlogSUSE Rancher for IBM Z and LinuxONE is available!

        Today, SUSE has added IBM Z and LinuxONE support for several SUSE Rancher products – Rancher Manager, RKE2, K3s and Longhorn. Read on if you would like a little more information about each of these products.

        Rancher Manager is undoubtedly the most important product. With Rancher Manager it is easy to run Kubernetes everywhere. Learning how to manage Kubernetes can be difficult. The Rancher Manager web UI makes centrally managing multiple Kubernetes clusters much easier than having to use the command line to manage each Kubernetes cluster separately. Rancher Manager 2.6.4 includes support to manage any CNCF-certified s390x Kubernetes cluster which includes RKE2 and K3s. s390x is the architecture designation for IBM Z and LinuxONE servers. The validated features for the initial s390x support in Rancher Manager include Rancher Server, Rancher Agent, Kubernetes Fleet operations, Helm chart catalog and backup/restore operations. As newer Rancher Manager versions are released, monitoring, logging alerting and CIS scans for s390x Kubernetes deployments will be added.

      • SUSE's Corporate BlogCase files of a TSE: How do you repair and rpm database? Very, very carefully.

        This is an article which is part of a series that attempts to showcase the kind of work that SUSE Support does and how we help customers resolve issues they encounter when running SUSE products. The cases that are selected will be based on real cases. However, all details will be fully anonymized and stripped of identifying marks.

        Some problems are very hard to identify, but the steps to solve that issue are quite simple. Other problems are relatively easy to identify, but are not trivial to solve. I will share a problem that seems quite simple on the surface, but there are many complexities to take care of.

      • SUSE's Corporate BlogSUSE partners with Close the Gap to reduce its carbon footprint while bridging the digital divide [Ed: SUSE already has a green logo; now it does greenwashing]

        Today, everything is digitally connected—from gaming, banking, education, and job searching, to socializing with your friends and family. While access to technology and the internet has become abundant in the developed world, a significant portion of the world’s population still does not have this same freedom to access. At the same time, global warming and environmental issues persist.

      • SUSE's Corporate BlogNew SUSE eLearning “Gold Level” Subscription with Live Labs – Where You Can Do It All | SUSE Communities

        The subscription includes over 130 hours of technical training content covering SUSE Linux Enterprise Server, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Server for SAP Applications, SUSE Manager and SUSE Rancher. With an annual subscription, you’ll also stay up to date with the latest product releases from SUSE.

    • Fedora Family / IBM

      • The Register UKRed Hat to help DOE to containerize supercomputing ● The Register

        Cloud-native architectures have changed the way applications are deployed, but remain relatively uncharted territory for high-performance computing (HPC). This week, however, Red Hat and the US Department of Energy will be making some moves in the area.

        The IBM subsidiary – working closely with the Lawrence Berkeley, Lawrence Livermore, and Sandia National Laboratories – aims to develop a new generation of HPC applications designed to run in containers, orchestrated using Kubernetes, and optimized for distributed filesystems.

        The work might also make AI/ML workloads easier for enterprises to deploy in the process.

      • Red Hat OfficialHappy third anniversary, Enable Sysadmin!

        In just three years, this community site "by sysadmins, for sysadmins" has given millions of people information to help them do their work better.

      • Red Hat OfficialRed Hat Learning Subscription Premium enables learning around the globe

        In the first quarter of 2022, the labor market continued its trend of what has been coined the "great resignation," leaving many organizations competing to recruit and retain top talent. Red Hat continues to iterate its training offerings to keep pace with the changing needs of this talent as well as the landscape of technology.

        Employees who participate in Red Hat Training average longer tenures and higher satisfaction with their jobs. Further, 75% of Red Hat Learning Subscription users agree that the subscription makes it faster and easier for them to troubleshoot issues with Red Hat technologies and 84% agree that they feel more confident on the job as a result of their training.

      • Red Hat OfficialImproved analysis of IBM Power environments with Red Hat Insights

        As part of Red Hat’s hybrid cloud vision, Red Hat Insights is available on all actively supported versions of Red Hat Enterprise Linux (RHEL), to help continuously analyze platforms and applications and better predict potential risk, no matter where RHEL is actually deployed. Even with this relative ubiquity of the service, we’ve never had IBM Power-specific recommendations in Insights — until now.

        Insights now integrates with an offering from IBM, the IBM Fix Level Recommendation Tool (FLRT). IBM FLRT provides cross-product compatibility information and fix recommendations for IBM products. One of the main IBM FLRT use cases is to plan upgrades of key components and to verify the installed software and firmware level to assess health and stability of your IBM Power systems.

    • Open Hardware/Modding

      • Switch Button and Raspberry PI Pico: Wiring and MicroPython Code

        Switch button with Raspberry PI Pico allows your projects to get the simplest input from the user: a push. With this input, you can start a program to execute a specific job only when the user requires it

      • ArduinoThese intelligent slippers sense regular activities and falls using machine learning

        When it comes to activity monitors such as smartwatches, rings, and pendants, they are often considered cumbersome or too difficult to keep track of, especially for the elderly with memory or dexterity problems. This is why the team of Jure Å peh, Jan Adamic, Luka Mali, and Blaz Ardaljon Mataln Smehov decided to create the SmartSlippers project, which is a far more integrated method for detecting steps and falls.

        The hardware portion of the SmartSlippers prototype is just a Nano 33 BLE Sense board due to its onboard inertial measurement unit (IMU) and Bluetooth€® Low Energy capability. At first, the team collected 14 minutes of five different types of movements: walking, running, stairs, falling, and idle within the Edge Impulse Studio. From here, they trained a neural network on these samples, which resulted in an accuracy of around 84%.

      • GoogleBuild Open Silicon with Google

        Mature process nodes like SKY130 (a 130nm technology) offer a great way to prototype IoT applications that often need to balance cost and power with performance and leverage a mix of analog blocks and digital logic in their designs. They offer a faster turnaround rate than bleeding-edge process nodes for a fraction of the price; reducing the temporal and financial cost of making the right mistakes necessary to converge toward the optimal design.

        By combining open access to PDKs, and recent advancements in the development of open source ASIC toolchains like OpenROAD, OpenLane, and higher level synthesis toolchain like XLS, we are getting us one step closer to bringing software-like development methodology and fast iteration cycles to the silicon design world.

        Free and open source licensing, community collaboration, and fast iteration transformed the way we all develop software. We believe we are at the edge of a similar revolution for custom accelerator development, where hardware designers compete by building on each other's works rather than reinventing the wheel.

        Towards this goal, we've been sponsoring a series of Open MPW shuttles on the Efabless platform, allowing around 250 open source projects to manufacture their own silicon.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • What is Miklos hacking – Content controls in Writer: dropdown, picture and date types

      Word users expect to be able to import their document to Writer and experience a matching feature set: form filling is not an exception. Word provides several content control kinds (inline, block, row and cell content controls), this project focuses on inline ("run") content controls.

      In the scope of inline content controls, the above linked blog post already described the rich text and checkbox types. In this post, we’ll focus on the new dropdown, picture and date content controls.

    • Document FoundationIndex of Training Videos about LibreOffice

      In order to make it easier for users to find training videos about LibreOffice, we have created a comprehensive index updated to the end of April 2022 using the open source Zotero bibliography and reference management software.

      The index is published on this blog in the Media Hub section (clicking on the Media Hub menu, you will open a drop down menu with Press Releases and Index of Videos).

    • Events

      • BozemanGLUG: June 2022 Meeting

        The regular meeting would have been Thursday, June 2nd but we decided to postpone for one week to gather up more topics... so the meeting will be on Thursday, June 9th instead. Hopefully topics will be added to this meeting notice later.

    • GNU Projects

    • Programming/Development

      • Sparky news 2022/05

        The 5th monthly Sparky project and donate report of 2022...

      • Medevel15 open-source Tailwind-based UI frameworks and component libraries

        Tailwind is a free, open-source utilities-first CSS framework. It was featured in dozens of projects by developers who use different frameworks as Vue, React, Angular, Blaze, Meteor, Svelte, and others. As its popularity is growing, developers start building their own custom libraries on top of Tailwind.

      • MedevelCapRover is an Open-source PaaS for productive deployment

        Easiest app/database deployment platform and webserver package for your NodeJS, Python, PHP, Ruby, Go applications.

      • UNIX CopJenkins vs. Chef | All you need to know

        Jenkins is an open-source continuous integration server. It provides continuous integration services for software development, mostly used in highly customized builds of software. And it is a continuous integration service for software development which you can primarily utilize in highly customized software builds.

        Continuous Integration (CI) is a software development process in which members of a team merge their work on a regular basis; typically, each individual integrates at least once each day, resulting in several integrations per day. To uncover integration faults as fast as possible, an automated build evaluates each integration (which includes a test). Further, the goal of CI is to ensure that all code committed to a shared repository can be built and tested, validating not only that the code works but also that it will continue to work properly when integrated with other code changes.

      • Perl / Raku

        • The Register UKPerl Steering Council lays out a backwards compatible future for Perl 7

          The much-anticipated Perl 7 continues to twinkle in the distance although the final release of 5.36.0 is "just around the corner", according to the Perl Steering Council.

          Well into its fourth decade, the fortunes of Perl have ebbed and flowed over the years. Things came to a head last year, with the departure of former "pumpking" Sawyer X, following what he described as community "hostility."

          Part of the issue stemmed from the planned version 7 release, a key element of which, according to a post by the steering council "was to significantly reduce the boilerplate needed at the top of your code, by enabling a lot of widely used modules / pragmas."

          It all sounds wonderful, but the price would have been the breaking of some backwards compatibility, meaning that some code targeting earlier versions of the programming language would have needed changing.

          "This prompted a lot of heated discussions," said the council. "Some thought this was a great idea, and some thought it a terrible idea to throw away one of Perl's key strengths."

  • Leftovers

    • Hardware

      • The Register UKNewport Wafer Fab could be sold to US consortium – report

        Considered to be preferable to sale to China-owned Nexperia, say sources

      • The Register UKSamsung and Intel bosses discuss silicon co-operation ● The Register

        Intel CEO Pat Gelsinger and Samsung Electronics boss Lee Jae-yong met on Monday in South Korea and “discussed how to cooperate between the two companies."

        That quote comes from Samsung, which also let the world know the two leaders talked about next-generation memory chips, silicon for PCs and mobile devices, fabless chip design, the foundry business, and more.

        It is unclear if the talks addressed a particular issue, or just represented the heads of the world’s top two chipmakers getting together for a chat while Gelsinger was in town.

      • The Register UKAMD nearly doubles Top500 supercomputer hardware share ● The Register

        In a sign of how meteoric AMD's resurgence in high performance computing has become, the latest list of the world's 500 fastest public known supercomputers shows the chip designer has become a darling among organizations deploying x86-based HPC clusters.

        The most eye-catching bit of AMD news among the supercomputing set is that the announcement of the Frontier supercomputer at the US Department of Energy's Oak Ridge National Laboratory, which displaced Japan's Arm-based Fugaku cluster for the No. 1 spot on the Top500 list of the world's most-powerful publicly known systems.

        Top500 updates its list twice a year and published its most recent update on Monday.

      • The Register UKAll-AMD US Frontier supercomputer ousts Japan's Fugaku as No. 1 in Top500

        The land of the rising sun has fallen to the United States’ supercomputing might. Oak Ridge National Laboratory’s (ORNL) newly minted Frontier supercomputer has ousted Japan’s Arm-based Fugaku for the top spot on the Top500 rankings of the world's most-powerful publicly known systems.

        Frontier’s lead over Japan’s A64X-based Fujitsu machine is by no means a narrow one either. The cluster achieved peak performance of 1.1 exaflops according to the Linpack benchmark, which has been the standard by which supercomputers have been ranked since the mid-1990s.

        Frontier marks the first publicly benchmarked exascale computer by quite a margin. The ORNL system is well ahead of Fugaku’s 442 petaflops of performance, which was a strong enough showing to keep Fugaku in the top spot for two years.

        Reaching exascale status is one thing, but many expected the efficiency-geared Fugaku system to hang onto its green rankings, even if it slipped on the performance front. But Frontier isn’t just the most powerful known supercomputer, its technology is now also the most efficient. At 52.23 gigaflops per watt, the system's test-and-development machine Crusher also outperformed Japan’s Preferred Networks MN-3 system to take the lead spot on the Green500.

    • Security

      • The Register UKAzure Active Directory logs are lagging, alerts may be wrong or missing [Ed: This is a defective 'service' which compromises]

        Microsoft has warned users that Azure Active Directory isn't currently producing reliable sign-in logs.

        "Customers using Azure Active Directory and other downstream impacted services may experience a significant delay in availability of logging data for resources," the Azure status page explains. Tools including Azure Portal, MSGraph, Log Analytics, PowerShell, and/or Application Insights are all impacted.

      • LWNSecurity updates for Wednesday

        Security updates have been issued by Debian (libjpeg-turbo, webkit2gtk, and wpewebkit), Fedora (golang-github-opencontainers-runc, mingw-pcre2, python-jwt, python-ujson, and weechat), Oracle (nodejs:16 and rsyslog), Red Hat (container-tools:3.0, expat, fapolicyd, kernel, kernel-rt, kpatch-patch, mariadb:10.3, postgresql:12, rsyslog and rsyslog7, and zlib), Slackware (mozilla), SUSE (bind, dpdk, fribidi, hdf5, librelp, php74, postgresql12, and postgresql13), and Ubuntu (cups, linux-gcp-5.13, linux-oracle, linux-oracle-5.13, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and webkit2gtk).

      • USCERTKarakurt Data Extortion Group [Ed: Microsoft Windows TCO]

        CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group. Karakurt actors steal data and threaten to auction it off or release it to the public unless they receive payment of the demanded ransom.

      • The Register UKWatch out for phishing emails that inject spyware trio ● The Register [Ed: Microsoft Windows TCO]

        An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information.

        Researchers with Fortinet's FortiGuard Labs threat intelligence unit have been tracking this mailspam campaign since May, outlining how three remote access trojans (RATs) are fired into the system once the attached file is opened in Excel. From there, the malicious code will not only steal information, but can also remotely control aspects of the PC.

        The first of the three pieces of malware is AveMariaRAT (also known as Warzone RAT), followed by Pandora hVCN RAT and BitRAT.

      • The Register UKSmart homes are hackable homes if not equipped with updated, supported tech [Ed: Homes that reject these mass surveillance devices are impenetrable to such attacks; fully updated devices still spy on you]

        Smart homes are increasingly becoming hackable homes, according to consumer research.

        The report by consumer rights organization Which? paints a grim picture for people who have equipped their residences with gadgets, many from trusted tech names.

        As with pretty much everything in IT, if you connect a device to the internet, ensuring it's patched and has a decent password is the very least owners can do. Even then, there are no guarantees that this is secure.

      • The Register UKCops' Killer Bee stings credential-stealing scammer [Ed: Microsoft Windows TCO]

        "It will also exfiltrate credentials from multiple software programs like Google Chrome, Mozilla Firefox, and Microsoft Outlook — making its potential impact truly catastrophic," Qualys Principal Research Engineer Ghanshyam More wrote in a technical analysis earlier this year.

      • The Register UKGlobal tech industry objects to India’s new infosec reporting regime

        Eleven significant tech-aligned industry associations from around the world have reportedly written to India’s Computer Emergency Response Team (CERT-In) to call for revision of the nation’s new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, and possibly harmful to the nations economy.

        The rules were introduced in late April and are extraordinarily broad. For example, operators of datacenters, clouds, and VPNs, are required to register customers’ names, dates on which services were used, and even customer IP addresses, and store that data for five years.

        Another requirement is to report over 20 types of infosec incident, even port scanning or attempted phishing, within six hours of detection. Among the reportable incidents are “malicious/suspicious activities” directed towards almost any type of IT infrastructure or equipment, without explanation of where to draw the line between malicious and suspicious activity.

        The new rules attracted plenty of local criticism on grounds that a six-hour reporting window is too short, the requirement to record VPN users’ details is an attack on privacy, and that the requirements are too broad and therefore represent an onerous compliance burden.

      • Bruce SchneierClever — and Exploitable — Windows Zero-Day

        Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild.

      • Code execution 0-day in Windows has been under active exploit for 7 weeks | Ars Technica

        A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products.

        The Microsoft Support Diagnostic Tool vulnerability was reported to Microsoft on April 12 as a zero-day that was already being exploited in the wild, researchers from Shadow Chaser Group said on Twitter. A response dated April 21, however, informed the researchers that the Microsoft Security Response Center team didn't consider the reported behavior a security vulnerability because, supposedly, the MSDT diagnostic tool required a password before it would execute payloads.

      • The Register UKCIOs largely believe their software supply chain is vulnerable

        Ask 1,000 CIOs whether they believe their organizations are vulnerable to cyberattacks targeting their software supply chains and about 82 percent can be expected to say yes.

        Security biz Venafi engaged research firm Coleman Parkes to put that question to as many corporate IT leaders from the US, UK, France, Germany, Austria, Switzerland, Belgium, Netherlands, Luxembourg, Australia, and New Zealand.

        The result was an emphatic vote of no confidence.

        "The results show that while CIOs understand the risk of these types of attacks, they have yet to grasp the fundamental organizational changes and new security controls they will need to incorporate into their security posture to reduce the risk of supply chain attacks that can be devastating to themselves and their customers," says Venafi's report, which was released on Tuesday.

        [...]

        Blame SolarWinds, Codecov, and Kaseya – companies that had their corporate software build tools compromised in sophisticated attacks that affected their customers – not to mention the past five years of poisoned packages at popular open-source software registries.

      • Privacy/Surveillance

        • The Register UKDutch public sector gets green light to use Google Workspace

          A Data Protection Impact Assessment (DPIA) into Google Workspace was launched by the Central Dutch government in 2020. The report noted there were eight high-risk issues, principally around data collection. It also noted that Google did not provide all the personal data it held when asked to do so under the GDPR provisions for the right to request access.

          Google said today: "As a result of this process, the Central Dutch government, the Dutch education sector organisations/institutions, and Google Cloud found agreement and will continue working together on the DPIA recommendations."

    • Environment

      • Wildlife/Nature

        • pests

          Among all the other introduced pests in Australia, one that I really detest and keep meeting up with is the European wasp[1]. Sadly, there seem to be more and more of them each year, spreading further and further around the country and deeper into bushland.

    • Finance

      • The Register UKIndia probes finances at ZTE and Vivo, irking China ● The Register

        India's government has reportedly started probes into the local activities of Chinese tech companies Vivo and ZTE, prompting a rebuke from China's foreign ministry.

        As was the case when Indian authorities seized $725 million from Chinese gadget-maker Xiaomi, the investigations focus on possible irregular financial reporting that may amount to fraud, according to newswire Bloomberg's original report on the matter.

        A Bloomberg reporter asked about the state of the investigations at the daily press conference staged by China's Ministry of Foreign Affairs, which produces a transcript of each day's event.

        Zhao Lijian, China's famously feisty foreign ministry spokesperson, said Beijing "is closely following the situation."

      • I Bought a Sofa Bed That Wasn't For Sale

        I needed a sofa bed and started looking around. The only one that fit my criteria was the IKEA Nyhamn. The problem was that it doesn't currently exist.

        To be more precise hardly any IKEA store (at least here in Sweden) has it in because of logistical issues.

      • Rochelimit's Gemlog

        The price of diesel has reached €£1.90 per litre (about $9 per US gallon), food prices are way up, the economy seems to be heading for a period of stagflation, the UK government is destroying the constitutional checks and balances on its actions, Russia is making gains in eastern Ukraine. And little England is putting up the bunting to celebrate the Platinum Jubilee of an elderly monarch who inherited her position and wealth and seemingly has no influence on the governance of the nation. What is an anti-monarchist to do?

      • The Register UKUK opens up 'high-potential individual route' for tech worker immigration

        The UK has begun a fast-track visa scheme for tech workers graduating from a list of top 50 universities worldwide.

        Critics, however, maintain the scheme will fail to compensate for the barriers erected to tech recruitment from the EU as a result of Brexit.

        Announcing the "high-potential individual route", which started from 30 May, the British government said it wants to attract the world's top graduates in subjects such as science, engineering and medical research. Sought-after skills also include cybersecurity in a plan to support both economic growth as well as technological and medical advances.

        The UK's chief finance minister, Rishi Sunak, said: "This new visa offer means that the UK can continue to attract the best and brightest from across the globe. The route means that the UK will grow as a leading international hub for innovation, creativity and entrepreneurship.

        "We want the businesses of tomorrow to be built here today - which is why I call on students to take advantage of this incredible opportunity to forge their careers here," he added.

        Successful applicants will get a two-year work visa for Britain — three years for those with PhDs — and could move into other long-term employment routes.

      • The Register UKElon Musk orders Tesla execs back to the office

        Tesla supremo Elon Musk has declared that executive staff at his battery-powered vehicle biz shall not work from afar.

        In an email sent to Tesla underlings and obtained by the New York Times, Musk tells Tesla execs that remote work is no longer acceptable.

        "Anyone who wishes to do remote work must be in the office for a minimum (and I mean minimum) of 40 hours per week or depart Tesla," Musk's missive mandates. "This is less than we ask of factory workers."

        Musk, the world's richest person at the moment, allows that he may, at his discretion, bend his rules for "particularly exceptional contributors" – if you have to ask, that's probably not you. The billionaire poly-boss and Twitter influencer further stipulates that "office" as he defines it means main office, not some remote branch unrelated to one's duties.

    • Censorship/Free Speech

      • The Register UKUS Supreme Court restores Texas social media law injunction ● The Register

        The US Supreme Court on Tuesday reinstated the suspension of Texas' social-media law HB 20 while litigation to have the legislation declared unconstitutional continues.

        The law, signed in September by Texas Governor Greg Abbott (R), and promptly opposed, forbids large social media companies from moderating lawful content based on a "viewpoint," such as "smoking cures cancer" or "vaccines are poison" or hateful theories of racial superiority. Its ostensible purpose is to prevent internet giants from discriminating against conservative social media posts, something that studies indicate is not happening.

        Those fighting the law – industry groups and advocacy organizations – say the rules would require large social media services such as Facebook and Twitter to distribute "lawful but awful" content – hate speech, misinformation, and other dubious material. They argue companies have a First Amendment right to exercise editorial discretion for the content distributed on their platforms.

    • Internet Policy/Net Neutrality

      • The Register UKTweaks to IPv4 could free up 'hundreds of millions of addresses'

        It may be nearly three years since the world officially exhausted all of the available IPv4 internet addresses, but now a new initiative has been proposed that could free up hundreds of millions of addresses that are currently unused – or are they?

        While the world is still slowly moving towards broader adoption of the newer IPv6 protocol, which offers a vast address space, the widespread continued use of IPv4 has caused problems because all available ranges of the roughly 4.3 billion addresses it supports have largely been allocated.

      • Bikelog



        I wanted to keep a history of my bike rides, so I created the "bikelog" on my capsule.



Recent Techrights' Posts

Wikileaks is Now Stuck Under the Clutches of Donald Trump (via Elon Musk)
The same Trump administration that was blackmailing Assange and also schemed to torture/assassinate him
IPKat's Annsley Merelle Ward Spreading the Same Old Lies and Shameless Propaganda to Promote Software Patents in Europe (i.e. the Usual... and She's Not Even a Coder)
People are quick to point out that the cited survey is very inherently biased
Windows in Azerbaijan: Down From Around 99% to Around 20%
In the past two years Microsoft could barely keep above 20%
Microsoft's Vanity Vapourware ('Lame Duck' Product for Trump and Biden Bailouts) Again "Discontinued"
Microsoft cannot keep a dying unit that makes almost no sales alive just for mere prospects of a bailout (which falls through because even the military turns it down)
 
Sudan Has Reached a State of Android Domination (93% Market Share, All-Time High According to statCounter)
countries at war buy fewer laptops?
[Meme] Just Do It?
'FSF' Europe (Microsoft) and FSF
Microsoft Front Groups Against the FSF, Home of GPL, GNU, and Free Software
Much of the money (not all of it) comes from the criminals at Redmond
Centralisation is Dooming the Web, RSS is One Workaround (But Not "Planets")
At least Gemini Protocol rejects centralisation
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 16, 2024
IRC logs for Saturday, November 16, 2024
Links 17/11/2024: Wars, Bailouts, and Censorship
Links for the day
Gemini Links 17/11/2024: Changing Interests and HamsterCMS
Links for the day
Links 16/11/2024: Twitter (X) Exodus Continues, Social Control Media Sanctions Spread Further
Links for the day
If You Donate to the FSFE, You Are Funding a Microsoft Front Group Inside Europe
FSFE has a new "Sugar Daddy"
Links 16/11/2024: FTC Investigates Abusive Monopolist Microsoft for "Clown Computing" Market Abuses, General Motors Mass Layoffs
Links for the day
When Articles About Linux Foundation Are LLM SPAM (Slop) From Publishers Paid by the Linux Foundation
This is a corruption of the Web
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 15, 2024
IRC logs for Friday, November 15, 2024
Claim That IBM Canada Had Mass Layoffs Just Hours Ago
Nothing in the media, as usual
Gemini Links 16/11/2024: Starting Afresh, Community-to-community Networks
Links for the day
Euthanasia perception, legacy & Debian Suicide Cluster
Reprinted with permission from Daniel Pocock
Links 15/11/2024: The Onion Buys Crank's Site, More Publications Quit Twitter/X
Links for the day
Gemini Links 15/11/2024: Boredom and New Blog with Gemini Support
Links for the day
Iceland: Microsoft Windows Down to All-Time Low of 60% on Desktops/Laptops
It also fell sharply across all form factors
Large British Newspaper (The Daily Telegraph) to be Composed by Microsoft Chatbots Instead of Journalists?
"engagement" is not accuracy or quality
FSFE Now Taking Bribes From Microsoft, Its Gold Donor (the Highest Payment Possible)
A sellout does not get any bigger than "Gold Donor"
One of the Largest B2B YouTube Channels?
It makes the Linux Foundation look rogue; it plays along with all this
Free Software is for Everybody
today's Linux Foundation shamelessly and recklessly promotes discrimination
Coming Soon: More Reports About the European Patent Office (EPO)
EPO corruption has made Europe a lot poorer
Filipinos Love GNU/Linux
Philippines as seen by statCounter
[Meme] Poverty Not an Issue
To know who the EFF fronts for, check who's funding the EFF
EFF Stories For Next Year
The EFF isn't what it seems
EFF Still Uses and Relies on Donald Trump's Friend (Elon Musk) for Campaigning and It Gets No Response (Except From FFII's President)
...He reminds them the issue isn't just "bad patents" or "patent trolls"
Windows 10? No, Windows at 10% (in Angola)
That's how statCounter sees things anyway
Wintertime in Techrights
2025 should be an exciting year for us and we look forward to spring
OpenSource.net, Which OpenSource.org (OSI) Said Would Continue OpenSource.com (IBM/Red Hat), Has Been Dead for a Month
Open Source Initiative is not an ally; it's a Microsoft front group
Latest in OSI's Blog Affirms Its Status as Microsoft Front Group, Sponsored by Microsoft to Promote Microsoft Agenda and Lobby for GPL Violations
Even the staff is paid by Microsoft; they hardly hide this anymore
About 80% of Red Hat Blog is the 'Hey Hi' Nonsense (Ponzi Scheme)
The official Red Hat RSS feeds have been drowned out by "AI" nonsense
[Meme] If This is How Wall Street Really Works, People Should be Terrified
"OpenAI worth $150 billion with a $15 billion loss"
OpenAI: If OpenAI Survives Another 2 Years, It'll be About 30 Billion Dollars in Cumulative Losses/Debt
So if Microsoft cushions those losses (to delay the bubble's implosion; Microsoft uses the bubble to fake its "market cap", as does NVIDIA), its debt will skyrocket
Red Hat Has Become a Buzzwords Vendor, Not a Linux Company
Red Hat is quickly becoming a joke of a company or "90% marketing"...
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 14, 2024
IRC logs for Thursday, November 14, 2024
Perils for Patent Eligibility Restoration Act (PERA) and PREVAIL (Efforts by the Litigation 'Industry' to Bring Back Software Patents and Crush Challengers at PTAB)
The EFF and FSF seem to have caught up with it
Phoronix Did Not Cover This...
1,000 people fired at AMD is not news
Links 15/11/2024: LF Talks About Patent Trolls, Advancing a Warning About "Buy Nothing Day"
Links for the day