Bonum Certa Men Certa

Links 01/06/2022: Istio 1.14 and elementary OS/Linux Mint Monthly Reports



  • GNU/Linux

    • Server

      • Announcing Istio 1.14

        This is the second Istio release of 2022. We would like to thank the entire Istio community for helping to get Istio 1.14.0 published. Special thanks are due to the release managers Lei Tang (Google) and Greg Hanson (Solo.io), and to Test & Release WG lead Eric Van Norman (IBM) for his help and guidance.

      • Istio 1.14 Upgrade Notes

        When you upgrade from Istio 1.13.x to Istio 1.14.0, you need to consider the changes on this page. These notes detail the changes which purposefully break backwards compatibility with Istio 1.14.0. The notes also mention changes which preserve backwards compatibility while introducing new behavior. Changes are only included if the new behavior would be unexpected to a user of Istio 1.13.x. Users upgrading from 1.12.x to Istio 1.14.0 should also reference the 1.13.0 change logs.

      • Istio 1.14 Change Notes

        This feature is intended primarily for use on VMs, where system administrators need to restrain interception of the outgoing traffic down to a few applications instead of intercepting all outgoing traffic.

        By default, as before, the Istio Sidecar will intercept outgoing traffic from all processes, no matter what user groups they are running under.

      • OpenSource.comA visual guide to Kubernetes networking fundamentals | Opensource.com

        Moving from physical networks using switches, routers, and ethernet cables to virtual networks using software-defined networks (SDN) and virtual interfaces involves a slight learning curve. Of course, the principles remain the same, but there are different specifications and best practices. Kubernetes has its own set of rules, and if you're dealing with containers and the cloud, it helps to understand how Kubernetes networking works.

    • Audiocasts/Shows

    • Instructionals/Technical

      • Make Use OfHow to Customize the Ubuntu Dock to Look Like macOS

        One of the major features of the GNOME 42 desktop environment is a highly-customizable dock or dash. Let's look at how you can customize the new dock in Ubuntu 22.04 LTS (Jammy Jellyfish) or later to have a similar look to that of macOS.

      • Linux Made SimpleHow to install Natron on a Chromebook in 2022

        Today we are looking at how to install Natron on a Chromebook in 2022. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • ByteXD8 Ways to Count Lines in a File in Linux - ByteXD

        Counting lines in a Linux file can be hectic if you don’t know the applicable commands and how to combine them. This tutorial makes the process comfortable by walking you through eight typical commands to count lines in a file in Linux.

        For example, the word count, wc, command’s primary role, as the name suggests, is to count words. However, since a group of words forms a line, you can use the command to count lines besides characters and words.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • DedoimedoPlasma System Monitor & custom graphs

          The new Plasma System Monitor is a great example of the wider Linux ecosystem. There was a tool, called KSysGuard, which worked pretty well. And so, a new tool was created, which for quite a while lacked the functional parity and was far buggier. This new tool was called Plasma System Monitor. Now, it has become the Plasma default, the old tool is gone, but you still don't quite get the functionality equivalence, and the graphs are significantly worse (by default and else). Feels like a lot of unnecessary effort. Linux, and modern software to boot.

          That said, Plasma System Monitor is an extensible program, and you can tweak its look & feel. You can add new custom graphs, edit the existing ones, and make it work the way you want it. This is great, for tinkering nerds who want to invest time in something like this. This is horrible for the average user, who just needs to see some basic metrics for their system. But hey. The wheel of code must forever turn. Hopefully, this tutorial slash rant provides the necessary guidance to help you tame Plasma System Monitor to your liking, so that you can have a reasonably productive and accurate experience. Now you have the tools to be your own ... whatever. Thank you for reading, and see you soon.

        • My week in KDE: Improvements to Tasks

          This past week I mainly worked on two things, getting Tasks to remember its window size and position and adding a way to search through tasks.

          [...]

          Next is the search feature, I thought it would be pretty cool if this worked similarly to the less command line utility. The way it works in less is after you type the / character, everything after that will be the search pattern.

        • KDE Gear 22.08 release schedule finalized
        • SCAM: Lightmoon IS NOT Kdenlive. Lightmoon is MALWARE.

          We have been notified of a site that is using Kdenlive’s name and likeness to distribute malware to users. We will not be linking to the site to avoid accidental downloads, but if a search lands you on a site offering “lightmoon”, “a free video editor” that looks in the screenshots identical to Kdenlive, this is malware.

  • Distributions and Operating Systems

    • elementary OS: Updates for May, 2022

      We’re now in the final stretch with just a handful of issues left to resolve before we can release elementary OS 7. This month there was a large focus on making new stable releases of packages so that we can prepare for building stable images of OS 7. As we’ve mentioned before, the primary development focus has shifted from OS 6 and some components can no longer be released there. But, for those things which can still be built on both versions, a trickle of updates has landed in OS 6.1 this month.

    • Linux Mint[Linux Mint] Monthly News – May 2022

      Many thanks to our sponsors and all the people who donated to us. Thank you for your generous donations!

      Many thanks also to our developers, moderators and all the people in our community who help us in different ways. This is a fantastic project, it’s a real pleasure to work with you.

    • NeowinLinux Mint project takes over development of Timeshift backup tool and makes it a XApp

      There has been an interesting development in this month’s Linux Mint news segment regarding the future of the backup utility Timeshift which has become a core part of the distro in recent years. It turns out that Tony George, the developer behind the project doesn’t have time to work on Timeshift any longer and has agreed for the Mint team to take over. As part of the plans, Timeshift will now become a XApp, a suite of apps developed by the Mint team.

      A core principle of Linux Mint is that things just work. To ensure things keep working after updates and upgrades, the Mint team started pushing, quite aggressively, for people to begin making system backups so they could restore their computers to an earlier state if anything went wrong. The tool of choice for backups in Mint was Timeshift and that utility has been bundled with the distro for quite a while now.

    • OMG UbuntuWarp: a Fantastically Simple File Transfer App for Linux - OMG! Ubuntu!

      Warp is a simple, no-fuss file transfer app for Linux desktops.

      Like, seriously simple.

      Built in GTK4, Warp offers the sort of clean, focused UI we more commonly associate with Mac apps than Linux ones.

      Not that user-friendly file transfer apps are unique or exclusive to Linux. Plenty exist. Yet Warp does something that tools I’ve written about in the past, like Linux Mint’s (terrific) Warpinator, don’t: it lets you send files outside of your local network.

      Or to quote the Warp page on Flathub: “Warp allows you to securely send files to each other via the internet or local network by exchanging a word-based code.”

      Which is kinda neat.

      The extra-LAN capability makes Warp the ideal tool to reach for when you want to share a file with friend/colleague but don’t want to go through the predictable hassle of uploading it to a cloud-based service, generating a shareable link, sharing the link, them complaining the link doesn’t work, you having to check again… and so on.

      Just open Warp, select the file to “send”, and copy the shareable code it generates. The recipient just opens Warp, clicks “receive”, punches in the code and… et voila: digital transference through the binary ether.

    • SUSE/OpenSUSE

      • SUSE's Corporate BlogSUSE Rancher for IBM Z and LinuxONE is available!

        Today, SUSE has added IBM Z and LinuxONE support for several SUSE Rancher products – Rancher Manager, RKE2, K3s and Longhorn. Read on if you would like a little more information about each of these products.

        Rancher Manager is undoubtedly the most important product. With Rancher Manager it is easy to run Kubernetes everywhere. Learning how to manage Kubernetes can be difficult. The Rancher Manager web UI makes centrally managing multiple Kubernetes clusters much easier than having to use the command line to manage each Kubernetes cluster separately. Rancher Manager 2.6.4 includes support to manage any CNCF-certified s390x Kubernetes cluster which includes RKE2 and K3s. s390x is the architecture designation for IBM Z and LinuxONE servers. The validated features for the initial s390x support in Rancher Manager include Rancher Server, Rancher Agent, Kubernetes Fleet operations, Helm chart catalog and backup/restore operations. As newer Rancher Manager versions are released, monitoring, logging alerting and CIS scans for s390x Kubernetes deployments will be added.

      • SUSE's Corporate BlogCase files of a TSE: How do you repair and rpm database? Very, very carefully.

        This is an article which is part of a series that attempts to showcase the kind of work that SUSE Support does and how we help customers resolve issues they encounter when running SUSE products. The cases that are selected will be based on real cases. However, all details will be fully anonymized and stripped of identifying marks.

        Some problems are very hard to identify, but the steps to solve that issue are quite simple. Other problems are relatively easy to identify, but are not trivial to solve. I will share a problem that seems quite simple on the surface, but there are many complexities to take care of.

      • SUSE's Corporate BlogSUSE partners with Close the Gap to reduce its carbon footprint while bridging the digital divide [Ed: SUSE already has a green logo; now it does greenwashing]

        Today, everything is digitally connected—from gaming, banking, education, and job searching, to socializing with your friends and family. While access to technology and the internet has become abundant in the developed world, a significant portion of the world’s population still does not have this same freedom to access. At the same time, global warming and environmental issues persist.

      • SUSE's Corporate BlogNew SUSE eLearning “Gold Level” Subscription with Live Labs – Where You Can Do It All | SUSE Communities

        The subscription includes over 130 hours of technical training content covering SUSE Linux Enterprise Server, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Server for SAP Applications, SUSE Manager and SUSE Rancher. With an annual subscription, you’ll also stay up to date with the latest product releases from SUSE.

    • Fedora Family / IBM

      • The Register UKRed Hat to help DOE to containerize supercomputing ● The Register

        Cloud-native architectures have changed the way applications are deployed, but remain relatively uncharted territory for high-performance computing (HPC). This week, however, Red Hat and the US Department of Energy will be making some moves in the area.

        The IBM subsidiary – working closely with the Lawrence Berkeley, Lawrence Livermore, and Sandia National Laboratories – aims to develop a new generation of HPC applications designed to run in containers, orchestrated using Kubernetes, and optimized for distributed filesystems.

        The work might also make AI/ML workloads easier for enterprises to deploy in the process.

      • Red Hat OfficialHappy third anniversary, Enable Sysadmin!

        In just three years, this community site "by sysadmins, for sysadmins" has given millions of people information to help them do their work better.

      • Red Hat OfficialRed Hat Learning Subscription Premium enables learning around the globe

        In the first quarter of 2022, the labor market continued its trend of what has been coined the "great resignation," leaving many organizations competing to recruit and retain top talent. Red Hat continues to iterate its training offerings to keep pace with the changing needs of this talent as well as the landscape of technology.

        Employees who participate in Red Hat Training average longer tenures and higher satisfaction with their jobs. Further, 75% of Red Hat Learning Subscription users agree that the subscription makes it faster and easier for them to troubleshoot issues with Red Hat technologies and 84% agree that they feel more confident on the job as a result of their training.

      • Red Hat OfficialImproved analysis of IBM Power environments with Red Hat Insights

        As part of Red Hat’s hybrid cloud vision, Red Hat Insights is available on all actively supported versions of Red Hat Enterprise Linux (RHEL), to help continuously analyze platforms and applications and better predict potential risk, no matter where RHEL is actually deployed. Even with this relative ubiquity of the service, we’ve never had IBM Power-specific recommendations in Insights — until now.

        Insights now integrates with an offering from IBM, the IBM Fix Level Recommendation Tool (FLRT). IBM FLRT provides cross-product compatibility information and fix recommendations for IBM products. One of the main IBM FLRT use cases is to plan upgrades of key components and to verify the installed software and firmware level to assess health and stability of your IBM Power systems.

    • Open Hardware/Modding

      • Switch Button and Raspberry PI Pico: Wiring and MicroPython Code

        Switch button with Raspberry PI Pico allows your projects to get the simplest input from the user: a push. With this input, you can start a program to execute a specific job only when the user requires it

      • ArduinoThese intelligent slippers sense regular activities and falls using machine learning

        When it comes to activity monitors such as smartwatches, rings, and pendants, they are often considered cumbersome or too difficult to keep track of, especially for the elderly with memory or dexterity problems. This is why the team of Jure Å peh, Jan Adamic, Luka Mali, and Blaz Ardaljon Mataln Smehov decided to create the SmartSlippers project, which is a far more integrated method for detecting steps and falls.

        The hardware portion of the SmartSlippers prototype is just a Nano 33 BLE Sense board due to its onboard inertial measurement unit (IMU) and Bluetooth€® Low Energy capability. At first, the team collected 14 minutes of five different types of movements: walking, running, stairs, falling, and idle within the Edge Impulse Studio. From here, they trained a neural network on these samples, which resulted in an accuracy of around 84%.

      • GoogleBuild Open Silicon with Google

        Mature process nodes like SKY130 (a 130nm technology) offer a great way to prototype IoT applications that often need to balance cost and power with performance and leverage a mix of analog blocks and digital logic in their designs. They offer a faster turnaround rate than bleeding-edge process nodes for a fraction of the price; reducing the temporal and financial cost of making the right mistakes necessary to converge toward the optimal design.

        By combining open access to PDKs, and recent advancements in the development of open source ASIC toolchains like OpenROAD, OpenLane, and higher level synthesis toolchain like XLS, we are getting us one step closer to bringing software-like development methodology and fast iteration cycles to the silicon design world.

        Free and open source licensing, community collaboration, and fast iteration transformed the way we all develop software. We believe we are at the edge of a similar revolution for custom accelerator development, where hardware designers compete by building on each other's works rather than reinventing the wheel.

        Towards this goal, we've been sponsoring a series of Open MPW shuttles on the Efabless platform, allowing around 250 open source projects to manufacture their own silicon.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • What is Miklos hacking – Content controls in Writer: dropdown, picture and date types

      Word users expect to be able to import their document to Writer and experience a matching feature set: form filling is not an exception. Word provides several content control kinds (inline, block, row and cell content controls), this project focuses on inline ("run") content controls.

      In the scope of inline content controls, the above linked blog post already described the rich text and checkbox types. In this post, we’ll focus on the new dropdown, picture and date content controls.

    • Document FoundationIndex of Training Videos about LibreOffice

      In order to make it easier for users to find training videos about LibreOffice, we have created a comprehensive index updated to the end of April 2022 using the open source Zotero bibliography and reference management software.

      The index is published on this blog in the Media Hub section (clicking on the Media Hub menu, you will open a drop down menu with Press Releases and Index of Videos).

    • Events

      • BozemanGLUG: June 2022 Meeting

        The regular meeting would have been Thursday, June 2nd but we decided to postpone for one week to gather up more topics... so the meeting will be on Thursday, June 9th instead. Hopefully topics will be added to this meeting notice later.

    • GNU Projects

    • Programming/Development

      • Sparky news 2022/05

        The 5th monthly Sparky project and donate report of 2022...

      • Medevel15 open-source Tailwind-based UI frameworks and component libraries

        Tailwind is a free, open-source utilities-first CSS framework. It was featured in dozens of projects by developers who use different frameworks as Vue, React, Angular, Blaze, Meteor, Svelte, and others. As its popularity is growing, developers start building their own custom libraries on top of Tailwind.

      • MedevelCapRover is an Open-source PaaS for productive deployment

        Easiest app/database deployment platform and webserver package for your NodeJS, Python, PHP, Ruby, Go applications.

      • UNIX CopJenkins vs. Chef | All you need to know

        Jenkins is an open-source continuous integration server. It provides continuous integration services for software development, mostly used in highly customized builds of software. And it is a continuous integration service for software development which you can primarily utilize in highly customized software builds.

        Continuous Integration (CI) is a software development process in which members of a team merge their work on a regular basis; typically, each individual integrates at least once each day, resulting in several integrations per day. To uncover integration faults as fast as possible, an automated build evaluates each integration (which includes a test). Further, the goal of CI is to ensure that all code committed to a shared repository can be built and tested, validating not only that the code works but also that it will continue to work properly when integrated with other code changes.

      • Perl / Raku

        • The Register UKPerl Steering Council lays out a backwards compatible future for Perl 7

          The much-anticipated Perl 7 continues to twinkle in the distance although the final release of 5.36.0 is "just around the corner", according to the Perl Steering Council.

          Well into its fourth decade, the fortunes of Perl have ebbed and flowed over the years. Things came to a head last year, with the departure of former "pumpking" Sawyer X, following what he described as community "hostility."

          Part of the issue stemmed from the planned version 7 release, a key element of which, according to a post by the steering council "was to significantly reduce the boilerplate needed at the top of your code, by enabling a lot of widely used modules / pragmas."

          It all sounds wonderful, but the price would have been the breaking of some backwards compatibility, meaning that some code targeting earlier versions of the programming language would have needed changing.

          "This prompted a lot of heated discussions," said the council. "Some thought this was a great idea, and some thought it a terrible idea to throw away one of Perl's key strengths."

  • Leftovers

    • Hardware

      • The Register UKNewport Wafer Fab could be sold to US consortium – report

        Considered to be preferable to sale to China-owned Nexperia, say sources

      • The Register UKSamsung and Intel bosses discuss silicon co-operation ● The Register

        Intel CEO Pat Gelsinger and Samsung Electronics boss Lee Jae-yong met on Monday in South Korea and “discussed how to cooperate between the two companies."

        That quote comes from Samsung, which also let the world know the two leaders talked about next-generation memory chips, silicon for PCs and mobile devices, fabless chip design, the foundry business, and more.

        It is unclear if the talks addressed a particular issue, or just represented the heads of the world’s top two chipmakers getting together for a chat while Gelsinger was in town.

      • The Register UKAMD nearly doubles Top500 supercomputer hardware share ● The Register

        In a sign of how meteoric AMD's resurgence in high performance computing has become, the latest list of the world's 500 fastest public known supercomputers shows the chip designer has become a darling among organizations deploying x86-based HPC clusters.

        The most eye-catching bit of AMD news among the supercomputing set is that the announcement of the Frontier supercomputer at the US Department of Energy's Oak Ridge National Laboratory, which displaced Japan's Arm-based Fugaku cluster for the No. 1 spot on the Top500 list of the world's most-powerful publicly known systems.

        Top500 updates its list twice a year and published its most recent update on Monday.

      • The Register UKAll-AMD US Frontier supercomputer ousts Japan's Fugaku as No. 1 in Top500

        The land of the rising sun has fallen to the United States’ supercomputing might. Oak Ridge National Laboratory’s (ORNL) newly minted Frontier supercomputer has ousted Japan’s Arm-based Fugaku for the top spot on the Top500 rankings of the world's most-powerful publicly known systems.

        Frontier’s lead over Japan’s A64X-based Fujitsu machine is by no means a narrow one either. The cluster achieved peak performance of 1.1 exaflops according to the Linpack benchmark, which has been the standard by which supercomputers have been ranked since the mid-1990s.

        Frontier marks the first publicly benchmarked exascale computer by quite a margin. The ORNL system is well ahead of Fugaku’s 442 petaflops of performance, which was a strong enough showing to keep Fugaku in the top spot for two years.

        Reaching exascale status is one thing, but many expected the efficiency-geared Fugaku system to hang onto its green rankings, even if it slipped on the performance front. But Frontier isn’t just the most powerful known supercomputer, its technology is now also the most efficient. At 52.23 gigaflops per watt, the system's test-and-development machine Crusher also outperformed Japan’s Preferred Networks MN-3 system to take the lead spot on the Green500.

    • Security

      • The Register UKAzure Active Directory logs are lagging, alerts may be wrong or missing [Ed: This is a defective 'service' which compromises]

        Microsoft has warned users that Azure Active Directory isn't currently producing reliable sign-in logs.

        "Customers using Azure Active Directory and other downstream impacted services may experience a significant delay in availability of logging data for resources," the Azure status page explains. Tools including Azure Portal, MSGraph, Log Analytics, PowerShell, and/or Application Insights are all impacted.

      • LWNSecurity updates for Wednesday

        Security updates have been issued by Debian (libjpeg-turbo, webkit2gtk, and wpewebkit), Fedora (golang-github-opencontainers-runc, mingw-pcre2, python-jwt, python-ujson, and weechat), Oracle (nodejs:16 and rsyslog), Red Hat (container-tools:3.0, expat, fapolicyd, kernel, kernel-rt, kpatch-patch, mariadb:10.3, postgresql:12, rsyslog and rsyslog7, and zlib), Slackware (mozilla), SUSE (bind, dpdk, fribidi, hdf5, librelp, php74, postgresql12, and postgresql13), and Ubuntu (cups, linux-gcp-5.13, linux-oracle, linux-oracle-5.13, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and webkit2gtk).

      • USCERTKarakurt Data Extortion Group [Ed: Microsoft Windows TCO]

        CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group. Karakurt actors steal data and threaten to auction it off or release it to the public unless they receive payment of the demanded ransom.

      • The Register UKWatch out for phishing emails that inject spyware trio ● The Register [Ed: Microsoft Windows TCO]

        An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information.

        Researchers with Fortinet's FortiGuard Labs threat intelligence unit have been tracking this mailspam campaign since May, outlining how three remote access trojans (RATs) are fired into the system once the attached file is opened in Excel. From there, the malicious code will not only steal information, but can also remotely control aspects of the PC.

        The first of the three pieces of malware is AveMariaRAT (also known as Warzone RAT), followed by Pandora hVCN RAT and BitRAT.

      • The Register UKSmart homes are hackable homes if not equipped with updated, supported tech [Ed: Homes that reject these mass surveillance devices are impenetrable to such attacks; fully updated devices still spy on you]

        Smart homes are increasingly becoming hackable homes, according to consumer research.

        The report by consumer rights organization Which? paints a grim picture for people who have equipped their residences with gadgets, many from trusted tech names.

        As with pretty much everything in IT, if you connect a device to the internet, ensuring it's patched and has a decent password is the very least owners can do. Even then, there are no guarantees that this is secure.

      • The Register UKCops' Killer Bee stings credential-stealing scammer [Ed: Microsoft Windows TCO]

        "It will also exfiltrate credentials from multiple software programs like Google Chrome, Mozilla Firefox, and Microsoft Outlook — making its potential impact truly catastrophic," Qualys Principal Research Engineer Ghanshyam More wrote in a technical analysis earlier this year.

      • The Register UKGlobal tech industry objects to India’s new infosec reporting regime

        Eleven significant tech-aligned industry associations from around the world have reportedly written to India’s Computer Emergency Response Team (CERT-In) to call for revision of the nation’s new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, and possibly harmful to the nations economy.

        The rules were introduced in late April and are extraordinarily broad. For example, operators of datacenters, clouds, and VPNs, are required to register customers’ names, dates on which services were used, and even customer IP addresses, and store that data for five years.

        Another requirement is to report over 20 types of infosec incident, even port scanning or attempted phishing, within six hours of detection. Among the reportable incidents are “malicious/suspicious activities” directed towards almost any type of IT infrastructure or equipment, without explanation of where to draw the line between malicious and suspicious activity.

        The new rules attracted plenty of local criticism on grounds that a six-hour reporting window is too short, the requirement to record VPN users’ details is an attack on privacy, and that the requirements are too broad and therefore represent an onerous compliance burden.

      • Bruce SchneierClever — and Exploitable — Windows Zero-Day

        Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild.

      • Code execution 0-day in Windows has been under active exploit for 7 weeks | Ars Technica

        A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products.

        The Microsoft Support Diagnostic Tool vulnerability was reported to Microsoft on April 12 as a zero-day that was already being exploited in the wild, researchers from Shadow Chaser Group said on Twitter. A response dated April 21, however, informed the researchers that the Microsoft Security Response Center team didn't consider the reported behavior a security vulnerability because, supposedly, the MSDT diagnostic tool required a password before it would execute payloads.

      • The Register UKCIOs largely believe their software supply chain is vulnerable

        Ask 1,000 CIOs whether they believe their organizations are vulnerable to cyberattacks targeting their software supply chains and about 82 percent can be expected to say yes.

        Security biz Venafi engaged research firm Coleman Parkes to put that question to as many corporate IT leaders from the US, UK, France, Germany, Austria, Switzerland, Belgium, Netherlands, Luxembourg, Australia, and New Zealand.

        The result was an emphatic vote of no confidence.

        "The results show that while CIOs understand the risk of these types of attacks, they have yet to grasp the fundamental organizational changes and new security controls they will need to incorporate into their security posture to reduce the risk of supply chain attacks that can be devastating to themselves and their customers," says Venafi's report, which was released on Tuesday.

        [...]

        Blame SolarWinds, Codecov, and Kaseya – companies that had their corporate software build tools compromised in sophisticated attacks that affected their customers – not to mention the past five years of poisoned packages at popular open-source software registries.

      • Privacy/Surveillance

        • The Register UKDutch public sector gets green light to use Google Workspace

          A Data Protection Impact Assessment (DPIA) into Google Workspace was launched by the Central Dutch government in 2020. The report noted there were eight high-risk issues, principally around data collection. It also noted that Google did not provide all the personal data it held when asked to do so under the GDPR provisions for the right to request access.

          Google said today: "As a result of this process, the Central Dutch government, the Dutch education sector organisations/institutions, and Google Cloud found agreement and will continue working together on the DPIA recommendations."

    • Environment

      • Wildlife/Nature

        • pests

          Among all the other introduced pests in Australia, one that I really detest and keep meeting up with is the European wasp[1]. Sadly, there seem to be more and more of them each year, spreading further and further around the country and deeper into bushland.

    • Finance

      • The Register UKIndia probes finances at ZTE and Vivo, irking China ● The Register

        India's government has reportedly started probes into the local activities of Chinese tech companies Vivo and ZTE, prompting a rebuke from China's foreign ministry.

        As was the case when Indian authorities seized $725 million from Chinese gadget-maker Xiaomi, the investigations focus on possible irregular financial reporting that may amount to fraud, according to newswire Bloomberg's original report on the matter.

        A Bloomberg reporter asked about the state of the investigations at the daily press conference staged by China's Ministry of Foreign Affairs, which produces a transcript of each day's event.

        Zhao Lijian, China's famously feisty foreign ministry spokesperson, said Beijing "is closely following the situation."

      • I Bought a Sofa Bed That Wasn't For Sale

        I needed a sofa bed and started looking around. The only one that fit my criteria was the IKEA Nyhamn. The problem was that it doesn't currently exist.

        To be more precise hardly any IKEA store (at least here in Sweden) has it in because of logistical issues.

      • Rochelimit's Gemlog

        The price of diesel has reached €£1.90 per litre (about $9 per US gallon), food prices are way up, the economy seems to be heading for a period of stagflation, the UK government is destroying the constitutional checks and balances on its actions, Russia is making gains in eastern Ukraine. And little England is putting up the bunting to celebrate the Platinum Jubilee of an elderly monarch who inherited her position and wealth and seemingly has no influence on the governance of the nation. What is an anti-monarchist to do?

      • The Register UKUK opens up 'high-potential individual route' for tech worker immigration

        The UK has begun a fast-track visa scheme for tech workers graduating from a list of top 50 universities worldwide.

        Critics, however, maintain the scheme will fail to compensate for the barriers erected to tech recruitment from the EU as a result of Brexit.

        Announcing the "high-potential individual route", which started from 30 May, the British government said it wants to attract the world's top graduates in subjects such as science, engineering and medical research. Sought-after skills also include cybersecurity in a plan to support both economic growth as well as technological and medical advances.

        The UK's chief finance minister, Rishi Sunak, said: "This new visa offer means that the UK can continue to attract the best and brightest from across the globe. The route means that the UK will grow as a leading international hub for innovation, creativity and entrepreneurship.

        "We want the businesses of tomorrow to be built here today - which is why I call on students to take advantage of this incredible opportunity to forge their careers here," he added.

        Successful applicants will get a two-year work visa for Britain — three years for those with PhDs — and could move into other long-term employment routes.

      • The Register UKElon Musk orders Tesla execs back to the office

        Tesla supremo Elon Musk has declared that executive staff at his battery-powered vehicle biz shall not work from afar.

        In an email sent to Tesla underlings and obtained by the New York Times, Musk tells Tesla execs that remote work is no longer acceptable.

        "Anyone who wishes to do remote work must be in the office for a minimum (and I mean minimum) of 40 hours per week or depart Tesla," Musk's missive mandates. "This is less than we ask of factory workers."

        Musk, the world's richest person at the moment, allows that he may, at his discretion, bend his rules for "particularly exceptional contributors" – if you have to ask, that's probably not you. The billionaire poly-boss and Twitter influencer further stipulates that "office" as he defines it means main office, not some remote branch unrelated to one's duties.

    • Censorship/Free Speech

      • The Register UKUS Supreme Court restores Texas social media law injunction ● The Register

        The US Supreme Court on Tuesday reinstated the suspension of Texas' social-media law HB 20 while litigation to have the legislation declared unconstitutional continues.

        The law, signed in September by Texas Governor Greg Abbott (R), and promptly opposed, forbids large social media companies from moderating lawful content based on a "viewpoint," such as "smoking cures cancer" or "vaccines are poison" or hateful theories of racial superiority. Its ostensible purpose is to prevent internet giants from discriminating against conservative social media posts, something that studies indicate is not happening.

        Those fighting the law – industry groups and advocacy organizations – say the rules would require large social media services such as Facebook and Twitter to distribute "lawful but awful" content – hate speech, misinformation, and other dubious material. They argue companies have a First Amendment right to exercise editorial discretion for the content distributed on their platforms.

    • Internet Policy/Net Neutrality

      • The Register UKTweaks to IPv4 could free up 'hundreds of millions of addresses'

        It may be nearly three years since the world officially exhausted all of the available IPv4 internet addresses, but now a new initiative has been proposed that could free up hundreds of millions of addresses that are currently unused – or are they?

        While the world is still slowly moving towards broader adoption of the newer IPv6 protocol, which offers a vast address space, the widespread continued use of IPv4 has caused problems because all available ranges of the roughly 4.3 billion addresses it supports have largely been allocated.

      • Bikelog



        I wanted to keep a history of my bike rides, so I created the "bikelog" on my capsule.



Recent Techrights' Posts

What Ruben Amorim and Stefano Maffulli Have in Common
Censors Wikipedia and Social Control Media
Microsoft Won't Cooperate in Trying to Tackle EPO Corruption (Microsoft Profits From This Corruption)
Use something like BigBlueButton, Jami, Ring, and Jitsi instead
We Are Sad to Hear the Story of Jonathan Riddell, Champion of KDE and GNU/Linux on Desktops/Laptops
I have enormous respect for Jonathan and everything he has done
 
Geminispace Growing at Pace of Over 10% Per Year
Contrary to what some pessimists try to claim
Linux Mint Forums Today: Disable 'Secure Boot', It Doesn't Improve Security, It's Just a Microsoft Obstacle to GNU/Linux Users
They also mention MOK
Solved Less Than an Hour Ago: Trying to Escape Windows, 'Secure Boot' Gets in the Way
'Secure Boot' wasn't meant to even exist in the first place
Stefano Maffulli, Executive Director of the Open Source Initiative, Resigns or Gets Removed (We'll Continue Covering OSI Scandals)
A dozen mentions of "AI", not much about "Open Source"
Andy Has Just Nailed It (Regarding Complexity and Failure, a la UEFI)
The users no longer own or control what they buy
Compatibility Support Module (CSM) Versus GNU/Linux Simplicity
what Andy recently called "solutionism"
Links 15/09/2025: "Postal Traffic to US Down by Over 80%" and 'Smart' Spinozacampus Laundry Room Goes AWOL
Links for the day
Gemini Links 15/09/2025: Dungeon Hustle and Deleting Oneself From the Net
Links for the day
Breach of EPO's Duty of Care or Cigna Reimbursement Issues
This is the sort of thing that motivated Luigi Mangione to assassinate a CEO
Ask Ubuntu About "Secure Boot" Violation and Laptops That Don't Boot GNU/Linux
Does anyone still believe that "Secure Boot" has anything at all to do with security?
Talking About the Problem vs Talking to the Problem
Wanting an audience is never a good excuse for compromising one's values and principles
Focusing on Patents
The reason we cover the EPO so much is that it's close to home
"Secure Boot Violation": The 'Joys' of Fake Security Gone Wrong
Not everyone reboots every day
Links 15/09/2025: Russia Invades Romanian Airspace, Penske Media Sues Google Over LLM Slop
Links for the day
Links 15/09/2025: Bitcoin ATMs Scam and "Conservative Cryptography" (Backdoors Fantasies)
Links for the day
EPO Imitates Microsoft: "Three Days or More Per Week" Inside the Office to Get a Desk to Work on; "the Office Breaches Its Promise Towards Staff and Acts in Breach of Its Duty of Care"
The EPO serves no actual function in Europe
Links 15/09/2025: Political Affairs, Censorship, and Copyrights
Links for the day
Gemini Links 15/09/2025: Music Genres, Invisible Networks, and Akademy 2025
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 14, 2025
IRC logs for Sunday, September 14, 2025
Satya's Plan B: Try to Hide the Massive Extent/Scale/Scope of Microsoft Layoffs
fewer people buy Microsoft
Red Hat News About De Facto Mass Layoffs (Bluewashing) Gone From Reddit (Censored by Gatekeepers), Still Online in The Register
With RTOs, PIPs, relocation etc. expect IBM to "shed off" many Red Hatters
UEFI "Secure Boot Doesn’t Play Nice at the Moment"
UEFI "Secure Boot" does not improve security. It's an artificial obstacle in service of monopoly.
Gemini Links 14/09/2025: ROOPHLOCH, Music, and Reddit
Links for the day
If You Want to "make your 'Windows PC' lean, mean, and fast" You Will Install GNU/Linux or Some BSD
That kind of article says a lot about IDG
Slopwatch: Google News Infested With Slop (About Half of the Results for "Linux" Today)
This is the sort of junk one finds when looking for "Linux" in Google News these days
Links 14/09/2025: Ricky Hatton Dies and McDonald's Declares War on Tipping Culture
Links for the day
Links 14/09/2025: Disasters for CEOs Obsessed With Slop and Slop Companies School Like Fish
Links for the day
"Bad Shim Signature" (Microsoft 'Secure' Boot)
"Fresh install not booting"
What Microsoft Garrett and Microsoft Lunduke Have in Common
Similar tactics, different "wings"
Links 14/09/2025: US "Economy Sagging", "Michigan Economy Wobbles From Tariffs"
Links for the day
Gemini Links 14/09/2025: Minimalist Snippet Manager and Omarchy Linux
Links for the day
The Face of the Digital Far Right: Microsoft Lunduke
Microsoft Lunduke is an online extremist that belongs to and panders to the far right
20 Years Later and Academia Isn't the Same
"I never dreamed of being a professor"
'Cancel Culture' by the Right: Microsoft Lunduke Contacts People's Employers Trying to Get Them Fired
Microsoft Lunduke panders to extremists online
"Bad Shim Signature"; So 'Secure' That It Overrides Users' Preferences and Turns Itself Back on (Coercive Measure)
This was a few hours ago
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 13, 2025
IRC logs for Saturday, September 13, 2025
Microsoft is Rapidly Dropped From Web Servers, Shows Survey
Microsoft lost about 8% "market share" in just 3 months
Many GNU/Linux Users Report MOK (Machine Owner Key) Issues in Recent Days
many people don't report this online and never post in Reddit
We Covered UEFI 'Secure Boot' Scandals. The World Listened.
To hell with UEFI 'secure boot'
Links 13/09/2025: Escalations in East Europe and POTUS’ Health Cover-Up
Links for the day
Gemini Links 13/09/2025: Lagrange Turns 5 and Lagrange 1.19.2 Released
Links for the day
Microsoft Inside Your Linux: "Security vulnerability that allowed an attacker to bypass UEFI Secure Boot."
2 hours ago
A New Low for "Linux Journal": Promoting MICROSOFT WINDOWS Using LLM Slop
They've just jumped the shark entirely
Fake News With Fake Numbers About Microsoft
"This is what happens when the world's economy is governed by sick old men"
Slopwatch: "Google News" is Fast Becoming a Mashup of Slopfarms, Linux Journal ("LJ") is a Dump of LLM Slop
Well done, Google News. Google itself can flourish as a slopfarm mashup.
Torturing Users Who Just Want to Run GNU/Linux on Their Own PC
"Linux does not want to install"
The Register MS Still Takes Money to Hype Up "AI" in Articles by Microsoft Resellers With the Term "AI" 30+ Times in Them
Notice how many times they mention "AI"
The Apache Logo News is VERY Old, Racists and 'Anti-Woke' Bigots Look for Something to Incite Other Bigots With
Nothing to see here, move along
Linux Mint 9/11: "4th One Today..." (in Reddit)
Remember that not everyone having an issue reports it to social control media like Reddit
Nepal Will Fall Without a Single Shot Fired, Thanks to Social Control Media
Or very few shots (by the authorities)
European Corruption in the European Patent Office (EPO) Targets Culture
"In reality, the project includes a new “legal instrument” shifting administrative burden and liability on EPO staff while creating new uncertainty and externalising Amicale activities."
European Authorities, Already Bribed and Infiltrated by Microsoft, Won't Help You Find BigBlueButton, Jami, Ring, and Jitsi
Because they're paid by Microsoft and are Microsoft 'addicts' themselves
UEFI Secure Boot Failing, as Expected for Nearly 15 Years Already (Techrights Said This Since 2012)
in the media
Debian 9/11
people report this issue
Gemini and Web Links 13/09/2025: MElon's Slop Grift and "Autonomous Trains"
Links for the day
Moving From Content Management Systems (CMSs) to Static Site Generators (SSGs) Saves You Time, Makes You a Lot More Productive
try to reduce the cost (financial and computational) of running your site
Pursuing Peace Through Violence
You cannot "see" a person's mind, until the mouth opens
Leak: European Patent Office (EPO) is Now Attacking Amicale Clubs
corruption has become the norm and scientists are robbed of any dignity
Can We Please Stop Celebrating Shooters?
"An important point to hammer on is that CoCs were never intended for uniform or symmetric application"
Oracle Fraud (or Defrauding Shareholders)
"the obvious [lie] is that watts are (wasted) electricity [and] and FLOPS are computing capacity"
Geminispace is Growing Faster in 2025 Than It Did in 2024
What matters is that corporations haven't ruined it and LLM slop is extremely rare
Links 13/09/2025: China Punishes for 'Negative' Posts, US Police Unable to Find Shooter
Links for the day
Who's the Mystery Financier of SLAPP Against Techrights and Is That a Millionaire/Billionaire?
Whose idea was it to fund meritless lawsuits against my wife and I?
Slopwatch: Slow Slop Day
This distracts from or may take traffic away from the original articles, actually written by actual people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 12, 2025
IRC logs for Friday, September 12, 2025