Bonum Certa Men Certa

Links 12/07/2022: KDE Plasma 5.25.3 and Xorg Server Security Patches



  • GNU/Linux

    • Desktop/Laptop

      • LWNGarrett: Responsible stewardship of the UEFI secure boot ecosystem [Ed: LWN spin assistance; LWN fails to note that he's the culprit, whom we should be egging over this; narrative shifting, but see the comments]

        Matthew Garrett grumbles about an apparent Microsoft policy change making it harder to boot Linux on some systems.

      • LiliputingSlimbook Executive is a lightweight Linux laptop with Intel Core i7-12700H - Liliputing

        Spanish PC maker Slimbook’s latest Linux-friendly laptop is a thin and light model that packs a lot of horsepower into a compact chassis. The new Slimbook Executive comes with a choice of 14 or 16 inch high-resolution, 90 Hz displays and both models are powered by a 45-watt Intel Core i7-12700H processor. The larger model also features NVIDIA GeForce RTX 3050 Ti discrete graphics.

        The Slimbook Executive is available now for 1299 (about $1310) and up.

      • ElectropagesJoint venture unveils world’s first RISC-V laptop

        As RISC-V continues to push the boundaries of open-source computing, a joint venture between DeepComputing and Xcalibyte has developed the world’s first RISC-V laptop set to be released in September. Why is RISC-V’s popularity growing, what are the specs of the new laptop, and could this help push the use of Linux onto everyday users?

    • Audiocasts/Shows

    • Applications

      • OSTechNixQuickgui - A GUI For Quickemu To Run Virtual Machines - OSTechNix

        The other day we discussed how to run Linux, macOS, Windows virtual machines with Quickemu. Quickemu is a command line program. Not everyone is fan of command line mode. For those who prefer GUI over CLI, I present you Quickgui, a graphical frontend for Quickemu to create, run and manage virtual machines.

        What Is Quickgui?

        Quickgui is a Flutter frontend for quickget and quickemu. Using Quickgui, you can quickly create and run virtual machines via a simple graphical interface. No need to remember commands!

        Quickgui is built with Flutter, an open source framework by Google for building beautiful, natively compiled, multi-platform applications from a single codebase.

    • Instructionals/Technical

      • LinuxiacRsync Command in Linux with Practical Example [Ed: it's not a comment but a program. It's also not exclusive to Linux.]

        This guide shows you how to use the rsync command in Linux to synchronize files and directories using simple examples.

      • ID RootHow To Install DeaDBeeF on Ubuntu 22.04 LTS - idroot

        In this tutorial, we will show you how to install DeaDBeeF on Ubuntu 22.04 LTS. For those of you who didn’t know, DeaDBeeF (as in 0xDEADBEEF) is a free and open-source audio player for Linux. It plays a variety of audio formats like Mp3, ogg, flac, ape, wv/iso.wv, wav, m4a/m4b/mp4 cd audio, and converts between them. DeadBeef is available for GNU/Linux, BSD, and other UNIX-like systems.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the DeaDBeeF music player on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

      • LinuxBuzThe Ultimate Docker Cheat Sheet – Quick Reference - LinuxBuz

        A Docker cheat sheet is a set of notes used for quick reference while using Docker in the real world. I have prepared a Docker cheat sheet that includes an extensive list of Docker commands.

        Here, I am presenting my Docker Cheat Sheet (a one-page guide) with all common terms and useful one-liners commands. You can use it as a quick reference guide when working with Docker. If you want to learn more about Docker with detail information and examples, you can read the rest of the article.

      • H2S MediaHow to Install Azure Data Studio on Ubuntu 22.04 LTS Jammy [Ed: Why would any GNU/Linux users want that???]
      • HowTo GeekcURL vs. wget in Linux: What’s the Difference?

        If you ask a bunch of Linux users what they download files with, some will say wget and others will say cURL. What’s the difference, and is one better than the other?

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

  • Distributions and Operating Systems

  • Free, Libre, and Open Source Software

    • OSI BlogThe future of innovation has patent-free standards [Ed: Simon Phipps wrote this after he had brought Microsoft, the biggest patent bully, into OSI]

      As with any legal loophole, simply existing meant it was exploited and became the norm, even if it was initially temporary (like income tax in the UK.) Once exploitation of a legal loophole becomes competitive, it becomes its own justification for the existence of the regulations (“look at the economic value of this segment”) and they become near impossible to remove – even when the original justification has ceased to need preferential protection.

      So today we see a swathe of rich consumer electronics and telecom companies, addicted to the revenue they get from licensing the standard-essential patents (SEPs) they have embedded in what they call “open” standards (abusing the term to include standards that you have to pay to read and get patent licenses to implement), lobbying hard to ensure their value to the economy is recognized.

  • Leftovers

    • Linux Foundation

    • Security

      • Red Hat OfficialSocial Engineering vs Mistakes: Two sources of pain, one process

        There are a million ways for awful things to happen to your data and accounts. For example, someone could accidentally commit their AWS access keys publicly to GitHub, and attackers quickly run up $100,000 in charges mining cryptocurrency on expensive GPU-enabled instances. Or "account support" calls with a notice that your account has false charges, but they can remove them once they verify your credit card info. There are fake software updates that steal bank account information. And fictitious warnings about login failures to your corporate email with a link to "login and verify access." Not to mention account information leaked from one of your online services, including your banking site. Although there are many causes of account exposure, they fall broadly into two categories: malicious intent or accidental leaks.

      • Stop using phishing as a measure of your cyber awareness culture | Pen Test Partners

        If I had a penny for every time someone said to me “let’s measure our security culture by phishing our staff” I’d probably be able to fill my car up.

        It’s a really easy thing to do, you carry out some online training and typically they come with phishing simulations as a free or low cost add on. On the face of it that sounds great, train staff to spot phishing emails and they will be much better prepared to take up the mantle of defending your organisation. It sounds like the perfect solution, There’s a problem though, it’s Not.

      • FOSSLifeNew OrBit Malware Infects All Running Processes [Ed: "FOSSlife Team" helps the anti-Linux FUD lobby; so much for "FOSS'... maybe focus on back doors in proprietary software instead; no need to infect it, the doors are wide open...]

        Security researchers from Intezer have reported a new Linux malware variant called OrBit.

      • LWNSecurity updates for Tuesday [LWN.net]

        Security updates have been issued by Debian (chromium), Mageia (openssl and webkit2), Slackware (seamonkey), SUSE (crash, curl, freerdp, ignition, libnbd, and python3), and Ubuntu (dovecot and python-ldap).

      • Understanding Memory Leaks in Java | Developer.com

        When creating applications in Java, developers can create managed objects in their software using the new keyword. Programmers do not need to remove these managed objects explicitly in their code, since the garbage collector takes care of the removal of objects that are no longer required. So long as the objects are disposed of by the garbage collector, this is fine. However, if the garbage collector is unable to remove objects that are no longer referenced, there are chances of memory leaks in your applications.

        A memory leak in Java refers to a state when an object no longer needed by the application remains alive in the Java Virtual Machine (JVM). Memory leaks occur when an application accidentally hangs on to object references that are no longer necessary. Memory leaks lead to performance degradation over time because of your application’s increased (and unexpected) use of memory.

      • X.Org Security Advisory: July 12, 2022
        X.Org Security Advisory: July 12, 2022
        
        

        Multiple input validation failures in X server extensions =========================================================

        All theses issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

        * CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access

        The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory write.

        * CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access

        The handler for the ProcXkbSetDeviceInfo request of the Xkb extension does not properly validate the request length leading to out of bounds memory write.
      • xorg-server 21.1.4
        This release fixes 2 recently reported security vulnerabilities in xkb, several
        regressions since 1.20.x and a number of miscellaneous bugs.
        
      • ViceHackers Say They Can Unlock and Start Honda Cars Remotely

        On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN.

        […]

        In a phone call, Kevin2600 explained that the attack relies on a weakness that allows someone using a software defined radio—such as HackRF—to capture the code that the car owner uses to open the car, and then replay it so that the hacker can open the car as well. In some cases, he said, the attack can be performed from 30 meters (approximately 98 feet) away.

        In the videos, Kevin2600 and his colleagues show how the attack works by unlocking different models of Honda cars with a device connected to a laptop.

        The Honda models that Kevin2600 and his colleagues tested the attack on use a so-called rolling code mechanism, which means that€­—in theory€­—every time the car owner uses the keyfob, it sends a different code to open it. This should make it impossible to capture the code and use it again. But the researchers found that there is a flaw that allows them to roll back the codes and reuse old codes to open the car, Kevin2600 said.

      • Privacy/Surveillance

        • AccessNowTikTok forced to pause plans for privacy-intrusive ads

          When TikTok announced its plan to impose personalised ads on everyone over 18 who uses the platform in EEA, UK, and Switzerland, Access Now told the company in no uncertain terms that it must scrap this action that would risk privacy, and deny agency. Reports now indicate that TikTok has hit the brakes.

          On 5 July, 2022, Access Now sent open letters to TikTok to immediately halt these invasive changes, and to the European Data Protection Board and its members to intervene.

    • Civil Rights/Policing

      • AccessNowThe EU AI Act proposal: a timeline - Access Now

        The use of artificial intelligence (AI) technology opens new risks for human rights, including for people and communities targeted for discrimination and marginalisation. Access Now advocates for AI regulations based on internationally recognised human rights principles. Below is a summary of our proposed amendments to the draft EU AI Act and a timeline of our related commentary and recommendations.

      • AccessNowCivil society calls on Indian government to withdraw amendments to IT Rules - Access Now

        We, the undersigned organizations operating in more than 10 countries and internationally in the promotion and protection of digital rights and freedoms, submit the following comments and urge you to withdraw the amendments recently proposed to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (IT Rules 2021). [1] We commend the Ministry of Electronics and Information Technology (MeitY) on the initiative to amend the IT Rules 2021, and commence a process of consultation on the proposed amendments.

        Amendments to the Rules are necessary in order to meaningfully protect fundamental rights. In our view, however, these new revisions add concerns to already restrictive provisions in the Rules that pose a direct threat to the rights to freedom of expression and privacy, as well as other related human rights protected under the Indian Constitution and international law.

    • Digital Restrictions (DRM)

      • The Register UKHive to pull the plug on smart home gadgets by 2025 [Ed: "Smart" things are for dumb, gullible people]

        Home automation platform Hive plans to terminate key products in its line, including the Hive View cameras, HomeShield, and Leak products.

        A Hive spokesperson told The Register: "At Hive, we've got big plans to make... homes greener, so we've made the tough decision to discontinue our smart security and leak detection products. As a smart tech brand in the middle of a climate crisis, we know the focus needs to change and will instead be developing smart home tech that'll help get us closer to achieving Net Zero."

        Users, some of whom have invested four figure sums in Hive products are less than impressed.

    • Monopolies

      • U.S. Antitrust Reform Is Necessary to Defend Global Human Rights [Ed: Why is Microsoft absent from this? Have the bribes paid off? Paid politicians? Paid press? Microsoft: get busy, regulators, with "GAFA"... while we too spy even more than "GAFA" and also commit a ton of crimes... including against GNU/Linux (which we claim to "love" to keep you asleep)... Public Access is already infiltrated by Microsoft (the Board), but is Access Now also infiltrated to distract and deflect?]

        In today’s interconnected world, it is nearly impossible to function in society without relying on a tech tool made in the USA. Trying to sell something? Use Facebook marketplace. Want to start a business? Google has a platform for your micro-targeted ads. This excessive concentration of power has helped solidify Big Tech’s reign over the world, making it much harder to hold these companies accountable for facilitating human rights violations, such as attacks against human rights defenders in the Philippines and ethnic violence in Ethiopia.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

WordPress Becoming What We Feared It Would Become
WordPress and other such bloatware (WordPress used to be fast and light) are moving in the same trajectory that GAFAM leads
Call for European Patent Office (EPO) Whistleblowers
The European Patent Organisation (EPO) might not reform the Office
400-Page US Federal Court Against Abuses by Google, Microsoft and Front Groups That Abuse Volunteers for American Corporations
There are 386 pages in total (in the US claim)
Projection Tactics - Part IV: SLAPP by Americans Against Techrights (UK) to Hide Serious Abuses Against American Women
"PRs need to stop being complicit in suppression of information via SLAPPs"
Five Years Ago, After We Broke the Story About Richard Stallman Rejoining the FSF's Board, All Hell Broke Loose (for Me and My Family)
They generally seem to target anyone who thinks Richard Stallman (RMS) should be in charge or thinks alike about computing
Projection Tactics - Part II: Causing "Serious Harm" to Many People (Even Animals)
Narcissists and sociopaths are like that
Sirius Open Source's Latest Report: Fake (False) Number of Staff, Almost No Money in the Bank, Overdraft, and Growing Debt (About £100,000 More Borrowed)
massive (and still growing) debt
 
Stop Conflating Free Software With Slop Plagiarism and Time-wasting
Even decades ago people could use "compute" for lots of fuzzing, then file away false or unaudited reports using bots
What Security Means
Security does not mean asking Microsoft for permission
Microsoft May be Losing 10,000+ Workers This Month
Here's the quick math
BSN Senior School Leidschenveen is Shutting Down and What That Means to the European Patent Office (EPO)
Follow-up meeting with Site Manager VP1 on school matters
Gemini Links 01/07/2026: Keeping (Relatively) Cool plus Adventures in Solar, Camp Snap Cameras and XTEINK X4 Ereader Reviews
Links for the day
European Patent Office (EPO) Series: Different Strokes For Different Folks
Organisation operating in two parallel universes
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 30, 2026
IRC logs for Tuesday, June 30, 2026
GNU/Linux Measured at 4.4% by statCounter, Even More by analytics.usa.gov
GNU/Linux has fared well
Getting Skyped: Closure of Studios Microsoft Bought
wait till July and the mass layoffs outside XBox
Several Waves of Red Hat Layoffs This Year, Is This Still Going on Under IBM?
The PIPs and NDAs hard to get a clear picture
Sabine Hossenfelder Versus IBM Scamming Shareholders
IBM has become a garage of BS
Some XBox Layoffs Underway, At Least Five Studios to be Shut Down
Insiders are in a state of panic
Gemini Links 30/06/2026: Music Theory, Addiction, Clown Computing
Links for the day
Links 30/06/2026: France Recorded 1,000 Excess Deaths During Heat Wave, Slop Replaced by Human Staff
Links for the day
People Given the Totally Wrong Idea That "Secure Boot" is About Security (It's the Opposite, It's About Handing Control Over to NSA/Microsoft)
"Secure Boot" with capital "B" is conflating compromise with security.
Today The Register MS is Publishing Fake Articles About "AI", 100% of All "Content"
Maybe the media is dying because it is selling its soul [...] The Register MS has no standard
America Has Cost Europe Too Much
Countries ought to be controlling all their own systems
GAFAM Debt Will Surge, in July We'll Know by How Much
Do not fall for slop or sloppy narratives
Too Many "Marketers on the Payroll" at IBM, Selling Impossible Products That Cannot be Delivered or Will Never Deliver
IBM is rotting away
Media Says Microsoft's (XBox) Layoffs May be Record-Breaking
think somewhere in the range of ~5000 for gaming/XBox alone
Links 30/06/2026: What's Wrong With EU Age Verification, RSA Keys with Many Zeros
Links for the day
This is Not a Security, This is a Circus
Security does not mean "asked Microsoft for permission"
Communities Need Strong Leadership, Not Dictators Like IBM
Leadership in Free software is not ownership [...] Fedora will only last as long as IBM can somehow make some money out of it or leverage it to attract sharecropping
Patents Are Not "Cash Cows"
People who deliberately don't understand patents (or believe lies about them) will fail to understand how the world works (or does not work)
Sad Lives of People Who Think Women Are Just Sexual Toys (All They Have is Money)
money is still a man-made concept and life is finite
SLAPP Censorship - Part 123 Out of 200: Why Violence Against Animals Matters
Starting tomorrow (Wednesday) we'll begin telling stories about what happened last week
EPO Staff Union's (SUEPO) The Hague Committee, With Help of Lawyer, Challenges Lack of Rewards for Hard Work
The EPO is not about granting valid patents anymore. The horse-trading corrupt officials just see the EPO as some thing that "prints money"
Massive EPO Demonstration Today
It'll start in about 6 hours
More Layoffs in Microsoft's PR Department, Even Ahead of 'D-Day'
Notice they are not even waiting for the official date (nor week)
European Patent Office (EPO) Series: Photo-Ops Galore and Suspicions of Influence-Peddling
coverage of the EPO's Croatian junket
Gemini Links 30/06/2026: Music and Broken Hearts
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 29, 2026
IRC logs for Monday, June 29, 2026
Gemini Links 29/06/2026: Using More of GPLv3+ and Merits of Security by TOFU
Links for the day
Links 29/06/2026: Lemote Yeeloong Laptop With OpenBSD, Slop Ruins Code/Development
Links for the day
Antisocial People With No Computer Science Background Are Ruining the Technology Space (Like Officials With No Experience in Patents Destroyed the EPO)
This is a real issue; it needs to be widely recognised and tackled
DDoS Attacks Are a Crime and They Only Increase Interest (Intrigue) in Their Target
Information cannot be DDoSed out of reach/existence, except temporarily
Pushing to the Top
Publishing is about exposing corruption
Whistleblowing and Retaliation by Microsoft Workers Against Microsoft Seems Increasingly Likely
some will go to the press, looking to expose some shenanigans
How Long Can a Company Delay Its Financial Report That Likely Confirms Exodus of Staff, Growing Debt, and Other Problems?
Brett Wilson LLP was meant to release its annual report some time early this month
SLAPP Censorship - Part 122 Out of 200: Garrett's Solicitors Confirm That Garrett is Ban-Evading and Spying on Our IRC Network
his solicitors basically acknowledge this
European Patent Office (EPO) Series: Networking With the National Delegates
António Campinos with a prime opportunity to network with the Administrative Council delegates and lobby for his reappointment
PIPs and "Retirements": IBM Layoffs in Anything But Name
That former Red Hat (now IBM) staff threatens to put my wife and I in prison is worse than cruel
Contact Members of the EPO Administrative Council, Tell Them the EPO (Office) Became a Disgrace and an Enemy of Europe's Citizens
If you live in Europe (not just the EU, even Turkey is included), please contact your delegates
The World Needs GNU/Linux for Security, Turn Off "Secure Boot" (It's the Opposite of Security)
They call it "Secure Boot", but what does it mean to say "Secure" when you actively opt for back doors controlled by Microsoft, the FBI, and many more parties?
In Signal of Weakness or Phasing Out XBox (Not Sustainable, According to the CEO) Microsoft "Pauses New Third-Party Game Pass Deals"
Moments ago
Two Pieces About "AI" This Morning Were Paid-For SPAM at The Register MS
The Register MS is the "Tech News" publisher you can pay to promote your company and even key-word-stuff pages for SEO purposes
Week of Microsoft Layoffs, Maybe Record-Breaking Scale
They will mislead about the scale
Links 28/06/2026: More Om Malik Eulogies, Cloudflare Promotes Web Browser Monocultures
Links for the day
IBM's Alderon as "Silent Layoffs", Not Just Bailout From Taxpayers
Seeing through the noise
'Modern' Web: "Stop! You Are Browsing Too Fast!"
Can the Web ever recover from this?
Pensions Tied to Ponzi Schemes Are Themselves Ponzi Schemes
Pensions are becoming more like that as well
Laptop Bricked After Microsoft Certificates Expiry
Is "Jim" dead?
Monoculture in Europe as National (or Continental) Security Threat
We need more browser diversity
Canada 5-0: GNU/Linux Rises to 5.0%, Windows Rapidly Falls to New Lows
Will we be seeing 6-0 (6%) by year's end and will Microsoft be shown two red cards?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 28, 2026
IRC logs for Sunday, June 28, 2026
Gemini Links 29/06/2026: Sansieviera, HiFi, and Self-Signed Certificates
Links for the day