Bonum Certa Men Certa

Links 25/08/2022: Tails 5.4 and EasyOS 4.3.5



  • GNU/Linux

    • Server

      • OpenSource.comUsing eBPF for network observability in the cloud | Opensource.com

        Observability is the ability to know and interpret the current state of a deployment, and a way to know when something is amiss. With cloud deployments of applications as microservices on Kubernetes and OpenShift growing, observability is getting a lot of attention. Many applications come with strict guarantees, such as service level agreements (SLA) for downtimes, latency, and throughput, so network-level observability is a highly imperative feature. Network-level observability is provided by several orchestrators, either natively or by using plugins and operators.

        Recently, eBPF (extended Berkeley Packet Filter) emerged as a popular option to implement observability at the end-hosts kernel, due to performance and flexibility. This method enables custom programs to be hooked at certain points along the network data path (for instance, a socket, TC, and XDP). Several open source eBPF-based plugins and operators have been released, and each can be plugged into end-host nodes to provide network observability through your cloud orchestrator.

      • Kubernetes BlogKubernetes v1.25: Pod Security Admission Controller in Stable | Kubernetes

        The release of Kubernetes v1.25 marks a major milestone for Kubernetes out-of-the-box pod security controls: Pod Security admission (PSA) graduated to stable, and Pod Security Policy (PSP) has been removed. PSP was deprecated in Kubernetes v1.21, and no longer functions in Kubernetes v1.25 and later.

        The Pod Security admission controller replaces PodSecurityPolicy, making it easier to enforce predefined Pod Security Standards by simply adding a label to a namespace. The Pod Security Standards are maintained by the K8s community, which means you automatically get updated security policies whenever new security-impacting Kubernetes features are introduced.

    • Videos and Shows

      • If Not True Then FalseKernel 6.0-rc2 + Fedora 36 + NVIDIA 515.65.01 – If Not True Then False

        This is quick guide howto install Kernel 6.0-rc2 on Fedora 36 with or without latest NVIDIA 515.65.01 drivers. If you have NVIDIA 515.65.01 already installed, then you still have to update your drivers with patched version. If you are not using NVIDIA and want install only Kernel 6.0 on Fedora 36 then skip whole step 1.

      • The TLLTS PodcastThe Linux Link Tech Show Episode 968
      • The BSD Now PodcastBSD Now 469: Ctrl-C Reset

        FreeBSD Q2 2022 Status Report, FreeBSD in Science, fastest yes(1) in the west, Why Programmers Can’t "Reset" Programs With Ctrl-C, Run Slack in FreeBSD’s Linuxulator, and more.

    • Kernel Space

      • LWN6.0 Merge window, part 2 [LWN.net]

        Linus Torvalds released 6.0-rc1 and closed the merge window on August 14, as expected; by then, 13,543 non-merge changesets had found their way into the mainline repository. Just over half of those were pulled after our first 6.0 merge-window summary was written. The latter part of the merge window tends to be more focused on fixes than new features, but there were still a number of interesting changes added during this time.

      • LWNThe trouble with 64-bit DMA

        We live in a 64-bit world, to the point that many distributors want to stop supporting 32-bit systems at all. However, lurking within our 64-bit kernels is a subsystem that has not really managed to move past 32-bit addresses. The quick merge-window failure of an attempt to use 64-bit addresses in the I/O memory-management unit (IOMMU) subsystem shows how hard it can be to leave all of one's 32-bit history behind.

        Peripheral devices that move data at any significant rate have to support direct memory access (DMA) to get reasonable performance. As the DMA name suggests, these devices once had direct access to the system's memory in the physical address space. Over time, though, most systems have moved to interposing an IOMMU between devices and memory, for a number of reasons. The IOMMU can help to ensure that the device only accesses the memory that was intended for it, for example. It is also possible to use the IOMMU to make pages scattered throughout physical memory appear to be contiguous from the device's point of view.

        For all of this to work, a device driver must create an IOMMU mapping for an I/O buffer before presenting the mapped addresses to the device. Those addresses, called I/O virtual addresses (or IOVAs), look like physical addresses, but they have their own 64-bit address space. One would expect to be able to pass an address anywhere in that range to a device, but life is not so simple; many devices have surprising limitations on how many address bits they can actually use. The kernel's DMA-mapping layer takes this into account; drivers pass in a mask indicating the address range that the device can handle, and the kernel finds an address within that range.

    • Applications

      • LinuxConfigBest text editor for Linux

        There are many different text editor choices for a Linux system. Your choice of which text editor to use will depend on the type of work you plan on doing. For example, writing basic documents vs. coding websites or programs. Whatever your case, there are a lot of nice text editors available.

        In this tutorial, we have compiled a list of our favorite text editors for Linux. We have included both GUI text editors and command line editors. In some cases, you may want one of each. This will help you decide which one is the best for you and your situation.

        [...]

        Here are some of our top picks for text editors on Linux.

      • LinuxConfigBest Music Player for Linux

        Linux systems offer a wide range of choice, and music players are no exception. For quite a while, there have been fantastic options when choosing the perfect music player for your Linux computer. All of these players are just as good, if not better, than their proprietary counterparts on other operating systems. They range from the minimal, light weight, and targeted to feature-rich multipurpose players capable of nearly anything. There’s a great choice for every music fan on Linux.

        Determining the best music player on Linux mostly boils down to user preference and depends on what the user wants to get out of their music player. In this tutorial, we have compiled a list of our favorite music players for Linux. This will help you decide which one is the best for you and your situation.

        [...]

        Which music player is right for you? Almost all of the below music players are available in most distribution repositories.

    • Instructionals/Technical

      • Linux CapableHow to Install OBS Studio on Linux Mint 21 LTS

        OBS Studio is a free, lightweight open-source, cross-platform screencasting software for screen recording, camera image, and sound record. OBS Studio also makes it easier for those new to the world of live streaming as it is designed to be simple to use, comes with plugins and scripts that can be installed and is considered one of the best free, open-source software of its nature. OBS Studio lets you capture footage from your desktop or webcam feed and microphone audio. In addition, you can mix different sources, such as adding your webcam feed to your game footage. Furthermore, OBS Studio gives users a high degree of control over their recordings, such as selecting which monitors or windows to record. OBS Studio is an incredibly powerful and versatile tool that any aspiring streamer should consider using.

        In the following tutorial, you will learn how to install OBS Studio on Linux Mint 21 LTS by importing the official LaunchPAD PPA that contains the latest stable version and updating and removing the software in the future.

      • H2S MediaHow to install PostgreSQL 13 on Ubuntu 22.04 LTS Linux

        Postgres is a platform-independent object-relational database management system (ORDBMS). In many Linux distributions, the database management system is part of the basic equipment. It can also be used on Windows and macOS systems. Due to the object relationality, the DBMS is suitable for data warehouse databases. It differs from relational database management systems such as MySQL in that even complex data objects can be stored relationally in the database. Postgres works on the client-server model. The server is responsible for managing the databases and processing and answering client requests.

        In addition to the server and a command line-based client, many Linux distributions also supply a client program with a graphical user interface. The communication between client and server takes place in a distributed architecture via TCP/IP connection. Few features of Postgres are: distributed under an open source license, platform-independent; can be expanded in many ways with functions, self-defined data types or operators; no size limit; high reliability; stores data objects in the relational database schema, and more…

      • MakeTech EasierRaspberry Pi Monitor Not Working? Try These Fixes - Make Tech Easier

        Getting your Raspberry Pi device to work with an HDMI display should be easy. However, if you’re not seeing any HDMI output on your monitor, check out our list of troubleshooting tips that should help you fix the problem in no time. Go through the list and try each of these solutions until you find one that works for you.

      • nixCraftHow to add swap to AWS EC2/Lightsail Amazon Linux instance

        So like many solo developers, I am tight on resources, especially money-wise. I have two AWS EC2 VMs running as WireGuard VPN on Amazon Linux for personal usage, and another one is my dev machine with Python, PHP and stuff. These are tiny VMs with just 512MB ram. The main problem is my little VM powered by CentOS or Amazon Linux 2 runs out of memory when I run “sudo yum update“.

      • TecMintHow to Install Ajenti Control Panel in Debian and Ubuntu

        Ajenti is a free and open source web-based Admin Control Panel that allows you to perform a wide range of server administration tasks such as installing and updating packages, managing services, and so much more.

        Written in Python and Javascript, Ajenti provides a powerful and intuitive UI that is lightweight and resource-friendly. In addition, it’s easy to install and a great tool for novices or users who do not have advanced Linux knowledge.

      • Trend Oceanspls: Modern Alternative for the ls command in Linux - TREND OCEANS

        The pls (prettier and more powerful) is a modern alternative to the ls command to list your files and directories. It outputs the data in a prettier and more powerful format for easy understanding.

      • LinuxConfigHow to get and change audio metadata in Linux

        Audio metadata contains information like artist, song title, track number, album name, etc. It can even contain an embedded image of the cover art for the album. This metadata is accessed by music players in order to display relevant information about the song that is playing. Without this metadata, a music player might have trouble sorting your music by artist, album, genre, or putting the tracks in proper order.

        There are times when you may need to edit audio metadata. An example would be to correct the tags for songs that have been miscategorized into the wrong genre. Or you may be working on a custom compilation of tracks and want to sort them in a certain order, etc. In this tutorial, you will see how to get and change audio metadata on a Linux system.

      • LinuxConfigHow to get and change PDF metadata in Linux

        PDF metadata contains information like author, subject, creator, producer, and keywords. This information is embedded into the PDF file itself, and can be retrieved if a user needs to determine who released the document, or wants to see what application was used to create it, etc. The keywords can also help organize PDF documents by category in case you have a lot of PDF files.

        In this tutorial, you will see how to get and change PDF metadata on a Linux system. This can be accomplished from both command line and GUI. We will cover both methods below.

      • LinuxConfigClean up filenames with detox command line utility

        If you have spent much time on the command line to work with files in Linux, then you probably know about the pains of dealing with file names that contain spaces or any other strange characters. It can be tedious to escape certain file names or to work with a bunch of files that have inconsistent encoding in their file names. The detox command is a solution to this problem, as it converts all file names to a consistent format that make them easier to work with.

        In this tutorial, you will see how to install the detox command line utility on all major Linux distros. Then, we will show you how to get started using the detox command through usage examples. This is a great tool to use if you import files from other operating systems or download lots of files online. It will sanitize your file names so they follow a uniform naming format and are easy to work with on Linux and in the command line.

      • LinuxConfigHow to get and change image metadata in Linux

        Image metadata is information that is embedded into files like jpeg, tiff, and other common formats. The primary form of metadata used in photos is called EXIF (Exchangeable Image File Format). This data can contain supplemental information for the image, such as the date and time that the photo was taken, with what camera model, GPS info, author, copyright information, and more.

        This kind of metadata comes in handy when you need to determine additional information about an image, such as who the original author is. It is also possible to manually add or edit metadata to an image file. In this tutorial, you will learn how to get and change image metadata on a Linux system. This can be accomplished from the command line with the ExifTool program. We will cover usage examples below.

      • Running darktable on RISC-V - LIEBERBIBER

        A while ago I got hold of a cheap Sipeed Lichee RV RISC-V development board. After finally getting it up and running, I wondered if and how well darktable would work on RISC-V? The answer is: surprisingly well, if the hardware is fast enough…

      • FOSSLinuxHow to install VMware Tools on Ubuntu | FOSS Linux

        VMware tools are modules and services that allow numerous features in VMware products for a boosted management of seamless user interactions with guests’ OSs. On the other hand, VMware is a stable and outstanding virtualization solution that permits you to run a significant number of isolated operating systems on a solo machine.

        When utilizing VMware as the hypervisor, it is paramount to install VMware tools in the guest to boost virtual machine performances. Installing these tools will aid you in getting the most out of the system as it gives the machine more capabilities like automatic window resizing, shared clipboard with the host system, and drag and drop file transfer.

        Another point to note is that using VMware tools helps a VMware (VM) virtual machine merge nicely with VMware hypervisor. If you install VMware tools on a virtual machine, it will directly report back to the VMware hypervisor its IP address and a lot more information like VPU usage, memory usage, disk usage, and more. This hypervisor can generate even more interesting statistical reports using the reported back data, which will, in turn, play a role in aiding you in monitoring your virtual machine easily.

      • UNIX CopHow to install Podman Compose on Ubuntu 22.04 | Linux Mint 21?

        Welcome. Now you will learn how to install Podman Compose on Ubuntu 22.04 | Linux Mint 21 This tool is a kind of add-on for Podman. It is not especially necessary, but it is useful to have it to use the Docker Compose methodology.

      • Linux CapableHow to Install Ionic Framework on Debian 11 Bullseye

        Ionic Framework is an open-source toolkit for building high-quality mobile and desktop apps. Ionic comes with integrations for popular frameworks like Angular, React, and Vue. Developers use ionic to create performant, cross-platform applications for various purposes. Ionic has a wide range of features and functionality, making it a popular choice for developers looking to develop mobile apps. Amongst its many features, Ionic allows developers to create sophisticated user interfaces, use powerful hardware features, and take advantage of native app functionality. Additionally, Ionic’s community of developers and active user base contribute to its popularity; developers can find a wealth of resources and support when using Ionic. In sum, Ionic Framework is a powerful toolkit that enables developers to build performant, high-quality mobile apps.

        In the following tutorial, you will learn how to install Ionic Framework on Debian 11 Bullseye and its dependencies, create a project, and start the test application.

      • Linux CapableHow to Install MariaDB 10.6 on Debian 11 Bullseye

        MariaDB is one of the most popular open-source databases next to its originator MySQL. The original creators of MySQL developed MariaDB in response to fears that MySQL would suddenly become a paid service due to Oracle acquiring it in 2010. With its history of doing similar tactics, the developers behind MariaDB have promised to keep it open source and free from such fears as what has happened to MySQL. Many Linux distributions include MariaDB as their default database management system due to this assurance from the developers.

        MariaDB 10.6 brings several significant improvements, including improved performance, scalability, and new features such as a crash-safe replication mechanism and improved SQL compatibility. In terms of performance, MariaDB 10.6 includes several optimizations that can help to speed up database operations. For example, the new version contains several changes that can help to reduce disk IO and improve caching strategies. In addition, MariaDB 10.6 introduces a new storage engine called MyRocks, which is designed for modern hardware architectures and can provide significant performance improvements. In terms of scalability, MariaDB 10.6 includes several changes that make it easier to run large databases on multiple servers. For example, the new version introduces sharding support, which allows databases to be divided into numerous pieces that can be spread across multiple servers. In addition, MariaDB 10.6 includes several changes that improve the ability to replicate databases across multiple servers. Finally, regarding SQL compatibility, MariaDB 10.6 introduces several features that make it easier to port applications from other database systems. For example, the new version includes support for Oracle’s PL/SQL language and introduces a compatibility mode that can make running MySQL applications on MariaDB servers easier. As a result, MariaDB 10.6 is a significant release that includes many improvements that users of all types will welcome.

        In the following tutorial, you will learn how to install or upgrade MariaDB 10.6 on Debian 11 Bullseye using the command line terminal and some tips on upgrading your existing database if needed one exists using the MariaDB.org APT repository so you will always have the latest stable version directly to improve security and performance when releases are available.

      • Linux CapableHow to Install PlayOnLinux on Linux Mint 21 LTS

        PlayOnLinux is a versatile piece of software that allows Linux users to install a wide range of Windows-based applications. Not only does it allow for the installation of games, but it also supports office applications, web browsers, and even Apple iTunes. Furthermore, the software is constantly updated to support new applications and wine versions. As a result, PlayOnLinux is an essential tool for any Linux user who wishes to run Windows-based software.

        The following tutorial will teach you how to install PlayOnLinux on Linux Mint 21 LTS release series using the command line terminal using the default APT repository or installing the Flatpak third-party package manager to get a newer version binary.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Plasma 5.25 for Jammy 22.04 available via PPA | Kubuntu

          We have had many requests to make Plasma 5.25 available in our backports PPA for Jammy Jellyfish 22.04.

          Providing backports of new Plasma versions to a LTS release always must be an ‘opt-in’ process, however we are aware that many of our users now are accustomed to adding our backports PPA as a matter of course, so for a LTS release some additional caution is required in what we make available there.

          Therefore, at least for the time being, Plasma 5.25 will be available via an additional ‘backports-extra’ PPA, so users can make a positive informed choice to upgrade.

  • Distributions and Operating Systems

    • New Releases

      • Barry KaulerEasyOS 32-bit i686 Dunfell-series version 4.3.5

        Version 4.3.5 released, for old 32-bit i686 computers. If your computer has 486 or 586 CPU, too old. If it has the old ISA expansion bus, not PCI, again too old.

        Minimum screen size 1024x768, minimum RAM 512MB (with swap partition).

        I haven't provided a update "difference file" this time. Limine bootloader now version 3.16, which has fixes for some old computers, so prefer fresh write to the usb-stick, rather than update.

    • Fedora Family / IBM / Red Hat

      • Linux Shell TipsThe History and Evolution of Fedora Linux Distribution

        Fedora is a free and open-source Linux distribution that is maintained by Fedora Project which is sponsored by Red Hat with support from other companies.

        Fedora is referred to as a “bleeding edge” operating system. This implies that it regularly gets the latest software updates, features, and drivers. As such, it’s an operating system recommended for users who crave the latest applications, drivers, and features.

        Fedora is designed as a reliable, secure, and general-purpose Linux distribution for all users. It can be deployed in a workstation as a desktop operating system or used in a server environment. New releases of Fedora are pushed out after 6 months.

        In this guide, we go down memory lane and see how far Fedora Linux has come.

      • Linux Shell TipsFedora Linux 36 Released – Download DVD ISO Images

        The latest release of Fedora is Fedora 36 which was released on May 10, 2022. In this guide, we look at notable features provided by the latest release and how to download the DVD ISO images.

      • IBM Old TimerIBM emeritus Irving Wladawsky-Berger: The Economic Potential of the Internet of Things

        The estimate was based on the likely evolution of technology and the rate of adoption of IoT solutions between 2015 and 2025, as well as economic and demographic trends. The estimated range was so wide because there were so many unknowns at that early stage in IoT’s development, including the costs of technology, the rate of development and deployment of these highly complex solutions, their level of acceptance by consumers and workers, and the policies and regulations enacted by governments.

      • Red HatOptimize loops with long variables in Java | Red Hat Developer

        The just-in-time (JIT) compiler in OpenJDK improves Java performance through a number of optimizations, particularly in loops. Until recently, many optimizations worked only when the loop index was an int variable. This article shows how the HotSpot virtual machine was upgraded to add the same optimizations for long variables. The article covers particularly out-of-bounds checking (also called range checks).

      • Red HatExplore GitOps with Red Hat at ArgoCon 2022 | Red Hat Developer

        Tech conference season is kicking into gear, and Red Hat Developers is ready for it! We are excited to be a diamond sponsor of the upcoming ArgoCon 2022 in September. We will deliver a keynote session about the future of DevOps and GitOps in person at the Computer History Museum in San Francisco. Registration for the virtual event is complimentary.

      • Enterprisers Project7 ways CIOs can prepare today for the future of work | The Enterprisers Project

        As leaders, we are constantly striving toward further innovation in our organizations. We aspire to be the “go-to” person for questions about change and the guiding light for embracing new solutions ‒ all the while keeping our humility and knowing when to lean into our resources for support.

        With technology evolving faster than ever, here are seven things you can implement today to improve your leadership game and prepare your teams for the future of work.

    • Debian Family

      • CNX SoftwareRobustel industrial IoT gateways run Debian-based OS, offer 5G, 4G LTE, LoRaWAN connectivity - CNX Software

        Robustel has launched three Arm-based industrial IoT gateways namely the EG5100, EG5120, and LG5100 that offer 5G, 4G LTE, and/or LoRaWAN connectivity, and runs Debian 11-based RobustOS Pro Linux operating systems

        The edge gateways also feature two Ethernet ports, two RS232/RS485 ports for connection to industrial devices, digital inputs and outputs for simple monitoring and control, and support a wide 9 to 60V DC power input through a 2-pin terminal block.

        [...]

        Both the Cortex-A7 and Cortex-A53 models run RobustOS Pro Linux distribution based on Debian11 (Bullseye) and support for Docker-based applications.

      • TailsTails 5.4 is out

        Harden several aspects of our Linux kernel.

        [...]

        Automatic upgrades are available from Tails 5.0 or later to 5.4.

    • Canonical/Ubuntu Family

      • Its FOSSLinux Mint Release Cycle: What You Need to Know - It's FOSS

        Linux Mint is an Ubuntu-based distribution. You probably already know that.

        Ubuntu releases a new version every six months but Linux Mint doesn’t follow the six-monthly release pattern.

        Linux Mint uses the Ubuntu LTS (long term support) version as its base. An LTS version of Ubuntu is released every two years and hence you also get a major Mint version every two years (Mint 19, 20, 21, etc).

        Like the Ubuntu LTS versions, a major Linux Mint version is also supported for five years. Although, there are three point releases in between (Mint 20.1, 20.2, 20.3).

        Compared to Ubuntu, how long does Linux Mint receive updates? When should you expect an upgrade for Linux Mint? Should you upgrade when a new version is available?

        Here, let me highlight all these necessary details regarding the release cycle of Linux Mint.

      • UbuntuOpen-source storage for beginners with Ceph | Ubuntu

        Modern organisations have become reliant on their IT capabilities, and at the heart of that infrastructure is a growing need to store data. Be it transactional databases, file shares, or burgeoning data lakes for business analytics.

        Traditionally, storage needs have been catered to by big iron hardware vendors, but over the last decade, more and more organisations have turned to open-source solutions such as Ceph running on commodity hardware. In this post we will introduce Ceph, and some of the reasons why organisations choose it.

        [...]

        The main advantage of Ceph is that it provides interfaces for multiple storage types within a single cluster, eliminating the need for multiple storage solutions or any specialized hardware, thus reducing management overheads. A typical cluster is built with standard servers, and two Ethernet networks, one for client access, and one internal to the cluster.

    • Devices/Embedded

      • CNX SoftwareODROID-Go Ultra portable gaming console and devkit coming soon with Amlogic S922X SoC - CNX Software

        The Korean company’s adventure with portable gaming consoles started with the ESP32-based ODROID-Go to celebrate its 10th birthday in 2018. At the time it looked like a side project, but the console was popular enough that they released their first Linux handheld game console with the ODROID-Go Advance (OGA) in 2019, and then the ODROID-Go Super (OGS) in 2020 with a larger 5-inch display, and both equipped with a Rockchip RK3326 quad-core Cortex-A35 processor. The new ODROID-Go Ultra is based on the same design as the OGS model, but with a serious jump in performance, and the ability to support more demanding emulators.

        [...]

        A few developers will get their hands on samples next week, and mass production is scheduled to start later on with sales and shipping expected to start in October 2022 with the ODRODI-Go Ultra going for $111.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • MedevelLiso App Is An Open-source Decentralized Private Data Vault

      Liso is a free open-source decentralized password manager that goes beyond keeping your password safe in a secure vault. It helps you keep a record of all of your private data information secured.

      The project is written by Oliver Martinez who is an open-source developer and enthusiast.

      Liso is primarily written in the Dart language and Flutter framework.

    • Web Browsers

      • Mozilla

        • Tech TimesFirefox Ditches 104 for New 105 Update: Beta Testing Shows No Blocker Bugs for Linux | Tech Times

          Firefox is letting go of its previous 104 for the new Mozilla Firefox 105. The newer web browser has already been released to the beta channel for public testing and shows no blocker bugs and more improvements when run on Linux.

          [...]

          According to the story by 9to5Linux, with Mozilla letting go of Firefox 104, Firefox 105 has been released to the beta channel for "public testing, early adopters, and bleeding edgers." It was noted that the new browser also brings back something that was long anticipated.

    • Programming/Development

      • KDABThe Future of KDAB CI - KDAB

        For years, we at KDAB have been using Buildbot as our build and continuous integration system. Gerrit hosts all our projects and is our code review platform. Our deployment of Buildbot and build machines has naturally grown over the years. It builds hundreds of configurations and up to a thousand builds daily, but issues with reliability and quality of service called for a major restructuring. Over the past year, we gradually developed and migrated to new infrastructure and, once that was in place, we were finally able to add some long-awaited features.

      • Medevel16 Open-source Starters and Boilerplate for Building Your SaaS Project

        SaaS or Software as a service, is a software delivery model over the internet which saves the user the cost of installing, configuring and using the software, on their machines.

        The most popular example for SaaS is Gmail, the Google email service, Google Drive, Microsoft Office 365, Dropbox, and several web-based CRM, ERP, and others.

        But the most popular and daily used SaaS platform is Netflix which is basically a SaaS company that follows a subscription model to deliver movies, and TV series on demand.

        SaaS by default supports multiple customers, subscription plans, and often come with a payment gateway to manage paid subscriptions, and several other tools.

      • LWNA fuzzy issue of responsible disclosure [LWN.net]

        Fuzz testing is the process of supplying a program with random inputs and watching to see what breaks; it has been responsible for the identification of vast numbers of bugs in recent years — and the fixing of many of them. Developers generally appreciate bug reports, but they can sometimes be a bit less enthusiastic about a flood of reports from automated fuzzing systems. A recent discussion around filesystem fuzzing highlighted two points of view on whether the current fuzz-testing activity is a good thing. Filesystem code must accept input from two different directions. On one side is the system-call interface used by applications to work with files. Any bugs in this interface can have widespread implications ranging from data corruption to exploitable security vulnerabilities. But filesystem code also must deal with the persistent form of the filesystems it manages. On-disk filesystem representations are complex data structures that can become corrupted in a number of ways, ranging from hardware errors or filesystem bugs all the way to deliberate manipulation by an attacker.

        Crashing when presented with a corrupted filesystem image is considered poor form, so filesystem developers generally try to keep that from happening. But it is hard to envision all of the ways in which a filesystem image can go wrong, especially if the corruption is created deliberately by a hostile actor. Many of our filesystems have their roots in a time when malicious filesystem images were not something that most people worried about; as a result, they may not be entirely well prepared for that situation. For this reason, allowing the mounting of untrusted filesystem images is generally seen as a bad idea.

      • Python

        • The Register UKPython tops programming love list but for jobs, learn SQL ● The Register

          Once again, Python is at the top of the IEEE's annual survey of popular programming languages – seemingly decided by a grab bag of metrics – while SQL appears to be a crucial skill.

          When it comes to popular languages, the survey found Python topped the list, followed by three flavors of C (original, ++ and #), Java, SQL, and JavaScript. Beyond those seven, and popularity drops quickly: R, the next most popular programming language, more than half as popular as its closest rival.

          As we noted last year, Python's presence atop the list is atypical, as JavaScript regularly leads lists of popular languages from other sources, such as Stack Overflow, whose 2021 and 2022 Developer Survey reports both have JavaScript in pole position, followed by HTML/CSS, SQL, Python and Typescript.

          In 2021, IEEE Spectrum allowed users to apply their own weightings to the report to see different results, but decided not to include such a feature this year. Spectrum said it made the choice because few people were using it, and that the "giant ball of floating-point math" in browsers messed up the figures.

        • LWNFrom late-bound arguments to deferred computation, part€ 1 [LWN.net]

          Back in November, we looked at a Python proposal to have function arguments with defaults that get evaluated when the function is called, rather than when it is defined. The article suggested that the discussion surrounding the proposal was likely to continue on for a ways—which it did—but it had died down by the end of last year. That all changed in mid-June, when the already voluminous discussion of the feature picked up again; once again, some people thought that applying the idea only to function arguments was too restrictive. Instead, a more general mechanism to defer evaluation was touted as something that could work for late-bound arguments while being useful for other use cases as well.

        • IEEETop Programming Languages 2022
      • Rust

  • Leftovers

    • Hardware

    • Security

      • PowerDNSSecurity Advisory 2022-02 for PowerDNS Recursor up to and including 4.5.9, 4.6.2, 4.7.1

        Today we have released PowerDNS Recursor 4.5.10, 4.6.3 and 4.7.2 due to a medium severity issue found. The security advisory only applies to Recursors running with protobuf logging enabled.

        Please find the full text of the advisory below.

        [...]

        The source tarballs (4.5.10, 4.6.3, 4.7.2) and signatures (4.5.10, 4.6.3, 4.7.2) are available from our download server. Patches are available at patches. Packages for various distributions are available from our repository.

      • Bluetooth + Electrical switchgear | Pen Test Partners

        The ongoing rapid growth of Industrial IoT (IIoT) across all business sectors continues to bring to focus the discrepancies that exist between the approaches to safety and cyber-security on safety critical sites.

        Safety has been culturally ingrained into all aspects of industrial site operations for a long time, but cyber-security is still so often seen as an afterthought that is then bolted on (or not bolted on at all in some cases!)

    • Finance

      • LWNTornado Cash and collateral damage [LWN.net]

        Tornado Cash is (or was) a service for mixing cryptocurrency in order to provide privacy protection for the owners. While transactions on cryptocurrency blockchains are pseudonymous, the parties are only identified by public keys, there are ways to trace the transactions and to associate individuals with their holdings. Early on, one of the attractions of Bitcoin was its anonymity, but that turned out to be illusory. Cryptocurrency mixers provide a means to restore some level of anonymity to the system.

        Mixers (or "tumblers") work by collecting up a bunch of deposits, which get coalesced into larger chunks over a random period of time, then doling out portions of that chunk as withdrawals at a later time. Naturally, a percentage of the deposits (1-3% normally) typically stay with the service as profit. Because the deposits and withdrawals are not synchronized in time, users can break the link between a particular chunk of cryptocurrency and their holdings. Privacy-conscious users presumably change the patterns of their withdrawals by using differing amounts than those of the deposits to further obfuscate any links.

        Someone who wants to donate to a cause that might be unpopular with some nation-states (say, money for Ukraine) might use a mixer to avoid problems from a donation being traced back to them. Of course, there are others who want privacy for less savory reasons: criminals of various sorts. It seems clear that mixers are used for money laundering, but many tools, perhaps all, can be used for both good and ill. Typically, however, tools are not prosecuted (or sanctioned), people are.

        There is a point at which any anonymity or pseudonymity generally must be shed due to existing anti-money-laundering protocols. In particular, when someone wants to turn their cryptocurrency into, say, US dollars (or any other real currency), they have to work with a financial organization that is subject to the "know your customer" (KYC) guidelines/rules. The financial organization will gather identity information from its customers establishing a link between a given address and a person. That is one of the prime reasons a criminal might want to mix their ill-gotten gains before a withdrawal, but there are perfectly legitimate reasons for others to do so.

  • Gemini* and Gopher

    • Politics

      • Why You Should Hone Your Firecraft

        The odds are that most of you are level 1 noobs at firecraft. Have you ever lit your own fire with a lighter or a match? Have you ever lit a fire with a striker? Have you started a fire with a primitive bow drill? You ought to learn how to do one of those skills in order to increase your real world firemaking level.

        You question why you should waste your time on such a cave dweller process. Such Stone Age mentalities are best left in the past, you think. You are secure in the present and you believe in the future. While there is truth in what you think, there is also a cold hard truth you neglect: essentially all societies and civilizations collapse. Are you prepared for if and when they do? Will you overcome the frost with the flame?

    • Technical

      • Science

        • On Keeping Gimmicks Out of the Classroom

          Having resisted all manner of education gimmicks and fashions that have been thrust at me by well meaning college managers, it was refreshing to read this piece written by renowned undergraduate textbook writer and educator, David Griffiths. Published in the Institute of Physics magazine Physics World, Griffiths reminds us that Physics sells itself to students if presented honestly...

          [...]

          The point is made that any new approach to teaching will produce measurable improvements, but only because of the enthusiasm of the practitioner. Infectious enthusiasm is most likely the key, and not all teachers have that, so maybe the gadgets help these classes. But I'm not convinced.

      • Programming

        • Backing up online documentation, part 2

          Then generate server.crt and server.key with mkcert. However, what I'm interested in is automatically redirecting to the offline version if I visit the site in my browser. Fortunately, there is a very simple solution for this using the Redirector addon.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

The World's 'Richest Country' Chooses GNU/Linux
This has gone on for quite some time
Apple's LLM Slop Told Us Luigi Mangione Had Shot Himself, BetaNews Used LLMs to Talk About a Dead Linus Torvalds
They can blame it on some bot
Technology: rights or responsibilities? - Part XI
By Dr. Andy Farnell
GNU/Linux and ChromeOS in Qatar Reach 4%, an All-Time High
Qatar has money to spend, but not much of it will be spent on Microsoft, or so one can hope
This 'Article' About "Linux Malware" is a Fake Article, It's LLM Slop (Likely Spewed Out by Microsoft Chatbot)
They're drowning out the Web
 
Links 23/12/2024: 'Negative Time' and US Arms Taiwan Again
Links for the day
Links 23/12/2024: The Book of Uncommon Beings, Squirrels, and Slop Ruining Workplaces
Links for the day
Links 23/12/2024: North Korean Death Toll in Russia at ~1,100, Oligarch Who Illegally Migrated/Stayed (Musk) Shuts Down US Government
Links for the day
Richard Stallman on Love
Richard Stallman's personal website includes a section that lists three essays on the subject of love
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024
Links 22/12/2024: Election Rants and More Sites Available via Gemini
Links for the day
Links 22/12/2024: North Pole Moving and Debian's Joey Hess Goes Solar
Links for the day
Early Retirement Age: Linus Torvalds Turns 55 Next Week
Now he's almost eligible for retirement in certain European countries
Gemini Links 22/12/2024: Solstice and IDEs
Links for the day
BetaNews: Microsoft Slop is Your "Latest Technology News"
Paid-for garbage disguised as "journalism"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 21, 2024
IRC logs for Saturday, December 21, 2024
Links 21/12/2024: EU on Solidarity with Ukraine, Focus on Illegal and Unconstitutional Patent Court in the EU (UPC)
Links for the day
[Meme] Microsofters at the End of David's Leash
Hand holding the leash. Whose?
Deciphering Matt's Take on WordPress, Which is Under Attack From Microsofters-Funded Aggravator
the money sponsoring the legal attacks on WordPress and on Matt is connected very closely to Microsoft
Gemini Links 21/12/2024: Projections, Dead Web ('Webapps' Replacing Pages), and Presentation of Pi-hole
Links for the day
American Samoa One of the Sovereign States Where Windows Has Fallen Below 1% (and Stays Below It)
the latest data plotted in LibreOffice
[Meme] Brian's Ravioli
An article per minute?
Links 21/12/2024: "Hey Hi" (AI) or LLM Bubble Criticised by Mainstream Media, Oligarchs Try to Control and Shut Down US Government
Links for the day
LLM Slop is Ruining the Media and Ruining the Web, Ignoring the Problem or the Principal Culprits (or the Slop Itself) Is Not Enough
We need to encourage calling out the culprits (till they stop this poor conduct or misconduct)
Christmas FUD From Microsoft, Smearing "SSH" When the Real Issue is Microsoft Windows
And since Microsoft's software contains back doors, only a fool would allow any part of SSH on Microsoft's environments, which should be presumed compromised
Paywalls, Bots, Spam, and Spyware is "Future of the Media" According to UK Press Gazette
"managers want more LLM slop"
Google Has Mass Layoffs (Again), But the Problem is Vastly Larger
started as a rumour about January 2025
On BetaNews Latest Technology News: "We are moderately confident this text was [LLM Chatbot] generated"
The future of newsrooms or another site circling down the drain with spam, slop, or both?
"The Real New Year" is Now
Happy solstice
Microsoft OSI Reads Techrights Closely
Microsoft OSI has also fraudulently attempted to censor Techrights several times over the years
"Warning About IBM's Labor Practices"
IBM is not growing and its revenue is just "borrowed" from companies it is buying; a lot of this revenue gets spent paying the interest on considerable debt
[Meme] The Easier Way to Make Money
With patents...
The Curse (to Microsoft) of the Faroe Islands
The common factor there seems to be Apple
Electronic Frontier Foundation Defends Companies That Attack Free Speech Online (Follow the Money)
One might joke that today's EFF has basically adopted the same stance as Donald Trump and has a "warm spot" for BRICS propaganda
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 20, 2024
IRC logs for Friday, December 20, 2024
Gemini Links 21/12/2024: Death of Mike Case, Slow and Sudden End of the Web
Links for the day