About a month ago Debian opened up a vote on the inclusion of non free firmware in their installer and recently that vote closed and the developers voted yes on the inclusion, but not on the result that I expected.
In this video, I talk about a very important topic that doesn't get discussed as much as it should, especially regarding individual desktop computer users. And that topic is File Naming Conventions, which are frameworks to help guide you in giving your files more descriptive names that make them easier to identify, search, sort, etc.
In this video, I am going to show an overview of Parrot 5.1 Security Edition and some of the applications pre-installed.
Today we will return to our Thursday live show and talk about random topics and some future channel directions.
At the 2022 Linux Security Summit Europe (LSS EU), Gustavo A. R. Silva reported in on work he has been doing on "flexible" arrays in the kernel. While these arrays provide some ... flexibility ... they are also a source of bugs, which can often result in security vulnerabilities. He has been working on ways to make the use of flexible arrays safer in the kernel.
Silva has a background in embedded systems, working with both realtime operating systems (RTOS) and embedded Linux. For the last six years, he has has been working as an upstream kernel engineer. He collaborates with the Kernel Self Protection Project (KSPP) and the Linux kernel division of the Google open-source security team.
For better or worse, C is the lingua franca in the world of kernel engineering. The core logic of the Linux kernel is written entirely in C (with a bit of assembly), as are its drivers and modules. While C is rightfully celebrated for its powerful yet simple semantics, it is an older language that lacks many of the features present in modern languages such as Rust. The BPF subsystem, on the other hand, provides a programming environment that allows engineers to write programs that can run safely in kernel space. At the 2022 Linux Plumbers Conference in Dublin, Ireland, Alexei Starovoitov presented an overview of how BPF has evolved over the years to provide a new model for kernel programming.
The Human Interface Device (HID) standard dates back to the Windows 95 era. It describes how devices like mice and keyboards present themselves to the host computer, and has created a world where a single driver can handle a wide variety of devices from multiple manufacturers. Or it would have, if there weren't actual device manufacturers involved. In the real world, devices stretch and break the standard, each in its own special way. At the 2022 Linux Plumbers Conference, Benjamin Tissoires described how BPF can be used to simplify the task of supporting HID devices. Most devices, he began, will work just fine with the kernel's generic HID drivers. That still leaves quite a few that present problems — behavioral quirks that require a special driver to address. Most of the time, that driver need only make a few tweaks to the "report descriptor" provided by the device. This descriptor, the format of which was defined in 2001, describes the exact protocol a device speaks and which capabilities it offers. The kernel contains a long list of tiny drivers that do little beyond tweaking a device's report descriptor to make it adhere to the standard; see drivers/hid/hid-sigmamicro.c for an example. Others, only slightly more complex, will modify input events upon receipt from the device; drivers/hid/hid-ezkey.c shows that type of manipulation.
A bug in version 5.19.12 of the Linux kernel "may harm" screens on laptops powered by Intel's 12th-generation Core processors.
The Alder Lake family of chips are significantly different from earlier Intel generations, and this has caused previous problems in the open source kernel, though those were relatively modest performance degradation. This latest glitch is a bit more serious, causing displays to flash and fail to work.
Linux users have reported seeing weird white flashes and rapid blinking on their Intel laptop displays after upgrading to Linux kernel version 5.19.12, leading to warnings that the bug may damage displays.
For desktop Linux users, updating to a new Linux kernel typically carries relatively small, contained risks: wonky drivers, GRUB pain, maybe a full wipe and reinstall. For one subset of laptop owners on rolling release distributions, however, kernel version 5.19.12 could cause actual LCD screen damage.
NVK is a new open-source Vulkan driver for NVIDIA Graphics hardware and aims to be the new go-to graphics driver.
This was made possible in part due to Nvidia releasing open-source GPU kernel modules for its data center GPUs and consumer cards (GTX/RTX).
Keeping a tab on your SSL certificates is a crucial part of a sysadmin's job.
There are various ways to do it. You can use a monitoring service like Checkmk to monitor the certificates or you can use the good old openssl command for this purpose.
In this guide, I'll explain to you how to use the openssl command to check various certificates on Linux systems.
Redmine is free and open-source project management and issue-tracking tool. Its web-based application software, mainly written in Ruby on Rails.
Java is a programming language. Java is portable, which means you can make your code run on different types of computers without having to rewrite it. It’s also object-oriented, which means that it enables programmers to write reusable software components.
Cockpit is a free, open-source web-based admin GUI. It’s modular and extensible to meet your specific needs, with many customization options.
Cockpit is released under the MIT license and is completely free to use on any project. There are no limitations to how many projects you can host, but note that your ISP may limit the number of open ports you can run in order to handle high volumes of traffic, which could cause performance issues. If you’re unsure about hosting Cockpit on your website, chat with your host provider or support for more information about this. If you want to host Cockpit yourself, we recommend using Haproxy or a similar in-memory load balancer, which can handle a large number of simultaneous client requests without affecting your server’s performance.
Cockpit was born out of the necessity for an admin interface for Redis that could be used as a central point for the configuration, support, and migration of Redis clusters. It is meant to allow administrators to make changes from a familiar GUI environment.
With the rise of online gaming and streaming, the use of RGB lighting on desktop peripherals is trending on the Internet. Most of the RGB lighting comes with a configurable interface that allows you to change the brightness, lighting pattern and more with a desktop application. Typically, these applications only work on Windows, with little to no support for Linux. Thankfully, due to the hard work of some independent developers, there are now Linux apps to control RGB lighting.
In this tutorial, I will show you how to set up a Proxy on Ubuntu, from the Settings app, and the CLI.
Portainer has been my favorite container management platform for some time. It offers every feature I need to make working with containers a breeze.
Portainer was originally built for Docker, and with the rootless nature of Podman, Portainer had some serious issues and wouldn’t deploy. However, Podman can be run as either root or non-root, so it is actually possible to deploy the Portainer GUI for the Podman runtime.
Let’s learn the commands to install the simple Deepin terminal app on Ubuntu 22.04 LTS Jammy Jelly Fish to replace the default Gnome terminal.
Deepin Terminal is an open source and created by Deepin Technology, the developers behind the Linux OS. The key thing which attracts the user to the Deepin terminal emulator is its simple interface with useful functions. It offers a tabby interface where you can create more workspaces just like we do in browsers. Further, we can create customized keyboard shortcuts for running different commands. For example, you don’t want to write a system update command to run it manually, every time, then set a keyboard shortcut for it. After that, every time you just need to press that shortcut and the terminal will automatically execute the update command.
For those who don’t know Deepin is a Linux distribution based on Debian. It uses its desktop environment and focuses on an elegant design. The reference to macOS is not to be overlooked – which combines the best of both worlds for Linux users. However many of us are intrigued with the applications of Deepin but do not want to install the OS completely on our system. If such is the case and you like the Deepin Terminal then in this article we discuss how to install it on Ubuntu Linux systems.
Replace your default Gnome terminal by installing the Hyper Terminal app on Ubuntu 22.04 LTS Jammy JellyFish for more features and customization options.
Hyper is an Electron-based Terminal emulator with a number of customization options, and that is your first priority, Hyper Terminal should be the best choice for you. Built with HTML, CSS, and JavaScript this terminal app is more suitable for developers, and also has support for plugins to increase the productivity of the program.
You can find a number of plugins in the Hyper Repository, and I am sure you will definitely find some of them useful for you. With support for ZSH, you can actually change the complete look and feel of the emulator and the support for various themes in some way or another can increase your productivity and workflow. Just give Hyper Terminal a try to unleash the full potential of a Terminal emulator.
Apache ShardingSphere's new elastic migration feature lets you move data from a single database to a distributed database in an SQL-like manner.
sysPass is a free, open-source, and PHP-based password management tool used to save your passwords in a safe location.
We use a Raspberry Pi, a Pi Pico, and a smartphone to communicate over Bluetooth.
Because the Raspberry Pi comes with both WiFi and Bluetooth, most programs choose to rely on WiFi, with Bluetooth being more of a wallflower. However, the Pi Pico mixes things up and makes Bluetooth a desirable option.
Bluetooth should be a familiar technology by way of your smartphone, and this topic has been investigated for the Raspberry Pi in a previous article [1], so I will be sticking to the bare minimum in terms of the basic technology in this article. The focus here is on various scenarios in which the Raspberry Pi, Pi Pico, and smartphones use Bluetooth to communicate. The Pico stands in for almost any microcontroller, as long as it supports serial communication.
And here comes a new challenger. Developer “ultimaweapon” has released a brand new Playstation 4 emulator for the PC (for both Windows and Linux), called Obliteration. Obliteration is currently in a very early state, and cannot run any commercial games. However, you can find a video demonstration (as well as a download link) for it below.
We bring you three brand-new videos showcasing what the Godot Engine can do. As always we have separate videos for games targeting desktop/console and games targeting mobile devices. This year we are proud to introduce a new category called "Apps & Tools" to highlight non-game creations made with Godot. This is a field that has been growing a lot, so we wanted to shine a light on the great projects released or under development.
Many of our core contributors and maintainers voted to make the final list in each category, and this year was particularly hard. There were way too many good projects, and we couldn't include them all to keep the videos at a reasonable length and pace – but don't be discouraged if your entry didn't make it, we’ll have more opportunities to showcase great projects, including next year’s showreels.
Forum member don570 introduced me to SuperTuxKart. I never played it before. STK is a 3D arcade racing game, runs very well on my Lenovo Ideacentre PC
Beacon Pines is a cute, suspenseful, visual novel with interesting storytelling devices, developed by Hiding Spot and published by Fellow Traveler. It runs great on Linux with Proton.
If you adore hectic racing games, death-defying first person shooters, entertaining arcade classics, or nervy tower defense games, this article might not up your street. Here we’re covering turn-based strategy games that require intelligence, and the ability to come up with an innovative plan that will leave the competition mesmerized. As the title indicates, we are covering a genre where players take turns when playing, strategically seeking to outsmart the enemy.
Many of the biggest computer games concentrate on explosion-filled genres. But there is a place for high quality turn-based strategy games. It’s a neglected genre in the mainstream, yet contains many marvelous titles. The genre might conjure thoughts of board games with dice and individualized pieces. But, now, they can use the latest technology to make more realistic and immersive experiences.
There are a vast range of open source games in this field. Turn-based strategy games lend themselves remarkably to open source development. This genre doesn’t need armies of artwork or computer modelling. Games of this type also have fairly modest system requirements, and gives gamers time to get to grips with the controls even if it can take many hours to learn all of the intricacies. You can sit back, strategize, and take a breath, considering all options before making a move. So if you’re looking for a change of pace, check out the following games.
Hardkernel’s ODROID-Go Ultra is a handheld game console with a 5 inch display, an Amlogic S922X processor, 2GB of RAM and 16GB of eMMC storage plus a microSD card reader for additional storage.
First announced in August, the handheld game console ships with an Ubuntu-based operating system and software designed for emulation. It’s now available for purchase for $111 and comes in a choice of “dim gray” or transparent “clear white” color options.
After two days of talks we have moved to a week of BoF sessions. (I’m not a fan of the term BoF but I’ve never managed to think of anything better.) Here’s some notes I made incase anyone is interested.
The big news is the Frameworks 6 session had some Plasma people there too and voila we have a plan for 6. Most Frameworks and even most Plasma is already working with Qt 6. So the last Frameworks 5 release is due in December and then work will happen to finalise the porting to Frameworks 6 and once that’s solid releases will start again using Qt 6. And for Plasma we’ll make a final Plasma 5 release at the start of next year versioned 5.27. That will be LTS so we’ll stop the 5.24 LTS releases and make further 5.27 releases as long as they are useful. The finalising of the porting to Qt 6 will start in January and we’ll schedule a release whenever that becomes practicle which should be not too far into 2023.
A sizeable update to the (really rather indispensable, imho) Extension Manager app is rolling out on Flathub.
Not heard of this nifty desktop tool before? It lets you install, configure, and manage GNOME extensions without needing to involve a web browser or any “connector” packages. Just install the Extension Manager and that’s it, you’re good to go.
The new Extension Manager 0.4 update intros a “full adaptive mobile-friendly user interface”, which is ideal if you regularly resize the app during use, as well as overhauled error and crash reporting; and support for the new gnome-extensions:// URL scheme.
You’ll notice that the toggle switch to disable all extensions has been moved out of the header bar. It now sits at the top of the “installed” view.
Days ago, I installed EndeavourOS on my Linux machine, and I was impressed by the speed, the smooth installation process, and the overall performance. But it comes with a cost, and that's because it is not for everyone.
But foremost, let's see how amazing it is before we dive into its problems.
EndeavourOS is an Arch Linux-based distro, that offers a great user experience, as its successor (Antergos Linux), as it provide an easy to install system, pre-configured environments, and several official and community-based variations with different desktop environments.
risiOS aims at making Fedora easy to use for everyone. Here's everything you need to know about it.
Fedora Workstation has become an easy-to-use, well-supported version of Linux. If you just want an operating system for your computer that shows you some of the best of what free and open-source software has to offer, Fedora Linux is an easy recommendation.
But there are some areas where new users may encounter some friction. Why do some video files fail to load? Where are all the apps? risiOS is a Fedora-based alternative distribution that takes care of most of these issues for you. For some, that makes risiOS an even easier recommendation.
Fedora Hatch Cork was a small, local one day mini-conference. Fedora Project contributors were welcome to attend, learn about the project and connect with other contributors. There were several Fedora-related sessions, followed by a social activity in the evening. The event was held in the Red Hat office in Cork which was recently renovated.
The day opened with an icebreaker event called “Faces”. Attendees paired up with somebody nearby and swapped sheets of paper to draw a feature of the person they swapped with, starting with the eyes. It was a great exercise to meet new people at the event. It also allowed me to absolutely butcher some peoples’ great drawings!
This second article continues a series discussing Kubernetes storage concepts. I will define the concepts of volumes, persistent volume claims, and storage classes, and why they should matter to a developer. I will also explain how persistent volumes and storage provisioners enable system administrators to manage storage for a Kubernetes cluster while offering developers self-service to storage. You will also discover the special abilities of stateful sets.
This article is the third and final part of the series about Kubernetes storage concepts. I will explain how Container Storage Interface (CSI) drivers enable advanced storage features necessary for production environments and CI/CD pipelines. This article also underscores the need for storage products designed for Kubernetes versus storage designed for traditional physical and virtual data centers or Infrastructure-as-a-Service (IaaS) clouds.
The pandemic was difficult to navigate for most of us, but if we can try to identify something positive that transpired as a result, it allowed (or forced) time for reflection and re-evaluation.
Consider the millennial who felt stuck at a small company with no room for growth. Or the older generation of workers who thought they should retire early because the future was so uncertain and accepting a complete shift to digital felt daunting. For Gen Z, the prospect of never meeting managers or colleagues – because of virtual interviews and remote jobs – was foreign and left some without a sense of belonging.
Not only were we physically absent from workspaces, but many of us also struggled mentally with the sudden, enormous changes to our daily routines and goals. It became a time of contemplation, where many professionals began reassessing their careers (and lives). And the realization for many? They felt stuck.
This article is the first in a series that explains Kubernetes storage on a high level. In the series, I provide information for a programmer or software architect to decide which types of storage meet the requirements for their applications running on Kubernetes. This series provides links to help you go deeper into your chosen technologies but does not dig into YAML syntax or Kubernetes APIs. Whether a novice or experienced with Kubernetes, this overview can guide you toward a storage architecture that is right for your application.
API discoverability is a key aspect of any API management initiative. The discoverability of an API directly impacts its adoption and usage. A typical big enterprise with multiple development teams might build hundreds of APIs that they would want to reuse internally or share with partners that build complementary applications. If the teams cannot discover existing APIs, they might build a new API with the same functionality, which leads to duplication of efforts and underutilization of the existing API. It is also an unscalable practice to contact the API developer each time someone wants to use the API.
There needs to be a better and more hands-off way for internal teams and partners to discover and understand the usage of these APIs without directly contacting the developers who built them. API discoverability does not just mean making it easy to find an API by providing an inventory (though this is the first and most important step you should take). It should also address some key aspects that are important for an API consumer, such as understanding the API through documentation, request and response format, sign-up options, and the business terms and conditions (in case of a partner) of using the API.
Rocky Linux steps into the breach left by CentOS with a community-based alternative to RHEL.
Red Hat Linux bought CentOS in 2014, but largely ignored it for years. Essentially, CentOS was the community version of Red Hat Enterprise Linux (RHEL), both deriving from Fedora. Then, in December 2020, Red Hat announced that CentOS would be discontinued, and it would be replaced by CentOS Stream. Within days, Rocky Linux (Figure 1), named for CentOS cofounder Rocky McGaugh, was announced [1]. Four months later, Rocky Linux released its first version. Like CentOS, it offers a community-based alternative to Red Hat.
Overall, lifetime earnings are significantly higher in advanced economies and in occupations with high education requirements. On average, individuals in both these cases start their working life with relatively high entry-level skills compared to individuals in less developed economies and in occupations with lower education requirements. As a result, work experience plays a bigger role in the lifetime earnings of individuals in less developed economies and in occupations with lower education requirements.
Building a technology adoption strategy is key to achieving business goals and maximizing value from technology. While building such a strategy, some barriers need to be addressed to drive more effective technology adoption. In this post, we discuss these barriers and how we might overcome them.
Canonical has introduced a free tier to Ubuntu Pro which is aimed at personal use and small-scale deployments.
Ubuntu Pro subscription (formerly known as Ubuntu Advantage) was originally offered to enterprises for providing them with extended security maintenance updates to Ubuntu LTS releases for an extra 5 years of updates.
The free tier has been made available in public beta.
Canonical has launched free Ubuntu Pro subscriptions for individuals and small companies for up to five machines, enabling anybody to get longer-term support and features that were only reserved to paying enterprise customers so far.
Canonical provides Ubuntu for free with LTS versions released every two years and supported for 5 years. The latest Ubuntu 22.04 LTS was released in April 2022, meaning it will be supported until April 2027. But if you’d like to get 10-year support and extra security features you can now do it for free through an Ubuntu Pro subscription for up to 5 machines.
Canonical has opened up its previously paid-for Ubuntu Pro update service. Now it's free of charge for up to five physical boxes.
The announcement only applies to Long Term Support releases. All you need is a free Ubuntu One account to sign in and obtain a token.
If you connect your machines to Ubuntu Pro, they get Extended Security Maintenance coverage, meaning that the normal five years of software updates is extended to 10 years. The free offer also includes the company's Livepatch service, which can install critical kernel updates without rebooting the machine. This is potentially very useful for busy servers, for which scheduling a maintenance window and downtime can be tricky, but it's less important for desktop machines.
For servers, as long as the physical host system is running Ubuntu, all Ubuntu virtual machines on that server are also covered. Machines can be attached to Ubuntu Pro from the command line with pro attach or in the GUI via Ubuntu's Software & Updates app, under the Livepatch tab.
I have now rebuilt the Chrome SFS, to also run as spot in a container. This is file 'chrome_105.0.5195.102-1_amd64.sfs', where the "-1" is the revision number. You can download via the "sfs" icon.
Upgrading of SFS files is not really properly implemented. If you already have Chrome SFS installed, and running in a container, go to the menu "Filesystem -> Easy Containers" and there is a choice to delete the Chrome container. Then, click on "sfs" to install the new one.
The PostgreSQL Global Development Group announces that the second release candidate of PostgreSQL 15 is now available for download. As a release candidate, PostgreSQL 15 RC 2 will be mostly identical to the initial release of PostgreSQL 15, though some more fixes may be applied prior to the general availability of PostgreSQL 15.
The planned date for the general availability of PostgreSQL 15 is still October 13, 2022, but may be pushed to October 20, 2022 based on what issues are reported. Please see the "Release Schedule" section for more details.
Linktree is a free hosted service that offers a rich landing page with member social personal, business, and portfolio links. Yet, it is not open-source, so here we present to you its open-source counterpart that you can self-host and use on your server.
LittleLink is a lightweight open-source landing page that you can deploy in moments using Docker on any of your servers.
LittleLink is a highly customizable app written primarily in JavaScript/ Node.js, React, and Express. It does not require any any database setup, and it can also be installed also using Kubernetes.
The CHERI architecture is the product of a research program to extend common CPU architectures in a way that prevents many types of memory-related bugs (and vulnerabilities). At the 2022 GNU Tools Cauldron, Alex Coplan and Szabolcs Nagy described the work that has been done to bring GCC and the GNU C Library (glibc) to this architecture. CHERI is a fundamentally different approach to how memory is accessed, and supporting it properly is anything but a trivial task.
Qt for MCUs 2.2.2 has been released and is available for download. As a patch release, Qt for MCUs 2.2.2 provides bug fixes and other improvements, and maintains source compatibility with Qt for MCUs 2.2.x. It does not add any new functionality.
This week is the last week of my GSoC period. Other participants may have ended earlier, but I got an extension of the deadline to one month later. Here’s some random words for my summer.
My whole GSoC period was very hurried and busy. Most of my contributions were not done during the summer, because I got a one-month training for ICPC during my summer holiday. Before the training started, I was thinking that I might be able to do both training and GSoC at the same time, but I was completely wrong. The eight-hour training left me with almost no spare time. Trying to do some contribution in the tiny gaps in my schedule, I was very stressed that month, and in the end, I did not make too much progress also. If there’s not an extension of the deadline, I would be facing a huge pile of unfinished work at the end of August, when training ends. So this is a lesson for me, and also a piece of advice for any GSoC contributors who come after me, that a GSoC project needs some time to finish, and having a well-planned schedule in advance is important.
I work on OpenJDK backports: taking a patch that was committed to a current version of JDK, and adapting it to an older one. There are four main OpenJDK versions that I am concerned with: the current version ("jdk"), 8, 11 and 17. These are all maintained in separate Git(Hub) repositories.
It's very useful to have access to the other JDKs when working on any particular version. For example, to backport a patch from the latest version to 17, where the delta is not too big, a lot of the time you can cherry-pick the patch unmodified. To do git cherry-pick <some-commit> in a git repository tracking JDK17, where <some-commit> is in "jdk", I need the "jdk" repository configured as a remote for my local jdk17 repository.
Maintaining completely separate local git repositories for all four JDK versions, with each of them having a subset of the others added as remotes, adds up to a lot of duplicated data on local storage.
For a little while I was exploring using shared clones: a local clone of another local git repository which share some local metadata. This saves on some disc space, but it does not share the configuration for remotes: so I still have to add any other JDK versions I want as remotes in each shared clone (even if the underlying objects already exist in the shared metadata)
Then I discovered git worktree. The git repositories that I've used up until now have had exactly zero (for a bare clone) or one worktree: in other words, the check-out, the actual source code files.
Recently Herb Sutter published cppfront, which is an attempt to create C++ a new syntax to fix many issues that can't be changed in existing C++ because of backwards compatibility. Like with the original cfront compiler, cppfront works by parsing the "new syntax" C++ and transpiling it to "classic" C++, which is then compiled in the usual way. These kinds of source generators are fairly common (it is basically how Protobuf et al work) so let's look at how to add support for this in Meson. We are also going to download and build the cppfront compiler transparently.
[...]
The compiler itself is in a single source file so building it is simple. The only thing to note is that we override settings so it is always built with optimizations enabled. This is acceptable for this particular case because the end result is not used for development, only consumption. The more important bits for integration purposes are the last two lines where we define that from now on whenever someone does a find_program('cppfront') Meson does not do a system lookup for the binary but instead returns the just-built executable object instead. Code generated by cppfront requires a small amount of helper functionality, which is provided as a header-only library. The last line defines a dependency object that carries this information (basically just the include directory).
As part of ongoing work on governance, Rust leadership jointly established a group, "leadership chat", consisting of the Core team, leads of all teams on the governance page, the Moderation team, and the project directors on the Rust Foundation board. This group has been serving as an interim governing body while efforts to establish the next evolution of Rust project-wide governance are underway.
The next version of the Linux kernel will include support for popular programming language Rust, it has been confirmed.
As reported by The Register (opens in new tab), Linus Torvalds, the creator of Linux, has now accepted a pull request that will bring Rust support to the kernel with version 6.1.
The idea is not to rebuild the entire kernel in Rust, but rather to complement the existing C codebase with new components written in the secondary language, helping to reduce the likelihood of memory bugs that lead to security vulnerabilities.
After months of waiting, Matter 1.0 is official and ready to make your connected life much easier. It’s a new industry standard designed to leave you with better connectivity with your smart home and other IoT devices. With Apple, Google, Amazon, and more bringing their smart home technologies together, smaller companies are also signing on to Matter. It promises to be very exciting for everyone using connected devices.
Wireshark, the world’s most popular and widely-used open-source and cross-platform network protocol analyzer, has been updated to version 4.0, a major release that adds support for new protocols and other changes.
Major highlights of the Wireshark 4.0 release include a more powerful display filter syntax with support for many new extensions, redesigned Conversation and Endpoint dialogs, updated main window layout with side by side Packet Detail and Packet Bytes sections underneath the Packet List pane, improved Hex dump imports, as well as faster and greatly improved MaxMind geolocation.
This release also introduces a new address type AT_NUMERIC that allows simple numeric addresses for protocols that don’t have a more common-style address approach, support for fake headers in the HTTP2 dissector to parse the DATAs of streams that are captured without first HEADERS frames of a long-lived stream, and support for Mesh Connex (MCX) in the IEEE 802.11 dissector.
Security updates have been issued by Debian (bind9 and nodejs), Red Hat (prometheus-jmx-exporter and squid), Slackware (dhcp), SUSE (pngcheck and sendmail), and Ubuntu (isc-dhcp, kitty, and linux-gcp-5.4).
Open source may be the most viable option for most companies today but it comes with its own set of problems too.
The roccat_report_event function in drivers/hid/hid-roccat.c has a use-after-free vulnerability identified as CVE-2022-41850 (CVSS score: 8.4). A local attacker might exploit this flaw to run malicious script on the system by submitting a report while copying a report->value . Patch has be released to addresses the Linux Kernel 5.19.12 vulnerability CVE-2022-41850.
Day by day, cybercriminals devise new ways to gain unauthorized access to and manipulate data belonging to others. To maintain their shady practices, they’ve perfected methods to operate unseen, taking advantage of weaknesses in web infrastructure. Everybody with an online presence can be a target, either for monetary or other similar gains.
Cybercrime can take many forms, targeting individuals and businesses across industry and geographical lines. And according to Statista, the cost of data breaches in the global healthcare sector alone between March 2021 and March 2022 amounted to over $10 million. There are similar figures in other industries, including technology, energy, research, finances, education, etc.
While many businesses have always maintained a significant online presence, many others have only recently transitioned to the web space in the wake of the COVID-19 pandemic. While this helps industries to move the business forward in a changing world, it also increases the number of potential targets for cybercriminals.
A remote attacker could exploitââ¬Â¯someââ¬Â¯of these vulnerabilities to take control of an affected system.
CISA released two (2) Industrial Control Systems (ICS) advisories on October 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
SLSA — which stands for Supply Chain Levels for Software Artifacts — is a framework designed to help organizations improve the integrity of their software supply chains. Along with automated testing tools, secure coding practices, and strong third-party software vetting, SLSA can be an important part of a comprehensive software supply chain security strategy.
This FOSSA article breaks down the various levels of the SLSA framework and provides examples to help organizations meet related requirements.
Andrey Konovalov began his 2022 Linux Security Summit Europe (LSS EU) talk with a bold statement: "fuzzing is useless". As might be guessed, he qualified that assertion quickly by adding "without dynamic bug detectors". These bug detectors include "sanitizers" of various sorts, such as the Kernel Address Sanitizer (KASAN), but there are others. Konovalov looked in detail at KASAN and gave an overview of the sanitizer landscape along with some ideas of ways to push these bug detectors further—to find even more kernel bugs.
Fuzzers are great for exercising new paths in the code, but without having some kind of bug detector, they typically end up causing some kind of hard-to-debug kernel crash, he said. The sanitizers and other bug detectors turn those bugs into something that can be tracked down—and fixed. These sanitizers make up a family of bug-detection tools. They were originally created for user-space applications, but were ported to the kernel and had a "K" prepended to their acronym. The AddressSanitizer (ASan) was not the first, but it became somewhat famous early on; others include the MemorySanitizer (MSan) and UndefinedBehaviorSanitizer (UBSan).
There are a number of advantages that the sanitizers have, which have led to their popularity. They are easy to use; for user space it is just an extra compiler flag and for the kernel a build configuration option needs to be enabled. Compared to other tools that provide the same features, the sanitizers are fast as well. They are also precise since all of the bugs they report are true bugs and not false positives; occasionally a false positive does arise, but it is caused by a sanitizer bug that promptly gets fixed, he said. In addition, the sanitizers provide detailed reports on what caused a bug, which makes it much easier to track them down and fix them.
Over the past few years, there has been quite a bit of progress in various kernel features that can be used to create containers without requiring privileges. Most of the containers these days run as root, which means that a vulnerability leading to an escape from the container can result in system compromise. Stéphane Graber gave a talk at the 2022 Linux Security Summit Europe (LSS EU) to fill in some of the details of work that he and others have been doing to run containers as unprivileged code.
The talk was slated to have two speakers, as Christian Brauner had planned to co-present; unfortunately, Brauner got caught up in the travel woes that plagued Dublin around the time of the conference and was at the airport waiting for his plane home at the time of the talk. The presentation was something of a follow-up to their talk on system-call interception for unprivileged containers at LSS North America back in June. Graber is the project lead for the LXC and LXD container projects, which we recently looked at; Brauner is a kernel developer and one of the LXC/LXD maintainers.
Access Now welcomes the U.S. White House Office of Science and Technology Policy’s (OSTP) Blueprint for an AI Bill of Rights and accompanying Fact Sheet announcing agency actions to help guide the design, development, and deployment of artificial intelligence (AI) and other automated systems so they protect the rights of the public.
“The AI Bill of Rights could have a monumental impact on fundamental civil liberties for Black and Latinx people across the nation, but conspicuously omits safeguards against other discriminatory impacts of AI systems that can exclude and vilify particular groups of people across the country,” said Willmary Escoto, U.S. Data Protection Lead at Access Now, who was present at the Blueprint launch. “The framework highlights the importance of data minimization, which Access Now steadily advocates for, while naming and addressing the diverse harms people experience from other AI-enabled technologies, like so-called emotion recognition.”
We, the undersigned human rights organizations, strongly condemn the Iranian authorities’ ruthless persecution, harassment, and arrest of technologists and digital rights advocates, and demand their immediate and unconditional release.
In an attempt to crush the popular uprising and further restrict internet activity and information flows, Iranian authorities are escalating their violent crackdown on people across Iran, and are now targeting internet experts and technologists. To date, Iranian authorities have arrested at least six tech engineers who have been vocal on digital rights in Iran. Those detained have criticized internet restrictions, shown support to protests, or have been explaining the authorities’ technical repression. We are concerned over the growing pressure on this community, including technology journalists and bloggers, and the suppression of their criticisms against authorities. Any attempts to investigate or bring transparency to issues of digital repression or protests are being brutally stamped out. The world cannot allow the Islamic Republic of Iran to normalize this kind of persecution. The government must release these detainees at once.
Well-known technologists and internet access experts Hossein Darvari, Aryan Eqbal, Milad Nouri, Adel Talebi, Maysam Rajabi and Mohsen Tahmasebi have been amongst those targeted for arrest by the authorities since the beginning of the protests following the death in police custody of 22 year-old Iranian Kurdish woman Mahsa (Jhina) Amini.
A “diagram dungeon” is a 2d grid of square cells, with gaps between them. You can write and draw in them and between them, and you can also easily refer to them by their coordinates.
The rooms do not have to be to scale, and the corridors that connect them (that you can draw in between the squares) certainly don’t have to.
It’s pretty easy to draw real, proper, to-scale maps that are good-enough-for-behind-the-screen. You don’t really need any other source. Sometimes when I’ve been wanting ideas, I’ve tossed out items randomly (keys, blocks, dice, bottle caps), either physically or digitally (with the “pull shapes” mode of the old “Alchemy” java drawing app), and based the layout on that.
That is a restriction. But it’s also a tool. Following that principle, you can put anything in a dungeon and it’s fine as long as you committed to it before play started, and you’re sticking to it. You have “the prepper mindset” while making the location (challening but winnable) but “the runner mindset” when running it (brutal and unflinching).
Since this is “paper before rock”, no further balance is necessary, the rest of this article is optional. It’s not law, it’s just good practice. After all, you’re in the “prepper mindset” now and you might want some guidelines. Again: all of this is when making the dungeon. Do not change it in play: if they are steamrolling, let them steamroll. If they are dying, let them.
Things have been crazy lately, I've been stressed out a lot, but I think I'm in a much better place now, way better than I've been in a long time.
I recall reading someone's musing back in 2020, probably on Hacker
News, in one of the COVID-19 pandemic discussion threads, something
along the lines of "imagine that 2020 is actually the best year of the
following decade". Sounded like an odd thought, and I probably
wouldn't recall it later if it didn't seem to play out that way a
couple of years later.
I think they had in mind a worsening pandemic, then economic issues
following it, the stock market bubble bursting, and so on. Those did
happen, but additionally, and in Russia in particular, there's just a
continuous stream of worsening news. Well, perhaps it started in 2012,
or in 2000, or some find its causes in the early 1990s (the failure or
unwillingness to set proper democratic institutions), or the Soviet
times (leading to the early 1990s). I guess one can also blame the
monarchy before that, for leading to that. Or just stupidity in
general, and not any point(s) in history. But it did intensify this
year.
[...]
I suppose living through--and observing--this helps to better
understand some historical periods, dystopian novels, and places which
fell into similar regimes earlier. Actually some of the parallels (in
speeches, actions, explanations) are surprisingly close, as if
borrowed directly. That makes it easier to see how the same situations
can be perceived quite differently (though it was fairly clear before
too): life around here before the war looks fine from this point of
time. Hopefully in the future 2022 won't look like a comparatively
good year.
A kiosk, in the sysadmin jargon, is a computer that is restricted to a single program so anyone can use it for the sole provided purpose. You may have seen kiosk computers here and there, often wrapped in some kind of box with just a touch screen available. ATM are kiosks, most screens showing some information are also kiosks.
I elected to go with Ubuntu, as it was the most "mainstream" Linux distro, and the easiest for a newbie like me to learn. But I didn't go with regular Ubuntu, I went with Kubuntu, as I don't like GNOME much, and KDE is much better for a post-Windows user to get accustomed to, it feels a lot nicer.
While being on a train a few days ago, I saw a mother and her daughter, around 5-6 years old. Obviously, the daughter was holding a phone. Only a few minutes later to hear from it very loudly "clicks", and I kid you not she was playing a "kids game" with slots to win whatever you'd win in a kids game. Worse, her mother did not do anything about it. This isn't an isolated case, at least where I live.
It's horrible to think that even before reaching the age where you can freely choose and have a conscience we're subject to such addictions from birth. With the rise of smartphones and kids entertainment products, we've unleashed a whole another beast. For example, a popular kids entertainment producer was accused of making their musical videos very high-paced, it even had more changing angles than action movies! This is mesmerizing for kids, moms reported that their kids behaved like addicts or just became erratic and had ADHD-like symptoms.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.