Bonum Certa Men Certa

Links 31/10/2022: Portmaster's 1.0 Release, FuguIta 7.2, and GNU Make 4.4



  • GNU/Linux

    • 9to5Linux9to5Linux Weekly Roundup: October 31st, 2022, “Halloween Edition”

      This week Kubuntu 22.10 users received the KDE Plasma 5.26 update, TUXEDO Computers announced a new Linux-powered laptop, Canonical enabled Ubuntu Server 22.10 on a new RISC-V computer, and Linux kernel 5.19 users were urged to upgrade to Linux kernel 6.0.

      On top of that, Ubuntu 22.10 users received their first kernel security update to patch the latest Wi-Fi driver stack vulnerabilities and KDE Plasma 5.26 users received a second maintenance update to their beloved desktop environment.

    • Desktop/Laptop

      • Linux MagazineZorin OS 16.02 is Now Available - Linux Magazine

        Zorin OS 16.2 has been officially released just seven months after the first point release of the user-friendly Linux operating system.

        Zorin OS is one of the more user-friendly (and beautiful) Linux distributions on the market. Only seven months after unleashing the first point release for the sixteenth iteration, a new point release is available that includes a really important feature for those migrating from Windows.

      • Systemd 76SpoOoOoOky Update: Murmurin’s of a Pop!_OS October - System76 Blog

        In a dark n stormy castle, or perhaps a sunny factory in Denver, a brigade of robots runs a series of experiments.

        An’ then: A discovery! The robot’s monster, small and mighty, was successfully given a mechanized brain. This brain, an AMD Ryzen 7000 CPU, has become compatible with Pop!_OS.

    • Audiocasts/Shows

    • Kernel Space

      • Linux LinksDouble, double toil and trouble – NVIDIA drivers

        This is a personal post mostly representing anecdotal information sharing my personal experience with the ASUS NVIDIA GeForce RTX 3060 Ti graphics card tested exclusively under Ubuntu 22.10. It captures issues I’ve experienced, together with a few workarounds.

        There are many reasons why NVIDIA produce proprietary graphics drivers. One popular held reason is that there is game-specific code in these drivers which are developed using exclusive rights to the game source code and extensive optimization. This type of information is confidential and valuable as it can give a company a competitive advantage over their rivals. Even if the performance gains are tiny, even a few extra fps may sway customers.

        NVIDIA is starting to embrace open source drivers though. Since May 2022, NVIDIA has published Linux GPU kernel modules as open source with dual GPL/MIT license. This starts with the R515 driver release. However, the open source drivers lag behind their proprietary counterparts with benefits offered by the proprietary driver are not yet available with the open source equivalent. In particular, they include display and graphics features (such as G-SYNC, Quadro Sync, SLI, Stereo, rotation in X11, and YUV 4:2:0 on Turing), as well as power management, and NVIDIA virtual GPU.

    • Applications

      • LinuxiacAngie: A New NGINX Fork Developed by Some of Its Former Devs

        Angie is a drop-in replacement for the NGINX web server aiming to extend the functionality of the original version.

        Let’s start with some background. NGINX Inc. was founded in July 2011 by Igor Sysoev, the original author of NGINX, and Maxim Konovalov to provide commercial products and support for the software.

        It is part of F5 Networks Inc., which bought it in March 2019 for $670 million to help them evolve from a hardware company to a more services-focused one.

        In August this year, F5 Networks Inc., which owns the rights to NGINX and is responsible for its development, discontinued its operations in Russia, leaving the market entirely.

      • It's FOSSPortmaster 1.0 Release Marks it as a Solid Open-Source Application Firewall for Privacy-Focused Users

        Portmaster by Safing is a free and open-source application firewall that aims to automate the process of protecting the privacy of its users. It allows you to monitor network activity, add custom connection rules for applications, and more. We tested it during the alpha stage, and came to the conclusion that it had good potential to act as a viable alternative to GlassWire. Of course, it may not be a replacement, but it can be one in the near future...

      • Red Hat OfficialReplace your Linux file manager with Midnight Commander | Enable Sysadmin

        If you want the experience of "walking" through your filesystem but don't want to leave the comfort of your terminal, try the mc command.

      • Ubuntu PitgThumb: An AVIF Image Viewer for Linux System

        Out of all the image file formats available, PNG and JPEG are two of the most common. However, when compared side-by-side, it’s easy to see that there are tradeoffs between quality and image size. With PNGs offer higher quality images but at a larger size, while JPEGs provide lower quality images but with smaller sizes. In order to reduce file size without compromising quality, the WebP image format was created and is already supported by Linux systems.

        The new image file system, AVIF, is becoming increasingly popular because it compresses images without compromising quality. The size of an AVIF image is smaller than a WebP, but the quality remains intact. One downside to this newer image file format is that most Linux distributions have not yet implemented support for AVIF.

        If you get an image or download images in AVIF format from the web, Most of the default image viewers can’t show the thumbnail.

    • Instructionals/Technical

      • BeebomWhat Does Chmod 777 Mean in Linux: Explaining File Permissions Model | Beebom

        The chmod 777 command is often suggested as the solution to quickly fix permission issues while managing web servers in Linux. Now, you might be wondering what does chmod 777 mean in Linux? Well, to give you a basic primer, it grants all the permissions, including sensitive ones, to a file or directory. That being said, there is more to it, so we recommend reading all about the chmod 777 command right below. On that note, let’s move to the article.

      • TecMintLearn Linux Dir Command Examples with Options

        This article shows some examples of using the dir command to list the contents of a directory. The dir command is not a commonly used command in Linux, but it works less like the ls command which most Linux users prefer to use.

      • TecAdminCreating Directory In HDFS And Copy Files (Hadoop) - TecAdmin

        HDFS is the Hadoop Distributed File System. It’s a distributed storage system for large data sets which supports fault tolerance, high throughput, and scalability. It works by dividing data into blocks that are replicated across multiple machines in a cluster. The blocks can be written to or read from in parallel, facilitating high throughput and fault tolerance. HDFS provides RAID-like redundancy with automatic failover. HDFS also supports compression, replication, and encryption.

        The most common use case for HDFS is storing large collections of data such as image and video files, logs, sensor data, and so on.

      • It's FOSSHow to View AVIF Images in Ubuntu and Other Linux Distros

        PNGs are the best when it comes to quality but they are huge in size and hence not ideal for websites.

        JPEGs reduce the file size but they reduce the quality of the images significantly.

        WebP is a relatively newer format that produces better-quality images with significantly smaller sizes.

        Now, AVIF is a new file format that compresses images without sacrificing quality. They are smaller than WebP for the same image quality.

        Linux has started providing WebP support recently. However, AVIF image format is not yet supported by default in many distributions.

        If you download an image in AVIF format from the web, it won’t display the thumbnail.

      • ID RootHow To Install LAMP Stack on Linux Mint 21 - idroot

        In this tutorial, we will show you how to install LAMP Stack on Linux Mint 21. For those of you who didn’t know, LAMP is a short name that stands for Linux, Apache, MySQL, and PHP. Developers need a combination of these open-source software to do developments on their local machines before their websites go live. Apache is a web server, MySQL is for databases and PHP is the language used for programming. From multi-layered content management systems to social networking portals supporting millions of users, the LAMP provides a stable foundation for some of the largest web applications

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of LAMP Stack on Linux Mint 21 (Vanessa).

      • H2S MediaHow to create Alpine Container in Docker - Linux Shout

        Alpine Linux is popular because of its small size and fast speed. On Docker, its image is of few Mbs, hence consuming less space and resources. Users can opt for it to install a web server, database server such as MySQL, and more… It uses its own package manager called apk to install the packages available through its repository. Being lightweight is the reason why many platforms used it to set up container services.

        Here in this article, we will see the steps to install Alpine Image on Docker to create a container. However, those who are interested in running the docker service on Alpine Linux can see our article: How to install Docker Engine on Alpine Linux.

      • Install Docker on Ubuntu Server - Darryl Dias

        This article will cover the step-by-step process of installing Docker on an Ubuntu Server.

      • ByteXDHow to Install Nerd Fonts on Linux - ByteXD

        Nerd Fonts are a set of free fonts designed for use with code editors. The fonts are designed to be easy to read, even at small sizes, and have a wide variety of character sets. You might have noticed that some projects don’t properly display fonts as they should be.

        This is likely because the fonts are not installed on your system.

        This post will give you a comprehensive guide on nerd fonts and how to install them on your Linux system.

      • Make Tech EasierThe Advanced Guide to Using nslookup in Linux - Make Tech Easier

        As a network administrator, you will find that the nslookup command is one of your most essential tools. With nslookup, you can check DNS records to troubleshoot problems with your DNS server or a specific DNS record. In this article, we take a closer look at nslookup and show you some practical examples of how to use it.

      • UbuntubuzzLibreOffice Writer: How To Make Use of Templates

        This tutorial will help you to import, use, reuse, save and export/convert templates with Writer. You will learn about OTT file format, converting ODT and DOC to it, making new document from template with examples and pictures. Let's learn now.

      • HowTo ForgeHow to Install Jupyter Notebook on Ubuntu 22.04

        Jupyter Notebook is a free, open-source, and web-based interactive computing platform that allows users to edit and run documents via a web browser.

      • HowTo ForgeHow to Install Suricata IDS on Ubuntu 22.04

        Suricata is a free and open-source network analysis and threat detection software developed by OSIF. It can be used as an intrusion detection system (IDS) and an intrusion prevention system (IPS).

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KWin and tiling | Mart

          Personally I haven’t ever been a big user of tiling windowmanagers such as i3, awesome and what not, is not much the workflow style I want 24/7 out of my desktop, but there is definitely something something to say about that kind of multitasking when it makes sense, when is important to see the status of multiple windows at once for some particular task.

          Plasma’s KWin has since a long time a basic support for tiles via the quick tiling support, by either dragging a window at edges or corners, or via keyboard shortcuts. This feature is very good, but very basic, and while there are 3rd party tiling extensions such as Bismuth which is a very nice thing, but window geometry managing outside the core always can bring you only so far.

          Over the last month I have been working to expand a bit the basic tiling capabilities, both the quick tiling with the current behavior and a more advanced UI and mechanism which lets the user to have a custom tiling layout. Here it is a very short screencast about it.

  • Distributions and Operating Systems

    • Reviews

      • Distro WatchReview: Lubuntu 22.10

        Finally, a kind word about what Lubuntu 22.10 looks like and its default desktop wallpaper. I don't usually care about that stuff; if something annoys me, I just change it. Dark mode and all of that doesn't do me much good working in a room with the Texas sun coming in through two sides. So blue wall paper and blue icons. Thank you, thank you, thank you.

    • BSD

      • FuguIta 7.2

        Starting with this release, the autostart configuration file noasks, placed in the root of the partition, will no longer function.

    • SUSE/OpenSUSE

      • DebugPointOpenSUSE Introduces "D-Installer" for Adaptable Linux Platform

        In a blog post last week, the OpenSUSE team introduced a new Linux distro installer called "D-installer", which will be the primary installation method for the upcoming Adaptable Linux Platform (ALP).

        The installer is currently undergoing testing, and I tested it on a virtual machine. Here's how it looks.

    • Arch Family

      • Linux Shell TipsBest GUI Package Managers for Arch Linux Distribution

        A package manager is essential for the installation, removal, and upgrade of user and system-targeted packages on a Linux distribution. Also, package managers are viably applicable in resolving dependency issues in order for a targeted package to function as expected.

        In Linux, a package manager can either be used in CLI (Command Line Interface) mode or GUI (Graphical User Interface) mode.

    • Fedora Family / IBM

      • IBus 1.5.27 is released | DesktopI18N’s Blog

        This release enhances ibus restart subcommand for the GNOME desktop session. The GNOME desktop session runs ibus-daemon via systemd and previously ibus restart subcommand failed to restart ibus-daemon but now it’s also connected to systemd by default. The other options can be shown with ibus restart --help subcommand and you can specify --type=direct or --type=systemd or --verbose option.

        ibus im-module subcommand is added newly to get an internal gtk-im-module value from an instance of an GTK instance and this subcommand would be useful in case that users install IBus input method framework by manual and they check if IBus is installed properly. If IBus GtkIMModule is loaded in Xorg desktop sessions, “ibus” is output. “wayland” is output in GNOME Wayland desktop session. The command checks GTK3 by default and the other options can be shown with ibus im-module --help subcommand and you can specify --type=gtk2 or --type=gtk4 option. Currently only GTK is supported.

      • Make Use Of4 Reasons Why AlmaLinux Is a Better CentOS Alternative

        CentOS will reach its end of life in June 2024. As of 2022, it powers a lot of servers around the world, in fact, back in 2010 it was the most popular Linux server distro. Based on Red Hat Enterprise Linux (RHEL), CentOS is a solid Linux OS that powers enterprise desktops and servers.

        News of CentOS's end of life has caused a lot of concern. Organizations and administrators using the OS are sweating on how to migrate their servers and IT infrastructure from CentOS. Changing server software en masse is no mean undertaking.

      • OpenSource.com20 technology horror stories about learning the hard way | Opensource.com

        Halloween will be here before you know it! This fun, over-the-top holiday is a great time to ponder the mortal fears of the developer in each of us. What haunts you the most, in the quiet moments just before your code starts to run?

      • OpenSource.com10 universal steps for open source code review | Opensource.com

        Have you ever found yourself in a situation where you needed to do a code review but didn't fully understand the project? Maybe you did not review it to avoid looking like you didn't know what you were doing.

        This article assures you that there's a better way. You don't need to know everything to provide a code review. In fact, based on my experience, that's quite common.

        I remember when I joined Red Hat as an intern and was asked to help with code reviews. We used a system of +1 or -1 votes, and I was initially very hesitant to weigh in. I found myself asking whether when I gave a +1 on a change but then someone else voted -1, would I look foolish?

        What does happen if someone votes -1 on a change you've vote +1? The answer is nothing! You might have missed a detail that the other person noticed. It's not the end of the world. That's why we have this voting system. Like the rest of open source, merging code is a collaborative effort.

        Lately, I've been so inundated with code reviews that I can hardly keep up with them. I also noticed that the number of contributors doing these reviews steadily decreased.

        For this reason, I'm writing about my point of view on writing a code review. In this article, I'll share some helpful tips and tricks. I'll show you a few questions you should ask yourself and a few ideas of what to look for when doing a code review.

      • Red HatBest practices for application shutdown with OpenSSL | Red Hat Developer

        OpenSSL is an essential library for securing web traffic. This article offers simple procedures for initializing and terminating applications using OpenSSL. Modern applications that are more complex than "Hello, world!" usually require several external libraries like OpenSSL, which in turn often need to be properly initialized on startup and deinitialized on shutdown.

        OpenSSL libraries are set up internally during program initialization. At this time, they load the configuration file, allocate resources, and handle FIPS mode, among many other tasks.

        The OpenSSL API function for initialization is OPENSSL_init_crypto. This function accepts a variety of options with reasonable defaults. Initialization should be performed before any other OpenSSL function is used, though some OpenSSL functions invoke OPENSSL_init_crypto themselves.

      • Red Hat OfficialLearn about virtio-networking

        Put simply, virtio-networking is the networking device of virtio, a standardized open interface for virtual machines (VMs) to access simplified devices such as block storage and networking adaptors.

        While the virtio networking device was originally developed as a network virtualization interface between physical hosts and guests in virtual environments, a number of open source communities have adopted this networking device as a means of addressing emerging networking challenges.

        The Linux Kernel community, the Data Plane Development Kit (DPDK) community, QEMU and OASIS among others all lean on these specifications, broadly forming the virtio-networking community.

      • Enterprisers ProjectHow to avoid a leadership horror story | The Enterprisers Project

        In our world, we see signs of trouble often: a complaint from a customer, an employee who misses a key communication or meeting, or a conflict that brews up and then dies down on a team. Sometimes these things are just one-offs or resolve themselves, but it is always best to make sure.

      • Enterprisers Project6 tricks and treats to watch for in your new role | The Enterprisers Project

        It’s an exciting time, full of new opportunities. But starting a new job can also be downright scary. Here are six common trends – three to enjoy; three to avoid – to watch for as you settle into your new position.

      • Red Hat OfficialEdge-compatible recommendations now available in Red Hat Insights Advisor

        The open hybrid cloud vision of Red Hat covers four footprints: physical, virtual, cloud and edge. Red Hat Enterprise Linux (RHEL) is at the forefront of the innovation that comes with edge computing by providing a more consistent, reliable and security-focused operating system to fuel the demand from enterprises to operate at the closest point of data generation.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • Events

    • Web Browsers/Web Servers

      • Mozilla

        • MozillaSupport.Mozilla.Org: Introducing Lucas Siebert

          I’m super delighted to introduce you to our new Technical Writer, Lucas Siebert. Lucas is joining the content team alongside Abby and Fabi. Some of you may meet him already in our previous community call in October.

    • GNU Projects

      • GNUmake - News: GNU Make 4.4 Released! [Savannah]

        The next stable version of GNU Make, version 4.4, has been released and is available for download from https://ftp.gnu.org/gnu/make/

        Please see the NEWS file that comes with the GNU make distribution for details on user-visible changes.

      • LWNGNU Make 4.4 released [LWN.net]

        Version 4.4 of the GNU make utility is out. There is a long list of changes and a fair number of potential compatibility issues; see the announcement text for all the details.

    • Programming/Development

      • Perl / Raku

        • RakulangRakudo Weekly News: 2022.44 PRename

          An announcement by the board of The Perl Foundation caused quite a bit of confusion (PerlWeekly, HackerNews comments), both in the Perl and Raku communities. Elizabeth Mattijsen explained that it was the wording of the announcement causing confusion. It’s the underlying legal entity “Yet Another Society” that will get another trade name (doing-business-as) “The Perl and Raku Foundation” (TPRF). Along with the other dbas “The Perl Foundation” and “The Raku Foundation”.

        • PerlHello and welcome! | MarisaG [blogs.perl.org]

          Perl is my all-time favorite language, and I have been using it since it was released. But I just now decided to create a website for it to share and curate Perl content with other fans.

        • DEV CommunityOn the Perl and Raku Foundation

          The announcement of a change of name of "The Perl Foundation" to the "The Perl and Raku Foundation" left me feeling puzzled, and I should say disappointed.

          Fortunately, after the last Raku Steering Council meeting, it became clear that my disappointment was unwarranted. And that my (and probably a lot of other people's) puzzlement was caused by poor wording of the announcement, not by what it was trying to convey.

      • R

        • Dirk EddelbuettelDirk Eddelbuettel: RcppGSL 0.3.12 on CRAN: Maintenance



          A new release 0.3.12 of RcppGSL is now on CRAN. The RcppGSL package provides an interface from R to the GNU GSL by relying on the Rcpp package.

          This release accomodates, just like so many other releases this week, the more stringent views of clang-15 about what a correct function prototype is. While we were at it, an updatet to GitHub Actions was made as well.

        • Dirk EddelbuettelDirk Eddelbuettel: RcppBDT 0.2.6 on CRAN: Maintenance

          A minor maintenance release for the RcppBDT package is now on CRAN.

          The RcppBDT package is an early adopter of Rcpp and was one of the first packages utilizing Boost and its Date_Time library. The now more widely-used package anytime is a direct descentant of RcppBDT.

          This release accomodates, just like so many other releases this week, the more stringent views of clang-15 about what a correct function prototype is. While we were at it, an updatet to GitHub Actions was made as well.

        • Dirk EddelbuettelDirk Eddelbuettel: RApiDatetime 0.0.7 on CRAN: Maintenance

          A new release of our RApiDatetime package is now on CRAN.

          RApiDatetime provides a number of entry points for C-level functions of the R API for Date and Datetime calculations. The functions asPOSIXlt and asPOSIXct convert between long and compact datetime representation, formatPOSIXlt and Rstrptime convert to and from character strings, and POSIXlt2D and D2POSIXlt convert between Date and POSIXlt datetime. Lastly, asDatePOSIXct converts to a date type. All these functions are rather useful, but were not previously exported by R for C-level use by other packages. Which this package aims to change.

          This release accomodates, just like so many other releases this week, the more stringent views of clang-15 about what a correct function prototype is. While we were at, updates to GitHub Actions and https URL were made as well.

      • Misc.

        • CollaboraMeet Abi – Collabora Software Engineering Intern

          Collabora recruits interns to work over the summer alongside our team, and to build experience to help them assess whether they want to pursue a career in Software Engineering, but how does that work out?

        • ephemerons and finalizers -- wingolog

          Good day, hackfolk. Today we continue the series on garbage collection with some notes on ephemerons and finalizers.

          [...]

          This is a more annoying property for a garbage collector to track. If you happen to mark K as live and then you mark E as live, then you can just continue to trace V. But if you see E first and then you mark K, you don't really have a direct edge to V. (Indeed this is one of the main purposes for ephemerons: associating data with an object, here K, without actually modifying that object.)

          During a trace of the object graph, you can know if an object is definitely alive by checking if it was visited already, but if it wasn't visited yet that doesn't mean it's not live: we might just have not gotten to it yet. Therefore one common implementation strategy is to wait until tracing the object graph is done before tracing ephemerons. But then we have another annoying problem, which is that tracing ephemerons can result in finding more live ephemerons, requiring another tracing cycle, and so on. Mozilla's Steve Fink wrote a nice article on this issue earlier this year, with some mitigations.

          [...]

          The gnarliness continues! Imagine that O is associated with a finalizer F, and also, via ephemeron E, some auxiliary data V. Imagine that at the end of the trace, O is unreachable and so will be dead. Imagine that F receives O as an argument, and that F looks up the association for O in E. Is the association to V still there?

          Guile's documentation on guardians, a finalization-like facility, specifies that weak associations (i.e. ephemerons) remain in place when an object becomes collectable, though I think in practice this has been broken since Guile switched to the BDW-GC collector some 20 years ago or so and I would like to fix it.

        • CNX SoftwareTinyML-CAM pipeline enables 80 FPS image recognition on ESP32 using just 1 KB RAM

          The challenge with TinyML is to extract the maximum performance/efficiency at the lowest footprint for AI workloads on microcontroller-class hardware. The TinyML-CAM pipeline, developed by a team of machine learning researchers in Europe, demonstrates what’s possible to achieve on relatively low-end hardware with a camera.

    • Standards/Consortia

      • The Register UKGoogle drops forthcoming version of JPEG from Chromium ● The Register

        A note on Google's bug tracker for the Chromium browser specifies that version 110 won't get JPEG XL support after all.

        The Chromium browser project is the open source upstream of what later becomes Google's Chrome browser, along with a host of other browsers including Microsoft Edge, Opera, Vivaldi, and Brave.

        The removal of JPEG XL means that none of these above browsers will be able to natively render JPEG XL images, and in turn that effectively dooms the new format, barring the unlikely event of the Mountain View megalith changing course.

  • Leftovers

    • David RevoyIn the midst of experimentation - David Revoy

      Hi everyone, right now it's a special time: I need to experiment and it's more like a wind that is blowing quite strongly in me. You have probably already noticed it by the latest content I shared on blog or on social medias. So I'm telling you: I'm very likely to scatter myself, multiply various attempts, and test even more things soon.

      [...]

      So that's why it boils inside me all the time. I would like to reform my way of publishing my stories because this mode of production clearly puts me in an impasse. I have the intuition that there is a new angle but also that I will have to experiment. However, one thing is certain in this whole story: I intend to share this exploration with you.

    • Hardware

    • Security

      • Bleeping ComputerMicrosoft releases out-of-band updates to fix OneDrive crashes

        Microsoft has released out-of-band updates to address a known issue causing OneDrive and OneDrive for Business to crash after installing recent Windows 10 updates.

        The issue occurs when signing out or unlinking OneDrive accounts or sites and folders from Microsoft Teams and SharePoint.

        "After installing KB5018410 or later updates, OneDrive might unexpectedly close," Redmond explained in a Windows health dashboard update on Friday.

      • IT WireRansomware attack on Dialog also took down defence app ForceNet

        The external provider affected in the ransomware attack on ForceNet, a service used by the Australian Department of Defence, is Dialog Information Technology, a company owned by Singtel.

        Dialog was hit by an attack which used the Agenda ransomware that runs only on Windows. The group behind the attack announced it on the dark web on 19 September.

      • Bruce SchneierApple Only Commits to Patching Latest OS Version

        People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions.

      • Apple clarifies security update policy: Only the latest OSes are fully patched | Ars Technica

        Earlier this week, Apple released a document clarifying its terminology and policies around software upgrades and updates. Most of the information in the document isn't new, but the company did provide one clarification about its update policy that it hadn't made explicit before: Despite providing security updates for multiple versions of macOS and iOS at any given time, Apple says that only devices running the most recent major operating system versions should expect to be fully protected.

      • Hacker NewsGitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories

        Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks.

      • Hacker NewsUnofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

        An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections.

        The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a JavaScript file to proliferate the file-encrypting malware.

      • Hacker NewsSamsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices [Ed: JavaScript strikes again]

        The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue.

      • Hacker NewsFodcha DDoS Botnet Resurfaces with New Capabilities

        The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal.

        This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360's Network Security Research Lab said in a report published last week.

        Fodcha first came to light earlier this April, with the malware propagating through known vulnerabilities in Android and IoT devices as well as weak Telnet or SSH passwords.

        The cybersecurity company said that Fodcha has evolved into a large-scale botnet with over 60,000 active nodes and 40 command-and-control (C2) domains that can "easily generate more than 1 Tbps traffic."

    • AstroTurf/Lobbying/Politics

      • DaemonFC (Ryan Farmer)Matthew J. Garrett, “Social Justice Warrior”, is still on Twitter even as Elon Musk now tweets fake news Web sites that blame LGBT people for the attack on Paul Pelosi.

        As of Sunday, October 30th, 2022, Matthew J. Garrett, “Social Justice Warrior”, is still on Twitter even as Elon Musk now tweets fake news Web sites that blame LGBT people for the attack on Paul Pelosi. (NewsWaffle proxy of Original.)

        [...]

        I’ve reached out to Mr. Garrett on Techrights IRC to see if he has anything to say about why he’s still on a platform that is now 100% owned by a homophobe who is blaming gay people for the attack on Paul Pelosi (Quite an odd accusation, but when have conspiracy theories made sense lately?), which will now do pretty much nothing about far-right cranks.

      • Make Tech EasierThe Elon Musk Twitter Era Officially Begins

        This is the reason many people left Twitter earlier this year and began the search for a replacement. Elon Musk officially bought Twitter last week for $44 billion. One reason for the mass departure is that the Tesla head is known to not agree with preventing users from posting fake news. To no one’s surprise, Musk wasted no time instituting changes.

    • Censorship/Free Speech

      • IT WireiTWire - Law that protects US tech platforms against lawsuits being challenged

        A law which shields big tech platforms from lawsuits over content provided by users is being challenged in the US Supreme Court, and is likely to be heard next year.

        The Wall Street Journal reported on Sunday that the court would be hearing a case against Google which argues that Section 230 of the Communications Decency Act, the clause in law that offers protection to technology companies, should not serve as a shield against companies that link to so-called harmful content.

        The US Government has tried in the past to change Section 230, with a bid two years ago to pass what it called the EARN IT Act which looked to add conditions for those who sought protection under it.

        Under this section, one can sue the person who defamed you on a platform like Twitter, but not the platform itself. An amendment to this section in 2018 made platforms liable for publishing information designed to facilitate sex trafficking.

    • Freedom of Information / Freedom of the Press

      • IT WireiTWire - The Wire gets entangled in its own breathless reporting

        Indian news portal The Wire has filed a complaint against one of its own reporters over a story that claimed Facebook parent Meta was allowing a member of the ruling party to censor social media posts. It was alleged that the journalist had allegedly fabricated documents for the story.

        The case against Devesh Kumar was filed with the Delhi Police's Economic Offences Wing a day after the cops themselves filed a first investigation report against the portal, the Indian Express reported on Sunday.

        It is somewhat strange when a journalistic organisation does not stand behind its own reporting, preferring instead to hang a reporter out to dry.

        India has been ruled since 2014 by the Bharatiya Janata Party, not exactly a political entity that believes in a free press.

    • Internet Policy/Net Neutrality

      • Internet Freedom FoundationA round-up of WhatsApp’s failed attempts to block the Competition Commission’s investigation

        In October 2021, IFF submitted expert information in the Competition Commission of India’s (CCI) suo moto investigation into potential anti-competitive practices of WhatsApp Inc. (‘WhatsApp). In our information, we highlighted how WhatsApp’s 2021 Privacy Policy enabled it to share user data with Facebook Inc. and its subsidiaries including Facebook India Online Service Private Limited (‘Facebook India’). CCI in its order dated October 12, 2021, tagged the information IFF provided with ongoing proceedings against WhatsApp and Facebook Inc. and made Facebook India a party to those proceedings. Facebook India challenged this CCI order before the Delhi High Court. Facebook India’s petition was dismissed by Justice Yashwant Verma of the Delhi High Court on September 28, 2022. An SLP filed by Facebook and WhatsApp has also been dismissed by the Supreme Court.

  • Gemini* and Gopher

    • Personal

      • Classic rock and supernatural

        I was introduced to supernatural, the tv show a month ago. I must admit I am more of a hip hop guy, but the music in this show... man. The tracks just made me feel so pumped. I have never heard rock before this because to me it was just noise, but now all I listen to is rock.

      • 🔤SpellBinding: NMYOPSH Wordo: FAXES
      • Halloween Dispatch

        Looks like it has been more than two months since my last gemlog. Time sure flies when you have a young baby! (Mostly staggering in sleep-deprived stupor, but still.)

        Truth be told, one gets used to sleeping less after a month or two. Most of my productive time has been spent at the ${dayjob}, which in practice turns out to be a few hours per day. The productivity is still heavily supported by coffee consumption -- I think I'm up to 3-4 cups per day now. Will have to start paring that down sooner or later.

      • Who He Was

        He had lived a life of a villagen; who was neither a villager nor a citizen. He was seen as a citizen by his village friends and a villager by his city friends. To his view he was a citizen as he lived in a town for studying and went to his village if there was a holiday of any sort.

    • Technical

      • CCR cover on Pocket Operators

        I have just finished my rendition of "Down on the Corner" by CCR. This was done on 3 Pocket Operators by Teenage Engineering.[1]

        Pocket Operators are these small, portable, battery-powered synthesizers about the size of a calculator. You can make some fun sounds with them. The ones I used for this song were the PO-12, PO-14, and PO-16 (rhythm, sub, and factory, all gen 1.) [2]

        The song came out very cheesy and makes me laugh. I recorded it but it sounds a bit rough. I don't plan on spending any more time on it.

      • Nushell: Introduction to a new kind of shell



        In a nutshell, nushell is non-POSIX shell, so most of your regular shells knowledge (zsh, bash, ksh, etc…) can't be applied on it, and using it feels like doing functional programming. It's a good tool for creating robust data manipulation pipelines, you can think of it like a mix of a shell which would include awk's power, behave like a SQL database, and which knows how to import/export XML/JSON/YAML/TOML natively.

        You may want to try nushell only as a tool, and not as your main shell, it's perfectly fine.

      • Programming

        • qiudanz technique: devlog

          our intention is to experiment with a generative approach, performing live and human-powered computation based on the qiudanz technique and tag systems (danzasistemas-tag) to expand and contract a movement sequence.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability)
FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok
Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses)
A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative)
Advertise (sponsor) to 'play'
Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors)
It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus
down from 86% to 72% since January
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers)
What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power)
here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024
Links for the day
Microsoft Windows Slides to New Lows in Colombia
Now Windows is at an all-time low
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024
IRC logs for Monday, December 23, 2024
A Strong and Positive Closing for the Year's Last Week
In a lot of ways this year was a good one for Free software
Feels Too Warm for Christmas
Christmas is here, no snow in sight
Links 23/12/2024: 'Negative Time' and US Arms Taiwan Again
Links for the day
Links 23/12/2024: The Book of Uncommon Beings, Squirrels, and Slop Ruining Workplaces
Links for the day
Links 23/12/2024: North Korean Death Toll in Russia at ~1,100, Oligarch Who Illegally Migrated/Stayed (Musk) Shuts Down US Government
Links for the day
The World's 'Richest Country' Chooses GNU/Linux
This has gone on for quite some time
Richard Stallman on Love
Richard Stallman's personal website includes a section that lists three essays on the subject of love
Apple's LLM Slop Told Us Luigi Mangione Had Shot Himself, BetaNews Used LLMs to Talk About a Dead Linus Torvalds
They can blame it on some bot
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024