Bonum Certa Men Certa

Links 02/11/2022: HPLIP 3.22.10, Mozilla Venture Introduced, and SourceHut Purges Many Projects

  • GNU/Linux

    • Server

      • Rakuten Symphony taking off Red Hat, putting on Rocky Linux

        Rakuten Mobile is in the process of removing Red Hat software from its network deployment in Japan, and working with Rocky Linux for processing software workloads in distributed units across its Open RAN network. Similarly, Rakuten Symphony, the company’s hardware, software and services arm, will use the real-time Rocky Linux operating system with future customers. In an interview with media and analysts at the Telecom Infra Project’s FYUZ event in Madrid, Rakuten Symphony CEO Tareq Amin candidly explained that Red Hat’s subscription-based model doesn’t fit with his business model.

      • PR WebCIQ Joins Oracle PartnerNetwork; Rocky Linux Now Available on Oracle Cloud Marketplace
    • Audiocasts/Shows

    • Kernel Space

      • HackadayBye Bye Linux On The 486. Will We Miss You? | Hackaday

        A footnote in the week’s technology news came from Linus Torvalds, as he floated the idea of abandoning support for the Intel 80486 architecture in a Linux kernel mailing list post. That an old and little-used architecture might be abandoned should come as no surprise, it’s a decade since the same fate was meted out to Linux’s first platform, the 80386. The 486 line may be long-dead on the desktop, but since they are not entirely gone from the embedded space and remain a favourite among the retrocomputer crowd it’s worth taking a minute to examine what consequences if any there might be from this move.

    • Applications

      • Make Use OfThe 3 Best Terminal-Based Web Browsers for Linux

        Terminal-based browsers are something of a niche interest—even among seasoned Linux users, and most mainstream distros will come with either Firefox or Falkon pre-installed. But there are good reasons why you might want to experience the internet via a browser in your terminal.

        Here are some of the best terminal-based web browsers out there.

      • Ubuntu HandbookHPLIP 3.22.10 Released with Linux Mint 21, RHEL 9, Manjaro 21.3 Support | UbuntuHandbook

        HPLIP, the open-source HP printer and scanner driver for Linux, released version 3.22.10 today with new Linux distributions support.

        The installer script for the new release is now working on Manjaro 21.3, Suse 15.4, RHEL 9, Linux Mint 21.0, Mx Linux 21.2.

        The release does not include any new HP printer and scanner support. Meaning you can just skip this release if the last HPLIP 3.22.6 was installed on your system. And for Ubuntu 22.10, the 3.22.6 release is available to install in system repository.

    • Instructionals/Technical

      • ID RootHow To Install Nagios on Rocky Linux 9 - idroot

        In this tutorial, we will show you how to install Nagios on Rocky Linux 9. For those of you who didn’t know, Nagios is an open-source monitoring solution designed to run on Linux. Nagios offers to monitor and alerting services for servers, switches, applications and services. It also provides a web interface for viewing current network status, log files, notifications, and much more.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Nagios monitor systems on Rocky Linux. 9.

      • Make Tech EasierHow to Install and Use Webmin on Ubuntu Linux - Make Tech Easier

        Administering a server can be a daunting task. The good news is, there are plenty of tools available to make the job easier. One of these tools is Webmin. This tutorial shows how to install Webmin on an Ubuntu Linux server.

      • Help Net Securitycert-manager: Automatically provision and manage TLS certificates in Kubernetes - Help Net Security

        cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters and simplifies the process of obtaining, renewing, and using those certificates.

        It can issue certificates from a variety of supported sources, including Let’s Encrypt, HashiCorp Vault, and Venafi as well as private PKI, and it ensures certificates remain valid and up to date, attempting to renew certificates at an appropriate time before expiry.

      • Make Use OfHow to Connect to Wi-Fi Through the Linux Terminal With nmcli

        Need to connect to the internet on your Linux device, but don't have an Ethernet port or access to graphical networking software? In this article, we'll learn how to connect to Wi-Fi in the Linux terminal using the nmcli command.

      • KifarunixHow to Integrate ELK Stack with TheHive -

        In this tutorial, we are going to learn how to integrate ELK stack with TheHive. ELK Stack can be configured to sent event alerts to TheHive case management system. This enables security personnel to create, investigate and follow up on various incidents or cases.

      • It's UbuntuHow To Install WhatsApp On Ubuntu 22.04 LTS |

        How To Install WhatsApp On Ubuntu 22.04 LTS

        In this tutorial post, we will show you a method to install WhatsApp on Ubuntu 22.04 LTS. WhatsApp is a famous chat messaging app currently owned by Facebook (Meta). We will be installing a third-party “WhatsApp for Linux” app that you can use to access WhatsApp. WhatsApp for Linux is an unofficial WhatsApp desktop application.

    • Games

      • Boiling SteamNew Steam Games with Native Linux Clients - 2022-11-02 Edition - Boiling Steam

        Between 2022-10-26 and 2022-11-02 there were 37 New Steam games released with Native Linux clients. For reference, during the same time, there were 246 games released for Windows on Steam, so the Linux versions represent about 15 % of total released titles.

      • Linux LinksSaving Money with Linux: Gaming - LinuxLinks

        Gaming is often synonymous with guzzling electricity.

        That’s because modern graphics card can be extremely power hungry and can sometimes generate incredibly high frames per second (fps) that a monitor can’t display. For example, most gaming monitors offer refresh rates of at least 144 Hz. If your graphics card is producing 300 fps in a game you’ll literally be wasting electricity for no gaming benefit unless you’ve got a gaming monitor with a very high refresh rate of say 360Hz. If not, you graphics card will be functioning mostly as an (expensive) mini heater, and potentially unnecessarily reducing its lifespan.

        The top graphics cards have staggering power limits. For example, the NVIDIA GeForce RTX 4090 has a power limit of 450W. Even midrange graphics cards have bulging power limits. The NVIDIA GeForce RTX 3060 Ti has a power limit of 200W which can be increased to 216W.

      • MozillaHow to talk to kids about video games

        I spend a lot of time talking to parents about screens. Most of those conversations are about fear.

        “I’m so worried about my child withdrawing into screens,” they say. “Are they addicted? How can I get them to stop?”

        I understand where they are coming from. I’m a clinical psychologist with 16 years of experience working in the U.K. and France, including for the U.K. National Health Service and in private practice. I’m also the mother of an 11-year-old girl and a teenage boy.

        “Screen time” has become one of the bogeymen of our age. We blame screens for our children’s unhappiness, anger or lack of engagement. We worry about screen time incessantly, so much so that sometimes it seems that the benchmark of a good parent in 2022 is the strictness of your screen time limits.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Ubuntu Pit20 Best KDE Plasma Themes for Your KDE Desktop

          Linux is an open source operating system with superior customization abilities. If you use KDE Desktop, you’ll have many Plasma themes to choose from. And if you can’t find something you like, developers create new ones daily.

          It can be tough to choose the best KDE Plasma Themes from the Hundreds of themes available in the KDE store. All of these themes are designed to improve the look of your KDE desktop, but it can be hard to decide which one is right for you.

          For those who want to give their Plasma Desktop a makeover, here is a list of the best KDE Plasma themes.

        • Linux MagazineNitrux 2.5 Released with Kernel 6.0 and KDE Plasma 5.26 - Linux Magazine

          Nitrux 2.5 has been officially released and is the first systemd-free distribution to include both kernel 6.0 and KDE Plasma 5.26.

          Nitrux is a Linux distribution, based on Debian, that emphasizes the use of AppImages for end-user software. And, instead of employing systemd as its init system, Nitrux uses OpenRC.

          To make things even more interesting, Nitrux adds a suite of convergent applications – called Maui Apps – as well as a curated collection of free and open source software.

          More importantly, however, Nitrux 2.5 is now available and is the first non-systemd distribution to include both kernel 6.0 and KDE Plasma 5.26. To be specific, Nitrux uses the 6.0.6 XanMod kernel, KDE Plasma 5.26.2, KDE Frameworks 5.99.0, and KDE Gear 22.08.2.

          As well, the developers decided to change their policy about including the Nvidia proprietary driver with the default installation.

      • GNOME Desktop/GTK

        • Robert McQueen: Many thanks & good luck to Neil McGovern [Ed: But what legacy has Neil McGovern left? A GNOME that attacks the "G" in its name, using a campaign of defamation that serves monopolies (also GNOME sponsors)?]

          As President of the GNOME Foundation, I wanted to post a quick note to pass on the thanks from the Board, the Foundation staff team and membership to our outgoing Executive Director, Neil McGovern. I had the pleasure of passing on GNOME’s thanks in person at the Casa Bariachi this summer at GUADEC in Guadelajara, at the most exellent mariachi celebration of GNOME’s 25th Anniversary.

  • Distributions and Operating Systems

    • The Register UKNew version of Plan 9 fork 9front released ● The Register

      9front is a fork and continuation of Plan 9 from Bell Labs, which is what the minds behind UNIX and the C programming language went on to do next. It is also rather strange.

      The Golden Age of Ballooning is the rather inscrutable name of the latest release from the 9front project. 9front is one of several projects that continues work on the Plan 9 operating system, which was relicensed under the GPL in 2014. Plan 9, or more formally (and nowadays somewhat inaccurately, since it was spun off from Bell Labs last year) Plan 9 from Bell Labs is a research operating system.

      There are a great many research OSes out there. What's significant about Plan 9 is that it, and its special dialect of the C programming language, are the direct continuation of the original UNIX research project. Plan 9 was in some ways an effort to deliver some of the original promises of UNIX while also bringing it into the 1990s.

      9front is probably the most active fork of Plan 9, and improves on the OS in a number of small ways: more drivers, more hardware support, a native x86-64 version, and so on. There's a reasonable potted summary of 9front here, and the project's own FQA [sic] file explains what's new in this release. You might well ask what an FQA is, and don't they mean FAQ? Well, a list of questions isn't much help, even if they are frequently asked; a list of frequent answers is much more use.

    • New Releases

      • The Register UKZorin OS 16.2 is here ● The Register

        Zorin OS 16.2 is a friendlier and more feature-rich distro than its parent Ubuntu 20.04, with a lot of updates and bundled apps.

        The Reg looked at Zorin OS 16 when it came out in 2021. Like the 16.1 release in March, the new version is an update of that same version, so it's still based on Ubuntu 20.04 – albeit with the newer kernel 5.15 installed. This is a little surprising seven months after the release of the subsequent Ubuntu LTS release, but then again, to quote Bert Lance: "If it ain't broke, don't fix it."

        There are six different editions of Zorin OS in this version and three product families: the paid Pro version, plus free Education and Core product lines. Each has a matching Lite variant, which replaces the GNOME desktop with Xfce.

    • BSD

      • LinuxiacTrueNAS 13.0-U3 Released, Adding Significant New Components

        TrueNAS 13.0-U3 open storage is a major release bringing improved performance, scalability, and reliability in subsequent releases.

        TrueNAS CORE is a free and open-source FreeBSD-based operating system that provides free network-attached storage (NAS) services produced by iXsystems. In addition, TrueNAS is the best-known and most powerful free NAS software.

        It has some of the best features you can find in NAS software, such as data snapshots, a self-repair file system, encryption of data volumes, and so on.

    • SUSE/OpenSUSE

      • SUSE's Corporate BlogQuobyte and SUSE Rancher - Persistent state for scaling organizations | SUSE Communities

        Many organizations run Kubernetes today, for Development and actually more and more production workloads. This results in tens to hundreds of Kubernetes clusters within one organization and managing these clusters is a critical task. This is where SUSE Rancher enters the stage: As many clusters as needed can be controlled using a single interface. These landscapes can represent all of your organizational needs: Clusters can run on premise, in the cloud or as a service provided by any leading Kubernetes provider. In simple words: One interface to rule them all.

    • Fedora Family / IBM

      • Red Hat OfficialNavigate the Linux terminal faster, test with LTP, and more tips for sysadmins | Enable Sysadmin

        October 2022 was a record-breaking month for Enable Sysadmin. During the month, we published 22 new articles and received more than 938,000 reads from nearly 640,000 readers across the site.

      • Red Hat OfficialExplore Red Hat OpenShift training tailored to your professional journey

        When determining the next steps of your professional development journey, you want to make sure you are on the right path to meet your goals. Red Hat Training and Certification offers guided learning pathways for individuals of all experience levels, covering topics such as deploying containers, developing containerized applications, managing container storage and using automated DevOps pipelines. With so many options available, Red Hat is committed to making the process easy to navigate so you can understand what courses are aligned with your professional journey.

      • Enterprisers ProjectHow to establish a DevOps culture: 7 tips

        DevOps is the leading software development methodology practiced worldwide, with a market share of 47 percent. By adopting DevOps, which emphasizes constant collaboration between development and operations teams, you can experience 63 percent improvement in software quality, 63 percent faster release, and 55 percent better collaboration among teams.

      • Red Hat OfficialUsing with the Red Hat Security Data API

        A few months ago, I wrote my first blog for Red Hat: Getting a list of fixes for a Red Hat product between two dates is easy with

        In that blog we explored the use of the script provided on the Red Hat Security Data page and show you how you can use it to return a list of Common Vulnerabilities and Exposures (CVEs) and Red Hat Security Advisories (RHSAs) included in a particular Red Hat Product between two specified dates.

        Today I want to build on that post and show you ways to enhance the data with the Red Hat Security Data API.

      • AlmaLinux OfficialAlmaLinux 9.1 Beta - Now Available - AlmaLinux OS Blog

        Hello Community! AlmaLinux OS is happy to announce that AlmaLinux 9.1 Beta "Lime Lynx" is available for x86_64, aarch64, ppc64le and s390x architectures.

        Grab installation ISOs from mirrors now.

        As usual, a simple reminder, this is a BETA release. It should not be used for production installations. The provided upgrade instructions should not be used on production machines unless you don't mind if something breaks. Now if you wanna test this somehow, somewhere to see how things will work in 9.1 stable, you're on the right track.

    • Debian Family

    • Canonical/Ubuntu Family

      • OMG UbuntuLinux Mint Gains a Windows-Style ’Show Desktop' Button - OMG! Ubuntu!

        If you’re a loyal Linux Mint user who’s often thought: “I wish it was easier to peek at my desktop while I work”, you’re in luck.

        The Linux Mint team has said it will replace the “show desktop” launcher item in the Cinnamon panel with a new “corner bar” item instead. It is similar to the “show desktop” button that debuted in Windows 7 (which I believe some third-party efforts brought to XP and Vista).

        Now, lest anyone get red in the face at my mentioning of Windows I will stress that Mint’s Corner Bar is not a 1:1 clone: it’s way more customisable.

        You get to choose what happens when you click on the button, or middle click on the button. And while you can quickly “peek at desktop” by hovering over the Corner Bar (just like in Windows) you are able to turn this behaviour or off per your mood.

    • Open Hardware/Modding

      • CNX SoftwareDongshanPI-D1s - An Allwinner D1s RISC-V development board designed to teach programming - CNX Software

        The DongshanPI-D1s development board is comprised of a soldered-on Allwinner D1s RISC-V system-on-module board (SoM) and a carrier board with two 40-pin headers and a 2.0mm dedicated header. This development board is specifically designed to teach programming with a focus on the RISC-V architecture.

      • CNX SoftwareQuadric Chimera GPNPU IP combines NPU, DSP, and real-time CPU into one single programmable core - CNX Software

        A typical chip for AI or ML inference would include an NPU, a DSP, a real-time CPU, plus some memory, an application processor, an ISP, and a few more IP blocks. Quadric Chimera GPNPU (general purpose neural processor unit) IP combines the NPU, DSP, and real-time CPU into one single programmable core.

      • ArduinoPreventing excessive water consumption with tinyML | Arduino Blog

        As the frequency and intensity of droughts around the world continues to increase, being able to reduce our water usage is vital for maintaining already strained freshwater resources. And according to the EPA, leaving a faucet running, whether intentionally or by accident for just five minutes can consume over ten gallons of water. However, Naveen has leveraged the power of machine learning to build a device that can automatically detect running faucets and send alerts over a cellular network in response.

      • ArduinoGrow a beautiful garden with home automation | Arduino Blog

        A beautiful, lush garden is a wonderful thing. Not only does it look good year-round and impress the neighbours, but it’s also a great place to spend time in the summer months and entertain guests.

        However, a good garden is not an easy thing to maintain. It takes many hours of hard work and toil to create a beautiful garden in the first place, and then many more hours to keep it that way. If you take a vacation or have a few busy weeks, things can start to go wrong fast.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • OpenSource.comAchieve smart home interoperability with open source technology |

      Advertisers sell the myth of the "Smart Home" as a magical world where you automate everything with ease to simplify your life and free your mind of trivial tasks. It looks great on paper and TV, but so far, it's mainly been a battle of technologies and manufacturers.

      Suppose you want to add a presence sensor from manufacturer A to your existing hub from manufacturer B so you can switch ON your light from manufacturer B. Or perhaps you want to switch OFF your air conditioner when your door is open, but the door sensor is not from the air conditioning manufacturer. Will it work?

      There's a significant chance that the devices you want to link to one another don't talk the same "language." You might research compatibility for weeks before deciding to take your chances. It may or may not work. There are so many technologies, protocols, APIs, and cloud connectors involved that you just can't be sure until you spend a lot of money trying them. So far, the "Smart Home" has been an over-complex world in which every vendor tries to push its own technology, protocol, and stack at the cost of consumer freedom, time, effort, and expense.

    • Is A Free Open-source Distraction-Free Chat App is a minimal, distraction-free, accountless, logless, disappearing chat service which is easily deployable as your own service. The current client comes bundled with LaTeX rendering provided by KaTeX and code syntax highlighting provided by highlight.js. offers simple user-interface and several commands and mod. If you are an old school internet user, you certainly will enjoy the app.


      This project is licensed under the WTFPL (DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE) License.

    • Events

      • FSFLibrePlanet 2023 will be held March 18-19, CFS extended to November 23

        The dates for LibrePlanet 2023 have been announced and the Call for Sessions has been extended.

        Have you submitted a talk for LibrePlanet 2023 yet? For those unsure if they can make it to the event, we have now set the dates: March 18 & 19, 2023! We have also extended the Call for Sessions (CfS) for another three weeks, until Wednesday, November 23, 2022, at 10:00 EST (15:00 UTC). This gives you the chance to make sure that you're a part of LibrePlanet 2023: Charting the Course.

      • PostgreSQLPostgreSQL: Call for Papers - PGConf India, 2023

        India PostgreSQL User Group is pleased to announce that PGConf India 2023 will be held in Bengaluru, India between 22nd Feb to 24th Feb 2023.

        Call for papers is out now. Please submit your proposal by signing up on and following the instructions there. The last date for submission is November 20, 2022. We would encourage everyone to submit their proposals as early as possible without waiting till the last date.

        With growing popularity and adoption of PostgreSQL, PGConf India has become one of the largest events in this part of the world. We expect more than 400 delegates to attend this year’s event. So this gives you a great opportunity to present your work in front of a large audience. More details about the conference are available on the conference website

    • Web Browsers/Web Servers

      • Mozilla

        • MozillaThe Mozilla Blog: Mozilla Launches First-of-its-Kind Venture Fund to Fuel Responsible Tech Companies, Products [Ed: Mozilla could instead pay salaries to much-needed Firefox developers]

          Today, amid a sea of internet companies and products that routinely put profits ahead of people, Mozilla is unveiling an ambitious new venture capital fund to transform technology investment — and the internet more broadly.

        • MozillaThe Mozilla Blog: Mozilla Ventures: Investing in Responsible Tech [Ed: Mozilla laid off many engineers to instead waste money on optics]

          My response: we won’t know unless we try, together.

          Personally, I think it is possible to build successful companies — and great internet products — that put people before profits. Mozilla proves this. But so do ProtonMail, Hugging Face, Kickstarter and a good number of others. All are creating products and technology that respect users — and that are making the internet a healthier place.

    • Programming/Development

      • TechRepublicSourceHut to remove all cryptocurrency-related projects

        Open-source repository SourceHut is pulling the plug on software projects that tap into cryptocurrency and blockchain. In a post published on Monday, Oct. 31, SourceHut founder and creator Drew DeVault said he would ban projects associated with these technologies, citing their use in “get-rich-quick” schemes and other types of scams.

        DeVault explained his decision by asserting that domains used in these types of projects are associated with “fraudulent activities and high-risk investments” that take advantage of people during difficult economic times and an inequality in global wealth.

      • The AnarcatA typical yak shaving session - anarcat

        Someone recently asked what yak shaving means and, because I am a professional at this pastime, I figured I would share my most recent excursion in the field.

        As a reminder, "yak shaving" describes a (anti?) pattern by which you engage in more and more (possibly useless) tasks that lead you further and further away from your original objective.

      • Perl / Raku

        • PerlSpoken like a 1980s chip | Saif []

          As an old simpleton, however, I can not drag myself away from the genius of the guys who with such limited resources managed so much, into the modern world were memory and processor power limitations are of no real issue. The SP0256-AL2 is the centre of this remarkable primitive utility, and I took it myself to explore how this worked, to transform it into a simple module that can be imported into any Perl program, with no dependencies apart from a means to transfer data to a speaker. There indeed many attempts to emulate this little chip, though I have not come across any that specifically use Perl, I do find resources including this one from Greg Kennedy that allow translation to the allophones used here.

        • DEV CommunitySpecifying a pattern - DEV Community 👩‍💻👨‍💻

          This blog post will discuss the types of patterns you can specify with rak.

      • Python

      • Go

        • VideoHow to install GoLand on Linux Mint 21 - Invidious

          In this video, we are looking at how to install GoLand on Linux Mint 21.

        • FOSSLifeFree Ways to Start Learning Go

          Go, also known as Golang, is an open source programming language developed at Google. The language, which was written by Robert Griesemer, Rob Pike, and Ken Thompson, is widely used for cloud native development and building cloud infrastructure.

          “Docker, a Linux container manager, and Kubernetes, a container deployment system, are core cloud technologies written in Go,” states this Communications of the ACM article. “Today, Go is the foundation for critical infrastructure at every major cloud provider and is the implementation language for most projects hosted at the Cloud Native Computing Foundation.”

  • Leftovers

    • Hardware

      • The Next PlatformCutting To The Front Of The Server CPU Line

        In many ways, particularly when it comes to the overall profitability of a CPU line over time, it sucks to be a CPU maker. Everything is exactly backwards.

    • Health/Nutrition/Agriculture

      • TediumWhat Gives Prescription Drugs Their Unusual Names, Anyway?

        A while back, I caught something interesting on the blog of a Pulitzer Prize-winning author. Andrew Marshall, a writer for Reuters who serves as a correspondent in Southeast Asia, had a need for an anti-diarrheal medication while in Burma, a country that has put him in the crosshairs of food poisoning multiple times. (I’m okay with not learning the specifics of his medical ailment.) With that in mind, he had purchased a drug with an unusual name when he was in nearby Thailand—Tedium. Yes, Tedium. The drug, essentially a regional variant of Imodium A.D., is kind of hilariously suited for this particular drug. “It not only alleviates the condition but, in a single word, captures the experience,” Marshall wrote. And I guess I’ve sort of been wondering: How do drugs get named? And why do drug names carry a certain flow to them, despite seemingly sounding like gibberish words? That’s a question I needed to answer for myself—and for today’s Tedium (the newsletter, not the anti-diarrheal).

    • Linux Foundation

      • ONE Summit Adds New Industry Luminaries to Keynote Line-up, New Mini-Summits & Global Virtual participation

        Taking place in Seattle, WA, November 15-16, ONE Summit is the one industry event that brings together decision-makers and implementers for two days of in-depth presentations and interactive conversations around 5G, Access, Edge, Telco, Cloud, Enterprise Networking, and more open source technology developments. The event enables attendees to engage directly with thought leaders across 5G, Cloud Native and Network Edge and expand knowledge of open source networking technology progression.

    • Security

      • IT Wire Top security researcher Vitali Kremez dies while scuba diving

        Well-known security researcher Vitali Kremez has died apparently after going scuba diving off the coast of Hollywood Beach in Florida. He was 36.

        The US Coast Guard said in a tweet that Kremez' body had been recovered by local authorities on Wednesday.

        Local reports said Kremez had entered the water at about 9am local time on Sunday and was not seen thereafter.

        At the time of his death, Kremez was working as the chairman and chief executive of Advanced Intelligence, a company that specialises in threat intelligence.

      • Help Net SecurityHigh-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786) [Ed: Still no apologies for prior exaggeration]

        Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the punycode decoder that could lead to crashes (i.e., denial of service) or potentially remote code execution.

      • Hacker NewsInside Raccoon Stealer V2 [Ed: Windows TCO]

        Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware collected 50 million credentials.

      • Hacker NewsThese Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites

        A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign.

        The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectively downloaded over one million times.

        According to Malwarebytes, the websites are designed to generate revenues through pay-per-click ads, and worse, prompt users to install cleaner apps on their phones with the goal of deploying additional malware.

      • Malware on the Google Play store leads to harmful phishing sites

        A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads.

      • Hacker NewsMultiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

        Following responsible disclosure on August 22, 2022, the four vulnerabilities have been patched in Checkmk version 2.1.0p12 released on September 15, 2022.

      • GoogleProject Zero: Gregor Samsa: Exploiting Java's XML Signature Verification

        Earlier this year, I discovered a surprising attack surface hidden deep inside Java’s standard library: A custom JIT compiler processing untrusted XSLT programs, exposed to remote attackers during XML signature verification. This post discusses CVE-2022-34169, an integer truncation bug in this JIT compiler resulting in arbitrary code execution in many Java-based web applications and identity providers that support the SAML single-sign-on standard. OpenJDK fixed the discussed issue in July 2022. The Apache BCEL project used by Xalan-J, the origin of the vulnerable code, released a patch in September 2022.

        While the vulnerability discussed in this post has been patched , vendors and users should expect further vulnerabilities in SAML.

        From a security researcher's perspective, this vulnerability is an example of an integer truncation issue in a memory-safe language, with an exploit that feels very much like a memory corruption. While less common than the typical memory safety issues of C or C++ codebases, weird machines still exist in memory safe languages and will keep us busy even after we move into a bright memory safe future.

        Before diving into the vulnerability and its exploit, I’m going to give a quick overview of XML signatures and SAML. What makes XML signatures such an interesting target and why should we care about them?

      • LWNSecurity updates for Wednesday []

        Security updates have been issued by Debian (ffmpeg and linux-5.10), Fedora (libksba, openssl, and php), Gentoo (openssl), Mageia (curl, gdk-pixbuf2.0, libksba, nbd, php, and virglrenderer), Red Hat (kernel, kernel-rt, libksba, and openssl), SUSE (gnome-desktop, hdf5, hsqldb, kernel, nodejs10, openssl-3, php7, podofo, python-Flask-Security, python-lxml, and xorg-x11-server), and Ubuntu (backport-iwlwifi-dkms, firefox, ntfs-3g, and openssl).

      • Beta NewsDropbox confirms serious security breach in which hackers stole code from 130 GitHub repositories

        Dropbox has revealed details of a phishing attack to which it fell victim. In the attack, a threat actor was able to steal code from the company after gathering employee credentials to GitHub repositories.

        The security breach took place in the middle of last month, with GitHub notifying Dropbox of suspicious account activity on October 14. The cloud storage company says that the code that was accessed "contained some credentials -- primarily, API keys -- used by Dropbox developers" but insists that "no one's content, passwords, or payment information was accessed", and that its core apps and infrastructure were unaffected.

      • [Old] Should hackers destroy communication? | Stop at Zona-M

        Last week, the day after the russian invasion of Ukraine, Jaromil remembered that opposition from 1999, asking hackers to keep the networks of communication alive between Russia and the rest of the world.


        No answer for this. Not now, at least. Just the sad awareness that it will become a crucial issue, the next time there will be such a crisis.

    • Civil Rights/Policing

      • AccessNowMusk’s Twitter takeover must not silence activists - Access Now

        Now that tech billionaire Elon Musk has completed his takeover of Twitter, he must protect the voices of human rights defenders across the globe.

        While Musk stated that the company will not make major revisions to its content moderation policy until a council is established, there are already campaigns to flood the platform with hateful conduct and messaging.

        Twitter, in spite of its flaws, is an essential tool for activists, journalists, and human rights defenders to share information, campaign, and address threats around the world. Musk must make decisions in the near future to ensure the platform will protect the people who depend on it.

    • Monopolies

      • Copyrights

        • Public Domain ReviewPlaying Indian: *Cummins’ Indian Congress at Coney Island* (1903) – The Public Domain Review

          This recording of Colonel Frederick T. Cummins’ Wild West Show held in Brooklyn’s Steeplechase Park is one grand audio sleight-of-hand. The orchestra at Columbia Records’ Manhattan studio created the sounds of whooping “Sioux warriors”, beating tom toms, and stampeding horses. Cummins’ “five hundred Indians representing forty-two tribes, living in teepees, wigwams, and adobe houses” were all out at Coney Island, under the watchful eye of showman Cummins and his Lakota wrangler Henry Standing Bear, a veteran of Carlisle Indian School. Vaudevillian Len Spencer supplies the carny barker introductions, and orchestra musicians round out each section with mock applause or war cries.

  • Gemini* and Gopher

    • Personal

    • Technical

      • Internet/Gemini

        • Re: Mayan and Gemini priests

          I ordinarily try to steer clear of posting about Gemini itself. I do tend to post a good bit about the pieces of software that I've authored around Gemini, but those posts aren't really about Gemini itself but rather my hobby of writing software. But this idea that Gemini is an elite community of tech nerds that keeps people out by having a high barrier to entry bothers me, big time. In fact, just the word "gatekeeping" is a trigger word for me these days, much in the same way as the term "woke" is when it comes to social issues. Both terms are thrown around as a pejorative and source of ridicule. Both terms also are applied far too broadly. Of course, I'd rather that they weren't used as a pejorative to begin with, but the actual level of human decency or, correspondingly, technical awareness in the context of gatekeepking that can trigger their use is ridiculously low.

* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.

Recent Techrights' Posts

The Sheer Absurdity of the EPO's Career System Explained by EPO Staff
"Staff representation has previously pointed this out to management, and the career system has been the reason for several industrial actions and litigation cases initiated by SUEPO."
Forget About India's and Pakistan's Nuclear Weapons and Armament Race, They Need to Abscond Windows and Microsoft (Security Swiss Cheese)
Both countries would be wise to remove Windows as soon as possible, irrespective of the local party politics
statCounter: GNU/Linux Rose From 0.2% to Over 3% in Pakistan
GNU/Linux "proper" (i.e. not ChromeOS) has the lion's share
The "D" in Debian Stands for Dictatorship That Extends to Censorship at DNS Level
Of course the registrar, which charged for domains until 2025, just went along with it
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 25, 2024
IRC logs for Saturday, May 25, 2024
GNU/Linux in Greenland
The sharp increases for GNU/Linux started last summer
[Meme] Productivity Champ Nellie Simon: It Takes Me 3+ Weeks to Write 6 Paragraphs
Congrats to Nellie Simon!
It Took EPO Management 3+ Weeks to Respond to a Letter About an Urgent Problem (Defunding of EPO Staff)
The funny thing about it is that Nellie Simon expects examiners to work day and night (which is illegal) while she herself takes 3+ weeks to write a 1-page letter
Staff Union of the EPO (SUEPO) in The Hague Taking Action to Rectify Cuts to Families of Workers
they "are active in challenging this measure via the legal system"
Links 25/05/2024: Microsoft Adds More DRM (Screenshot Blocking), Another Microsoft Outage Takes Down Everything
Links for the day
Gemini Links 25/05/2024: "Bill Smugs" and OpenBSD Mirror Over Tor / I2P
Links for the day
Microsoft #1 in Gaming Layoffs, Laid Off Workers Receive Another Insult From Microsoft
Many of them never chose to work for Microsoft
In New Caledonia Windows is Now Below 30% (It Used to be Over 90%)
Microsoft's Windows absolutely collapsing and the measures are relatively stable
Red tape: farmer concerns eerily similar to Debian suicide cluster deaths
Reprinted with permission from Daniel Pocock
Galway street artists support social media concerns
Reprinted with permission from Daniel Pocock
Links 25/05/2024: Section 230 and Right of Publicity Violations by Microsoft (Which Attacks Performance Artists)
Links for the day
[Meme] No Microsoft
For fun!
Microsoft Windows Falls to New Lows in Poland
It may mean people delete Windows from relatively new PC
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: An Introduction
The campaign of coercion (or worse) started in 2021
Cybersecurity and Infrastructure Security Agency (CISA) Getting Stacked by Microsoft
it lets Microsoft write policies
The Parasitic Nature of Microsoft Contracts
Stop feeding the beast
Gemini Links 25/05/2024: Emacs Windows 2000 Screenshots and Little Languages
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 24, 2024
IRC logs for Friday, May 24, 2024
Ireland Exits Microsoft's Vista 11
Microsoft can't be doing too well in Ireland because Microsoft had tons of layoffs in that country last year
A Recognition for Hard Work
Running this site is a lot of work
The Web We Lost...
Vintage War Censorship Poster...
Daniel Pocock (IND) in European Election Debate
In this segment he speaks of the effects of social control media and phones on children
[Meme] Next Target: Sub Domains
In Republic of (South) Korea, as of This Month, Android Climbs to Record High of 48%
Judging by statCounter anyway
"Linux" is Second-Class Citizen at IBM
sends the wrong message to Red Hat staff and Red Hat clients
Links 24/05/2024: More Software Patents Invalidated (US), New Fights to Protect Free Speech
Links for the day
"You Touched the Wrong Lady"
What Rianne wrote more than 8 months ago
Links 24/05/2024: Layoffs at LinkedIn and Election Interference Via Social Control Media
Links for the day
Getting a 'Thank You' From Software Freedom Conservancy (SFC) Will Cost You $5,000 to $30,000 (Same as Last Year)
Right now one of their associates (SFC) tries to spend money to censor us
KDE Neon Weirdness
Reprinted with permission from Ryan Farmer
Congratulations to Sirius Open Source, Still Claiming to Employ People Who Left Half a Decade Ago (or More!)
What signal does that send to con men?
[Meme] Bluewashing
Cent OS? No more.
IRC Proceedings: Thursday, May 23, 2024
IRC logs for Thursday, May 23, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Tenfold Increase for ChromeOS+GNU/Linux in Brunei
Brunei Darussalam is a country most people don't know about and never even heard about
Coming Soon: Another Round of 'Cancel Stallman' Chorus
The series required a great deal of patience