Bonum Certa Men Certa

Links 16/12/2022: Linux Foundation Helps GAFAM's Hoarding of OpenStreetMap



  • GNU/Linux

    • Notebook CheckPine64 announces PineTab2 Linux tablet powered by Rockchip RK3566 - NotebookCheck.net News

      Pine64 is well-known for making affordable open-source gadgets and devices. Today, the company announced its latest device, the PineTab2.

      As the name implies, the PineTab2 is a tablet. Like all of Pine64's devices, it will run Linux and will likely support a variety of Linux distros. The tablet will feature a 10.1-inch IPS touchscreen with a currently unknown resolution housed in a metal frame. Pine64 has selected the Rockchip RK3566 SoC to power the tablet. Pine64 previously used this chip in their Quartz64 Model B single-board computer, and the silicon has been featured in a variety of other small gadgets.

    • CNX SoftwarePineTab2 Linux tablet to feature Rockchip RK3566 SoC, up to 8GB RAM, 128GB eMMC flash - CNX Software

      The PineTab2 is an upcoming 10.1-inch Linux tablet based on the 1.8 GHz Rockchip RK3566 quad-core Cortex-A55 processor and equipped with up to 8GB RAM and 128GB eMMC flash.

      The new model is a clear step-up compared to the Allwinner A64-based PineTab which did not survive the supply shortage and has also gone through a complete physical redesign with a modular metal chassis that is easy to disassemble for upgrades and change parts such as the eMMC module, camera module, battery, or even the display.

    • Audiocasts/Shows

    • Kernel Space

      • LWNComposefs for integrity protection and data sharing [LWN.net]

        A read-only filesystem that will transparently share file data between disparate directory trees, while also providing integrity verification for the data and the directory metadata, was recently posted as an RFC to the linux-kernel mailing list. Composefs was developed by Alexander Larsson (who posted it) and Giuseppe Scrivano for use by podman containers and OSTree (or "libostree" as it is now known) root directories, but there are likely others who want the abilities it provides. So far, there has been little response, either with feedback or complaints, but it is a small patch set (around 2K lines of code) and generally self-contained since it is a filesystem, so it would not be a surprise to see it appear in some upcoming kernel.

      • LWNChecking page-cache status with cachestat() [LWN.net]

        The kernel's page cache holds pages from files in RAM, allowing those pages to be accessed without expensive trips to persistent storage. Applications are normally entirely unaware of the page cache's operation; it speeds things up and that is all that matters. Some applications, though, can benefit from knowledge about how much of a given file is present in the page cache at any given time; the proposed cachestat() system call from Nhat Pham is the latest in a long series of attempts to make that information available.

        In truth, even current kernels make it possible to learn which pages of a file are present in the page cache. The application just needs to map the file into its address space with mmap(), after which a call to mincore() will return a vector showing which pages in that file are resident. This is an expensive solution, though; it requires setting up a (possibly unneeded otherwise) mapping and returns information that, for many applications, has a higher resolution than is necessary.

      • LWNLosing the magic [LWN.net]

        The kernel project is now more than three decades old; over that time, a number of development practices have come and gone. Once upon a time, the use of "magic numbers" to identify kernel data structures was seen as a good way to help detect and debug problems. Over the years, though, the use of magic numbers has gone into decline; this patch set from Ahelenia Ziemiańska may be an indication that the reign of magic numbers may be reaching its end.

        A magic number is simply a specific constant value that is placed within a structure, typically as the first member, to identify the type of that structure. When structures are labeled in this way, in-kernel debugging code can check the magic number and raise the alarm if the expected value is not found, thus detecting problems related to type confusion or data corruption. These numbers can also be located in hexadecimal data dumps (stack contents, for example) to identify known data structures.

        The use of magic numbers in the kernel appears to have had its origin in the filesystem code, where it was initially used to identify (and verify) the superblock in the disk image. Even the 0.10 kernel release included a test against SUPER_MAGIC (0x137f) to verify that the boot disk was, indeed, a Minix filesystem. Other filesystems came later, starting with the "first extended" (ext), which used 0x137d for its EXT_SUPER_MAGIC value in the 0.96c release in July 1992.

        In the 0.99 release (December 1992), the sk_buff structure that is still used in the networking subsystem to hold packets was rather smaller than it is now, but it did gain a magic field to identify the queue a packet was expected to be in. Toward the middle of 1993, the 0.99.11 release acquired an updated kmalloc() implementation that sprinkled magic numbers around as a debugging aid. That release, incidentally, is also the one where an attempt was made to use C++ to build the kernel; that only lasted until 0.99.13, a couple of months later.

      • LWNJuggling software interrupts and realtime tasks [LWN.net]

        December 2, 2022 The software-interrupt mechanism is one of the oldest parts in the kernel; arguably, the basic design behind it predates Linux itself. Software interrupts can get in the way of other work so, for almost as long as they have existed, developers have wished that they could be made to go away. That has never happened, though, and doesn't look imminent. Instead, Android systems have long carried a patch that tries to minimize the impact of software interrupts, at least in some situations. John Stultz is now posting that work, which contains contributions from a number of authors, in the hope of getting it into the mainline kernel.

        Hardware interrupts (or just "interrupts") are initiated when a physical component in the system wants the kernel's attention; they will usually cause an immediate trap into a special handler function. Since interrupts take the system away from whatever else it was doing, interrupt handlers have to do their work quickly; there is not time for any sort of extended processing. This is not a new problem; pre-Linux Unix systems often included the concept of a "bottom half" as a way of deferring work that could not be done in an interrupt handler.

        The Linux kernel, too, has had to develop mechanisms to defer processing until a more convenient time. One of those mechanisms is software interrupts (or "softirqs"). It was first introduced in the 0.99 kernel under the familiar "bottom half" name; the term "softirq" doesn't appear until the 1.1.77 development release. The abbreviation "bh" ("bottom half") can still be found in the names of kernel functions related to software interrupts.

      • Paul E. McKenneyStupid RCU Tricks: So You Want To Add Kernel-Boot Parameters Behind rcutorture's Back?: paulmck — LiveJournal

        A previous post in this series showed how you can use the --bootargs parameter and .boot files to supply kernel boot parameters to the kernels under test. This works, but it turns out that there is another way, which is often the case with the Linux kernel. This other way is Masami Hiramatsu's bootconfig facility, which is nicely documented in detail here. This blog post is a how-to guide on making use of bootconfig when running rcutorture.

    • Graphics Stack

      • Dave Airlievulkan video decoding: radv status

        I've been working the past couple of weeks with an ffmpeg developer (Lynne) doing Vulkan video decode bringup on radv.

        The current status of this work is in a branch[1]. This work is all against the current EXT decode beta extensions in the spec.

        This contains an initial implementation of H264 and H265 decoding for AMD GPUs from TONGA to NAVI2x. It passes the basic conformance tests but fails some of the more complicated ones, but it has decoded the streams we've been throwing at it using ffmpeg.

      • CollaboraMachine Learning with Etnaviv and OpenCL

        Machine learning is increasingly seeing more applications and it's important to have FOSS options to accelerate such workloads. Unfortunately, the present options in this space are often not appealing, causing users to opt for vendor-specific alternatives with downstream kernels and userspace. An example of this is VeriSilicon's VIPNano-QI NPU IP, which is used for ML workloads but isn't supported upstream.

        This post will give a brief overview of the state of FOSS ML options and announce some work that we are doing to support OpenCL on the Etnaviv driver.

    • Applications

      • The Register UKFOSS video editors OpenShot and Kdenlive updated ● The Register

        Well, it took the project a while, but they got there. OpenShot 2.0 came out in 2016, after "nearly two and a half years" as our scribe said at the time. Its maintainers aren't rushing their job: this week, six and half year later, they just released OpenShot 3.0. To be fair, there have been a whole series of interim 2.x releases, the latest of which was version 2.6.1 in September 2021.

        The new version claims over 1,000 improvements, and better performance and stability. The app can now export multiple videos at the same time, and users of HiDPI monitors should benefit from improved 4K display support. This version is compatible with Blender 3.3 They've also done a lot of work on the program's user guide.

        OpenShot supports an impressive range of platforms. It's available in both native .DEB format in an Ubuntu PPA, and as a cross-platform AppImage, which you can also run on ChromeOS (so long as it's an x86-based ChromeBook). There are also macOS and Windows versions. The Windows version can be run as a portable app, meaning that you can run it and use it, without admin permissions, for instance by installing it on a USB key. It does require a 64-bit CPU, though.

      • It's FOSSHarmonoid: A Beautiful Cross-Platform Music Player With Essential Features

        Fortunately, there’s no shortage of good open-source music players for Linux. We have covered a variety of options in the past.

        Here, I highlight a music player that is free to use, open-source, and available for multiple platforms, including Linux, Windows, and Android.

        Harmonoid is written in Dart programming language. It utilizes libmpv and mpv for its media playback capabilities on desktop platforms.

        It provides an excellent user interface to work with. And does not use electron.js. So, if you hate Electron, this is something you can try.

      • H2S MediaWhat is Linux hosting with cPanel software? - Linux Shout

        Online you can find dozens of Linux-based hosting service providers such as Godaddy, Hostinger, and more, but what is the common among them? It is the usage of the most popular operating system Linux. Because of its lightweight and free + open-source license. However, the thing which makes beginners annoyed while using Linux is its command line interface. That’s why Linux hosting providers generally combined it with Cpanel (Control Panel) software, one of the best among other popular GUI control panels.

      • H2S Media7 Best free Cloud Web hosting Control Panels for 2023 [Ed: List extended by one item]
      • Ubuntu Pit20+ Best LaTeX Editors for Linux System [Ed: Newly-updated list]

        LaTeX is a standard markup language often used in the Linux arena. It takes users to the level of document editing, where they can control content and insert styles. Though there are many good LaTeX Editors available for Linux, beginners may find it challenging to choose the right one according to their level of expertise.

        To save such users from the hassle, let’s take a look at some of the best LaTeX Editors available for Linux. This list aims to help both beginner and advanced users find the best LaTeX Editor for their needs on a Linux system.

    • Instructionals/Technical

      • VirtualizationIntroduction to Docker, Part 2: Repos and Resource Consumption -- Virtualization Review

        In the first article of my Docker series, I covered the basics of Docker containers: how to install one, and how to run, start and access a Docker instance. In that article, I ran two different Linux distros on an Ubuntu host and accessed them from the command line.

      • Joe BrockmeierCareful when cloning: Editing machine IDs for fun and profit : Dissociated Press

        Today I was setting up some VMs on Fedora in Cockpit and decided to clone an Ubuntu 20.04 LTS image, which immediately pulled the same IP as the original. I hadn’t had that issue with CentOS or Debian, not quite sure why, but the culprit is a duplicate machine ID. Here’s how to fix that.

      • FOSSLinuxHow to install FreeLAN on Linux | FOSS Linux

        FreeLAN is a PC software that implements peer-to-peer, a virtual private network(VPN), and full mesh methodologies to create secure site-to-site or point-to-point connections in bridged or routed configurations and remote configurations access facilities.

        When it comes to encoding or encryption, FreeLAN utilizes the OpenSSL library to encrypt the control channels and the data. It allows OpenSSL to perform all the encoding and authentication work, permitting FreeLAN to use all the cyphers available in the OpenSSL package. FreeLAN incorporates a couple of ways to authenticate peers with each other. From version 2.0, FreeLAN provides pre-shared keys, usernames, and password-based and certificate-based authentication.

        What do you do if you intend to use a VPN in a much more flexible way rather than the way VPN services offer it? Or using third-party servers not permitted or insufficient? What if you need to create a secure network? In such instances, FreeLAN can be the solution you have all been looking for.

        In this guide, we will cover some essential features offered by FreeLAN, some of their pros and cons, describe the uniqueness of its configuration and use, how to set it up on our Linux machine, and finally give some recommendations.

      • Linux HintHow to Write to a File in Bash

        Reading and writing the files is one of the common tasks while writing bash scripts. For example, saving the output of a command to a file or simply manipulating the files in bash different commands are used. There are a number of ways of writing any file in bash through terminal and if you are finding ways to write any file while scripting then read this guide.

      • Linux Shell TipsHow to Use APT Command in Linux [15 Useful Examples]

        This article guide walks us through the use of the Linux apt command with practical examples for effective package management in a Debian-based system.

        Before Ubuntu 16.04, Debian-based Linux distributions like Ubuntu and Linux Mint made use of the ‘apt-get‘ command for package management.

    • WINE or Emulation

      • ScummVMDrill a 3D alien moon, become an interplanetary hero!

        Driller aka Space Station Oblivion (in the US), the FIRST supported game of the Freescape engine, is ready for public testing!

        Published in 1987 by Incentive Software Limited, this revolutionary new engine allowed players to explore a solid 3D graphic environment with complete freedom of movement for the very first time in videogame history.

        A new threat emerges after humanity abandoned a dying Earth to establish a new home on planet Evath. Evath's moon Mitral has turned into a gigantic gas time bomb. A meteor is also due to impact Mitral in the next several hours. You were chosen to secure each of Mitral's 18 sectors by positioning a drilling rig over the gas pockets in each sector before the meteor strikes.

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • A grid for the file chooser - GTK Development Blog

          In the last post, we discussed deprecating treeviews and cell renderers, among other things. All these deprecations cause a lot of work for applications and libraries using these APIs, so why are doing this?

          One of the reasons is to enable new features. Such as a grid view for the file chooser. It only took us 18 years! You can see the original feature request in Bugzilla. This is easily possible now because GtkListView and GtkGridView can use the same data models.

        • PurismLibadwaita in the Wild - Purism

          It’s hard to believe, but Libadwaita is not even one year old, having first been released on December 31, 2021. With that in mind it’s pretty remarkable how widely adopted it is today. Between the majority of GNOME core and Circle apps having already been ported, the many new third party apps, and even all GNOME Shell extension settings, Libadwaita is everywhere today.

        • Georges Basile Stavracas NetoMaintainership of GNOME Settings - Georges Stavracas

          GNOME Settings is one of the largest modules of the GNOME desktop. It sits comfortable as one of the bigger repositories out there. Not only that, but feature-wise, Settings is a pretty big hub of the desktop, connecting to GNOME Shell, Mutter, gnome-settings-daemon, the Bluetooth stack, NetworkManager, XDG portals, upower, CUPS, colord, online accounts, only to name a few.

          Of course, such a big piece of software requires constant maintainership, issue triage, reviews, and design work. The project is virtually eternal, since it evolves with the platform, and there’s no effective point where we can call it done.

          Sadly, the number of contributors and maintainers hasn’t been growing at a pace that matches the number of new features and new designs. That’s why we’re putting out a call for people to help out with this critical part of GNOME.

          In the rest of this post, I’ll go through some of the current issues and how you can help.

        • Status update, 15/12/2022 - Sam Thursfield

          I’m commit full time at work to a project, as is normal, and a couple of spare hours a week lets me push forward a few things in GNOME.

          (By the way, if you have a few hours to donate towards improving GNOME, Georges has some ideas for you).

          I’ve been intermittently looking at OpenQA testing of GNOME since the summer, and I just posted a short progress report about that over on discourse.gnome.org.

          I’ve also been looking at search in GNOME since about 2012, and the two things are hopefully about to converge.

  • Distributions and Operating Systems

    • New Releases

      • AVL-MXE 21.2.1 + MXDE-EFL 21.2.2 Released! - bandshed.net

        Eeeeesh! What was intended as a routine ISO freshen up job went down the rabbit hole quickly but ended up in some pretty cool places and so here we are with new ISO’s of AV Linux MX Edition and MXDE-EFL. It’s usually bad form to make deep changes to a ‘within-version’ ISO and better to save such tomfoolery for new releases but there were some pretty strong motivating factors to jerk the wheel and take that left turn in Albuquerque at this point. Much to my chagrin in the live music world a persistent quirk of human nature is the old “people don’t know what they like… they like what they know” mindset.. well it affects Linux Desktop Users too.. When AVL-MXE 21 came out I wanted to trim the resource consumption of XFCE4 and also put together something a little less ‘garden-variety’ because one of the things I loved about Linux when I got onboard many years ago was how it was ‘alternative’, a different way to do the same things… I thought a Distro catering to artists should be different than your basic Office box and have some art within itself. Well it seems I was dead wrong on that one! For the most part the reviews and the User comments have not been terribly positive about Openbox, most people like how the system works, they just don’t want to look at it…lol. We have entered a time where computers have become powerful enough and RAM and storage has become plentiful and cheap enough that resource consumption is much farther down the list of concerns than it ever was. New Linux shoppers in large part want their Desktops to be big, familiar and enterprise-y, Linux Desktops that are clever, crafty and light for the sake of lightness will always have their devoted adherents as MX-Fluxbox and antiX will readily show but I feel that these types of projects are more used and tried by people that have been under the Linux tent for a while or are tireless tinkerers. It seems AV Linux is an initial point of contact for many people trying Audio and Video production on Linux for the first time so although I may have my pet opinions I’m not so stubborn that I can’t listen and change direction, the limitations and caveats imposed by Openbox were not the best decision in hindsight.

    • SUSE/OpenSUSE

      • OpenSUSEKDE, GNOME, Audio packages update in Tumbleweed

        Updates for sound, image and system components arrived this week throughout several openSUSE Tumbleweed snapshots, and the arm images are rolling again, according to notes from the project’s release engineering meeting.

        For those NVIDIA users, testers with aarch64 servers and NVIDIA cards are wanted. Proprietary drivers are now available for aarch64, which is only for the G06 version.

    • Fedora and Red Hat

      • Red HatConfigure a pod security context with Cryostat Operator | Red Hat Developer

        Since Kubernetes 1.21, the old PodSecurityPolicy API is being deprecated and has been removed from versions 1.25 and later. This API will be replaced by the new built-in Pod Security Admission (PSA), which introduces a new set of Pod Security Standards. To support these standards, The Red Hat OpenShift Container Platform introduces new security context constraints (SCC) policies.

        With these changes, especially starting with OpenShift 4.12, all namespaces will run in the restricted mode, and pods must be properly configured under the enforced security standards defined globally or on a namespace level to be admitted to launch. See discussions here. This has implications for Cryostat, a container-native JVM application that provides a secure API for profiling and monitoring containers with JDK Flight Recorder, if you're running it on OpenShift.

      • Red HatNew enhancements in the Cryostat 2.2 JMC agent plugin | Red Hat Developer

        The JDK Mission Control (JMC) agent is a powerful tool that allows users to inject custom JDK Flight Recorder (JFR) events into running applications without restarting the Java Virtual Machine. The new release of Cryostat 2.2 now offers a graphical user interface for communicating with the JMC Agent in containerized applications that support it. This article introduces the Cryostat JMC agent plugin and enhancements made in version 2.2.

      • Red HatStandardizing application delivery with OpenShift | Red Hat Developer

        More and more organizations are adopting inner loop and outer loop constructs as part of their digital transformation and cloud-native development initiatives. This development strategy can improve developer productivity, reduce cognitive load, and standardize application delivery and deployment.

        Figure 1 shows how the division into an inner loop and outer loop helps developers innovate and deploy applications faster with Red Hat OpenShift. There is a clear and physical distinction between the tasks performed by the developer and the larger CI/CD process.

      • Fedora ProjectFedora Community Blog: Council election: Interview with Aleksandra Fedorova

        In recent years Fedora achieved great results in becoming a user-friendly, easy to use, polished and reliable Linux distribution. I would like us to continue this work, but also to push towards more people becoming not just consumers of the Fedora distribution, but members of the Fedora community and contributors to the Fedora Project.

        For that I think we need to continue updating and modernizing our communication channels and reduce barriers for people willing to contribute changes. We should create paths for occasional contributors to get deeper into the Project’s internals, so that they can eventually take over larger tasks and initiatives.

      • Enterprisers ProjectIT leadership: 4 resolutions for 2023 | The Enterprisers Project

        According to a survey of HR professionals, leader and manager effectiveness is a priority for 60 percent of HR leaders in 2023. Effective leadership requires us to look back before we look ahead and consciously reflect on how we can unlock our full leadership potential in the New Year.

        [...]

        Leadership requires an open mind, the ability to see the whole picture, and a willingness to foster the human-to-human dynamic in the workplace

      • Now You Can Enrich Your Fedora Wiki Profile With Your Fediverse URL. | Bogomil Shopov

        After a long time, I was trying to edit my Fedora wiki space and realized that I could not add my Fediverse ID there. Since this is the only “social media” I use now, I edited the userinfo template and added the missing details, so your profile can show your decentralized DID.

    • Canonical/Ubuntu Family

      • UbuntuRepatriation to reduce public cloud spend - easier said than done? | Ubuntu

        Repatriation in cloud computing refers to moving workloads from the public cloud to on-premise infrastructure. Sarah Wang and Martin Casado from Andreessen Horowitz have written one of the most popular articles about repatriation: they explain the motivation with the significant cost savings possible. For software-based businesses, public cloud spend can rise to 50% of the cost of revenue (COR). Reducing these costs has the potential for significant margin increases.

        The idea of repatriation is often compared to a rent-or-buy decision. We all make rent-or-buy decisions for various items in our daily lives: cars, housing, or skiis during winter holidays. Every situation comes with individual constraints, but the main decision factors appear the same: if an item is being used over a more extended period, buying appears cheaper. If an item needs customisation, buying such an item seems to be more appropriate.

      • OMG UbuntuUbuntu 23.04 Dev Builds Now Look a Pinch More Appealing… - OMG! Ubuntu!

        No lie, the latest daily builds of Ubuntu 23.04 “Lunar Lobster” are looking a lot more luscious than usual.

        For what I believe is the first time, Ubuntu devs have decided to ship a bespoke desktop background to be used exclusively in development builds.

        And naturally the new artwork conveys a creative concurrence of the release codename.

        Now typically, each new dev release of Ubuntu uses its predecessor’s artwork for the bulk of its development cycle. It only gains a custom wallpaper of its own near UI freeze. Not so with the Lunar Lobster, the next short-term release of Ubuntu ear-marked for emergence in April 2023.

    • Devices/Embedded

      • There is life after Linux, just not a sustainable one - Rethink

        The extinction of pay TV set tops has been forecast every year since streaming alternatives arrived on the scene. While cord cutting has again terrorized developed pay TV territories the world over throughout 2022, there remains persistent pockets of opportunity for pay TV operators and the vendor community – across hardware, software, and even in setting a bar for sustainability. When exploring the topic of life after Linux and looking ahead to next-gen set top options in 2023, some might be disappointed to hear that there are still only two viable technologies on the table – Android TV and RDK. We have been having the exact same conversations for the past five or six years, so what’s new in life…

    • Open Hardware/Modding

      • Linux HintRaspberry Pi History

        Raspberry Pi is a series of single board computers designed by Raspberry Pi foundation in the United Kingdom with the association of Broadcom. Eben Upton is the founder of the Raspberry Pi device, which released the first model in February 2012. The name “Raspberry” is a homage to famous computer companies like Apple, Blueberry and Tangerine Computer Systems. The “Pi” name was suggested keeping its importance in running the Python programming language. The main goal behind developing Raspberry Pi board was to make access to computing cheap and learning computer programming.

        This single-board computer is capable of performing different tasks, such as web server, home automation, robots, database management and more. This article discusses a brief history of Raspberry Pi models.

      • ArduinoGrimmboy is an RFID music player designed for kids | Arduino Blog

        Kids, like full-sized humans, love music. But most music players are designed for adult dexterity and user interface familiarity, which makes them difficult for young children to operate. For many parents, Amazon’s Alexa and similar services are the answer, as kids can simply ask a device to play the song they want. But to give them a less noisy way to play music and retain some control over what they can listen to, consider building the Grimmboy Arduino-based RFID music player for kids.

        Because Grimmboy is for kids, the controls are as simple as possible. There is a pause/unpause button, a volume dial, and a status LED — that’s it. To select a song, album, playlist, recorded story, or any other audio file, the child simply taps one of the RFID cards to the device. The cards, which are laminated with nice cassette tape graphics, contain MiFare Ultralight C RFID tags that the parent can program with lists of four-digit track IDs. Grimmboy reads the card’s track ID list and starts playing the files with those IDs.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • LinuxSecurityLarge-Scale Phishing Campaign Floods Open-Source Repositories with 144,000 Packages [Ed: Misleading title; this is not an "open source" problem but a repo or centralisation problem, or "install random stuff from the Net" problem]

      The phishing packages used in this campaign have since been removed from the repositories, except in the case of NuGet, where the packages were unlisted from the repository’s search results. These unlisted packages are still available, but not easily accessible.

    • Alan PopeAdding giscus Comments [Ed: Alan Pope left Canonical. Now he's outsourcing part of his blog to proprietary software controlled remotely by Microsoft.]

      I had a look around, and recently discovered giscus, a comment system which uses GitHub discussions for the backend...

    • GoogleGoogle Online Security Blog: Announcing OSV-Scanner: Vulnerability Scanner for Open Source [Ed: Google is outsourcing security tools to proprietary software managed by the NSA and Microsoft; that's a very negative sign]

      Today, we’re launching the OSV-Scanner, a free tool that gives open source developers easy access to vulnerability information relevant to their project.

    • The Register UKGoogle debuts OSV-Scanner – a Go tool for finding security holes in open source

      Google this week released OSV-Scanner – an open source vulnerability scanner linked to the OSV.dev database that debuted last year.

      Written in the Go programming language, OSV-Scanner is designed to scan open source applications to assess the security of any incorporated dependencies – software libraries that get added to projects to provide pre-built functions so developers don't have to recreate those functions on their own.

    • Productivity Software/LibreOffice/Calligra

      • LWNDisunity at The Document Foundation [LWN.net]

        The Document Foundation (TDF) was created in 2010 to steward and support the development of the LibreOffice suite, which was then a new fork of OpenOffice.org. TDF has clearly been successful; unlike OpenOffice, which is currently under the Apache umbrella, LibreOffice is an actively developed and widely used project. But TDF has also been showing signs of stress in recent years, and the situation does not appear to be getting better. There are currently some significant disagreements over just what role TDF should play; if those cannot be resolved, there is a real chance that they could rip the Foundation apart.

        [...]

        The big argument over the last few months, though, is on a related topic: whether TDF should employ developers of its own and, if so, what those developers should work on. In February, board member Paolo Vecchi (Omnis Cloud Sarl) proposed that TDF should hire some developers of its own; the two suggested positions would work on creating a presence for LibreOffice in app stores, among many other things. (Then) board member Jan Holesovsky (Collabora), instead, argued that TDF needed mentors to support developers elsewhere: "teaching how to fish, not fishing itself".

        There followed an intense conversation that continues to this day. Some participants feel that TDF should not be in the business of employing software developers — or even that, according to its bylaws, it cannot do so. Others see TDF-based developers as the core of a strong LibreOffice going forward. Yet others can accept developers employed by TDF, but want strong constraints on what those developers should be doing.

        These viewpoints have been expressed in several interminable threads arguing over the proper role of TDF, with accusations of conflicts of interest flying in all directions. Much of the conversation was evidently in private, and it is hard to determine what the actual course of events was but, at some point, Vecchi and Holesovsky got together and put a serious effort into the creation of a proposal for the hiring of developers that would be acceptable to all involved. As part of this effort, Holesovsky backed down from the "not fishing" position and accepted that development could be done within TDF. Numerous versions of the proposal resulted from this dialog as various issues were worked out.

        As of this writing, version 3.1 is the latest attempt. It makes the claim that TDF can support the community by employing developers to work on LibreOffice, especially if they focus on otherwise neglected areas. Suggested targets include better support of right-to-left and CJK (Chinese, Japanese, Korean) text, accessibility, interoperability with non-native file formats, and fixing of regressions: "there are 12.6K open bugs in TDF Bugzilla, of which 1.3K of them are regressions". The proposal also makes it clear that these developers will not work on long-term-support or "enterprise" versions of LibreOffice.

    • SFC

      • Mark J. Wielaard: Software Freedom Conservancy 2022 Fundraiser [Ed: Mark J. Wielaard is working against the FSF; Red Hathe works for IBM and his loyalty is to the salary, not to software freedom]]

        Please donate to the Software Freedom Conservancy this year. Software Freedom Conservancy has been growing and is able to take on the work it does thanks to the incredible support of individuals who care about an organization who stands up for the equitable, ethical and end user focused technologies.

    • Programming/Development

      • GCCMerge modula-2 front end onto gcc.

        This commit merges the devel/modula2 into master. The libraries reside in libgm2, the compiler in gcc/m2 and the testsuite in gcc/testsuite/gm2.

      • ephemeral success -- wingolog

        Good evening, patient hackers :) Today finishes off my series on implementing ephemerons in a garbage collector.

        Last time, we had a working solution for ephemerons, but it involved recursively visiting any pending ephemerons from within the copy routine—the bit of a semi-space collector that is called when traversing the object graph and we see an object that we hadn't seen yet. This recursive visit could itself recurse, and so we could overflow the control stack.

        The solution, of course, is "don't do that": instead of visiting recursively, enqueue the ephemeron for visiting later. Iterate, don't recurse. But here we run into a funny problem: how do we add an ephemeron to a queue or worklist? It's such a pedestrian question ("just... enqueue it?") but I think it illustrates some of the particular concerns of garbage collection hacking.

      • QtEmbedded Device Requirements for Digital Advertising [Ed: Qt helps companies make very annoying applications that embed ads inside the GUI, distracting the user from what he or she actually wanted to do; imagine GUIs that refuse to let you change settings or press "Next" until you have watched all the ads]

        The concept of digital advertising across different types of hardware has become increasingly popular as of late, and the opportunities for ad placements in novel locations is continuously growing. However, there are certain minimum requirements which must be taken into consideration to ensure optimal performance across this multitude of devices.

      • QtQt Creator 9.0.1 released

        We are happy to announce the release of Qt Creator 9.0.1!

      • Dirk EddelbuettelDirk Eddelbuettel: spdl 0.0.3 on CRAN: Adding File Logger

        A second update to the still-new package spdl is now om CRAN, and in Debian. The key focus of spdl is a offering the same interface from both R and C++ for logging by relying on spdlog via my RcppSpdlog package.

        This release add support for a simple filesetup() initialiser to direct logging output to a file. For now the console logger and the file logger are exclusive, if there is interest we could borrow a page from upstream and combine them.

      • Frederik Braun : DOM Clobbering

        When thinking of HTML-related security bugs, people often think of script injection attacks, which is also known as Cross-Site Scripting (XSS). If an attacker is able to submit, modify or store content on your web page, they might include evil JavaScript code to modify the page or steal user information like cookies. Most developers out there protect their websites against XSS by disallowing or controlling script execution.

      • Linux HintInet_Ntop() Function in C

        Socket functions use data structures in their input arguments that contain client and server-specific information. The most important information in them is undoubtedly the IP addresses. There are several types of structures that are used by socket functions to store these addresses such as sockaddr, addrinfo, or in_addr, etc.

        IP addresses are not encoded which means that each of the numbers in their fields is represented by its binary equivalent. This means that in certain cases, it is necessary to convert the IP addresses to strings or the strings to IP addresses in order to work with them.

        In this Linux Hints article, you will learn how to convert the IP addresses to strings using the inet_ntop() function.

      • Linux HintGetaddrinfo() Function in C Language

        To open a socket client-server, we need some important information about the server that we want to connect to such as the domain address, the address family it uses, etc.

        This connection process requires the use of several functions, and the call to each of these has a specific order that must be strictly followed. Many of these functions are used to retrieve the data from the server that you want to connect to. Their results are some of the input arguments for the subsequent function.

        These arguments are descriptors and data structures that contain the client and server-specific information about some of the layers that make up a network connection.

      • Linux HintRadix Sort (C++)

        A radix or base is a representation of a number that shows how many digits are required to represent a positional number. For example, to represent the binary number, the radix value is 2 (we represent the binary either with 0 or 1). To represent the decimal number, the radix value is 10 (we represent the decimal number with numbers 0 to 9).

      • Linux HintReturn Array From Function C++

        Arrays store the data of the same type in a consecutive memory location. Functions break the bigger problems into smaller chunks to make it easier for programmers to code. Another advantage of using the function is that it makes the code look presentable and clean. Sometimes, we need a function that returns an array so that we can utilize that array in other functions. Then, comes the concept of the array return function in C++. It is the function that returns the array to another function. In this Linux Hint tutorial we will show you with examples how to return arrays from functions that you write in the C++ language.

      • Linux HintUsing Floating Data Types in PostgreSQL

        Float data type falls under the numeric data type category. It supports floating point numbers., numeric, and real numbers. Floating data types can be confusing. But this guide will shed light on understanding the three main floating data types and how to represent them in PostgreSQL using different examples.

      • Linux HintPostgreSQL Temporary Tables

        PostgreSQL has reliable database features for handling different transactions. For instance, its temporary table saves data per given session. A temporary table exists for a given session and closing the given session or trying to query the same temporary table in another session will return an error.

        This post will guide you in understanding how temporary tables work. We will create a temporary table, then try to access it from another session.

      • Linux HintPostgreSQL Grant All Privileges on Schema to User

        Databases are crucial, and it’s the work of the administrator to control what different roles the users can do within a given database. As part of authorization, the administrator can define user entities within the database and grant or revoke various privileges to the roles.

        That way, you attain control over who can access a database and what privileges they have if they can access the database. For instance, you can revoke the database modification or grant all privileges on the schema to a user or users in a given table. This guide details how to use PostgreSQL to grant a user all privileges on the schema to a user.

      • GNOMEFiber examples and Windows support

        I know there are a few things I’d like to still add and change the APIs, but I guess now it’s at the point where it’s time to start building things with it. I’m likely to target pieces of Builder which have a lot of complex async callback chains. Those are likely to benefit the most from fibers.

      • Perl / Raku

        • RakulangDay 16: Santa CL::AWS (part 2) - Raku Advent Calendar

          … in Part 1 of this winter drama, we left Mrs CL::AWS in a pickle.

          The story so far: the elves needed to rebuild their eChristmas website on AWS EC2 – Mrs CL::AWS had quickly whipped up a minimal raku script to use the AWS CLI with a basic procedural coding approach and shell execution of the required commands.

          BUT was this code just too procedural? was it too hard to maintain? would the elves be able to pick it up, to grok it and to extend it come next year after their hibernation under the polar ice? Was raku the right choice?

        • PerlPerl Weekly Challenge 195: Special Integers and Most Frequent Even
        • RakulangDay 15: Junction transformers - Raku Advent Calendar

          This carries 'any' as a type of operation and 0..9 as a list of eigenstates internally. In a smartmatch context, this can match any object that can smartmatch against any of its digit eigenstates. While the list of these is not exposed, there is a means of traversing its contents.

  • Leftovers

    • Science

      • Linux HintTuring Machines and Computability Theory

        In 1936, to calculate any computable function, the machine invented by “Alan Turing” was named “Turing Machine (TM)”. In computer science, TM is the abstract mathematical model of computation and primary theoretical construct. Turing machines work through a pre-programmed uncountable number of instructions. It plays an important role and helps the users find the computation by delimiting the “Computable Functions”.

        [...]

        Compatibility is not just a-machine (Turing machine), a recursive function, Pascal programming language, or calculus, but the combination of all. Alonzo Church, Turing’s doctoral advisor, introduced this concept known as “Church’s Thesis”. It is also called the “Church-Turing Thesis”.

        Moreover, it is not a theorem but is used to compare the computable function with the functions that can be computed by a-machine. Those functions that are not computable by a-machines, cannot be computed by another method. When the concept of the Church’s thesis was formulated, at that time, people did not know about the capability of modern computers, and it was such a significant achievement.

    • Hardware

      • CNX SoftwareBusiness card-sized SBC ships with Intel Core Tiger Lake or AMD Ryzen V2000 processor [Ed: Well, no, the proper SBCs are a lot cheaper, take less energy, and don't have back doors like this one]

        We’ve recently reviewed the UP 4000 SBC as a more powerful x86 alternative to Raspberry Pi 4, but if it still does not cut it, AAEON de next-TGU8 or de next-V2K8 should, as the business card-sized single board computers (SBC) are equipped with respectively an Intel Tiger Lake processor up to a Core i7-1185G7E, and an AMD Ryzen Embedded V2000 SoC up to Ryzen Embedded V2516.

        [...]

        AAEON does not directly list supported operating systems but provides drivers for Windows 10 64-bit for both platforms as well as Ubuntu 22.04 drivers for the AMD board, and Ubuntu 20.04 drivers for the Intel Tiger Lake SBC.

    • Linux Foundation

      • PR NewswireCloud Hypervisor Project welcomes Ampere Computing as a Member

        The Cloud Hypervisor Project, a leading virtual machine monitor (VMM) for running modern cloud workloads, is excited to welcome Ampere Computing as a member. The Linux Foundation and the founding members of the Cloud Hypervisor Project would like to welcome Ampere Computing and look forward to working with them to foster an environment of open source collaboration.

      • Venture BeatCreating the ultimate smart map with new map data initiative launched by Linux Foundation | VentureBeat [Ed: GAFAM hoarding OpenStreetMap to make something they control]

        The project aims to complement existing open geospatial data and integrate with existing open map data from projects such as OpenStreetMap and city planning departments, along with new map data contributed by members and built using computer vision and AI/ML techniques.

      • PR NewswireLinux Foundation Announces Overture Maps Foundation to Build Interoperable Open Map Data [Ed: We already have OpenStreetMap and it's not controlled by these abusive monopolies; "The project will seek to integrate with existing open map data from projects such as OpenStreetMap" but be controlled by Microsoft, Facebook etc. Privatising the Commons, volunteers' work]

        The Linux Foundation, a global nonprofit organization enabling innovation through open source, today announced the formation of the Overture Maps Foundation, a new collaborative effort to develop interoperable open map data as a shared asset that can strengthen mapping services worldwide. The initiative was founded by Amazon Web Services (AWS), Meta, Microsoft, and TomTom and is open to all communities with a common interest in building open map data.

        [...]

        The project will seek to integrate with existing open map data from projects such as OpenStreetMap and city planning departments, along with new map data contributed by members and built using computer vision and AI/ML techniques to create a living digital record of the physical world.

      • TechCrunchDaily Crunch: Major tech firms partner with Linux Foundation to support open map data development [Ed: 'Linux' Foundation as a GAFAM front group; 'Linux' Foundation is not even using Linux; Linux Foundation is privatising the Commons, privatising volunteers' time and work by putting that in the hands of greedy monopolies. You can't say the f word and the c word in the 'Linux' Foundation and it's not because of the CoC. Those words aren't f--- or c---. They're Freedom and Community.]
      • GizmodoBig Tech Companies Join Linux in Effort to Kill Google Maps [Ed: Nothing to do with Linux; this is shoddy 'journalism']

        The companies include Meta, Microsoft, Amazon Web Services, and TomTom, which together could facilitate a new wave of geolocation apps.

      • Linux Foundation's Site/BlogLinux Foundation Newsletter: December 2022 [Ed: Linux Foundation Newsletter is out and it's published using proprietary software; Linux Foundation is to Linux and Open Source what Greenpeace private jet is to environmentalism]

        It's the end of the year, and the holidays are upon us, but we’re not slowing down at the Linux Foundation. We’ve launched a new foundation for Overture Maps, an intent to launch Open Metaverse, and our Annual Report is now available! Plus, three recently published reports from LF Research, community updates, December deals from LF Training & Certification, and more.

    • Security

      • Hacker NewsCryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware [Ed: This is not a problem with Linux and with Go; Linux needs to be compromised in the first place (some other way, e.g. bad password) and Go is just used to write programs; this is classic Microsoft-centric FUD]

        A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS.

      • The Register UKResearchers smell a cryptomining Chaos RAT targeting Linux systems [Ed: They try to paint this as "open source tool" to demonise the way it is developed too]

        Additionally, the open source tool can perform reverse shell on the infected system, take screenshots of the victim's device, collect info on the operating system, and download, upload or even delete files.

      • Soylent NewsEffective, Fast, and Unrecoverable: [Windows] Wiper Malware is Popping Up Everywhere

        wish more articles were more clear about these viruses and malware garbage. Windows only folks. There are still ZERO viruses and stuff for linux, BSD, unix, MacOS (since they migrated to BSD based OS) and so on. And, just because people can imagine a virus for linux, it doesn't mean that it's technically feasible or even doable.

      • Sentinel OneFeature Spotlight | Announcing General Availability (GA) of Linux and K8s Agents v22.3 for Cloud Workload Security - SentinelOne

        For any SentinelOne customers still running Linux or K8s agent v21.x, the resource efficiency gains alone are compelling reasons to upgrade your cloud workload protection agent to v22.1 or higher. We’ve been working with some forward-leaning customers, taking their feedback and further extending our resource efficiency. As a result, v22.1 (and higher) improves performance in 2 dimensions compared to version 21.x: 40-50% improvement in memory usage, and 40-50% improvement in CPU usage.

      • Ars TechnicaMicrosoft discovers Windows/Linux botnet used in DDoS attacks [Ed: There is no such thing as "Windows-Linux"; this is Microsoft spreading FUD about "Linux" yet again, as usual... boosted by its media partners (Microsoft pays Ars Technica)]

        Microsoft researchers have discovered a hybrid Windows-Linux botnet that uses a highly efficient technique to take down Minecraft servers and performs distributed denial-of-service attacks on other platforms.

    • AstroTurf/Lobbying/Politics

  • Gemini* and Gopher

    • Technical

      • On Decimal Time



        Funny, I had a similar idea back in the 80s. Except I thought of dividing the day into 100 units, each just under 15 minutes. A centiday. This is a little easier, as each centiday requires only two digits, and the 15-minute quantization is enough to schedule events or make plans. Kind of matches human precision.

        Meet you at my house at 72. Right?

        Of course, for finer precision you can have hundredths of that, slightly under 9 seconds. Or a thousandth, for just under a second.

      • Internet/Gemini

        • Writing, maybe.

          Having too many links on one page makes me feel claustrophobic.

      • Programming

        • Re: Conformance Should Mean Something - fputc, and Freestanding

          It is a mess. The code from the blog post works on most systems, but most systems these days use 8-bit characters; the article is about systems where a character is defined as 16-bits (allowed by the C Standard) and where an integer is also 16-bits (again, allowed by the C Standard and is the minimum size an integer can be per the C specification). It's rare to have non-8-bit characters on desktop computers these days (or even tablet and smart phones) but it seems it's not quite that rare in the embedded space, where you have DSP (Digital Signal Processor)s that have weird architectures and a charater is most likely the same size as an integer. And that's where the trouble starts.

        • Simplified vi

          This is a small subset of vi key strokes and commands, which cover most of the sorts of things you might want to do when editing a text file. They were selected from the large array of vi key strokes and commands as they are fairly easy to remember, and combine consistantly together. Some of the combinations have defined vi shortcuts, but to keep consitancy with the subset, these generally aren't shown.

        • DOLIST Pitfall

          I've seen multiple people trip over the fact that DOLIST does not yield what one might reasonably expect.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

On Groupthink, Mindless 'Sheep', and Toxic Online Cults
This week, treat yourself to a life free of social control media
BetaNews is Run and Written by Bots That Make Clickbait
At least one author is doing this
Technology: rights or responsibilities? - Part VIII
By Dr. Andy Farnell
GNU/Linux Reaches All-Time High in Europe (at 6%)
many in Europe chose to explore something else, something freedom-respecting
 
Links 25/11/2024: Climate News, Daniel Pocock Receives a Fake/Fraudulent €17,000 Electricity Bill
Links for the day
[Meme] Microsoft: Our "Hey Hi" Hype is Going So Well That We Have MASS Layoffs Every Month. Makes Sense?
Contradiction
Latest Mass Layoffs at Microsoft Are Confirmed, Bing and Vista 11 Losing Market Share
They tried to hide this. They misuse NDAs.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 24, 2024
IRC logs for Sunday, November 24, 2024
Gemini Links 25/11/2024: Purity and Cory Doctorow's Ulysses Pact, Smolnet Portal and SGI
Links for the day
Patents Against Energy Sources That Reduce Pollution
this EV space (not just charging) is a patent mine field and it has long been that way
DARPA’s Information Innovation Office, Howard Shrobe, Values Compartmentalisation But Loses the Opportunity to Promote GNU/Linux and BSDs
All in all, he misses an opportunity
Wayland is an Alternative to X
the alternative to X (as in Twitter) isn't social control media but something like IRC
BetaNews, Desperate for Clicks, is Pushing Donald Trump Spam Created by LLMs (Slop)
Big clap to Brian Fagioli for stuffing a "tech" site with Trump spam (not the first time he uses LLMs to do this)
[Meme] Social Control Media Bliss
"My tree is bigger than yours"
Links 24/11/2024: More IMF Bailouts and Net Client Freedom
Links for the day
Gemini Links 24/11/2024: Being a Student and Digital Downsizing
Links for the day
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day