This week was a bit slow in Linux news and release, but we still got a new Firefox update, new digiKam and KDE Plasma updates, a new Transmission 4.0 bugfix release, as well as a new Kali Linux release celebrating the project’s 10th anniversary with lots of goodies.
On top of that, I show you the major changes in the GNOME 44 desktop environment on Fedora Linux 38 and inform gamers about the latest Steam Deck software update. Check out the hottest news of this week and access all the distro and package downloads in 9to5Linux’s Linux weekly roundup for March 19th, 2023, below.
joel says mount that sucker on demand.
Libreboot provides boot firmware for supported x86/ARM machines, starting a bootloader that then loads your operating system. It replaces proprietary BIOS/UEFI firmware on x86 machines, and provides an improved configuration on ARM-based chromebooks supported (U-Boot bootloader, instead of Google’s depthcharge bootloader). On x86 machines, the GRUB and SeaBIOS coreboot payloads are officially supported, provided in varying configurations per machine. You can find the list of supported hardware in the Libreboot documentation.
The last Libreboot release, version 20221214, was released on 14 December in 2022. This new release, Libreboot 20230319, is released today on March 19th, 2023.
This is marked as a testing release. Not all ROM image configurations have been provided pre-compiled; specifically, daisy and veyron chromebook boards are not available pre-compiled, but the other boards are. A few new boards have been added, in addition to several fixes and feature additions.
First, let’s clarify which parts of NordVPN are now open source. We are talking about...
Relying on the advantages that open source brings, such as increased collaboration, greater flexibility, faster innovation, increased security, and better transparency, NordVPN welcomes developers with the required expertise and skills to contribute to and make changes to the existing codebase, thus contributing to the future improvement of this VPN solution.
So, last week can be called a good one for Open Source movement, as just a few days ago, DreamWorks released its MoonRay animation software as open-source, and now NordVPN is following suit.
The first facet is dd as a way to copy data around. If you view dd this way, it's fine if some combination of dd, your C library, and the kernel optimize how this data copying is done. For example, if dd is reading or writing a file to or from a network socket, in many cases it would be desirable to directly connect the file and the network socket inside the kernel so that you don't have to flow data through user level. If you're using dd to copy data, you generally don't care exactly how it happens, you just want the result.
Since misconfigurations are one of the leading causes of BGP incidents, the goal of this article is to gather together information on best practices and dive into advanced techniques that can help network operators mitigate risks and optimise BGP performance.
My aim is to walk anyone reading this through all of the most important capabilities of BGP and to provide recommendations and best practices for configuring BGP networks. Taking into account the capabilities listed here can help enterprises minimise the risks associated with BGP misconfigurations and ensure that their networks are operating safely and efficiently.
UFW firewall comes pre-installed in Ubuntu and as the name suggests UFW logs can offer inside-out information on how your firewall deals with incoming and outgoing requests.
The Wine 8.4 development release is out now for this Windows translation layer, part of what makes Steam Play Proton tick. Every two weeks (ish), they put out a new release with the latest code like this. Once a year they then produce a stable version. We're currently waiting to see when Valve upgrade Proton to the 8 series, no word on it yet.
Paradox have released the latest DLC for Stellaris with the First Contact Story Pack, along with a free update for all players. Since this is a Story Pack, it's not a full expansion. The idea really is to give dedicated players just that little bit more, good for role-playing and for building up those stories sci-fi fans love so much. This is the kind of thing I've been personally wanting.
So far in our series of posts on showcasing the winners in all six categories of the fifth annual public domain game jam, Gaming Like It’s 1927, we’ve featured Best Remix winner Lucia and Best Visuals winner Urbanity. Today, we’re taking a closer look at the winner of the Best Adaptation category: To And Again by Perrin Ellis.
SystemRescue 10 is here three months after the previous release, SystemRescue 9.06, which was the last in the 9.x series. This new series comes with a long-term supported kernel, namely Linux 6.1 LTS, which supports new devices and features.
Several new packages have been added in this release, including the QtPass a graphical frontend for pass that offers a simple password manager supporting GnuPG encryption, casync content-addressable data synchronizer, stressapptest and stress-ng for stress testing a computer system, as well as the Tk GUI toolkit.
As usual, Secure Boot must be disabled in order to boot OpenBSD.
My Dell XPS 15 9570 laptop is currently running the Fedora Linux distribution and receives firmware updates automatically from the Linux Vendor Firmware Service (LVFS). So far so good, but I recently became aware that the same firmware version is not provided on Dell’s drivers and downloads page.
Ever since the 1970s, a frequent project has been to take a microprocessor and construct a computer system on a breadboard or stripboard. Usually these machines feature a familiar 8-bit processor such as a 6502 or a Z80 because of their breadboard-friendly DIP packages, but there is surprisingly little reason why some of the more recent silicon can’t be treated in the same way. [FoxTech] is leading the way on this, by making a breadboard computer using an 80486DX.
Grand pianos are beautiful instruments, but take up altogether too much space. Upright pianos are smaller, but still fairly hefty. When it comes to the PiezoPiano, though, we suspect nobody could complain about its diminutive size. It’s a tiny thing with just one buzzy little octave for your playing pleasure.
The STM32U5A9J-DK is a development platform featuring an low power Arm Cortex M33 with support for Arm TrustZone. This compact dev kit is equipped with 4GB of eMMC memory, MEMs sensors and on-board debugger/programmer.
Shredding things isn’t just good for efficiently and securely disposing of them. It’s also very fun, as well. [Joonas] of [Let’s Print] didn’t have a shredder, so set about 3D printing one of their very own.
You might be thinking “Why overclock a Raspberry Pi Pico?” Using a low level language, such as C, the Pico is capable of being used to play games such as Doom (the full game) using an HDMI output board. It can emulate retro computers such as the ZX Spectrum and Commodore 64. With MicroPython, overclocking will give us a noticeable speed boost, and underclocking may provide us with longer battery life if we’re using it in a battery-powered project.
There’s isn’t a universal answer to the best way to balance development velocity against technical debt. Thinking of debt as something taken on intentionally by a team to increase their short-term velocity at the expense of future work is an easy to apply strategy that has many benefits to engineering teams while also simplifying the concept for less technical individuals. By measuring accrued debt against long-term baselines and ceilings, engineering managers can get a feel for how much this debt is impacting their teams, and this data can be used to aid in prioritization decisions and high-level discussions with stakeholders.
If your goal to to increase your teams' overall development velocity in the long term, remember that you may want to slow down so that you can move fast.
Link speed has greatly improved compared to lld 15.0.0.
Supply chain Layers for Software Artifacts (SLSA) is a framework of tools to generate and verify provenance for software artifacts. In the Python ecosystem there are two main types of software artifacts: wheels and source distributions.
How can we use the SLSA framework to generate and verify the provenance of Python artifacts?
In the most recent episode of Story Untold ZW, I sat with Eugene Ramirez Mapondera – the creative director at Kay Media Africa and Co-founder of Comexposed, a creative hub for digital artists in Zimbabwe.
Mapondera is an accomplished animator and illustrator, having worked in film, advertising, and publishing for over 14 years. He has been the go-to storyboard artist for over 20 indie films & music videos from Australia, the USA, Canada and the UK including The Secret Princess (the UK, 2016) and Boston (the USA, 2014). Eugene is an active content creator and commentator on African pop culture and technology. He was a jury member at the 2022 Durban International Film Festival.
This post is a celebration of one of my favorite bits of South Pole infrastructure.
The Beer Can, or “vertical tower” in official USAP parlance, is how we move between our comfortable living zone above, and our critical infrastructure zone below.
Surrounded by students, teachers, and advocates, Democratic Minnesota Gov. Tim Walz on Friday afternoon signed into law a bill to provide breakfast and lunch at no cost to all of the state's roughly 820,000 K-12 pupils regardless of their household income.
Following NASA’s recent results with truss-braced wing airplanes and the benefits this could bring to full-sized airplanes, [Think Flight] figured that if it helps with those airplanes, perhaps it may also be a boon for model airplanes. With the recent construction of a carrier airplane for smaller drones, he decided to give the concept a whirl to see whether it would make a difference compared to a regular wing design. This carrier airplane features a payload bay that can be opened in flight to release the drones stored inside it, making any potential increased payload capacity and improvements to the flight characteristics very welcome.
Thermal cameras are great if you want to get an idea of what’s hot and what’s not. If you want to use a thermal camera for certain machine vision tasks, though, you generally need to do a geometric calibration to understand what the camera is seeing and correct for lens distortion. [Henry Zhang] has shared various methods of doing just that.
The start-up chime on Macs is probably as recognizable as the default Nokia ringtone in this day and age. Yet much like a ringtone, so too one might want to change the start-up chime on a Mac. This is something which [Doug Brown] has done in the past already on a Power Mac G3 in 2012, which made him instantly an expert on the topic in the eyes of a reader who wanted to know how to change the chime on a 1999 iMac. While the firmware on both these systems is written in Forth, it did take a bit of sleuthing to figure out where the chime was hiding in the firmware image, and how to change it.
We’ve all heard of those chirper devices that randomly make annoying noises for no other reason than sending people insane. This project from [Kousuke Saito] brings altogether more art to this idea, while still being quite annoying indeed.
One in seven Greek teenagers (13%) spend so much time on social media it has a negative impact on their state of mind, according to preliminary data gathered by the Research University Institute of Mental Health (EPIPSY) as part of a nationwide survey into behaviors related to the health of adolescent students.
The as-yet unpublished data for 2022 show that addiction to social media was significantly higher among girls (16%), compared to boys (9%) and among 13-year-olds (16%) and 15-year-olds (16%), compared to 11-year-olds (6%).
Barbora Burbaitė-EidukeviÃÂienė was the first Lithuanian woman to become a doctor in the 19th century. She was also the first to educate society about dirt.
There’s an ongoing debate in Washington about the need to trim government spending. As our representatives in Congress wrangle over words like “cuts” and “reforms,” the salient issue remains that long-standing entitlement programs like Social Security and Medicare are on the chopping block. It’s time that we acknowledge just how essential these programs are to supporting home and medical care for older Americans and the caregivers who provide that care.
Since January 2020, LockBit has functioned based on the ransomware-as-a-service (RaaS) model, targeting a broad range of businesses and critical infrastructure entities and using a variety of tactics, techniques, and procedures (TTPs).
Also referred to as LockBit Black, LockBit 3.0 has a more modular architecture compared to its previous variants, and supports various arguments that modify its behavior after deployment.
The bug lies in closed-source Google-proprietary code so it's a bit hard to inspect, but after some patch-diffing I concluded that the root cause was due to this horrible bit of API "design": https://issuetracker.google.com/issues/180526528.
Google was passing "w" to a call to parseMode(), when they should've been passing "wt" (the t stands for truncation). This is an easy mistake, since similar APIs (like POSIX fopen) will truncate by default when you simply pass "w". Not only that, but previous Android releases had parseMode("w") truncate by default too! This change wasn't even documented until some time after the aforementioned bug report was made.
The end result is that the image file is opened without the O_TRUNC flag, so that when the cropped image is written, the original image is not truncated. If the new image file is smaller, the end of the original is left behind.
IMHO, the takeaway here is that API footguns should be treated as security vulnerabilities.
Ransomware attacks against U.S. hospitals and health care organizations are becoming increasingly common with headlines occurring seemingly every day and stories about hackers selling health records on the dark web. In 2022, at least 25 ransomware attacks against healthcare providers impacted up to 290 hospitals, according to cybersecurity firm Emsisoft.
There’s a lot to consider about this case. From the reporting, it appears that someone uploaded the files and allegedly created a Facebook page impersonating the patient with the intention of harming the patient and causing her emotional distress. When the patient discovered the page in February 2022 and tried to get it removed, it reportedly took Facebook one month to comply.
There is no debate that finding a house for rent, especially in the metro cities of India, comes with a lot of hurdles. Landlords ask for different things before they decide to rent their houses. However, what Twitter user Goutham couldn’t have imagined is one such homeowner in Bengaluru asking for his LinkedIn profile. He shared about his experience and his relatable post has created a buzz among tweeple.
In February 2022, S.B. learned that a Facebook page impersonating her had been created. The page posted copies of S.B.’s private medical records — including evidence of STDs and other “embarrassing” details — on the public page.
The technology company previewed a new AI "copilot" for Microsoft 365, its product suite that includes Word documents, Excel spreadsheets, PowerPoint presentations and Outlook emails.
Also under the settlement the physicians group doesn't admit any culpability following the data heist.
The People’s Friendship University of Russia has replaced its vice rector for student affairs, after an exhibition at the university featured a Ukrainian flag.
President of Russia Vladimir Putin has signed laws making it illegal to “discredit” or share “fakes” about volunteers and mercenaries fighting for Russia in Ukraine.
Former U.S. President Donald Trump claimed Saturday on his social media platform that he "will be arrested" on Tuesday and implored his supporters to "protest" and "take our nation back," sparking fears of additional right-wing violence.
President of Russia Vladimir Putin traveled to Sevastopol, in Crimea, for the ninth anniversary of the peninsula’s annexation by Russia.
During a recent rally outside the University of Toronto, Saarthak Singh and Achint Singh joined the crowd urging the government to take action against climate change. But it's not the only way they advocate for a greener future. Both students also plan to make financial investments that will benefit the environment.
Members of Congress have begun drafting the 2023 "Farm Bill," and they’ll be wrangling over it through most of the year. This legislation, passed into law anew every fifth year or so since the 1930s, has had far-reaching influence on food and farming in the United States. Each version of the bill is given its own name; the previous one, for example, was called the Agriculture Improvement Act of 2018. Given the nature of the early debate over this bill-in-the-making, it might end up deserving to be called the Food and Climate Bill of 2023.
NClick the image to tell President Biden: We need BOLD climate solutions, not more oil projects! (Steve Brodner)
Whales are the biggest creatures on earth, but they are no match for a supertanker. In recent months there has been a rash of whales washed up on U.S. shores, with broken backs or other mortal injury.
Data published by Russia’s Central Bank show that, as of February 1, residents of the country have cash holdings equivalent to 105.4 billion USD.
The global economy hit a new milestone in 2022 by surpassing $100 trillion. This expansion, which has experienced only the occasional setback such as the 2020 Covid shutdowns, has been accelerated by trade. The world trade volume experienced 4,300% growth from 1950 to 2021, an average 4% increase every year. This linked growth of the global economy and international trade took off in the 1980s as governments embraced the project of globalization, which prioritized the reduction of barriers to trade such as tariffs.
Among those laid off, more than 100 people are processing agents, and the rest are team leaders and a team manager. The layoffs, which are permanent, will begin in May.
Across the United States, Canada, Mexico and Brazil, Wipro has more than 20,500 employees.
As a follow-up to my earlier post on the EU Cyber Resilience Act, here I’d like to address some practicalities: how would it actually work.
Like with the previous article, I want to thank the many people that spent serious time explaining the CRA and its intentions to me, this is most appreciated.
I’m not a fan of TikTok and actually think the banning of it on government-owned or administered devices is a smart move. There is zero doubt that the app collects far more user data than necessary and has the capability of monitoring everything you type into your keyboard through its browser. I’m not a security researcher but I don’t need to be one because those that are — even the ones who enjoy TikTok — tell me it’s a privacy nightmare. Having it installed on a phone where your work email is government business is not a good thing.
The big problem here is that there are a lot of other apps that are just as bad (maybe even worse) when it comes to consumer privacy violations. We know about the few times companies took it too far and got caught, as Facebook (now Meta) and Twitter were both caught doing things their own privacy policies said would never happen. So why ban TikTok and not Twitter?
According to the information available to LTV, the poitical party widely seen as the most pro-Kremlin force in Latvia is one step away from a court being able to terminate its activities.
in March last year, the State Security Service (VDD) issued a first warning to the party over its dissemination of Kremlin propaganda messages via its social media accounts. But the situation did not change and according to LTV there are even new efforts to turn the population of Latvia against helping Ukraine.
[...] The Konakovo City Court on March 17 sentenced Aleksandr Martynov and his wife, Lyudmila Razumova, to 6 1/2 and 7 years in prison, respectively, after finding them guilty of vandalism and discrediting Russia's armed forces. [...]
Kept at the ðstanbul Security Directorate for two days, Yñldñrñm was referred to the ðstanbul Courthouse early in the morning. The prosecutor's office ordered his release after taking his statement. No judicial control measures were imposed on Yñldñrñm.
It was learned that Bayram was detained in the scope of the investigation of the eleven correspondents of Mezopotamya Agency and JINNEWS.
Hundreds of people hit the streets of Milan, Italy on Saturday to protest the far-right government's assault on the parental rights of same-sex couples.
When a sheriff’s deputy in Georgia’s Houston County sought surgery as part of her gender transition, local officials refused to change the department’s health insurance plan to cover it, citing cost as the primary reason.
In the years that followed, the central Georgia county paid a private law firm nearly $1.2 million to fight Sgt. Anna Lange in federal court — far more than it would have cost the county to offer such coverage to all of its 1,500 health plan members, according to expert analyses. One expert estimated that including transition-related care in the health plan would add about 0.1% to the cost of all claims, which would come to roughly $10,000 per year, on average.
The machine will churn no more. Nearly 80 years of top-down one-party rule in the United Auto Workers are coming to an end. Reformer Shawn Fain is set to be the winner in the runoff for the UAW presidency.
“It is against our traditions and values to educate women. If she learns to write, she will start writing letters to other men, and that will violate the honour of your family,” said the cleric. He convinced the grandmother to stop sending the girl to school, and after that day, she was never allowed to step foot in school again.
Dutch anti-piracy group BREIN has been fighting pirates of all kinds for the last 25 years. BREIN's latest annual report covering 2022 reveals that it completed 458 investigations and shut down 449 pirate sites. That's 100 more than BREIN reported for 2021. Pirates are clearly persistent but BREIN is always up for the fight.
I left a crystal growing for a few weeks. Here are a few photos with the coin microscope. I used red lighting in some of the photos. There is no post-processing except re-encoding the images in GIMP.
Sorry for self-spamming (I guess) but being a fan of the Smol Web, and passionate about the Ctrl-c community, as well as M.p, S.p, and also the Speakeasy (shhh), I put together a(nother) zine called Ctrl-ZINE. Our lovely Webmaster m15o is therein, too. As well as ~lettuce, ~phoebos, and ~nttp of Ctrl-c. Several others are preparing entries for submission in Issue.2
We have friends who often do cross-border shopping. Before Christmas, they asked us what sort of pillows we like; we said "soft".
At Christmas we opened the small gifts to each other and saw two MyPillows with election denier Mike Lindell's face on them.
I am too young to use Finger protocol when it was a common thing. I got to know about Finger years later, as one of the Linux/Unix commands, and put into my head a theoretical description of it. But that theoretical description of Finger protocol and command can obscure the whole idea behind it. So imagine a world where an average user has access to a shell account and has the ability to operate on the Internet from inside of the chosen server. So an average user can read and write files, the same as today's average user. But that former average user had, almost forgotten today, ability to write and publish files for a wider audience. Because today most of us is thinking that publishing data is a big thing. So big that it need to use special tools for that. We can't put the data into a regular file, instead of we put that data on special platforms.
Recently I have finally tried Ian's shoelace knot tying method: it produces a regular bow knot, but a tiny bit faster, and it feels neat to tie it with fewer movements. I'm not sure if it is quite as secure as the regular method, since it is harder to keep it tensioned, but seems to be fine.
Then I decided to go further and investigate lacing methods on Ian's Shoelace Site (it is at fieggen.com). Found "Ukrainian lacing", which "traps" the starting knot, so that you don't have to tie it again. It has a drawback of the last pair of eyelets being left untensioned, but its fourth variation solves that. So I tried it (after briefly trying the third variation), and though it sort of works, so far (after more than a month) I find it slower to both tie and untie shoes with that kind of lacing: quick release is lost, so untying is a bit annoying, while for tying it is tricky to find the correct runs of the shoelace: you get a tangle of those, at least with certain kinds of shoes and shoelaces. Maybe I'll try it again on summer shoes, but going to redo the lacing back to regular crisscross lacing. Oh, and tensioning seemed even harder to do well with Ukrainian lacing.
I've been working on upgrading TLS code for TLGS. One of the improvments is that besides OpenSSL, Botan can also be used as the underlying TLS library. In the process I discovered one thing. According to RFC, a TLS 1.3 server must send X509 v3 certificates unless explicitly negotiated.
I've been writing a lot about this new/old table I recently bought. So here's me talking about it even more.
I guess the reason I have so much to say about this little thing is because I never thought I'd be a tablet guy. I thought I was a phone and computer guy with a dedicated e-paper ereader for books only. Well, buying this tablet has made me rethink that idea of myself completely.
I initially bought my tablet to use as a dedicated ereader. I would keep the WiFi off and only turn it on to sync books from my Libreture library. However, I then installed my RSS reader and Lagrange for some gemini reading, and so on and so on until I'm keeping the WiFi on all the time and doing all my computing away from my main computer on the damn thing.
Doing the Internet Office Hours podcast with @phf@tabletop.social, @frotz@mstdn.games and @wandererbill@tabletop.social feels like referee-self-help. It's great talking to peers about games, the problems we have and the solutions we found.
For reasons, I'm doing some research into the history of FTP (File Transport Protocol) when I come across an RFC (Request For Comments) for SFTP. Only this isn't the SFTP (Secure File Transport Protocol) [1] that is used today, but instead the Simple File Transfer Protocol [2] from 1984. Unlike TFTP (Trivial File Transport Protocol), it uses TCP (Transmission Control Protocol), and unlike FTP, it only uses a single network connection.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.