02.24.21
Posted in News Roundup at 7:46 pm by Dr. Roy Schestowitz
Contents
-
-
Audiocasts/Shows
-
Lastpass was in the news recently and it made me realize how few people use a password manager, regardless of whether you prefer an offline or online solution not using a password manager leads to bad habits and much weaker passwords.
-
Steve Klabnik joins Doc Searls and Shawn Powers to talk about Rust. Rust, which was started at Mozilla, has grown to become one of the world’s most relied-upon and fastest growing programming languages. Klabnik literally wrote the book on Rust. In the show, he visits how it differs from C++ and other alternatives, some of the many ways it is used, the large and familiar names (e.g. DropBox) that depend on it, the community culture around it, how open source and free software work are changing as we move toward a post-COVID world.
-
In the latest episode of “How to Homelab”, we take a look at the concept of using laptops as servers, and I give you my thoughts. It might just be a crazy enough idea to work!
-
Kernel Space
-
There is a longstanding tradition in mathematics to create a list of hard unsolved problems to drive people to work on solving them. Examples include Hilbert’s problems and the Millennium Prize problems. Wouldn’t it be nice if we had the same for Linux? A bunch of hard problems with sexy names that would drive development forward? Sadly there is no easy source for tens of millions of euros in prize money, not to mention it would be very hard to distribute as this work would, by necessity, be spread over a large group of people.
Thus it seems is unlikely for this to work in practice, but that does not prevent us from stealing a different trick from mathematicians’ toolbox and ponder how it would work in theory. In this case the list of problems will probably never exist, but let’s assume that it does. What would it contain if it did exist? Here’s one example I came up with. it is left as an exercise to the reader to work out what prompted me to write this post.
[...]
A knee-jerk reaction many people have is something along the lines of “you can solve this by limiting the number of linker processes by doing X”. That is not the answer. It solves the symptoms but not the underlying cause, which is that bad input causes the scheduler to do the wrong thing. There are many other ways of triggering the same issue, for example by copying large files around. A proper solution would fix all of those in one go.
-
Immediately following the publishing of the Linux enablement patches for CXL 2.0 and that continued in the months since over several rounds of patches. That initial CXL 2.0 code is now slated for mainlining with the Linux 5.12 kernel.
The initial Compute Express Link 2.0 focus for the Linux kernel has been on supporting Type-3 Memory Devices.
The CXL 2.0 type-3 memory device support being fleshed out first is for serving as a memory expander for RAM or persistent memory and can optionally be interleaved with other CXL devices.
For the lack of any CXL 2.0 hardware yet even within the confines of Intel, Widawsky worked out this initial enablement code thanks to writing up support around the specification within QEMU for emulation.
-
Linux 5.12 is bringing the initial infrastructure around ACPI Platform Profile support and with this kernel it’s implemented for newer Lenovo ThinkPad and IdeaPad laptops. The support allow for altering the system’s power/performance characteristics depending upon your desire for a speedy, quiet, or cool experience. With Linux 5.13 it looks like HP laptops with this capability will begin to see working Platform Profile support too.
Lenovo is the initial Linux user/supporter of this Platform Profile support while Dell has also expressed interest in supporting it on Linux for letting users manipulate their desire desired balance of performance vs. cool/quiet operation. There has been an HP patch implementing the support and it’s looking like that is now ready to be queued into the x86 platform driver tree once the current Linux 5.12 merge window is over, which would mark it as material for 5.13.
-
Applications
-
RSS Guard is a free and open source Qt RSS feed reader for Microsoft Windows, Linux and macOS. The application can synchronize with services like Tiny Tiny RSS, Inoreader, Nextcloud News, and with the latest 3.9.0 version released today, Feedly and services supporting the Google Reader API (The Old Reader, Bazqux, Reedah, FreshRSS, etc.).
The application supports RSS / RDF / ATOM / JSON feed formats, as well as podcasts using RSS / ATOM / JSON. Besides syncing with the online services mentioned above via plugins, RSS Guard can also add feeds locally, with support for importing and exporting feeds to/from OPML 2.0.
The user interface is highly customizable, allowing users to hide various elements, add or remove buttons to/from the toolbar, and even use a vertical or horizontal layout (with the latter being great for ultrawide screens). A full screen mode is also included.
-
Photoshop is quite synonymous with Graphics design nowadays, but it is not the only king in the room. Photoshop doesn’t come with a friendly interface for beginners. No doubt photoshop offers you freedom of using features quite independently, but everything comes at a cost.
There are some other options too that are worth considering for users who are looking for open source and free photoshop alternatives. These free and open source photoshop alternatives are not only useful for beginners but also useful for professionals who are thinking of switching from photoshop. And the good thing is that these free applications make no compromise with the quality of work.
So, what to do if you are a bit tight on budget and want to learn to design without paying the monthly subscription as in Photoshop. Well, I have prepared a list of free and open-source applications like photoshop to create awesome designs without compromising quality.
-
Instructionals/Technical
-
-
In an earlier article, we looked at the APT command and various ways that you can make use of the package manager to manage packages. That was a general overview, but in this guide, we pause and shine the spotlight on 2 command usages. These are apt update and apt upgrade commands.
The apt update and apt upgrade are two of the most commonly used yet misunderstood commands for many Linux users. For some, these play the same role, which is not the case. In this guide, we seek to distinguish the differences between the two and how each one of them is used.
-
Modern problems require modern solutions. I’ve recently got meself a new Linux test laptop, one IdeaPad 3, which I bought (unfortunately, due to market shortages) with the UK keyboard layout instead of the US layout. This means suboptimal physical key placement – even if you do use a different keyboard variant. Namely, the bar and backspace keys and such are placed all wrong, plus the Enter key is too small.
Moreover, this also means, muscle memory and all, you end up typing \ when you actually want to jump to a new line, and this can be quite annoying. So I thought, perhaps I can remap keyboard keys in a small way? But I didn’t want to just remap the backspace key (bearing the UK tilde and hash symbols) to a “second” Enter, thus effectively making a larger Enter key, I still wanted to have the bar and backspace keys available. Hence a more complex exercise. Let me show you how you can this somewhat convoluted but super-nice setup.
-
Linux certification is increasingly significant for tech workers as the public cloud and software-defined networking become ever more important. A Linux cert can set IT professionals apart from the herd and potentially put a lot more money in their bank accounts.
Once these certifications were a gauge of reliability, according to CompTIA chief tech evangelist James Stanger. “Twenty years ago, Linux tended to attract people who were a little edgier,” he said. “So certification was traditionally used in the Linux side just to find people you can work with—will they show up on time?”
Now, these certifications are a demonstration not only of proficiency but also dedication to self-improvement. “You can’t go wrong with a certification,” said Joe Faletra, director of infrastructure services at Modis, a technology staffing and consulting firm. “I’ll lean towards certs over experience [in hiring], because this person has put the effort into learning and passing the exam.”
-
Today we are looking at how to install Discord, the desktop version, on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
-
There can be many reasons behind Ubuntu being unable to boot, like, GRUB error, broken package installation, or even a faulty hardware issue. We will be looking at these issues one-by-one and try to solve it.Here are some of the most common Linux Boot issues and their solutions. Bear in mind that these steps are generally for Ubuntu, but could be applied to any Linux system.
-
In this tutorial, we will show you how to install AnyDesk on Manjaro 20. For those of you who didn’t know, AnyDesk is the world’s so much completely satisfied remote computing device application. Access all your programs, documents, and documents from anywhere, without needing to entrust your information to a cloud service. You could say it is an alternative to the TeamViewer, that’s available free. Anydesk offers a faster remote connection than any other current distant computer application.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of AnyDesk Remote desktop on a Manjaro 20 (Nibia).
-
On Unix or Linux operating systems, the scp utility, stands for secure copy, is similar to the more famous command, cp, but is used to transfer files and directories between hosts on a secure encrypted network.
Since it relies on ssh for data transfer, it offers the same security and uses the same authentication ssh. The scp command will prompt for passwords for authentication (if needed), unlike rcp.
In this article, we will dive into the world of secure transfer of files in Linux and learn how to use scp command. You will see how to use this utility through detailed explanations and example use cases of the commonly used scp switches and options.
-
Encryption-at-rest prevents an attacker from accessing encrypted data stored on the disk even if he has access to the system. The open-source databases MySQL and MariaDB now support encryption-at-rest feature that meets the demands of new EU data protection legislation. MySQL encryption at rest is slightly different from MariaDB as MySQL only provides encryption for InnoDB tables. Whereas MariaDB also provides an option to encrypt files such as redo logs, slow logs, audit logs, error logs, etc. However, both can’t encrypt data on a RAM and protect it from a malicious root.
In this article, we will learn to configure database-level encryption for MariaDB.
-
ERPNext is a completely robust ERP framework intended for small and medium-sized businesses. It covers an extensive variety of features, including accounting, CRM, inventory, selling, purchasing, manufacturing, projects, HR and payroll, website, e-commerce, and more – all of which make it profoundly adaptable and extendable.
ERPNext is developed in Python and depends on the Frappe Framework. It utilizes Node.js for the front end, Nginx for the web server, Redis for caching, and MariaDB for the database.
-
A Linux group is a collection of one or more users with identical permission requirements on files and directories. An user can be a member of more than group at a time. In Linux, each group information is stored in the “/etc/group” file. In this tutorial, we will see all the possible ways to easily find out which groups a user belongs to in Linux and Unix-like operating systems.
Finding out the groups to which a user account belongs will be helpful in many occasions. For instance, the other day I was installing Dropbox on my Ubuntu server. When configuring Dropbox, I had to enter my current user name and the group name. You could also be in a situation where you need to identify the groups a user belongs to. If so, use any one of the following methods to know what group a user is in.
-
Traceroute is a very useful utility that is used to track the path that a packet takes to reach a destination within a network. It can also act as a tool to report network congestion.
In today’s article, we will discuss different examples that will demonstrate the usage of Traceroute on Linux Mint 20.
-
The task of removing an installed package from any operating system can surely be a hassle if handled carelessly. It is because whenever you attempt to remove a package, you expect it not to leave any of its traces behind. In other words, you want a clean removal of the desired package. However, such a complete removal cannot be achieved without taking certain measures.
That is why today’s article will be focused on the method of completely removing a package in Linux.
Note: The method that we have attempted and shared with you in this article has been performed on a Linux Mint 20 system. However, the very same steps can also be performed on Ubuntu 20.04 and Debian 10.
-
Spotify is a popular audio and video streaming service used by millions of people. Spotify is available for download on smartphones, tablets, and desktops for Windows, Mac, and Linux. Though Spotify works in Linux, this application is not actively supported, as it is on Windows and Mac. You can also enjoy Spotify on wearable gadgets. For example, if you have a Samsung smartwatch, you can listen to and control Spotify using the watch only. You need only install the app on your smartphone from the Play Store to start listening to tracks on Spotify.
The free version of the application provides access to limited audio streaming services with advertisements. The premium service offers many features, including the ability to download media, ad-free browsing, better sound quality, and more. There are also other plans offered to specific individuals and groups. Spotify also supports various devices, such as Wireless Speakers, Wearables, Smart TVs, and Streamers.
-
Wallpapers are great for improving the user experience of any operating system. In the case of Fedora, one of its iconic features is the wallpapers it comes with. Every single Fedora release gets its own set of wallpaper, and these are some of the most anticipated components of any of its releases.
In this guide, check out how to install official wallpaper packs on Fedora.
-
Linux is a very versatile platform for not only power users, but also tweakers and tinkerers. With the rise of Linux desktop distros have come a whole new level of options for these users.
Gnome is one of the most popular desktop environments on Linux and Ubuntu. The most popular desktop Linux distro now comes with Gnome out of the box following the shelving of Ubuntu’s Unity desktop environment. It, therefore, follows that there are countless ways to tweak your Gnome and make it truly yours.
-
The find command in Linux is used to search for files and folders based on different parameters. These parameters can be the filename, size, type of file, etc.
-
As you might already know, we use the rm command in Linux to delete files and folders. The filenames to be deleted have to be passed as arguments to rm. However, rm does not offer other options by itself, like deleting files based on timestamps.
That’s the reason, we use the find command in Linux, which is used to search for files and folders based on different parameters. It is a complex command which can be used to search with parameters like the filename, size, type of file, etc.
There is an option in the find command to search for files based on how old they are and today we will see how to use find and rm together to delete files older than the specified number of days.
-
In Linux platforms, a sudo user is a tool that implies “superuser do” to run various systems’ commands. A sudo user is typically a root user or any other user who has some privileges. To delegate important tasks like server rebooting or restarting the Apache server, or even to create a backup using the sudo command, you can use the sudo without having to enter the password again and again.
By default, sudo user needs to provide some user authentication. At times, user requirements are to run a command with these root privileges, but they do not desire to type a password multiple times, especially while scripting. This is easily doable in Linux systems. In this article, we will check the method to sudo another user without entering their password.
-
This article will help you with the steps to host a static website on S3 and redirect traffic from your subdomain to the static website on the S3 bucket. For this, you will need a domain purchased on AWS. Once you have the domain on AWS, you can create a subdomain and redirect requests from it to the S3 bucket.
-
What is zoom? Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars. You can use free and payed versios.
-
Multipass is a platform developed by Canonical to launch and run Ubuntu virtual machines while offering a user the ability to configure them with cloud-init like a public cloud. Here we learn how to install Multipass on Ubuntu 20.04 Linux and use the same to launch Virtual machine instance.
Although when it comes to launching lightweight pre-built virtual machine images with just a command, Docker comes to mind, however, Multipass could be another option for those who love to work on Ubuntu Server. Yes, if you want to launch Ubuntu Linux command line server VMs instantly on Windows, Linux and macOS then cross-platform Multipass is one of the good options to consider.
-
The only network numbers I can keep in my head are now and always have been a Class C network with a 24-bit netmask, such as 192.168.1.0/24. I know there are 254 usable host addresses available with a broadcast address of 192.168.1.255, a gateway/router address of 192.168.1.1 or 192.168.1.254 (depending on who’s running the network), and a human-readable netmask of 255.255.255.0. That’s my standard network. After all, 254 hosts are enough for any subnet, right? Wrong. A few years back, I had to step outside of my standard 254 hosts per subnet scenario when I decided to use a 22-bit netmask (255.255.252.0) to get a 1022 usable address space.
I knew little about this address space, and it was frustrating to try to search for the simple information that I needed without scrolling through forums with all the idle chatter and off-topic rhetoric. I guess some people just need a space in which to air their grievances about everything. I digress.
-
Cinnamon is the default desktop environment for Linux Mint. This quick guide explains the steps to install the Cinnamon desktop environment in Arch Linux.
-
Wine or Emulation
-
Wine Launcher is a simple front-end for Wine that lets you use separate WINEPREFIX= prefixes and different configurations for each game you install using it.
Wine Launcher version 1.4.46 is the seventh minor version of it that has been released this month. The Russians are producing new releases on a near-daily basis. A lot of new features have been added in the last dozen releases. The latest versions allow you to compress games to SquashFS images, the PipeWire multimedia server is now supported, VKD3D Proton has been added to the long list of Wine implementations a game can be configured to use, it is now possible to install libraries using Winetricks and the launcher itself has been re-designed.
-
Games
-
Want a quick way to make 3D models? Here’s your fresh tip of the day for prototyping, game development or anything else – check out the new KenShape application from Kenney. For those unaware Kenney is the developer of games like Pixross, Frick, Inc., the Asset Forge application to bash together blocks to make 3D models and — oh, an absolute ton of high quality assets both paid and public domain.
Their latest work is quite brilliant with KenShape. You draw something in a pixel-art block style, give it some depth based on numbers 1-8 with 1 being thin and 8 being quite large and it will then generate a proper 3D model of it. You can preview it first though of course but the result is quite remarkable. Generated models can be exported to various 3D formats compatible with most game engines (including Unity, Unreal Engine, Godot, Asset Forge, Blender and PlayCanvas), or as .vox files compatible with voxel software like MagicaVoxel.
[...]
Thanks to itch.io having easy press access to anything on the platform (as long as developers hit the right checkboxes), I took it for a spin since it offers full Linux support.
-
Last week we reached out to the community at large with a simple question: What do you predict will happen in the world of Linux Gaming by the end of 2021? To make things a little more fun, we asked everyone to limit their Linux Gaming predictions to 5 items, and be as specific as possible as to what they expect to occur. We also asked everyone to work on their predictions individually to avoid any potential bias.
Now, we are sharing with you all the predictions we received, from quite a few places across the world as you can see from the below map. The Linux Gaming Community knows no frontiers.
-
Team Cherry have given their excellent action-platformer metroidvania Hollow Knight a bit of an upgrade, which you can test out on Steam in a fresh Beta test.
Not played it before? You’re missing out. Hollow Knight is a classically styled 2D action adventure across a vast interconnected world. Explore twisting caverns, ancient cities and deadly wastes; battle tainted creatures and befriend bizarre bugs; and solve ancient mysteries at the kingdom’s heart.
-
Just like there’s the awesome OpenTTD for fans of Transport Tycoon Deluxe, there’s also OpenLoco for players who want to play through the classic Locomotion. Not a project we’ve covered here before it seems, so we’re making that right today.
Originally released back in 2004, it’s actually a spiritual successor to Transport Tycoon but it was not as loved due to various problems with the original release. Perhaps though it can have a new life thanks to OpenLoco.
-
Well, that’s certainly one way to get a bit more exercise in. Whatever helps right? No judgement here, I could probably do with a little more myself…
It’s built with the free and open source game engine Godot Engine, so not only is the source code open for the game itself it’s properly open for anyone to put it together from the source and will remain so. Speaking about VRWorkout to us on Twitter, the developer mentioned they actually do develop for it on Linux but they use a Quest headset not supported on Linux so they have to work with that on Windows. Perhaps though, in time, Monado might break down that barrier.
-
Minetest, the Minecraft-like voxel game engine (and a basic game that comes with it) has a big new release out with Minetest 5.4.0 and it’s worth trying again.
As we covered before during the Release Candidate stage, one of the big features for users in this release is vastly easier modding with both small mod packs and entire games. Minetest had a way to browse and download them all directly in the game for a while, but now it will also actually download all the dependencies mods need – making it vastly easier to get what you want and then into a game. No more downloading one mod, then finding all the individual bits it needs.
-
Desktop Environments/WMs
-
Terminal emulator of LXDE had no releases for more than two years. Not much was added, not much was fixed but still some work done. Could be more of course but what we can do with our forces, that we do. Let hope we can do more later.
-
GNOME Desktop/GTK
-
As you already know, GNOME 40 will introduce a new Activities Overview design that promises better overview spatial organization, improved touchpad navigation using gestures, more engaging app browsing and launching, as well as better boot performance.
But the GNOME 40 beta release is packed with many other goodies, including the ability to switch workspaces with Super+scroll on Wayland, the implementation of a Welcome dialog after major updates, improved fingerprint login support, better handling of a large number of window previews, on-screen keyboard improvements, support for handling monitor changes during screencasts, as well as integration of the clipboard with remote desktop sessions.
-
-
The first biggest change is the inclusion of the latest Xfce 4.16 desktop environment, which is used by default in the Kali Linux images. This change alone is so huge that you’ll want to download the Kali Linux 2021.1 release right now and install it on your personal computer.
The second biggest change in Kali Linux’s first 2021 release is the inclusion of new tools for ethical hacking and penetration testing, such as Airgeddon for auditing wireless networks, AltDNS for generating and resolving permutations, alterations and mutations of subdomains, as well as Arjun HTTP parameter discovery suite.
-
Reviews
-
Because there are so many different options out there for your free and open-source operating system, it can be hard to figure out what the best option is for you. Sifting between Linux distros is difficult – Debian and its derivatives, Ubuntu and its derivatives, Fedora, Arch, openSUSE, the list goes on. However, what if the best choice for you isn’t actually technically Linux? Here we review GhostBSD, a FreeBSD-based Unix OS designed for a simple desktop experience, to see if it’s the right fit for you.
[...]
The applications that are installed are all necessary. It’s exactly what you might expect to find in your typical lean open-source desktop OS configuration, with no frills and just the essential applications.
There is not much to remark on with the user experience – it is a very simple and friendly version of the MATE desktop that’s designed to be light on system resources and simple to use. Overall, I think there is no way you could go wrong.
-
New Releases
-
Let’s start with the important cosmetic changes: the Xfce (default) and KDE desktop environments have been updated to v4.16 and v5.20, respectively. These bring a new look, but also more usability and increased efficiency.
A few of the terminals have also been tweaked to – as the developers noted – “Kalify” them.
-
How you choose to interact with Kali is completely up to you. You may want to access Kali locally or remotely, either graphically or on the command line. Even when you pick a method, there are still options you can choose from, such as a desktop environment.
By default, Kali uses Xfce, but during the setup process, allows for GNOME, KDE, or no GUI to be selected. After the setup is complete, you can install even more. We have pre-configurations for Enlightenment, i3, LXDE, and MATE as well.
[...]
When we use Kali, we spend a significant amount of time using the command line. A lot of the time, we do it using a local terminal (rather than in a console or remote SSH). With the options of desktop environments, there are also choices when it comes to the terminals (same with what shell to use).
-
BSD
-
My FOSDEM presentation in the BSD devroom showcased what is new in sudo and syslog-ng and explained how to install or compile these software yourself on FreeBSD. Not only am I a long time FreeBSD user (started with version 1.0 in 1994) I also work on keeping the syslog-ng port in FreeBSD up to date. But soon after my presentation I was asked what I knew about other BSDs. And – while I knew that all BSDs have syslog-ng in their ports system – I realized I had no idea about the shape of those ports.
[...]
In this blog I identified many problems related to syslog-ng in various BSD port systems. I also provided some workarounds, but of course these are not real solutions. I cannot promise anything, as I am not an active user or developer of any of these BSD systems and I am also short on time. However, I’m planning to fix as many of these problems at the best effort level, as time allows.
-
Screenshots/Screencasts
-
In this video, I am going to show how to install Devuan GNU+Linux 3.1.0.
-
IBM/Red Hat/Fedora
-
Here are some tips, ideas, and resources to help you develop your container vocabulary and start working with this useful technology.
-
We are excited to announce today that Siemens is using Red Hat OpenShift to help its customers leverage the open hybrid cloud for edge deployments in the manufacturing industry. Let’s take a look at why this is important for Siemens and why the approach is important for the industry at large.
With Red Hat OpenShift for MindSphere, Siemens industrial IoT as a service solution, manufacturers will be able to run MindSphere across the hybrid cloud, including on-premise, for speed and agility in factory floor operations, as well as in the cloud for seamless product support, updates and enterprise connectivity. With MindSphere on Red Hat OpenShift, manufacturers will have control over factory floor data processed at the edge, as well as the agility and flexibility they require to meet expectations for higher quality products.
[...]
Red Hat OpenShift has long provided a control plane across the hybrid cloud but we have also focused efforts around updating OpenShift to better meet the unique needs of edge-specific deployments like Siemens’.
A few of the latest edge related updates include three-node cluster support, which brings the capabilities of the industry’s leading enterprise Kubernetes platform to bear at the network’s edge in a smaller footprint. We’ve also added remote worker nodes.
Remote worker nodes enable IT organizations to place single worker nodes in remote locations that can then be managed by centralized supervisor nodes at a larger site, such as a core or regional datacenter. This provides an additional topology choice to organizations pursuing Kubernetes innovation at the edge.
-
Vulnerability and patch management can be time-consuming and painful. Standard practices for vulnerability management rely on scanning for vulnerabilities and rescanning to confirm that patches have been applied. Unfortunately, this can lead to false positives and can be time consuming. In this post we will discuss how Red Hat Insights complements vulnerability management processes by providing deeper visibility to the risks associated with vulnerabilities based on your environment.
Not only does Red Hat Insights identify vulnerabilities but it prioritises them based on any mitigations already in place and gives immediate validation when a patch is applied. This additional validation can serve as defense in depth security strategy, as Insights helps you monitor policy, identify vulnerabilities and validate that appropriate mediations are in place remediation.
-
One of the quiet secrets of open source software projects is how much direct experience you can gain from domains and disciplines beyond software development. And the reverse is true—if you have non-developer skills and job experience, you are valuable to open source projects.
There are relatively common forms that a contribution might end up taking when submitted to an open source project. We can examine from an outside perspective how your skills and career development goals map to these types of contributions.
While conversation around technology sometimes focuses on the code and developers, it is a maxim of open source software projects that contribution is more than just code. This is evident when you study a project’s success holistically from within its ecosystem. A skilled project manager or user interface designer, for example, is just as likely as a software developer to provide the ideas and efforts behind a major success.
-
Taking a page from Red Hat president and CEO, Paul Cormier’s post, I’d like to take a moment to recognize what the past year has meant for the partner ecosystem and where we go from here. Not for the first time, we heard Paul explain the importance of partners in Red Hat’s story:
“The channel is what made Red Hat. Without our partner ecosystem, Red Hat would be a very different company.”
Partners are the connective tissue between Red Hat and customers. This has remained true throughout most of Red Hat’s history, this was true in 2020, and it will be our truth as we grow in 2021 together. Red Hat and our partners proved to be resilient this past year, but what stands out to me is the momentum fueled by partners in a time filled with uncertainty and challenges.
-
Debian Family
-
Sergio Durigan Junior has announced the availability of a debuginfod server for Debian systems.
-
-
WebOS is LG’s proprietary smart TV software. It began as a mobile operating system for Palm Inc.: Palm WebOS. It was acquired by Hewlett-Packard, which made it open source and renamed it Open webOS. LG then acquired it and renamed it just webOS, using it primarily for Smart TVs, but it also appears in the brand’s smart refrigerators and smart projectors.
This week LG announced it’s licensing webOS to RCA, Ayona, Konka, and other brands of smart TVs. “This has the potential to reshape the TV business for both technology and content providers while significantly growing LG’s presence and prominence in the global home entertainment market,” said LG in a press release.
-
The Khronos Group and the European Machine Vision Association have formed an Embedded Camera API Exploratory Group to explore open, royalty-free API standards for controlling embedded cameras and sensors.
Beaverton, Oregon based The Khronos Group, known for graphic standards such as OpenGL and Vulkan, has announced a collaboration with the European Machine Vision Association to develop guidelines for potential standards governing embedded camera and sensor controls. Their new Embedded Camera API Exploratory Group, which is “open to all at no cost” will bring together sensor and camera manufacturers, silicon vendors, and software developers to explore the potential for camera control standards.
-
The latter runs standard Linux distributions like Ubuntu and Yocto Linux. SmartNIC drivers are available for host platforms such as Red Hat Enterprise Linux (RHEL), CentOS, and Ubuntu.
-
Ibase’s -40 to 85°C ready “IB836” SBC runs Ubuntu or Windows on an Atom x6000 with up to 32GB DDR4, 3x GbE, 3x USB 3.1, DP, Type-C with DP, 2x SATA, mini-PCIe, and M.2.
Avalue revealed the first 3.5-inch SBC based on Intel’s Elkhart Lake back in September with its ECM-EHL, and now Ibase has posted a preliminary product page for its own 3.5-inch entry. The IB836 offers triple 1GbE ports instead of the GbE and 2.5GbE ports found on the ECM-EHL or the dual GbE ports on Congatec’s smaller, Elkhart Lake based Conga-PA7 Pico-ITX board.
-
Open Hardware/Modding
-
Raspberry Pi Ltd has relaunched four IQaudio HATs as official Pi audio add-ons with lower prices ranging from $20 to $30: the IQaudio DAC+, DAC Pro, DigiAMP+ and Codec Zero.
In December, Raspberry Pi Trading announced it had acquired IQAudio and would be relaunching their Raspberry Pi audio HATs at lower prices. As reported by MagPi, IQAudio’s four most popular HATs have now been relaunched as official Pi accessories and are available via the usual Pi resellers.
-
Elecrow develops and manufactures electronics products for the maker market, and in recent years entered the STEM education market with products such as CrowPi2 Raspberry Pi 4 education laptop that I reviewed last year.
-
By popular demand, we are pleased to announce that it’s now possible to buy the Arduino MKR IoT Carrier. Originally forming a key part of the Arduino Oplá IoT Kit, we’ve responded to our community to make the carrier available on it’s own, thus enabling you to benefit from having a bunch of sensors, actuators and a display all featured on the one board — making it quicker and easier to take your IoT projects to the next level.
Featuring a large set of built-in sensors and actuators as well as a useful color display, the carrier lets you focus on prototyping your IoT ideas right away by saving on the hassle of wiring and soldering these components.
The carrier can become a WiFi, LoRa, NB-IoT or GSM-compatible device by seamlessly connecting to any MKR family board. Building a user interface for these boards is easy with the embedded color OLED screen, five capacitive touch buttons, and the five RGB LEDs. The integrated sensors (temperature, humidity, pressure, RGBC light, gesture and proximity) allow you to map the environment around the carrier, and should you need to capture any other data there are over 100 additional Grove sensors that can easily be connected directly to the carrier.
-
-
The Nextcloud team recently unveiled the details and general availability of Nextcloud Hub 21. In case you didn’t know, the Nextcloud Hub is an open-source collaboration platform as a replacement to other proprietary solutions.
Even the team at It’s FOSS utilizes Nextcloud. You can learn more about Nextcloud in one of our previous articles.
This is their latest offering and the first major release of 2021 with claims of up to ten times better performance and a host of new features.
-
Ampere’s Arjun Khare presented earlier this month at the 2021 FOSDEM virtual conference on the company’s open-source firmware efforts. Ampere is “committed to supporting open-source in the firmware ecosystem” and have been engaging with the community and their customers from OpenBMC support to TianoCore/EDK2 and LinuxBoot through OCP/OSF efforts. Their relevant code tends to be hosted through AmpereComputing on GitHub.
-
Web Browsers
-
Mozilla
-
Mozilla Firefox web browser 86.0 was released with improved pop out video support and latest privacy protection.
In Firefox 86, you can now play multiple videos at the same time in the Picture-in-Picture mode.
The new release also features new privacy protection: Total Cookie Protection. It stops cookies from tracking you around the web by creating a separate cookie jar for every website.
To enable this feature, go to about:preferences#privacy page and set Enhanced Tracking Protection to Strict mode.
-
In December 2019, Firefox introduced Picture-in-Picture mode—an additional overlay control on in-browser embedded videos that allows the user to detach the video from the browser. Once detached, the video has no window dressing whatsoever—no title bar, min/max/close, etc.
PiP mode allows users who tile their windows—automatically or manually—to watch said video while consuming a bare minimum of screen real estate.
Firefox 86 introduces the concept of multiple simultaneous Picture-in-Picture instances. Prior to build 86, hitting the PiP control on a second video would simply reattach the first video to its parent tab and detach the second. Now, you can have as many floating, detached video windows as you’d like—potentially turning any monitor into something reminiscent of a security DVR display.
The key thing to realize about multi-PiP is that the parent tabs must remain open—if you navigate away from the parent tab of an existing PiP window, the PiP window itself closes as well. Once I realized this, I had no difficulty surrounding my Firefox 86 window with five detached, simultaneously playing video windows.
-
This Week in Glean: Boring Monitoring [Ed: Mozilla insists that it is not surveillance when they call it "data science" and "big data"]
Every Monday the Glean has its weekly Glean SDK meeting. This meeting is used for 2 main parts: First discussing the features and bugs the team is currently investigating or that were requested by outside stakeholders. And second bug triage & monitoring of data that Glean reports in the wild.
[...]
It probably can! But it requires more work than throwing together a dashboard with graphs. It’s also not as easy to define thresholds on these changes and when to report them. There’s work underway that hopefully enables us to more quickly build up these dashboards for any product using the Glean SDK, which we can then also extend to do more reporting automated. The final goal should be that the product teams themselves are responsible for monitoring their data.
-
William Lachance: Community @ Mozilla: People First, Open Source Second [Ed: Is this why Mozilla pays its CEO over 3 million dollars per year (quadruple the older sum) while sacking even its own people and spying on Firefox users (people)?]
It seems ridiculously naive in retrospect, but I can remember thinking at the time that the right amount of “open source” would solve all the problems. What can I say? It was the era of the Arab Spring, WikiLeaks had not yet become a scandal, Google still felt like something of a benevolent upstart, even Facebook’s mission of “making the world more connected” sounded great to me at the time. If we could just push more things out in the open, then the right solutions would become apparent and fixing the structural problems society was facing would become easy!
What a difference a decade makes. The events of the last few years have demonstrated (conclusively, in my view) that open systems aren’t necessarily a protector against abuse by governments, technology monopolies and ill-intentioned groups of individuals alike. Amazon, Google and Facebook are (still) some of the top contributors to key pieces of open source infrastructure but it’s now beyond any doubt that they’re also responsible for amplifying a very large share of the problems global society is experiencing.
-
The latest version of the Tor projects web browser bundle has their re-branded Mozilla Firefox browser updated to version 78.8.0esr, the NoScript for it updated to version 11.2.2 and the Tor client is updated to version 0.4.5.6. Firefox 78.8.0esr contains three high impact security fixes so Tor users who use this bundle should upgrade.
-
CMS
-
The WordPress block editor (a.k.a. Gutenberg) comes with a feature called “reusable blocks.” They are blocks, saved for later, edited in one place.
-
Connected to the fact that I only can have static sites (no CGI, no forms, nothing else), I am, at this time, using Disqus to host the comments of my blog. I am also thinking of alternatives to this, like sending people to Twitter (or mastodon or email) or some site similar to Disqus, but with more of a Free Software inclination.
-
FSF
-
Licensing/Legal
-
The development teams behind the two most successful and influential open-source chess programs, Stockfish and Leela Chess Zero, have issued statements denouncing the commercial program Fat Fritz 2 and the company Chessbase that is selling the program for 99,90 euros.
The statements (Stockfish blog, lichess announcement) assert that the engine in Fat Fritz 2 is Stockfish with minimal changes, that Fat Fritz 2 has violated the GNU General Public License under which Stockfish is released, and that Chessbase’s marketing has made false claims about Fat Fritz 2′s playing strength.
-
Programming/Development
-
Today I want to continue the series on using LD_PRELOAD. In previous posts, we covered how to inject a shared object binary into a process, and use that to hijack a library function call to run our own code. This is great when we want to overwrite the behavior of external library calls in a process, but we would have to wait for that call to happen first before our code can run. What if we want to run code before the program even runs from within the target process? Today, we are going to explore how this can be accomplished and look at a few use cases where this could be useful.
-
This release fixes various issues in various parts of Qt Creator. Please see our change log for an overview of the improvements.
-
Editing data with GNU poke mainly involves creating mapped values and storing them in Poke variables. However, this may not be that convenient when poking several files simultaneously, and when the complexity of the data increases.
-
Shell/Bash/Zsh/Ksh
-
The concept “stream” in a computer applies to something that might move data. Any instruction you are executing in the terminal would be at any position of the flow. These positions can be an origin or an outflow. Let’s get a quick overview of the specific Stdin stream. In Linux, stdin refers to the default or standard input. The input it requires must be a text. To acquire data or information from you, it’s the file handler that your procedure readout. Almost all flows are viewed in Linux as if they are directories. We may read/write information from all of these streams, exactly as you can read/write a document. By using a special file descriptor number related to it provides a great approach to access a document. There have been special values allocated to every one of these throughout the situation of such streams. Stdin has a value of 1.
-
In programming, a string is a series of characters, whether as a precise constant or some sort of variable. The characters contained within a string can be any number, digit, or special character.
-
In programming, a function is an entity that performs an activity when it is called. This function may or may not accept arguments, which are the parameters that determine the activity that a function performs. Many of those who are new to programming might wonder why we even need to create functions when we can simply write a program as-is without breaking it into different parts.
This is where the concepts of Modularity and Code Reusability come into play. Modularity, or modular programming, is a highly recommended programming approach that breaks code into chunks to enhance readability, which also results in Code Reusability. Code Reusability refers to the ability to reuse a certain piece of code repeatedly, thus avoiding the task of rewriting the code every time it is used.
Modularity and Code Reusability are why functions are so extensively used in all programming languages, regardless of whether they are high-level or low-level. However, it can be quite tricky to create functions that work with the correct arguments or that accept certain arguments. This article uses several examples to show you how to create Bash functions with arguments in Linux Mint 20.
-
An infinite loop in Bash or any other programming language refers to a loop that is continuous i.e., its terminating condition is never met or its executing condition forever stays true. Such loops in any programming language are very simple to write. Whether it is a “for” loop or a “while” loop, it can be made infinite with very slight tweaking in its normal syntax.
In this article, we will be sharing with you the different ways on how you can conveniently make the “for” and “while” loops infinitely in Bash in Linux Mint 20.
-
Loops are an extremely useful means of performing repetitive tasks not only in Bash scripting but also in all other programming languages. It enables us to write a task (that is supposed to occur multiple times) at once and enclose it within any desired loop so that the said task can be performed repeatedly. Different loops are used in every programming language, i.e., multiple types of loops can be used with every programming language. Amongst all types, the most frequently used loops are the “for” loop and the “while” loop.
A major difference between the execution of the “for” loop and the “while” loop is that in the former one, the incrementing or decrementing variable is specified with the loop whereas, in the latter, that variable is specified after the task that is supposed to be performed repeatedly is stated. The “while” loops appear to be more convenient for the programmers syntactically.
The concept of infinite loops in every programming language is also very common, i.e., a loop that never terminates and its condition assesses to be always “true”. At times, these loops are written accidentally by the programmers, however, there are situations in which such loops are written deliberately. Either way, there can be certain conditions in which we want that infinite loop to break.
-
It may appear at first glimpse that returning an array from a Bash function is not realistic. Considering all the benefits, it can be useful to call multiple methods to construct arrays to split up the process of gathering all the appropriate parameters for a YAD call.
-
-
Integrity/Availability
-
Proprietary
-
In a recent Linux Foundation blog post titled “Preventing Supply Chain Attacks like SolarWinds,” the foundation’s Director of Open Source Supply Chain Security, David A. Wheeler, adamantly pushed the need for software developers to embrace the LF’s security recommendations to prevent even worse assaults on government and corporate data security in the wake of the rampant data breach.
Wheeler’s post is timely and filled with information to make it harder for hackers to exploit the future systems we all depend on. He includes 11 Linux Foundation recommendations including how organizations can harden their build environments against attackers, the need to begin shifting towards implementing and then requiring verified reproducible builds, and the practice of changing tools and interfaces so unintentional vulnerabilities are less likely.
According to Wheeler, SolarWinds met some of the foundation’s defensive measures. None of them prevented the successful SolarWinds attack, he said. More software hardening is needed.
The SolarWinds Orion software product is proprietary. So how can open-source coding methods help create better security?
-
The new M1 chip in Apple’s latest MacBooks offers great performance and battery life. It may not be so good for your storage drive, however.
On Twitter and several other forums, users of the latest MacBook Air, MacBook Pro and Mac Mini models are reporting solid-state-drive (SSD) wear rates far higher than expected. If the figures are accurate and the trend continues, it could mean worryingly short lifespans for Apple’s latest batch of laptops.
[...]
In the case of the tested Macs seen in these threads, one Mac Mini user claimed to have written 165TB of data in just two months of use. Compared to equivalent retail SSDs from Toshiba (who supplies the SSDs inside the MacBooks), that’s equivalent to 10% of its total warrantied TBW.
In theory, the SSDs in Apple’s M1 MacBooks should guarantee reliable use for around five years. But this rapid rate of use slashes that reliable life to less than two years.
This 10% figure seems to be an outlier. Most users complaining about this issue are reporting figures of 2-3% usage, as seen on threads on the MacRumors forum and the LinusTechTips forum. That’s still higher than you’d expect for a brand-new device, though.
-
Security
-
Google is announcing today in cooperation with The Linux Foundation that they are providing funding for two full-time developers to focus solely on security issues.
Longtime Linux developers Gustavo Silva and Nathan Chancellor are the two that will now be focusing full-time on dealing with Linux security issues.
-
Today, Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.
Silva and Chancellor’s exclusive focus is to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.
-
In a nod to the growing importance of open source software, Google today announced that it will underwrite the salaries for two developers who will focus on Linux’s fundamental security.
The gesture may seem limited, but Google believes targeting the Linux kernel will have a broader impact on Linux’s underlying security. The company hopes other corporations will be inspired to do the same in an attempt to clear a lengthy backlog of items researchers already know need to be addressed.
The Linux kernel is the basic interface that sits between computer hardware and the software running on it. It has become the cornerstone of a large portion of the open source systems that have been deployed around the world.
-
Google and the Linux Foundation are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development.
Gustavo Silva and Nathan Chancellor will focus on maintaining and improving kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.
A recently published open source contributor survey from the Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) has identified a need for additional work on security in open source software. While there are thousands involved in developing the Linux kernel this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the sustainability of open source software.
-
“At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer, Google. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”
Chancellor’s work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work ongoing. Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies. Chancellor has been working on the Linux kernel for four and a half years. Two years ago, Chancellor started contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools.
-
The effort support Google’s strategy “to help support the critical open source projects that we’re relying on,” Google software engineer Dan Lorenc told SC Media.
“We do this in a bunch of ways, but the one that we like most is to work with existing maintainers and existing communities rather than coming in from the outside.”
Google will fund Gustavo Silva, who already works in a similar role eliminating buffer overflows and bolstering new security tools; and Nathan Chancellor, a new hire, who will focus on the Clang/LLVM compiler.
Using the Clang compiler for Linux is an accepted secondary option to build the operating system. But, said Lorenc, Clang is not particularly well maintained by full-time staff. Chancellor had been an active contributor to the project, but only in his free time.
-
To further bolster the security credentials of the Linux kernel, Google and the Linux Foundation have decided to fund two kernel developers to work exclusively on security-related developments.
The kernel developers, Gustavo Silva and Nathan Chancellor, are long-time kernel developers and have now been tasked to maintain and improve kernel security along with any associated initiatives.
“At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer, Google. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”
-
Google and the Linux Foundation announced plans to provide funds to two Linux kernel security developers, one of whom is Nathan Chancellor, a well-known kernel developer on our forums. The two developers will focus their time on improving kernel security and associated initiatives.
The news comes on the heels of the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently publishing an open-source contributor survey report that identified a need for additional work on security in open-source software. In a press release, the Linux Foundation said Google’s contribution to underwriting two full-time security maintainers signals how important it is to maintain the integrity of open-source software.
-
Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers’ efforts as full-time maintainers exclusively focused on improving Linux security.
“While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software,” the Linux Foundation said in a statement released today.
-
Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel’s security.
The internet giant builds code from its own repositories rather than downloading outside binaries, though given the pace at which code is being added to Linux, this task is non-trivial. Google’s open-source security team lead Dan Lorenc spoke to The Register about its approach, and why it will not use pre-built binaries despite their convenience.
But first: the two individuals full-time sponsored by Google are Gustavo Silva, whose work includes eliminating some classes of buffer overflow risks and on kernel self-protection, and Nathan Chancellor, who fixes bugs in the Clang/LLVM compilers and improves compiler warnings.
Both are already working at the Linux Foundation, so what is new? “Gustavo’s been working on the Linux kernel at the Linux Foundation for several years now,” Lorenc tells us. “We’ve actually been sponsoring it within the Foundation for a number of years. The main change is that we’re trying to talk about it more, to encourage other companies to participate. It’s a model that works, we’re trying to expand it, find contributors that want to turn this into a full-time thing, and giving them the funding to do that.”
-
Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel’s security
-
Google and the Linux Foundation have announced plans to maintain and improve Linux’s long-term security. As part of the plan, the organizations will prioritize funds to underwrite long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor as full-time developers focused on Linux kernel security development.
This decision follows a survey by the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH), which found a need for additional security work on the Linux operating system.
-
Security updates have been issued by openSUSE (firefox and tor), Oracle (stunnel and xterm), Red Hat (virt:8.2 and virt-devel:8.2 and xterm), SUSE (avahi, gnuplot, java-1_7_0-ibm, and pcp), and Ubuntu (openssl).
-
One of the comments to the The modern packager’s security nightmare post posed a very important question: why is it bad to depend on the app developer to address security issues? In fact, I believe it is important enough to justify a whole post discussing the problem. To clarify, the wider context is bundling dependencies, i.e. relying on the application developer to ensure that all the dependencies included with the application to be free of vulnerabilities.
In my opinion, the root of security in open source software is widely understood auditing. Since the code is public, everyone can read it, analyze it, test it. However, with a typical system install including thousands of packages from hundreds of different upstreams, it is really impossible even for large companies (not to mention individuals) to be able to audit all that code. Instead, we assume that with large enough number of eyes looking at the code, all vulnerabilities will eventually be found and published.
On top of auditing we add trust. Today, CVE authorities are at the root of our vulnerability trust. We trust them to reliably publish reports of vulnerabilities found in various packages. However, once again we can’t expect users to manually make sure that the huge number of the packages they are running are free of vulnerabilities. Instead, the trust is hierarchically moved down to software authors and distributions.
Both software authors and distribution packagers share a common goal — ensuring that their end users are running working, secure software. Why do I believe then that the user’s trust is better placed in distribution packagers than in software authors? I am going to explain this in three points.
-
Sysdig announced today it has donated a sysdig kernel module, along with libraries for the Falco security platform for Kubernetes, to the Cloud Native Computing Foundation (CNCF) as part of an effort to advance Linux security.
-
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the DizmeID Foundation and technical project with the intent to support digital identity credentialing. The effort will combine the benefits of self-sovereign identity with necessary compliance and regulation, with the aim to enable wallet holders with ownership and control over their digital identity and data access and distribution.
-
-
Helping your users stay up to date on their workstation is something I believe OS vendors should endeavour to do, to the best of their ability. Some users aren’t able to find time to install updates, or are irritated by update dialogs. Others are skeptical of their contents, some even block updates completely.
No OS vendor wants to be “That Guy” featuring in the news as millions of their customers are found to be vulnerable on their watch. Equally, respecting the user, given it’s their computing device, is vital too. It’s a difficult balance to strike. Somewhere in between “That Linux distro which nags me constantly to do updates” and “That distro which is outdated and insecure” erring towards the former, is probably the sweet spot.
So when I read today in typical El Reg fashion that “Linux Mint users in hot water for being slow with security updates, running old versions” I was reminded of an issue we had in Ubuntu a few years back. I’m going to muddy things a little to save engineer embarrassment, but you’ll get the gist.
First though, a small backstory.
-
Linux Mint founder Clem Lefebvre has complained that too many users are slow to apply updates or run unsupported versions of the operating system.
Lefebvre used Firefox as an example. Mozilla’s browser is frequently updated and has fixes for security vulnerabilities described by the firm as critical, which it defined as “can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.” The latest such update is dated 5 February 2021 (though it is a Windows-only problem).
-
TPM
-
In my previous blog post, I explained how a verifier can get a signing key that it trusts is on a TPM for attestation (part 2 of the other post in the making).
I have been contributing to a specific implementation of remote attestation for Linux, called Keylime.
As part of the effort on porting the agent to Rust, I was looking into how the process works, and as part of that I identified a vulnerability in how Keylime deals with the TPM2 that breaks the Chain of Trust in two different places.
For the quick rundown, see the advisory.
-
The TPM is able to hold cryptographic keys and use those keys for various operations. So it can do things like signing things with an asymmetric RSA or ECC key.
These keys can either be imported or generated by the TPM itself, and they have various attributes that the TPM stores and returns about their properties, like whether the key was generated by the TPM, and whether the key is exportable (as in, you can get the private part for this key out of the TPM).
Keys (and other objects in the TPM) also have a “Name”. For keys, this Name is a digest over the TPM representation of the keys, which includes their attributes. This means that two keys with the exact same public numbers (i.e. RSA modulus and exponent) may still have a different name, if one is for example non-exportable and one is exportable.
-
Environment
-
I was asked by Energy Advisor, a weekly publication of the Inter-American Dialogue, to write a 250 word commentary responding to the following questions. I sent them a shorter version of my response below, but here is a fuller response to their big questions.
Canadian Prime Minister Justin Trudeau said in February that he sees Canada and the United States collaborating more closely on the manufacturing of electric vehicles, as well as on the supply of critical minerals used to make batteries for electric cars and other clean technologies, such as solar panels. To what extent and in what ways are Canada and the United States already jointly working on the development of electric vehicles and other clean technologies? How much room is there for further cooperation, and what might that look like? What does each country stand to gain from enhanced collaboration on the green economy?
What Prime Minister Trudeau sees is not enough. Canadian and the US are supporting electric vehicle (EV) production by multinational corporations in Canada and the US with various subsidies, including government EV purchases, tax breaks to consumer who purchase EVs, and direct government subsidies to EV manufacturing. Prime Minister Trudeau also touts Canada’s mineral resources that are critical for EVs, particularly copper, aluminum and nickel.
What is missing are goals and timetables to electrify all of transportation powered by clean renewable energy in the timeframe required by the climate emergency. Both governments should cooperate in directing this transformation like the US government did during the World War II emergency when it took over a quarter of US manufacturing capacity in order to turn industry on a dime into the Arsenal of Democracy to arm the allies to defeat Hitler, Mussolini, and Tojo. We need to do nothing less through the public sector in manufacturing, transportation, and power production to defeat climate change. Government incentives to private enterprise are not direct and coordinated enough to make the rapid transformation we need for climate safety.
With public enterprise and economic plannin
-
Monopolies
-
The volume opens with Chapter 1, written in English, where Carlos Correa introduces the reader to the legal limbo surrounding the regulation of data. Starting from the premise that the law is lagging behind recent technological developments in the data sector, the author first gives a definition of data. He then suggests a classification of data, based on the experiences in the EU, US, Canada, and India. Chapter 1 follows by addressing the legal rights in data, primarily copyright, protection of data bases as a sui generis right in the EU, and a sui generis exclusive right on data,– a proposal circulated by the European Commission in 2017. The chapter closes with addressing the data ownership, especially regarding sensitive categories of data sets, such as individual health data.
-
Apple is facing increasing pressure over its App Store practices. It is facing lawsuits from developers over its insistence that apps only use its subscription model under heavy fire from Facebook for forcing apps to disclose their data privacy practices. It’s also deep into an antitrust investigation after more complaints from developers over its “Sign in with Apple” option.
-
Patents
-
For the time being, Nokia cannot enforce the injunctive relief from an infringement ruling of the Regional Court Mannheim against Daimler. The Higher Regional Court Karlsruhe ordered this measure on 12 February. Daimler has appealed against the Mannheim Regional Court’s ruling.
A date has yet to be set for the oral hearing. However, this may no longer be decisive. Nokia has since cleared the way for the CJEU to clarify important FRAND issues.
Last week, Nokia withdrew its appeal against a decision by the Regional Court Düsseldorf to refer parallel proceedings against Daimler to the CJEU.
-
In an exclusive interview, Adam Stoten of Oxford University Innovation explains why his team partnered with AstraZeneca on a COVID vaccine – and what made the deal unique
-
The Bible and patent law [Ed: Many have accused patent maximalists of being like a cult or a religion. They oblige, proving that to be partly true. ]
There may be cases where the defendant infringed a patent during the development of a product, method or process which, as such, does not infringe that patent. When such use is not covered by the “experimental use exemption” or other exemptions, such as the “Bolar exemption”, the question arises as to whether the patent owner should be able to claim so-called “reach-through” royalties based on the downstream turnover generated by a non-infringing product, process or method that would not have been available to the defendant but for the infringement. A classic example is a non-infringing product that has been developed using a research tool protected by a patent. The logic is that “but for the infringement” the downstream profits would not have been obtained. This logic was followed by the U.S. courts in Monsanto v. Dupont, which resulted in the latter being ordered to pay approximately $1 billion in damages to the former for having used a patented soybean line during the development of a commercial product.
-
On February 23, 2021, the Patent Trial and Appeal Board (PTAB) instituted trial on all grounds challenging all of the claims of U.S. Patent 6,508,678, owned by Oceana Innovations LLC, an NPE and subsidiary of Endpoint IP. The ‘678 patent is generally directed to USB electrical connector assemblies with the patent being asserted against HDMI cable assemblies. In 2017, the previous patent owner, Interface Linx, LLC, asserted the ‘678 patent against TTE, Haier, Onkyo, Pioneer, Sherwood, Sound United, VOXX, and Hisense. Those cases terminated in 2019. The current patent owner, Oceana Innovations LLC, began a new campaign in May 2020, filing suits against JVCKenwood, Charter Communications, and Roku (terminated).
-
Software Patents
-
On February 22, 2021, the USPTO granted Unified’s request for ex parte reexamination, finding substantial questions of patentability for all challenged claims of U.S. Patent 10,057,603, owned by GE Video Compression LLC (GEVC). The ‘603 patent has been designated as essential in the HEVC Advance patent pool and is one of the largest GE families in Advance.
Permalink
Send this to a friend
Posted in News Roundup at 1:30 pm by Dr. Roy Schestowitz
Contents
-
-
just hope the #Perseverence Mars rover ain’t running Windows
-
In 2021, there are more reasons why people love Linux than ever before. In this series, I’ll share 21 different reasons to use Linux. Linux is the ideal operating system for experimenting with edge computing.
Edge computing is a model of infrastructure design that places many “compute nodes” (a fancy word for a server) geographically closer to people who use them most frequently. It can be part of the open hybrid-cloud model, in which a centralized data center exists to do all the heavy lifting but is bolstered by smaller regional servers to perform high frequency—but usually less demanding—tasks. Because Linux is so important to cloud computing, it’s an ideal technology to learn if you intend to manage or maintain modern IT systems.
-
Server
-
The startup, one of Istio’s top contributors, has also launched an online community for Istio and Envoy enthusiasts to surface problems, brainstorm solutions.
-
Audiocasts/Shows
-
After all these years, what’s made us stick with Linux?
Plus the commitment just made by the GNOME team, and some new tools that are changing our game.
-
First up, in our Wanderings, Mike shreds a new axe, I’m more and more impressed by Proton, Joe has frozen joints, Moss is going to be rich someday, Tony Hughes gets immunities, and Josh panics with a crowbar.
Then, in the News, so much controversy, Linux on Mars, VLC on the moon, Mint and mintCast make the cut, and more
-
Kernel Space
-
Hardly a week goes by without yet another major Windows security problem popping up, while Linux security problems, when looked at closely, usually turn out to be blunders made by incompetent system administration. But Linux can’t rest on its laurels. There are real Linux security concerns that need addressing. That’s where Google and the Linux Foundation come in with a new plan to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.
Silva and Chancellor’s exclusive focus will be to maintain and improve kernel security and associated initiatives to ensure Linux’s security. There’s certainly work to be done.
-
Applications
-
Photo editing is a global hobby, profession, and exploit. Its execution is not dependant on a specific Operating System or device. For this reason, anyone can be a photo editor regardless of their Operating system preference. The power of an ideal and reliable photo editor is in the many unique features they present to their users. Some features pose unique photo editing benefits like correcting brightness imbalances and color hue. Some editors are efficient in sharpness adjustments and red-eye removal. Others present flexible auto-cropping and zoom features. These are some of the characteristics that define a photo editor.
The earlier onset of the Linux operating system was without the support of photo editors. This trait forced most Linux users to depend on graphically-oriented Operating Systems like the Windows OS to meet their photo editing needs. Fast forward into the present, Linux OS is turning out to be a worthwhile opponent and an even better rival to other Operating Systems due to the graphical traits presented in its growing distributions and flavors.
-
Hi folks, Ward is a free and open-source tool for Linux to monitor system resources and usage remotely. Ward comes with a modern UI design with a dark theme and runs perfectly with all Linux distribution.
-
NoiseTorch is a real-time microphone noise suppression application for Linux that can filter out unwanted background noise like the sound of your mechanical keyboard, computer fans, trains and so on. It currently only supports PulseAudio, but PipeWire support is planned for a future release.
The application user interface is built with simplicity in mind. If you only have 1 microphone, all you have to do is launch the application, then click on “Load NoiseTorch”. Once you do this, the application creates a virtual microphone called “NoiseTorch Microphone”…
-
Instructionals/Technical
-
Vim (Vi Improved) is a highly configurable command line text editor for Unix like systems. It is originally cloned with VI POSIX standard editor with additions.
Vim comes standard with most modern Linux distributions, but some of the minimal installation doesn’t include vim editor default. This tutorial will help you to install Vim text editor on your Linux system.
-
In this tutorial, we will show you how to install XFCE Desktop on Ubuntu 20.04 LTS. For those of you who didn’t know, XFCE is one of the most popular desktop environments for Linux desktop. XFCE is a free lightweight, fast, and easy to use software desktop environment for Unix/Linux-like operating systems. It is designed for productivity and aims to be fast and low on system resources. Unlike GNOME and KDE desktops which are heavier, but XFCE uses fewer system resources. Furthermore, it offers better modularity and fewer dependencies to install and takes less time and low disk space on your hard drive.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of the XFCE lightweight desktop environment on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian based distribution like Linux Mint.
-
One common task in day-to-day shell scripting jobs is to read data line by line from a file, parse the data, and process it. The input file can be either a regular text file (e.g., logs or config files) where each line contains multiple fields separated by space, or a CSV file that is formatted with delimiter-separated values in each row. In bash, you can easily read columns from a file and store them into separate variables for further processing. In this tutorial, let me demonstrate with examples how you can write a shell script that reads columns into variables in bash.
-
If you have deployed a LEMP (Linux, NGINX, MySQL/MariaDB, and PHP) stack, then you are probably using FastCGI proxying within NGINX (as an HTTP server), for PHP processing. PHP-FPM (an acronym of FastCGI Process Manager) is a widely-used and high-performance alternative PHP FastCGI implementation.
-
Generally, you probably want to keep C:\PDOS\BIN in your path because it contains all the default applications distributed with FreeDOS.
Unless you change the path in AUTOEXEC.BAT, the default path is restored after a reboot.
Now that you know how to manage your path in FreeDOS, you can execute commands and maintain your working environment in whatever way works best for you.
-
The last version of Mac OS that was supported is Mac OS X 10.7 “Lion”, which has been unsupported since 2014. Since I’m a Linux guy anyway, I figured I’d see about installing Linux on this. Unfortunately, according to the Debian wiki, this device won’t boot from USB, and I don’t have any blank optical media to burn to. This was the first point where I nearly decided this wasn’t worth my time, but I decided to push on.
Linux is pretty good about booting on any hardware, even if it’s not the hardware you installed on, as kernel module drivers are loaded based on present hardware. I decided to try installing to a disk and then swapping disks and seeing if the Mac Mini would boot. The EFI on the Mac Mini supports BIOS emulation, and that seemed the more likely to work out of the box.
I plugged a spare SSD into my SATA dock and then used a virtual machine with a raw disk to install Debian testing on the SSD. I then used the excellent iFixIt teardown and my iFixit toolkit to open the Mac Mini and swap out the drive. I point to the teardown because opening a Mac Mini is neither obvious nor trivial.
[...]
During all of these tests, I had the Mac Mini plugged into a Kill-A-Watt Meter to measure the power consumption. Idling, it’s around 20 watts. Under one of these load tests, it reaches about 45-49 watts. Given that the Raspberry Pi 4B only uses around 5W under full load, the Pi 4B absolutely destroys this Mac Mini in performance-per-watt. (Note, again, this is an old Mac Mini – it’s no surprise that it’s not an even comparison.)
[...]
Given the lack of expandability, the mediocre baseline performance, and the very poor performance per watt, I can’t see using this for much, if anything. Running it 24/7 for a home server doesn’t offer much over a Raspberry Pi 4B, and the I/O is only slightly better. At this point, it’s probably headed for the electronics recycling center.
-
How to Use Multiple Node.js Versions using NVM. NVM stands for Node.js Version Manager which is more flexible tool to install and manage multiple versions of Node.js and the associated packages at the same time.
In this guide you are going to learn how install specific version of Node.js using NVM. This setup is tested on Google Compute Engine running Ubuntu 20.04 OS
-
In this tutorial, we will show you how to install OpenLiteSpeed on Ubuntu 20.04 LTS. For those of you who didn’t know, OpenLiteSpeed is an open-source HTTP server developed by LiteSpeed Technologies. OpenLiteSpeed is a high-performance and lightweight HTTP server which comes with a Web Gui administration interface. As far as Linux web servers are concerned, OpenLiteSpeed has some interesting features that make it a solid choice for many installations. It features Apache compatible rewrite rules, a web administration interface, and customized PHP processing optimized for the server.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the OpenLiteSpeed on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.
-
Today we are looking at how to install the Brave Browser on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
We recommend that you start with a new instance of Linux Apps and have at least 6GB of space available for the game.
-
LEMP is an acronym for Linux, NGINX (pronounced as Engine X,) MySQL, and PHP. These are all popular open-source tools typically used in web development. LEMP stack is commonly used to host dynamic websites. Most content management systems such as WordPress, Drupal, and Joomla create dynamic web pages.
When a request comes, the server will run the PHP code to put together the HTML version and query the backend database to get content to insert into HTML.
-
Whenever we talk about configuration management tools, the name that we hear most often is Ansible. It is a cross-platform tool that is designed to handle system configurations while working with Linux, macOS, and Windows operating systems. Today, we will try to throw light on the procedure of installing Ansible on Debian 10.
-
Games
-
It’s no secret that in the year and a half since Google launched its video game streaming platform, Stadia, things haven’t gone particularly well. Game developers were wary at the onset that Google, as it has with projects like this in the past, might simply one day shut the whole thing down if it thinks the venture is a loser. The launch of Stadia itself was mostly met with meager interest, due to scant games available on the platform. Even then, the rollout was a mix of chaos and glitch, critiques of its promise for true 4k game streaming, very low adoption rates, and some at the company appearing to want to go to war with game-streamers.
-
It’s a different approach to Microsoft’s previous acquisitions, such as Obsidian, Ninja Theory and Double Fine, which were formally made a part of Microsoft and housed under its Xbox Game Studios brand. Whether ZeniMax’s studios become known as part of Vault or not, the move to create a Microsoft subsidiary to complete the merger seems to mark a level of independence compared to other acquired companies.
-
The glossier magazines weren’t quite sure what to do about Ultima VIII. Torn between the need to serve their readerships and Origin’s advertising dollars, they equivocated like crazy, often settling on an “it’s not the game, it’s me” approach: i.e., I didn’t much enjoy Ultima VIII, but you might.
-
While Google will no longer be doing any first-party games it seems they’re still going to pull in exclusives. They’ve revealed PixelJunk Raiders along with the Stadia Pro line-up for March and other new games coming.
Q-Games, developer of titles like PixelJunk Shooter and PixelJunk Monsters Ultimate have teamed up with Google for PixelJunk Raiders which is an “Only on Stadia” title. It releases on March 1 and is free on Stadia Pro, otherwise normal Stadia accounts will need to buy it. PixelJunk Raiders will use the State Share feature of Stadia, which allows you to take a capture and link it to someone and they can jump into where you’ve captured it.
-
Here, at KDAB, we get to spend 10% of our time on learning what we don’t know or practicing and improving what we already know. Recently, I decided to use that time to learn more about the Qt Quick Rendering Engine. The best way to do so, I found, is to use it in a way it wasn’t intended to be used: for making simple 3D graphics — creating my own little 3D paintings, as one would in Minecraft, starting with a ground plane. I’d like to take this time to share with you how to play.
-
If you were waiting to get more extensive functionality out of your DualSense controller on Linux outside of Steam, without having to compile the kernel with the patches or resorting to Arch, I’m happy to report that kernel 5.12 will include baked-in support for Sony’s official driver.
-
That when turned out to be February 20, 2021 with it now in Early Access with Linux support.
-
Of Mice and Moggies is a game of cat and mouse, quite literally, as you step by step chase around mice and other animals in small but very clever puzzles. The adorable setting, as well as the excellent presentation and well designed puzzles are worth a look. Note: key provided by the developer.
Hold on, I gave you the conclusion right away there didn’t i? Well, sometimes it just has to be said. it really is a genuine delight to play through with such an usual but very charming setting that steadily showed me how terrible dumb I am at solving puzzles. Of Mice and Moggies plays a bit like a block-pushing puzzle game, but the blocks are other animals and they run away from you. So you have to use your moves smartly to catch them, using the limited tiles and environment.
-
runs Ubuntu per default
-
Desktop Environments/WMs
-
K Desktop Environment/KDE SC/Qt
-
The Krita team is releasing the first beta of Krita 4.4.3. This is purely a bugfix release.
The Linux appimage and the source .tar.gz and .tar.xz tarballs are signed. You can retrieve the public key with gpg: “gpg –recv-key 7468332F”. The signatures are here (filenames ending in .sig).
-
I am happy to say that I now have published my openSUSE Breeze Dark Plasma Style for the world to use. If the color scheme I have previously release is any indicator of interest, there will be a few dozen that download it and that is good enough for me. I will be quite content if at least two others check this out. I am just happy I have finally navigated my way through using the Plasma-SDK, Git and the Plink.com site to make this happen.
If you are interested in making your own Plasma Style, the easiest way to get started with it is going to be using the SDK. It essentially restores some of that Plasma4 functionality to Plasma5 in customizing your desktop. I do wish this little thing would have been better publicized but at least it has been made and I did happen to find it.
-
Some settings are okular wide, if you change them, they will be changed in all the future okular instances, an easy example is if you change the shortcut for saving from Ctrl+S to Ctrl+Shift+E.
Some other settings are document specific, for example zoom, if you change the zoom of a document it will only be restored when opening the same document again, but not if you open a different one. There’s also a “default zoom value for documents you’ve never opened before” in the settings.
Some other settings like “Continuous View” are a bit of a mess and are both. “Continuous View” wants to be a global setting (i.e. so that if you hate continuous view you always get a non continous view) but it is also restored to the status it had when you closed the document you’re just opening.
-
Introduced two months ago as part of KDE’s first Apps update in 2021, NeoChat is a Matrix chat client supported on both desktop and mobile and that comes with a neat set of features, including a built-in image editor, support for sending and accepting invitations, the ability to remember the last room you’ve joined, support for showing the last read message, as well as read markers.
The first major update is out now, as developer Carl Schwan reports on his blog, enhancing NeoChat with more super powers, including a new multimodal mode that lets you view and interact with multiple chat rooms simultaneously by opening them in new windows, and the ability to edit messages and also display in the chat if a message has been edited.
-
GNOME Desktop/GTK
-
A few days ago, I posted to desktop-devel-list asking how we can ensure releases happen, especially beta releases for the freeze. I was frustrated and my language was too abrasive, and I’m sorry for that. My intention was really to open a discussion on how we can improve our release process. Emmanuele replied with a thorough analysis of which bits are hard to automate, which I enjoyed reading.
Earlier today, I tweeted asking developers of other open source projects how they make releases, just to get a sense of what the rest of the world does. There have been a lot of responses, and it will take me a while to digest it all.
In the meantime, I wanted to share my process for rolling releases. I maintain five core GNOME modules, plus a handful of things in the wider open source world. My release process hasn’t fundamentally changed in the 18 years I’ve been a maintainer. A lot of other stuff has changed (merge requests, CI, freeze break approvals, etc), so I’m just trying to think of how any of this could be better.
-
-
New Releases
-
The Alpine Linux project is pleased to announce the immediate availability of version 3.10.6, 3.11.8 and 3.12.4 of its Alpine Linux operating system.
-
I have spent some time looking at independent Linux distributions – that means those that are built from scratch and not derived from one of the larger, generally better-known distributions (Debian, Ubuntu, Arch, etc.), such as Solus, which I wrote about earlier. This time I am going to look at KaOS Linux.
The screen shot above shows the initial display of a freshly installed KaOS system. If you are not familiar with the side-panel orientation used here, it is basically the same as the traditional bottom or top panel desktop, but with everything “standing on end”. The complete desktop menu is at the top of the panel, just click on the “K” symbol (the desktop menu is open in this screen shot); the common application launchers are just below that, and the controls for things like the network, volume, bluetooth, network and such are at the bottom.
-
BSD
-
In this commit, David Gwynne (dlg@) adds a new veb(4) driver to the tree. David’s goal is to replace the old bridge(4) driver: [...]
-
Screenshots/Screencasts
-
Siduction is a Debian-based Linux distribution that bases off of Debian’s unstable branch (Sid). I have always been a fan of Debian and I have looked at Siduction in the past and liked what I found. But Siduction hadn’t had a new release in three years, so I had assumed it was dead.
-
IBM/Red Hat/Fedora
-
In terms of money, Red Hat buying StackRox probably isn’t that big a deal. Sources say it was just above $100 million. Big money to you and me, but peanuts for big tech companies. But, when it comes to securing Kubernetes, this is an enormous deal not just for Red Hat and its in-house Kubernetes distro, OpenShift, but for all Kubernetes distros and services.
-
Red Hat-based Linux distributions are shaping the industrial and corporate use of Linux for a long time. This project was quite popular since its initial release in 1995. Although later on, the developer company shut that down to start developing the successor named Red Hat Enterprise Linux (RHEL). This commercial project is mainly for deployment in multi-processor systems and cluster computing.
RHEL is a commercial project with enterprise support from the Red Hat company. So, to utilize the power of Red Hat Linux more easily and affordably, the open-source community has come up with derivatives based on the Red Hat source. These distros provide much flexibility and customization options. They are quite reliable and stable as well to deploy on your organization.
-
API management platforms such as Red Hat 3scale API Management provide an API gateway as a reverse proxy between API requests and responses. In this stage, most API management platforms optimize the request-response pathway and avoid introducing complex processing and delays. Such platforms provide minimal policy enforcement such as authentication, authorization, and rate-limiting. With the proliferation of API-based integrations, however, customers are demanding more fine-tuned capabilities.
Policy frameworks are key to adding new capabilities to the API request and response lifecycle. In this series, you will learn about the Red Hat 3scale API Management policy framework and how to use it to configure custom policies in the APIcast API gateway.
-
Devuan Family
-
Historically, the startup sequence in a Linux system was a replica of the initialization system that was introduced with System V Unix (SysV). The SysV init system adhered to the Unix philosophy. When people refer to the Unix philosophy, they usually reduce it to the well-known soundbite “Do one thing, and do it well.” And that thing was to start as the first process and then start other processes. It also culled zombies now and then.
SysV init did its job well enough, but it didn’t do it too efficiently. It started processes serially, one after the other. There was no parallelism. The design bottle-necked the throughput. This was more or less masked by the speed gains of modern hardware, and it’s not as if booting a Linux computer took an interminable age. But yes, technically, it could have been made more efficient.
As with everything else in Linux, the users had a choice. Alternatives were available. Competent users could configure their Linux computer to use a different init system, one that started processes in parallel and worked the way they liked.
[...]
If you use Debian or one of the myriad Debian-derivatives like Ubuntu and its entire tribe of relatives, it makes sense for you to check out Devuan. Devuan is a fork of Debian, so almost everything will be familiar. The default shell is Bash and the package manager is apt. Devuan was forked from Debian in 2014. It’s solid and stable and has a thriving community.
If you prefer GNOME as your desktop environment, you’ll have to do a bit of extra work. GNOME isn’t offered as a desktop choice during the installation. MATE, Cinnamon, XFCE, and others are available, but GNOME will have to be manually installed once you’ve got your system up and running.
-
Debian Family
-
Hello there,
I would like to announce a new service that I have just configured for
Debian: https://debuginfod.debian.net.
debuginfod is a new-ish project whose purpose is to serve
ELF/DWARF/source-code information over HTTP. It is developed under the
elfutils umbrella. You can find more information about it here:
https://sourceware.org/elfutils/Debuginfod.html
In a nutshell, by using a debuginfod service you will not need to
install debuginfo (a.k.a. dbgsym) files anymore; the symbols will be
served to GDB (or any other debuginfo consumer that supports debuginfod)
over the network. Ultimately, this makes the debugging experience much
smoother (I myself never remember the full URL of our debuginfo
repository when I need it).
If you would like to use the service, and if the service supports the
Debian distribution you are using (see below), all you have to do is
make sure that the following environment variable is set in your shell:
DEBUGINFOD_URLS=”https://debuginfod.debian.net”;
Currently, the elfutils and GDB packages in unstable and testing have
native support for using debuginfod. I will soon propose a change to
the elfutils package in order to make it be configured with our
debuginfod instance by default, so that users will be able to use the
service transparently.
For now, debuginfod.debian.net is serving debug information symbols for
the following Debian distributions:
– unstable
– testing
– testing-proposed-updates
– stable
– stable-backports
– proposed-updates
In the near future I intend to expand this list and include the
debuginfo stored at snapshot.debian.org as well.
Setting up a debuginfod service for Debian has been on my TODO list for
some time now, and I finally got enough time & resources to do it. I
would like to thank a few people for their feedback and help:
– Héctor Orón (zumbi)
– Jonathan Carter (highvoltage)
– Paul Wise (pabs)
Last, but not least, you can find a wiki page about our service here:
https://wiki.debian.org/Debuginfod
Thanks,
-
Debian is the latest major Linux distribution deploying a Debuginfod web server so that ELF/DWARF/source-code information can be supplied via HTTP to clients on-demand when debugging.
Introduced last year was Debuginfod with GNU Binutils 2.34 for distributing debugging information / source code on demand. Readelf and objdump utilities can query connected Debuginfod servers for source files / data based on a build ID. Debuginfod support was later integrated into the GNU Debugger too (GDB 10.1). The effort was led by Red Hat engineers while now Debian is getting in on this practical feature too.
-
-
The GNU/Linux kernel for these platforms can be compiled with either 4k or 64k page size. The distribution chooses which of these options to select. The kernel created by the distribution is included in the installation disk for the distribution.
One acute consequence of this is the relationship between Btrfs sectorsize and kernel page size. Btrfs filesystems can only be used on systems with the same page size. The Btrfs driver is being improved to remove this restriction but for users of Fedora 34 and older systems, this is a very inconvenient issue. If you need to move Btrfs filesystems between systems with different page sizes then they simply won’t work.
It appears that nobody tests the kernel and amdgpu drivers on these non-standard page sizes before each official release. Consequently, if there is a problem, it is only discovered by users after the upstream release. This means that users on these platforms are always a step behind users on other platforms.
-
Open Hardware/Modding
-
RISC-V open architecture allows designers to implement their own instructions, and some of those may become an official RISC-V extension. But the process to approve a new extension may have been suboptimal, so RISC-V International has just unveiled the Fast Track Architecture Extension Process, or Fast Track for short, that streamlines the ratification of small architecture extensions, as well as ZiHintPause, the first extension to be ratified under the new Fast Track process.
-
While it’s possible to use Raspberry Pi Pico with a breadboard or Veroboard, we’ve seen the benefits of inserting the board into a baseboard such as Maker Pi Pico providing LEDs, a MicroSD card, audio output, and the ability to add ESP-01 WiFi module or well as up to two Grove expansion modules.
Hammond Pearce decided to design his own Raspberry Pi Pico baseboard with Kiwikit board supporting some of the off-the-shelf modules and interfaces he commonly uses.
-
Google Creative Lab’s Alto project tasks the Coral USB Accelerator and Raspberry Pi Zero SBC to implement easy-to-understand machine learning using an open-source mini robot that you build yourself.
Google Creative Lab has unveiled a project called Alto. Alto by Google Creative Lab is a “teachable object using the Coral USB Accelerator.” “ALTO” stands for “A Little Teachable Object.” It’s designed to enable users to gain a basic handle understanding of machine learning. Alto uses the Coral USB Accelerator and Raspberry Pi to help users easily add machine learning to their hardware projects.
Google’s Alto GitHub repository contains all of the instructions and files required to build an Alto from scratch. Best of all, Alto is completely open source —the code and template for this project are all free for access. Google notes that Alto is not an official Google product, but rather a collaborative effort between Google Creative Lab and its partners at RRD Labs.
-
-
Mobile Systems/Mobile Applications
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Most Android smartphones come with at least a few basic apps pre-installed. Some come with a lot of apps that you may not want or need. And while this isn’t something that’s unique to Android device, the bloatware that often comes with Windows PCs can usually be uninstalled. Android bloatware is a tougher nut to crack, because it’s often written to your device’s system partition, which means it cannot be fully removed without root access.
But you can prevent unwanted apps from ever running or consuming precious CPU or RAM resources. It’s possible to do that with a series of Android Debug Bridge commands. Or you can simplify things by using a free utility called Universal Android Debloater.
-
-
-
-
-
-
-
-
Google has a firm grip on the desktop. Their products and services are ubiquitous. Don’t get us wrong, we’re long-standing admirers of many of Google’s products and services. They are often high quality, easy to use, and ‘free’, but there can be downsides of over-reliance on a specific company. For example, there are concerns about their privacy policies, business practices, and an almost insatiable desire to control all of our data, all of the time.
What if you are looking to move away from Google and embark on a new world of online freedom, where you are not constantly tracked, monetised and attached to Google’s ecosystem.
In this series, we explore how you can migrate from Google without missing out on anything. We’ll recommend open source solutions.
-
Web Browsers
-
Chromium
-
Google is limiting the capability of Chromium. Is it because Chromium-based browsers have started to eat into Google Chrome’s marketshare?
-
Mozilla
-
Mozilla announced the latest release of Firefox 86 and it brings important features that make you more secure on the web.
-
Firefox as an open-source Chrome alternative is already a quite popular choice among Linux users. With every recent update to Mozilla Firefox, it looks like Firefox is proving to be a compelling choice over Chromium-based browsers overall.
The announcement for Firefox 86.0 is yet something interesting.
With Firefox 86 update, there are two key additions along with some other improvements. Let’s talk about it here.
-
Code Review is an essential part of the process of publishing code. We often talk about the benefits of code review for projects and for people writing the code. I want to talk about the benefits for the person actually reviewing the code.
[...]
There is a feel good opportunity when doing good code reviews. Specifically, when the review helped to improve both the code and the developer. Nothing better than the last comment of a developer being happy of having the code merged and the feeling of improving skills.
-
Please join us in welcoming Fabiola Lopez (Fabi) to the team. Fabi will be helping us with support content in English and Spanish, so you’ll see her in both locales.
-
Tor Browser 10.0.12 is now available from the Tor Browser download page and also from our distribution directory.
This version updates Desktop Firefox to 78.8.0esr and Android Firefox to 86.1.0. In addition, Tor Browser 10.0.12 updates NoScript to 11.2.2, Openssl to 1.1.1j, and Tor to 0.4.5.6. This version includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.
-
SaaS/Back End/Databases
-
MariaDB 10.5 is the current stable series of MariaDB. It is an evolution of MariaDB 10.4 with several entirely new features not found anywhere else and with backported and reimplemented features from MySQL.
-
FSF
-
GNU Projects
-
After recently looking at the early LLVM Clang 12 compiler performance on the AMD Ryzen 9 5950X, in today’s benchmarking is a look at how the GCC 11 compiler performance is looking in its near final state compared to GCC 10 under a variety of build CFLAGS/CXXFLAGS configurations on the AMD Zen 3 desktop.
This round of compiler benchmarking is focused on the GCC 10.2 versus GCC 11.0.0 (20210207 development snapshot) performance with the AMD Ryzen 9 5950X. Both GNU Compiler Collection releases were built in the same release configuration mode. The tested CFLAGS/CXXFLAGS under each compiler included…
-
GNU poke (http://www.jemarch.net/poke) is an interactive, extensible editor for binary data. Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them.
-
Programming/Development
-
Pop open the champagne as the in-development Linux 5.12 kernel will be able to support link-time optimizations (LTO) in conjunction with the LLVM Clang compiler on not only AArch64 (64-bit ARM) but also x86_64.
Last week I noted that Clang LTO support had been submitted but at the time was not clear if Linus Torvalds was willing to land it given his past comments around LTO’ing the kernel. With that pull request it was also just for AArch64 with the x86_64 support not yet squared away.
Years ago Linus Torvalds was unconvinced by GCC LTO support for the kernel and that code ultimately was never mainlined. With Clang the benefits are much the same in allowing for potentially greater performance by allowing the code compiler to apply optimization passes at link-time on the entire kernel rather than being limited on a per source file basis. LTO also has the possibility of providing greater space savings too. Plus in the case of Clang, LTO for the kernel is also needed to support Control Flow Integrity (CFI) for the kernel.
-
This is the first version of the complete patch for the new security feature for GCC:
Initialize automatic variables with new first class option -ftrivial-auto-var-init=[uninitialized|pattern|zero]
and a new variable attribute “uninitialized” to exclude some variables from automatical initialization to
Control runtime overhead.
-
An Oracle engineer has proposed introducing a new “-ftrivial-auto-var-init=” option for the GCC compiler that would allowing initializing automatic variables with either a pattern or zeroes in the name of security.
In trying to fight security issues stemming from uninitialized memory disclosure, the suggested -ftrivial-auto-var-init==zero would initialize automatic variables with zeroes unless the new “uninitialized” variable attribute was used on a particular variable for overriding the behavior.
-
A couple of weeks ago, I got bored and decided to come up with a list of things that have bothered me when trying to run software to get things done. These might be reliability concerns, or development issues, or really anything else that bothered me at the time. This was actually pretty illuminating.
I would actually recommend other people try it with their own annoyances and see how things stack up. It was interesting to look at the rows to see which choices were particularly bad because they hit so many of them, and then to look at the columns to see how often they showed up regardless of the language or environment.
-
OpenSSH 8.5p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release.
-
Perl/Raku
-
The ever helpful raiph wished for RakuAST in an answer to a question about pattern matching like it is done in Haskell. It was proposed to use MMD to solve this problem. Doing so and getting a fall-through default was unsolved. Since dispatch simply is pattern matching we just need to do some extra work. In a nutshell, the dispatcher gets a list of functions and a list with arguments. The first function that takes all arguments wins.
-
Python
-
Coding is (of course) about building things to help others. However, creating programs and software has more to do with automating repetitive or complex tasks than anything else. Python’s while loop lets you repeat suites of code to automate many actions at once.
In this post, we show you how to use Python’s while loop. First, let’s talk about what the while loop does and where it’s best used.
-
Shell/Bash/Zsh/Ksh
-
Datasets sometimes contain perfectly well-formed items that really don’t belong with the other items in their field. In my data auditing work, anomalous items are typically out of range, out of place, out of match or out of date. Below are some real-world examples.
-
Java
-
You might want to have more than one JDK on your Mac and run different programs with different JDK versions as it is with me.
The easiest and safest way I’ve found is as follows.
-
Standards/Consortia
-
By creating a NULL MX RECORD for a domain name which isn’t meant to receive email, the domain will clearly state that it doesn’t accept any email, period. Anyone attempting to send email to that domain will then immediately received a notification saying you cannot send email to that domain.
-
If you do not want a domain to receive any mail, there is a way to be at last somewhat civil about it. There’s a different DNS trick for that.
-
-
“Government is not the solution to our problem, government is the problem,” the conservative president charged during his first inaugural address in 1981. Nonsense.
Reagan’s phrase was right-wing bull that expressed the belief among conservatives that small government is best. Government should stay out of people’s lives as much as possible, they believe, to avoid what they refer to as socialism, a warped definition meant to infer that old bugaboo, communism.That’s the same baloney as the right-wing belief that giving corporations and the wealthy tax cuts would mean the money they saved would trickle down to the working class. It’s a debunked theory proposed by conservatives to justify lower taxes for Republican-backed big businesses and rich donors.
-
Last spring, Representative James Clyburn of South Carolina explained why, at a pivotal moment in the Democratic primaries, he endorsed Joe Biden for president: “Our problem, it seems to me, is too many candidates spend time trying to let people know how smart they are, rather than trying to connect to people.” Clyburn said he hates it when candidates tell voters they need to be able to send their kids to college. What about the people who want to be electricians, plumbers, barbers? The promise of debt-free college, he continued, offers nothing to the significant part of his constituency that doesn’t want to go to college.
-
Harvard-trained with a PhD in political science from UC Berkeley, and working as an academic for decades in California and other places, Dr. Saeed was not content with the life of a university professor, but wanted to make a real difference in the life of his community and Ummah. Since the late 1980s and for over two decades, Dr. Saeed led the efforts towards the political empowerment and recognition of the American Muslim community. He believed that respect and recognition is earned, not conferred from the powers. From the streets to university campuses and community centers, and from conference halls and TV studios to the corridors of Congress, Dr. Saeed was the renowned leader and assuring voice fighting for recognition, inclusion, and dignity.
By educating, mobilizing, organizing, and uniting the major American Muslim political and civic engagement organizations, he was able to inspire and mentor countless people towards their civic duties and political involvement. He was a true visionary, a great intellect, a genuine leader, a strategic voice, a most decent human being, a fierce fighter for truth and justice, a brave spokesperson for the weak, exploited, the poor, and downtrodden, a sworn enemy of injustice, tyranny, and dictatorships, and a passionate defender of civil and human rights in the tradition of Malcolm X, MLK, and Mandela. But with his sharp intellect and leadership skills, he was also a humble and loving person with a soft, big heart, and teary eyed upon hearing of suffering or pain.
-
“Lawrence Ferlinghetti kicked open the door to free up publishing in this country. He risked a great deal for a lot of books that are now considered classics.”
-
-
As Democracy Now! marks 25 years on the air, we are revisiting some of the best and most impactful moments from the program’s history, including one of the last television interviews given by the visionary Black science-fiction writer Octavia Butler. She spoke to Democracy Now! in November 2005, just three months before she died on February 24, 2006, at age 58. Butler was the first Black woman to win Hugo and Nebula awards for science-fiction writing and the first science-fiction writer to receive a MacArthur “genius” fellowship. Her best-known books include the classics “Kindred,” as well as “Parable of the Sower” and “Parable of the Talents” — two-thirds of a trilogy that was never finished. Her work inspired a new generation of Black science-fiction writers, and she has been called “the Mother of Afrofuturism.” Her 2005 interview with Democracy Now! took place shortly after Hurricane Katrina devastated New Orleans and as President George W. Bush was overseeing the U.S. wars in Iraq and Afghanistan. When asked how she set out to become a science-fiction writer when there were so few examples of Black women working in the genre, Butler said she never doubted her abilities. “I assumed that I could do it,” she said. “I wasn’t being brave or even thoughtful. I wanted it. And I assumed I could have it.”
-
The visionary Black science-fiction writer Octavia Butler died 15 years ago on February 24, 2006, but her influence and readership has only continued to grow since then. In September, Butler’s novel “Parable of the Sower” became her first to reach the New York Times best-seller list. We speak with adrienne maree brown, a writer and Octavia Butler scholar, who says Butler had a remarkable talent for universalizing Black stories. “She wrote about Black women and about Black feminism, about Black futures, but she wrote in a way that appealed to all human beings,” says brown.
-
Farar Elliott, the House curator, is slated to say in prepared testimony on Wednesday before the House Appropriations subcommittee overseeing funding for the legislative branch that the $25,000 is needed to fix eight objects in the hallways leading to the House chamber that were covered in fire extinguisher residue during the insurrection by former President Trump’s supporters.
The objects include marble and granite busts of former Speakers Joe Cannon, Champ Clark, Joe Martin, and Thomas Brackett Reed; portraits of former Presidents James Madison and John Quincy Adams; a bust of Chippewa leader Be shekee; and a statue of former President Thomas Jefferson.
-
Science
-
“A ‘1-in-960 chance’ of a deadly plutonium release is a real concern—gamblers in Las Vegas would be happy with those odds,” says Bruce Gagnon, coordinator of the Global Network Against Weapons and Nuclear Power in Space.
Indeed, big-money lotteries have odds far higher than 1-in-960 and routinely people win those lotteries.
-
Education
-
“It’s a mistake that reflects a broader problem in American education,” the first-term congressman and former educator asserted.
-
Health/Nutrition
-
-
“Deeply, deeply messed up… Honduras, 7,500 miles away, will get some but Palestinians living under Israeli control still neglected.”
-
The door of the Planned Parenthood clinic in Columbus was locked when Larada Lee arrived for the first of two appointments she needed to get an abortion under Ohio state law. About a dozen anti-choice protesters had gathered outside, without masks, calling Lee a baby killer as she approached the door. Lee felt nauseated from her pregnancy, at times unable to keep down even water. Her bones ached. She was missing her classes at Ohio State University. The fatal shootings of Ahmaud Arbery and Breonna Taylor in recent weeks were weighing her down with a sense of hopelessness. Meanwhile, Ohio officials had sparked confusion by ordering a halt to “nonessential” abortions. “Being Black in the middle of trying to seek an abortion in the middle of a pandemic—it was really difficult to navigate all of those feelings while also trying to focus on ’I hope that they don’t take this away from us,’” Lee said in a recent interview with The Nation, recalling her experience back in March and April. The day before, when she went to an urgent care clinic wearing her hijab, the white male doctor had seemed to belittle her, calling her brave for coming out in a pandemic just to get a pregnancy test. “You could tell that they just were being, like, really short because it wasn’t at the forefront of their concerns—which, it was at the forefront of mine, because I’m pregnant in the middle of a pandemic,” Lee said.
-
With sport, history, and battle motifs entangled, supporters awaited, impatiently, for their hero to take the cup. The necessary formalities had to be settled. Tennis Australia president Jayne Hrdlicka gave an unremarkable speech, and felt it necessary to mention the difficulties that had come with staging the tournament. “It’s been a time of heartfelt challenge. It’s been a time of deep loss and extraordinary sacrifice for everyone.” But there was some reason to cheer. “With vaccinations on the way, rolling out in many countries around the world, it’s now a time for optimism and hope for the future.”
Boos, hissing and jeering followed. These were also repeated when thanks was offered to the Victorian government. Having endured a 112-day hard lockdown with strict limits on movement last year, and a snap five day lockdown that also ate into the tournament schedule, many of the spectators were weary and disgruntled. Hrdlicka was diplomatic. “You are a very opinionated group of people.”
-
In the waning days of Donald Trump’s presidency, amid a holiday season all but canceled for many by Covid-19, a heated debate unfolded in the left-of-center Twitterverse. Kicked off by a viral clip of comedian Jimmy Dore, who called on Alexandria Ocasio-Cortez and other progressive representatives to withhold their support for Nancy Pelosi’s reelection as House speaker unless she agreed to a floor vote on Pramila Jayapal’s Medicare for All bill, the #ForceTheVote campaign fiercely divided advocates for single-payer health care. While both sides agreed that the gambit had no chance of actually leading to the bill’s passage—it isn’t supported by a majority of Democrats, let alone a majority of Congress—they disagreed on whether it advanced the interests of Medicare for All over the long haul. For proponents, the tactic promised an attention-grabbing spectacle highlighting the urgency of universal health care in the midst of a pandemic and would yield valuable campaign fodder to use against its opponents. But others saw it as little more than a parliamentary stunt that would go unnoticed at best and, at worst, would reinforce the media narrative that frames Medicare for All as an impossible pipe dream.
-
The recent #ForceTheVote campaign, which urged progressive members of Congress to withhold their support for Nancy Pelosi’s reelection as House speaker until she pledged to bring Representative Pramila Jayapal’s Medicare for All bill to a floor vote, was more than theoretical. I believe that Alexandria Ocasio-Cortez, her squadmates, and our historic contingent of lefty representatives should have forced the vote. Not for the Twitter, Twitch, and Instagram thrills or as an act of political theater, but as proof that the working class will not let any elected officials—whether Trumpers or liberal Democrats—deprive us of our human right to health care.
-
The senator said he opposed Tom Vilsack’s confirmation “because at a time when corporate consolidation of agriculture is rampant and family farms are being decimated, we need a secretary who is prepared to vigorously take on corporate power in the industry.”
-
President Biden, we’re pleading with you—please take steps to ensure American family farms can still make a living, that rural communities thrive, and that we have a food system that works for consumers, our environment, national security, and our democracy. We’ve been going in the wrong direction for far too long.
-
The noise, usually towards the latter part of the day, is a din of offers. “One-dollar bag! One-dollar bag!” Over the course of the latest lockdown in Victoria – its third since the coronavirus pandemic began – calls for the one-dollar bag have become rarer. There is little stomach for the vendors to gather their produce from out of the city, unpack it at the market, and then sit in a boredom bordering on the lethal. Weariness encourages dark thoughts.
Towards the Peel Street side of the market are a Turkish couple who have held a spot selling peppers sweet and hot for years. Fruits and various marrows also feature. Since the pandemic, their wallets have been gradually emptying, a frittering process that has induced melancholy desperation. The produce is simply not selling. The colourful stalls are left untouched; the crowds, battered by months of restrictions, are reluctant to make an appearance. In the wake of this Pavlovian experiment in public health, rivers of people have become trickles.
-
In “The Disarticulation of Pandemic War Propaganda,” a transparent attempt to frame China as the instigator of worldwide lockdown policies was revealed to be the work of a group of self-styled libertarian-minded individuals. Their links to the UK, the United States, and Canadian governments tie a neat Pentagon-size bow around ongoing efforts to demonize the Chinese Communist Party (CCP).
-
-
Integrity/Availability
-
Proprietary
-
Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The [attack] gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including U.S. government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.
It was a huge attack, with major implications for U.S. national security. The Senate Intelligence Committee is scheduled to hold a hearing on the breach on Tuesday. Who is at fault?
-
If you have a new M1 Mac, you probably think it’s going to last for years and years, but some new troubling data suggests that might not be the case. More than a few users are reporting that SSDs on Apple’s M1 Macs are possibly being overused by the system, which could cause them to wear out earlier than usual.
-
Security
-
The maintainers of the Mint Linux distribution are calling on users to update their software after conducting research that found many of them are not keeping their software up-to-date.
-
Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely.
-
Privacy/Surveillance
-
NurseryCam, the remote video monitoring service for parents with young children at nurseries that was dogged with claims of troubling security issues last week, has suffered a data breach.
-
The firm said that a “loophole” in its systems had been used to obtain data from parents’ viewing accounts including: [...]
-
LinkedIn is back up after a worldwide outage affecting users on both mobile and desktop. The Microsoft-owned social network first started experiencing issues around 2PM ET, and LinkedIn confirmed things were back to normal at 4:21PM ET.
-
Defence/Aggression
-
In early February, Joe Biden went to the State Department to give the first foreign policy address of his presidency. His key theme was the need to restore America’s global leadership by adopting a policy of diplomacy first and repairing the damage to US alliances inflicted by Donald Trump. In support of that pledge, Biden recounted a series of steps he has taken already, from extending the New START nuclear arms reduction treaty with Russia to rejoining the Paris climate accord and the World Health Organization. He has also promised to rejoin the Iran nuclear deal. This piece was adapted from an article on the Center for International Policy blog, The Baraza.
-
-
NATO’s failure to seriously examine its own role in what it euphemistically calls “uncertain times” should therefore be more alarming to Americans and Europeans than its one-sided criticisms of Russia and China, whose contributions to the uncertainty of our times pale by comparison.
-
The February meeting of NATO (North Atlantic Treaty Organization) Defense Ministers, the first since President Biden took power, revealed an antiquated, 75-year-old alliance that, despite its military failures in Afghanistan and Libya, is now turning its military madness toward two more formidable, nuclear-armed enemies: Russia and China.
-
Sund’s story is that because of flawed intelligence, he judged the danger posed by the Jan. 6 protests as similar in scale to that posed by previous pro-Trump rallies nearby, none of which amounted to much.
But take a few moments to read this one “redacted” excerpt from the internal Jan. 3 memo that the Post made public. Sund’s excuses fall apart. (The public really needs to see the full, unredacted memo, by the way.)
-
An FBI intelligence report describing plans for violence at the Capitol was sent via email to lower-level officials the night before the Jan. 6 [insurrection], and was never read by Capitol Police or Washington, D.C. leaders, according to testimony at Tuesday’s Senate hearing.
-
The New Right’s proposal would split those eligible for citizenship into two groups – those from largely Muslim areas such as the Middle East, North Africa, Turkey, Afghanistan and Pakistan, and those from elsewhere.
-
The women were shot in an apparent targeted attack as they passed through a deserted village near the town of Mirali in North Waziristan tribal district, police chief Shafiullah Gandapur told NBC News.
-
But in a landmark move, the Finnish judges are also hearing evidence on Liberian soil — the first time war-crimes proceedings have taken place in the country.
-
On Feb. 16, France’s National Assembly passed a controversial bill meant to protect the country against the dangers of what the government deems “Islamist separatism,” the latest French effort to reinforce the country’s traditional embrace of a secular identity. The bill passed handily, by a vote of 347 to 151, though the left abstained and the far-right felt it didn’t go far enough. Next month, the bill will head to the Senate, dominated by conservatives, where the bill’s passage is pretty much guaranteed.
-
Out of that discussion they started a project called Future Freedom. Part media venture, part virtual support group, the group’s goal is to provide an off-ramp for far-right extremists who were radicalized online in the same ways they themselves once were.
-
Transparency/Investigative Reporting
-
But Stacy couldn’t separate his role as pastor from the conspiracy theories that were putting a strain on the younger parishioners he worked with. “The danger was of them being given a co-opted Jesus, a Jesus who believed in Q, a Jesus who believed in deep state, a Jesus who automatically voted Republican.”
He said he could see several outcomes, none of which was any good: Either the younger members would leave the church altogether, or they’d buy into the conspiracy theories or they’d just learn to tolerate them.
That tolerance — and ambivalence — could be what do the most damage. They’re how conspiracy theories spread.
-
Environment
-
He continued: “The change needed in itself sounds immense, and of course it is, but we already have many of the technologies needed, at least for the initial changes.
“And perhaps crucially, we also have a level of public support and demand for action that I have myself never seen before. “
-
Burhans concluded that the Church had the means to address climate issues directly, through better land management, and that it was also capable of protecting populations that were especially vulnerable to the consequences of global warming. Some researchers have estimated that drought, rising sea levels, and other climate-related disasters will drive two hundred million people from their homes by 2050; many of those people live in places—including some parts of Central Africa, the Amazon Basin, and Asia—where the Church has more leverage than any government. “There is no way that we will address the climate crisis or biodiversity loss in any sort of timely manner if the Catholic Church does not engage, especially with its own lands and property,” Burhans said. “At the end of the day, I’m more subordinate to my ecclesiastical authority than I am to my government authority. You can see that kind of sentiment even in non-Catholics, like Martin Luther King, Jr.—sometimes you have to default to a greater good.” What if desecration of the environment were a mortal sin? Could faith accomplish what science and politics have not?
-
“This lawsuit shifts the costs back to where they belong, on those whose knowledge, deception, and pursuit of profits brought these dangers to our shores.”
-
Energy
-
-
Texas oil refineries released hundreds of thousands of pounds of pollutants including benzene, carbon monoxide, hydrogen sulfide, and sulfur dioxide into the air as they scrambled to shut down during last week’s deadly winter storm, Reuters reported Sunday.
-
-
Texas has the third-highest number of billionaires in America, most of them oil tycoons. Its laissez-faire state energy market delivered a bonanza to oil and gas producers that managed to keep production going during the freeze. It was “like hitting the jackpot,” boasted president of Comstock Resources on an earnings call. Jerry Jones, billionaire owner of the Dallas Cowboys, holds a majority of Comstock’s shares.
-
The new truck has more cargo space, better ergonomics, and, yes, air conditioning. It’s also dotted with cameras that give a 360-degree view, helping power a front- and rear-collision avoidance system with visual and audio warnings as well as automatic braking. The big front windshield and low hood should also give drivers a much better view of the road and pedestrians or cyclists, which is a big improvement for the safety of people outside the vehicle.
-
Wildlife/Nature
-
“Humanity can’t afford to lose any more of the world’s forgotten fishes or the freshwater ecosystems they inhabit.”
-
The long-running global struggle to prevent extinction of the world’s most endangered marine mammal claimed its first human life here on Jan. 2, in the conflict between illegal fishing and conservation of the vaquita porpoise.
Fisherman Mario Garcia Toledo, 56, died after suffering massive injuries when his skiff collided with a vessel of the international marine-life watchdog Sea Shepherd while the latter was combing clandestine nets from the waters of the no-catch zone in the Vaquita Refuge of the Upper Golf of California.
-
Finance
-
It’s clear that consumer outreach can motivate these companies to do the right thing, we just need more of it right now.
-
The Postal Service began employing African Americans shortly after the Civil War. It became a major source of good, middle class jobs for African Americans in the early 20th century. During the 1940s, civil rights advocacy, combined with wartime needs, created even more opportunities for Black postal workers. By the mid-1960s, African American leadership had increased significantly, with the three biggest post offices in the country — New York, Chicago, and Los Angeles — all headed by Black postmasters. By the end of the 20th century, African Americans comprised 21 percent of all U.S. postal employees.
In 2020, Black workers made up nearly a quarter of the Postal Service workforce — more than double their share of the total U.S. labor force. According to Institute for Policy Studies analysis of Bureau of Labor Statistics data, postal workers have the highest average annual wage ($51,740) and the highest median hourly wage ($25.03) among the 10 occupations with the heaviest representation of Black workers. Four of these 10 occupations have median hourly wages below $15 per hour. Of the 10 most heavily African American occupations, the Postal Service employed the fifth-largest number of workers (see Table).
-
Wage cap allows millionaires to stop contributing to Social Security on February 23, 2021.
-
“It’s bad enough when commercial apps deliberately frustrate and manipulate children into desiring in-game purchases, but Prodigy’s insidious business model is creating a new form of inequality in classrooms.”
-
A field guide to our threadbare social safety net.
-
To do anything less than what Biden has proposed would be irresponsible and reckless.
-
“This is an anti-immigrant, low-wage bill masquerading as an attempt to help American workers.”
-
“Liberals” in the United States have mostly accepted the assumption of that contradiction, the necessity of that final choice. However, they try to demonstrate that the social gains from a higher minimum wage would exceed the social losses from the reduced employment they admit. Their idea, in effect, is that a higher minimum wage would increase demand for goods and services. Any workers fired because of the minimum wage would be rehired elsewhere to meet the rising demand. Countless empirical studies by conservatives and liberals yield, as usual, correspondingly conflicting conclusions.
In the actual history of U.S. capitalism, the minimum wage has been undercut from the outset. In real terms (what the minimum wage can actually buy), its long-term decline began from a peak in 1968. It was last raised in 2009 (to $7.25 per hour) despite a rising consumer price index every year since then. U.S. business interests plus the “conservative” politicians, media, and academics they support have inundated the public with the idea that raising the minimum wage will hurt poorly paid workers (by losing mostly small business jobs) more than help them. This debate over the minimum wage, intensified whenever proposals to raise it gain public attention, has been “won” chiefly by the conservative/business side.
-
-
*The following was originally published as part of The Dissenter newsletter.Backing claims of retaliation by two whistleblowers, the New York’s attorney general sued Amazon for failing to protect workers during the COVID-19 pandemic.The complaint [PDF] filed on February 16 covers Amazon’s mistreatment or neglect toward workers at two facilities in New York City—a Staten Island fulfillment center and a Queens distribution center.It notes Attorney General Letitia James obtained documentation with evidence of “adverse actions” taken against workers at the fulfillment center in “retaliation for raising health and safety concerns.”“While Amazon and its CEO made billions during this crisis, hardworking employees were forced to endure unsafe conditions and were retaliated against for rightfully voicing these concerns,” James declared. “Since the pandemic began, it is clear that Amazon has valued profit over people and has failed to ensure the health and safety of its workers.”Christian Smalls and Derrick Palmer worked at the fulfillment center and blew the whistle on hazardous workplace conditions in March 2020. They shared what they witnessed with the news media and the Centers for Disease Control and Prevention (CDC).Although these were protected disclosures under labor law, Amazon fired Smalls and singled out Palmer for discipline.Smalls was informed his employment would be terminated after he participated in a March 30 protest and called attention to health and safety issues. The corporation claimed he was terminated for “violating the quarantine order and for violating Amazon’s social distancing requirements by his conduct during the March 30 protest.”The two whistleblowers informed representatives they believed they came into close contact with an employee, who tested positive for COVID-19.Before it was confirmed that Smalls would need to quarantine, Christine Hernandez, a human resources manager, discussed a plan for retaliation with a “human resources business partner” on March 27.Hernandez and the “business partner” “anticipated that Amazon would issue Smalls a directive to quarantine and that he would violate it” by attending the March 30 protest.Amazon never informed Smalls before or during the protest that he needed to leave because he was violating a quarantine order, according to the complaint. Nor was Smalls ever issued a written warning or instructed he would receive disciplinary coaching.Communications show human resources recognized it was inappropriate for Amazon to approach Smalls with a “termination mentality.”Palmer complained multiple times to Amazon managers in late March and early April. He received a “final written warning” on April 10 for allegedly violating the fulfilment center’s “social distancing policy” on March 25, 26, and 27. But Amazon never issued an initial warning indicating Palmer had violated Amazon policy. At Amazon, ninety percent of discipline for violations resulted in “documented coaching” and fewer than 10 percent resulted in “final written warnings.” The corporation made an example out of Palmer.“Following Amazon’s discharge of Smalls and issuance of a final written warning to Palmer, Amazon employees reasonably fear that if they make legitimate health and safety complaints about Amazon’s COVID-19 response, Amazon will retaliate against them as well,” the complaint contends.In addition to other remedies requested to deal with the lack of workplace safety, the attorney general’s complaint urges the state’s supreme court to award backpay and “emotional distress damages” and order Amazon to reinstate Smalls to his position. It also demands the court order Amazon to “rescind the discipline” against Palmer.Previously, Palmer filed a lawsuit in a federal court in New York. It was dismissed after the court decided whether Amazon was compliant with COVID-19 safety guidelines was a matter for the United States Labor Department’s Occupational Safety and Health Administration (OSHA) to resolve.OSHA has largely shirked its responsibility to protect workers, especially whistleblowers, and deferred to corporate executives.In 2020, OSHA received 4,101 complaints between February 1 and May 31. That represented a 30 percent increase when compared to the same period in 2019. At least 1,600 related to the pandemic, yet only 400 of those cases were “docketed” or put on a list of pending complaints.CNBC reported around the same time Smalls and Palmer voiced concerns, warehouse workers and delivery drivers were “forced to choose between going to work and risking their health or staying home and not being able to pay their bills.”
The terrain largely remains as it was in the earliest stages of the crisis. As James put it, “Workers who have powered this country and kept it going during the pandemic are the very workers who continue to be treated the worst.”
-
-
“The $15 minimum wage is overwhelmingly popular with the American people. One person should not be allowed to hold relief hostage.”
-
“The opposition to Congresswoman Haaland’s confirmation is narrow and guided by money, not the qualifications or historic importance of what the nomination of Deb Haaland will do for this country.”
-
-
Klarna Bank AB is raising funds valuing the Swedish fintech startup at around $31 billion, roughly tripling the company’s valuation after its most recent round in September.
The Stockholm-based company is raising around $800 million and up to $1 billion, the people said, adding the round could be announced in the coming days. Existing investors are participating ahead of a potential public listing next year, said the people, who asked not to be identified because the matter is private.
A Klarna spokesperson declined to comment.
-
AstroTurf/Lobbying/Politics
-
Here’s their playbook—and what the rest of us can do to stop them.
-
-
More and more Russians are relying on Internet social networks for information, though most still get their news from television programs, where the state dominates. According to a poll conducted last month by the Levada Center independent polling agency (designated as a “foreign agent” by the Russian Justice Ministry), 42 percent of Russians named social networks as a source of information, while 64 percent said they follow the news on TV. Thirty-nine percent of Russians said they also read online publications.
-
-
During a mere two-hour video stream on YouTube this week, Russian political scientist Ekaterina Schulmann managed to collect more than 3.4 million rubles (about $45,000) in donations for the independent news outlet Mediazona and the human rights projects OVD-Info and “Apologia Protest.”
-
-
Merrick Garland is going to be confirmed as the next attorney general. He’s a white man who hasn’t sent mean tweets to Republican lawmakers, which should make him palatable enough for Joe Manchin and Kyrsten Sinema. He’s even likely to pick up some Republican votes: He’s an eminently qualified lawyer with an affable and inoffensive nature. The dude even got choked up during his hearing when speaking about how the country welcomed his grandparents from Europe, protecting them from anti-Semitism, and explained that being the attorney general would be the “highest, best use” of his skills to “pay the country back.” After finishing a pointed line of questioning, Republican senator and faux-folksy Rhodes Scholar John Kennedy let slip, “I think you’ll make a fine attorney general” before he cut his mic.
-
-
A long-standing decline of U.S. society advanced by both the Republican and Democratic parties has reached a striking low point. Over the past year our government has failed to contain a deadly virus, protect many people from economic ruin, prevent a particularly overt wave of racist violence, and dissuade nearly half of voters from supporting the reelection of a quasi-fascist president (Trump). And that is in addition to many years of politics that have greatly exacerbated social inequality and ecological destruction. Both parties have had a hand in leading us here, through largely favoring the privileged and disregarding the common good. But if our nation had had at least one major party clearly committed to social, economic and environmental justice (i.e., real progressive change), we would not be in this situation.
Now, if at least one of the two existing dominant parties does not change course dramatically, which neither seems capable of doing, this could be a good year to start diligently building a different party that can save our country. Any such party would faithfully fight for all ordinary people, and it would not be beholden to the super-advantaged. It also would be electorally serious, meaning it would clearly emphasize winning elections (without abandoning its principles). And by gaining power and influence one step and place at a time, it would show that it could eventually become a new major party. This is the only kind of third party that could attract widespread public support. In the abstract many people already want such a party, and emerging events may reinforce that desire. But this party may only develop if the right steps are taken to convince essential sympathizers that it is possible.
-
I am not a fan of Neera Tanden—the head of the Center for American Progress (CAP), and President Joe Biden’s nominee for direction of the Office of Management and Budget (OMB)—and to the best of my knowledge, the feeling is mutual. This doesn’t make me special. Ask any number of leftist writers who spend a lot of time on Twitter about Tanden, and they’ll tell you the same stories: how she announced plans to fire the unionized employees of CAP’s affiliated website, ThinkProgress, and to replace them with scabs (ultimately she just shuttered the site following public backlash); how she allegedly hit a colleague, future Bernie Sanders campaign manager Faiz Shakir, for daring to ask Hillary Clinton about her support for the Iraq War; how she named a victim of workplace sexual harassment in a staff meeting; how she pressured critics of Israel at ThinkProgress, bowing to the demands of pro-Israel lobbyists; how she accepted tens of millions in donations to her ostensibly progressive think tank from Wall Street, Silicon Valley, insurance companies, and the autocratic regime of the United Arab Emirates; how she once suggested compelling Libya to use its oil wealth to pay the United States for its 2011 regime change operation. And that’s to say nothing of the many times Tanden has tried to bully or intimidate journalists (such as The Week’s Ryan Cooper, or me) for writing accurate sentences about her, or complained to managers or editors about comments that she didn’t appreciate—not to mention her open contempt for Sanders and his millions of supporters.
-
-
“What we urgently need now,” former Soviet president Mikhail Gorbachev wrote last year, just a month after the Covid-19 pandemic ground life to a halt across the world, “is a rethinking of the entire concept of security.” Rather than measure security purely in military terms, as we usually do, “the overriding goal must be human security: providing food, water and a clean environment and caring for people’s health.”
-
-
In state after state, Republicans want to suppress voting because they know they are a minority party.
-
The United States has passed 500,000 COVID-19 deaths, by far the highest toll in the world. The morbid milestone comes as new COVID-19 cases continue to fall across the country amid an accelerating vaccine rollout, but the head of the World Health Organization is calling on rich countries not to undermine efforts to get vaccines to poorer nations by buying up billions of doses — in some cases ordering enough to vaccinate their populations more than once. “The inequities that we’ve seen here are just absolutely stunning,” says Dr. Craig Spencer, director of global health in emergency medicine at Columbia University Medical Center, who urges advanced economies to share their vaccine stockpiles with poorer countries in order to end the pandemic sooner. “It’s in our public health interest, it’s in our economic interest, and, I think most importantly, it’s really in our ethical and moral compass to be doing this.”
-
Ivan Zhdanov, the director of Alexey Navalny’s Anti-Corruption Foundation (which Russia’s Justice Ministry has designated as a “foreign agent”), is trying to put a positive spin on the European Union’s decision not to sanction prominent businessmen Navalny’s associates say are partly responsible for the opposition politician’s imprisonment. Though his team advocates these sanctions, Zhdanov told the radio station Ekho Moskvy that targeting Russian oligarchs is largely impractical because their immense personal resources and access to elite lawyers enable them to challenge and reverse such measures.
-
The international human rights organization Amnesty International has rescinded its decision to grant “prisoner of conscience” status to Alexey Navalny, arguing that the jailed Russian opposition politician’s past statements about migrants from Central Asia and the North Caucasus constitute hate speech. Alexander Artemyev, the group’s Russia and Eurasia media manager, confirmed the determination to Mediazona on Tuesday, after American journalist Aaron Maté first reported the news from Amnesty’s UK division.
-
President Joe Biden’s administration is planning to transfer the State Department’s special envoy office charged with leading the anti-ISIS coalition to the bureau that handles counter-terrorism, current and former officials told Foreign Policy. The reshuffle reflects how the new administration views the next phase in the fight against the terrorist organization that once controlled vast swathes of territory in Iraq and Syria–but has sparked debates over how to continue the fight against terrorism while shifting America’s foreign-policy attention to China.
-
Gab instead of Twitter, MeWe over Facebook, Telegram for messaging and Discord for insiders — banned from mainstream platforms, US conspiracy and supremacist movements, many of which support Donald Trump, have shifted to networks that are more confidential, and harder to regulate.
-
But one reason the polling in 2020 has received so much attention is that down-ballot polling, namely the generic ballot — which asks respondents whether they plan to vote for a Democrat or Republican in their local race for the U.S. House of Representatives — was also off by a similarly large margin in 2020. In fact, as the table below shows, the House popular vote was 4.2 points more Republican-leaning than the polls anticipated, making it the largest generic ballot polling miss in a presidential or midterm cycle since 2006.2
-
AFP reported Tuesday that French “far-right” (i.e., opposed to mass Muslim migration and French cultural and political suicide) leader Marine Le Pen “goes on trial Wednesday on charges she broke hate speech laws by tweeting pictures of Islamic State atrocities, a case she has slammed as a violation of free speech.”
-
Swedish journalist and acclaimed author Gunnar Sandelin delivered a shocking speech on 3rd world immigration and its detrimental effects on Scandinavia. The renowned journalist was one of the first mainstream figures in Sweden to be ostracized, fired, and banned from his profession for exposing official government figures on migration.
The past fall Sandelin was given the Sappho Award by the Danish Free Press Society (Trykkefrihedsselskabet) in Copenhagen. The following video features Mr. Sandelin’s powerful acceptance speech, along with an eye-opening slideshow presentation detailing the effects of Sweden’s suicidal open border policies.
[...]
As previously reported at RAIR, the Swedish government funds a radical online “hate” monitoring group, “Näthatsgranskaren”. The group is headed by Tomas Åberg, a disgraced ex-police officer. The group mass-reports Swedes who write critically about migration or Islam online to police officers, who have raided speech offenders homes, roughed them up, placed them under arrest and collected their DNA.
-
HR 1, the For the People Act, is an omnibus voting reform bill that has many progressive measures concerning voter registration, voter roll purges, voter-verified paper ballots, early voting, no-excuse absentee ballots, presidential candidate tax returns, gerrymandering, and more. According to reports, the Democratic leadership will whip their members hard to pass the bill through the House and Senate in March.
But progressives should say not so fast. Buried in the middle of the bill is a public campaign finance program that is merely a public funding palliative that fails to stop the overwhelming domination of big private money in federal elections.
Progressives should be demanding full public funding based on equal grants for all qualified candidates and a constitutional amendment to end the US Supreme Court imposed doctrines that limit public regulation of campaign funding in public elections.
Instead, HR 1’s partial public campaign finance program based on matching funds merely adds a token patina of new public money on top of the swelling ocean of private campaign spending. The qualifying thresholds to access this presidential primary matching funds are increased five times, putting the program beyond the reach of third-party candidates. The 6:1 matching funds program for both presidential and congressional candidates increases the funding gaps between candidates by seven times.
-
Censorship/Free Speech
-
Two separate stories from Southeast Asia help demonstrate why intermediary liability protections like Section 230 are so important for free speech online (and why it’s positively ridiculous that some have argued that 230 is an attack on free speech). The first is an article about a court case in Malaysia, in which a small independent media site has been fined an astounding amount: $124,000 over five reader comments that a court said violated the law. Notably, the website in question, Malaysiakini, had removed those comments relatively quickly. But the court said that the removals weren’t fast enough:
-
Given these invasions, it’s no surprise that students and educators are fighting back against these apps. Last fall, Ian Linkletter, a remote learning specialist at the University of British Columbia, became part of a chorus of critics concerned with this industry.
Now, he’s been sued for speaking out. The outrageous lawsuit—which relies on a bizarre legal theory that linking to publicly viewable videos is copyright infringement—will become an important test of a 2019 British Columbia law passed to defend free speech, the Protection of Public Participation Act, or PPPA.
This isn’t the first time U.S.-based Proctorio has taken a particularly aggressive tack in responding to public criticism. In July, Proctorio CEO Mike Olsen even publicly posted the chat logs of a student who complained about the software’s support, posting the conversation on Reddit, a move he later apologized for.
-
In a world where journalism is heavily clouded by one party or the other, it is not hard to understand where these fears of censorship are coming from. Some might argue that misinformation could gain a mottled meaning because of this new removal policy. Thus, conservative-leaning media might get the ax even if it’s not reporting vaccine falsehoods. In these instances, it is up to social media users, regardless of political stance, to speak up against something wrongfully being taken down. But in the case of something that is purely false, such as arguments that vaccines cause autism, there is no censorship occurring when these posts are removed.
Censorship absolutely can lead to the slippery slope of social media corporations deciding what media users can and can’t post. But for the time being, we should rest easy that “fake news” surrounding vaccines will be cleared away for actual facts. Though we should keep wary of corporations overstepping their boundaries, removing falsehoods from these platforms will help prevent people from being misinformed.
-
He added: “While you can’t buy the book on Amazon, you can still get it (for now?) at Barnes and Noble. Given the aggressive push on trans policies coming from the Biden admin, now is a great time to read it. Buy it before you no longer can.”
Despite removing Anderson’s book, a response published in the same year by Kelly Novak called “Let Harry Become Sally: Responding to the Anti-Transgender Moment” has been allowed to stay.
Amazon has been accused of censorship after removing Anderson’s book.
-
The Wyoming Legislature is scheduled to reconvene on Monday, March 1 in Cheyenne. It will be a General Session, meaning any topic can be addressed in a bill without it needing a 2/3 majority vote for introduction.
-
The North Dakota House of Representatives has advanced a bill that would prohibit prominent social media platforms from censoring residents of the state.
The Republican-dominated lower chamber voted 73-21 to send House Bill 1144 to the Senate for consideration.
The proposal would bar social media sites with more than 150 million active users from censoring North Dakotans’ posts based on race, religion or viewpoint. The bill would also open up social media companies to civil lawsuits from residents who believe they’ve been blacklisted from the sites.
-
“It shouldn’t be up to Facebook and Google to cherry pick and groom publishers it deems acceptable for side deals.”
-
“Facebook and Google have not hidden the fact that they know that the eyes of the world are on Australia, and that is why they have sought to get a code here that is workable,” he added, referring to the bill, the News Media Bargaining Code.
In fact, this week, Microsoft and four European publishing groups announced they would work together to push for Australian-style rules for news payments from tech platforms.
-
Facebook is restoring news links in Australia after the government agreed to amend the proposed link tax law. We’ll explain the details down below, but at the very least, this shows part of the reason Facebook did what it did, when it did. The end result still sucks, and I wish Facebook had stood its ground here because this portends a significant closing off of the open internet.
-
People have been very angry at me for pointing out that Facebook’s decision to ban links to news down under actually made sense — even though Facebook has now cut a deal to return the links. The move was in response to an incredibly poorly thought out law to force Facebook and Google to pay giant news organizations, just because those news organizations couldn’t figure out how to innovate online. One key point: I said that even if Facebook is the worst representative of the “open web,” this move is the right one for the open web. That’s because the alternative is much worse. Since the Australian law would force Google and Facebook to pay for the crime of linking to news, it would set up the incredibly anti-open web concept that you could be forced to pay to link.
-
Catch up quick: Facebook’s decision to stop link-sharing was made in response to a new law that would have forced Google and Facebook to pay Australian news publishers for content, including headlines and links, with terms set by a third party, if they weren’t able to come up with payout agreements with local publishers themselves.
-
The company said Monday that it would team up with media industry groups like the European Publishers Council to lobby for such a policy, which lawmakers around the world are now considering.
The move comes after Facebook (FB) stopped people from finding news on its platform in Australia last week rather than pay publishers for their content, a decision that produced a global backlash and generated negative headlines for the social media company.
-
I am worried about France because one of its professors was beheaded just four months ago in broad daylight and now another has to resign following death threats for bravely doing his duty and not only were no real measures taken afterwards. after what happened, but the affair did not become an opinion campaign in Europe.
I have always thought, for at least fifteen years, when I began to follow what was happening in that country, since my friend Robert Redeker, a philosophy professor in Toulouse, had to go into hiding, become a refugee in his own country, for having defended Ratzinger from Islamic lynching after his speech criticizing Islam at Regensburg, I always thought that France was playing the game that would decide the fate of this civilization shock in Europe.
I am worried about France, because in the face of this war that has been declared to it, I do not see courage, the will to prevail and moral fiber, but the fiber of an exhausted world. Ours.
-
Iranian Supreme Leader Ayatollah Ali Khamenei issued a fatwa stating that women in cartoons and animated features must be depicted wearing a hijab, according to al-Arabiya citing Iran’s Tasnim news agency.
A fatwa is a declaration or ruling on a point of Islamic law given by a recognized higher authority. The ruling is not legally binding, however.
-
Facebook had vigorously objected to the code, which would curb its power and drive up its spending for content, as well as setting a precedent for other governments to follow. The company had argued that news would not be worth the hassle in Australia if the bill became law.
But on Monday, Facebook returned to the negotiating table after the Australian government granted a few minor concessions. Under several amendments to the code, Facebook would get more time to cut deals with publishers so it would not be immediately forced into making payments. The amendments also suggested that if digital platforms had significantly contributed to the Australian news industry, the companies could avoid the code entirely, at least for now.
In exchange, Facebook agreed to restore news links and articles for Australian users “in the coming days,” according to a statement from Josh Frydenberg, Australia’s treasurer, and Paul Fletcher, the minister for communications, infrastructure, cities and the arts.
-
“We don’t want the junta, we want democracy,” said one protester. “We want to create our own future.”
-
Since the coup, the military has repeatedly shut off the [Internet] and cut access to major social media sites, isolating a country that had only in the past few years linked to the outside world. The military regime has also floated legislation that could criminalize the mildest opinions expressed online.
So far, the Tatmadaw, as the Myanmar military is known, has depended on cruder forms of control to restrict the flow of information. But the army seems serious about setting up a digital fence to more aggressively filter what people see and do online. Developing such a system could take years and would likely require outside help from Beijing or Moscow, according to experts.
Such a comprehensive firewall may also exact a heavy price: The [Internet] outages since the coup have paralyzed a struggling economy. Longer disruptions will damage local business interests and foreign investor confidence as well as the military’s own vast business interests.
-
Freedom of Information/Freedom of the Press
-
-
Three men suspected of having supplied the bomb which killed Maltese anti-corruption journalist Daphne Caruana Galizia in 2017 were arrested on Tuesday, police said.
Their arrest came as a man accused of carrying out the killing agreed to a plea deal, accepting his responsibility for the assassination in return for a reduced, 15-year jail term instead of possible life behind bars.
-
Anthony Albanese has thrown his support behind releasing Julian Assange from prison after 10 years without freedom.
The Labor leader was asked at a caucus meeting in Canberra on Tuesday for his view on the ongoing detention of the Australian WikiLeaks founder.
-
At present, the value of this spectrum is fairly low. Small-town radio is not a great business to be in and these stations regularly sell (not just license but real estate, equipment, branding, etc) for prices below a half million dollars. However, I think that the Tuckers believe in one of two eventualities:
First, that due to regulatory or other changes there will be a Renaissance of small radio markets that leads to major players like iHeartMedia gaining an interest in buying into these markets. Like real estate investors, the Tuckers will find themselves “in the path of growth” and sell the stations for well more than they bought them.
Second, and I believe the more likely scenario, the Tuckers are hoping that broadcast FM radio will undergo a technological transformation which makes the spectrum more valuable—perhaps by repurposing FM radio stations for broadband data delivery. As far back as the ’90s there have been developments that might feel like the early stages of this process, with subcarrier and digital encoding methods being used to add overlay services like real-time traffic updates to FM radio stations. HD Radio might be seen as another major step in this transformation.
-
Aurora police officers did not have a legal basis to force McClain to stop walking, to frisk him or to use a chokehold on him, according to the investigation commissioned by the city released on Monday.
Paramedics with the city’s fire department failed to properly evaluate McClain — or even attempt to speak to him — before injecting him with a powerful sedative.
And the detectives assigned to scrutinize what happened that night “failed to meaningfully investigate” the incident, the report states.
-
Employees at Amazon’s Bessemer, Alabama, warehouse facility are currently in the process of voting to join the Retail, Wholesale and Department Store Union (RWDSU), a move that would set a crucial precedent for the company’s U.S.-based workforce. More than a dozen U.S. senators, including Elizabeth Warren and Bernie Sanders, signed a letter in support of the employees’ union drive. Those lawmakers, along with countless pro-union advocates and organizations, argue that organized workers have a better chance of winning a more equitable portion of the massive profits Amazon has amassed because of them. Mail-in voting began on February 8 and ballots are due March 29.
-
“Throughout this pandemic, Amazon employees have been forced to work in unsafe conditions, all while the company and its CEO made billions off of their backs,” she declared. “This action by Amazon is nothing more than a sad attempt to distract from the facts and shirk accountability for its failures to protect hardworking employees from a deadly virus. Let me be clear: We will not be intimidated by anyone, especially corporate bullies that put profits over the health and safety of working people. We remain undeterred in our efforts to protect workers from exploitation and will continue to review all of our legal options.”
Then she sued the tech giant that has been dogged by protests from workers in New York who say the company has prioritized profits over employee health and safety. Citing “flagrant disregard for health and safety requirements [that] threatened serious illness and grave harm” to workers at Amazon facilities in the New York City boroughs of Queens and Staten Island, the suit charges: “Amazon has cut corners in complying with the particular requirements that would most jeopardize its sales volume and productivity rates, thereby ensuring outsize profits at an unprecedented rate of growth for the company and its shareholders.”
-
Minister in the Prime Minister’s Department (Religious Affairs) Datuk Seri Zulkifli Mohamad Al Bakri today urged the public to let the relevant authorities to take the necessary action against the non-Muslim man who claimed on video, which has since gone viral, to have got a Muslim woman to apostatise.
He said the police were now investigating the matter.
-
Civil Rights/Policing
-
Watch the movie. Then read the book.
-
Just the other day, I received an email informing me that there was “a racist and bigoted Zoom hijacking incident that occurred during a virtual event that was part of Sonoma State’s Black History Month program.” A spokesperson for the university said, “We will refrain from sharing details of what occurred, because we refuse to provide these cowardly bigoted individuals the platform they seek.”
I understand and sympathize. The Internet is already rife with racist comments. It doesn’t need more, At the same time, as a member of the community and as a scholar who has written about Black Americans and about racism, I would like to know what was actually said. Just how disgusting was that?
-
That was the former United Nations High Commissioner for Refugees, Zeid Ra’ad al Hussein, speaking about the way the Myanmar army, the Tatmadaw, dispatched Muslim children from Rohingya villages in Rakhine state, Myanmar. Hussein, though, was talking about his shock at massacres that took place in late 2016, almost a full year before the crisis exploded into the public consciousness in September 2017.
The massacres, including one at a village called Dar Gyi Zar in November 2016, shocked the UN. But this was nothing new or different. Those who pay attention to Myanmar events already knew that this was business as usual for the Tatmadaw: vicious brutality, the systematic rape of women and girls, the burning of villages, they’re all in the Myanmar army’s day-to-day playbook. The murders may have been committed with extra gusto, the villages razed 100, rather than 75 per cent, only because of the Rohingya’s status as Muslims. It’s ironic to see and hear Burmese soldiers filming themselves telling teenaged Rohingya youth to ‘come here you black Indian mother******’, since they’re not all that different physically.
-
The Arizona Department of Corrections is depriving inmates of freedom they’ve earned. Its $24 million tracking software isn’t doing what it’s supposed to when it comes to calculating time served credits. That’s according to whistleblowers who’ve been ignored by the DOC and have taken their complaints to the press. Here’s Jimmy Jenkins of KJZZ, who was given access to documents showing the bug has been well-documented and remains unfixed, more than a year after it was discovered.
-
With enough self-delusion, any act of humanity can be considered a criminal act. It works for cops. It also works for the general public. When you’re a suspicious busybody with an overactive imagination and too much time on your hands, you can waste everyone’s tax dollars by panicking.
-
How do we explain the fact that of the 55,000 homes in the Navajo Nation, about 15,000 don’t have electricity—now, or at any time?
-
“I agree with Dr. Martin Luther King Jr’s view that the best anti-poverty program is a union,” says Hollywood actor and veteran progressive activist.
-
We’re getting an up-close look at how law enforcement treats left and right protests differently. But the solution is protecting protest, not supercharging law enforcement.
-
“Kids need a place to call home—that’s why they should be with their families, friends, and community members.”
-
Soon after receiving his license to practice law in Maine in May 2015, Jeremiah McIntosh, 36, began a new career as a small-town lawyer in the northeast corner of the state’s rural Aroostook County.
McIntosh advertised online that he had spent almost a dozen years working as a civilian employee for the Defense Department. Now, he quickly fell back into life in his hometown. He volunteered for the town planning board, helped the library register as a nonprofit and opened a rural law office in the small, close-knit community of Washburn, where fewer than 2,000 people live.
-
Internet Policy/Net Neutrality
-
Net neutrality died a horrible death in 2017, but things have just turned around: California’s landmark net neutrality law — erected in 2018 but immediately blocked by lawsuits from Trump’s Department of Justice and the telecom industry — can finally be enforced.
That’s the verdict from Judge John Mendez today, who declined to grant the telecom industry the preliminary injunction it had requested. The case might not be over, but the law can go into effect — and the judge doesn’t think the telecom industry is likely to win.
-
Digital Restrictions (DRM)
-
Five years or so ago, frustration at John Deere’s draconian tractor DRM helped birth a grassroots tech movement dubbed “right to repair.” The company’s crackdown on “unauthorized repairs” turned countless ordinary citizens into technology policy activists, after DRM (and the company’s EULA) prohibited the lion’s share of repair or modification of tractors customers thought they owned. These restrictions only worked to drive up costs for owners, who faced either paying significantly more money for “authorized” repair (which for many owners involved hauling their tractors hundreds of unnecessary miles), or toying around with pirated firmware just to ensure the products they owned actually worked.
-
During the 90-minute event, the company rattled through a series of announcements. It detailed a slew of new podcasts, including one featuring former President Barack Obama and rockstar Bruce Springsteen as co-hosts, as well as a full universe of DC Comics programming. It debuted an expanded podcast ad marketplace, bolstered by its Megaphone acquisition and Streaming Ad Insertion technology, along with a Hi-Fi subscription tier. And it teased new tools for podcasters to engage with their audiences and make money through subscriptions. Spotify obviously intends to make podcasting a real revenue driver.
But none of the announcements were groundbreaking for people in the industry. If anything, they demonstrated how far Spotify has yet to go. Crucially, Spotify announced that 7,500 musicians are making at least $100,000 per year through its platform, which isn’t much considering the service is available in 93 markets. Now, Spotify is trying to make the same pitch to podcasters as it did to musicians — that they’re all on the same side and share the same goals.
-
Monopolies
-
Smartphone app store policies have come into focus recently, following a series of recent conflicts between app makers and app store operators (principally Apple and Google). These include the removal of conservative-oriented social media platforms Parler and Gab, and the ensuing debate about balancing free speech and harmful content. There have also been numerous conflicts over monetization, including disputes over transaction fees for digital goods and services (e.g. Spotify and Epic Games), and privacy changes that affect third party advertisers (e.g. Facebook).
-
Participation and engagement in the working groups has increased over the past years, reinforcing the exchange of knowledge. This year the event will gather approximately 320 representatives from national and regional IP offices of the EU, user associations and multiple departments of the EUIPO, together with observers from the World Intellectual Property Organization (WIPO), the European Patent Office (EPO) and the European Commission.
-
Patents
-
The first appeal focused on the defenses of laches and equitable estoppel. You see, back in 2002 Morris had notified John Bean that the patent was invalid (with an explanation of the prior art). John Bean took no action for the succeeding 11 years. That delay gave rise to the equitable bars. In 2013-2014 John Bean shepherded the patent through ex parte reexamination. The 2014 infringement action followed based upon amended and new claims in the patent. In its 2018 decision, the Federal Circuit explained (1) that laches no longer applies following SCA Hygiene (2017) and (2) equitable estoppel did not bar the patentee from seeking damages for the amended/new claims.
[...]
The focus here is on equitable intervening rights created where “substantial preparation was made before the grant of the [reexam].” Under the statute, a judge can allow infringing actions to continue without penalty “to the extent and under such terms as the court deems equitable for the protection of investments made or business commenced before the grant of the [reexam].” In the appeal, the patentee made two main arguments about allowing the infringer to completely avoid damages.
Equitable Relief to Protect Investments: It is undisputed that Morris has already recouped its investment in the infringing product made prior to the reexamination. Thus, according to the patentee, there is no need for equity to provide further relief “for the protection of investments.” On appeal, the Federal Circuit found no strict limits on scope of relief. “We see no indication in the statute that monetary investments made and recouped before reissue are the only investments that a court may deem sufficient to protect as an equitable remedy.”
-
Software Patents
-
What types of inventions in database technology are patentable in Europe? The Guidelines for Examination in the European Patent Office will be updated on 1 March 2021 with a new section specifically on database management systems and information retrieval.
-
While some banks may need invention to prevent banking errors, other banks need to solve a different problem: patent infringement. Barclays Bank, TD Bank, and others have joined the Open Invention Network (OIN) to resist litigation threats from patent trolls.
For many years, OIN has provided a way to reduce the threat of license and patent infringement cases against open-source software. ipCapital Group has worked to help OIN over the years, and we believe in its mission as well as admire Keith Bergelt, its CEO. In his tenure, he has been able to help it grow to 3,367 licensees.
This is undoubtedly an area where Invent Anything principles can be a strategic advantage. Specifically, the banks should invent all sorts of improvement ideas and then publish them in a venue like IP.com to generate prior art. In our earlier work we demonstrated that OIN could systematically invent and then publish those inventions to create prior art that would stop trolls from patenting these improvements in the future.
A quick search of the patent databases shows over a million patents and applications related to banking and finance. This poses a tremendous challenge to the finance and banking industry, so solutions like OIN offers will be desperately needed.
-
The ’811 patent is a continuation in part of U.S. Patent No. 5,530,558. The emphasized term “passive link” was a point of contention in the suit and ultimately led to the invalidation of all of the Infinity patents.
The claimed invention is directed to “using a fax machine as a printer or scanner for a personal computer.” According to the specification, its goal is to “provide a circuit for interfacing a PC and a facsimile to enable the facsimile to be utilized as a scanner or a printer for a PC and to accomplish all of the objectives of a scanner or a printer.”
Various embodiments involve this circuit being internal or external to a PC. The internal version, with the circuit integrated into a fax modem, is illustrated in Figure 2b of the ’811 patent, reproduced below.
[...]
The notion that the passive link would somehow extend to the I/O bus was not supported by the state of the art nor was it actually argued by Infinity. Instead, Infinity wrote that “the non-intercepted data enters through the RS 232 type connector port of the computer and passes directly to the I/O Bus and is processed by the receiving circuits (i.e., UART, CPU) of the computer.” The language here about the UART circuit (which processes serialized communications) is somewhat confusing but should not override the more logical conclusion that the passive link is coextensive with the RS 232 cable.
The Court seems to recognize that it is wandering into Kafkaesque territory, and noted that “[w]e recognize that, in a vacuum, it might seem odd to hold ‘computer’ indefinite.” But the Court justified the outcome by shifting the blame to Infinity’s own unclear statements.
In short, the outcome for this case appears to be correct. Infinity took contradictory positions during prosecution, which is enough to render the claims indefinite. The whole discussion of the boundary between the passive link and the computer being uncertain was superfluous at best and specious at worst.
-
Trademarks
-
Last summer, we discussed Apple opposing the trademark application for recipe app PrePear. While the tech company and a company that attempts to promote healthy eating aren’t competing with one another, Apple argued that PrePear’s logo was deceptively similar to its own. Here they are, side by side.
-
Counsel fear UK being left behind in counterfeiting fight [Ed: When the term "left behind" is just nasty shaming tactics, blackmailing a government into being subservient to robber barons who monopolise by badmouthing competitors]
A proposed UK law fails to recognise the dangers of counterfeits, say sources, but rights owners believe all is not lost
-
Customs key to big-fish counterfeiters: 3M counsel [Ed: Notice the "sponsored by" part; this think tank and propaganda site with lobbyists/operatives like Ed Conlon wish people to think of it as news (and ignore who pays for it)]
-
Copyrights
-
A class-action lawsuit filed by musician Maria Schneider and Pirate Monitor claims that YouTube restricts access to takedown tools and fails to act against repeat infringers. However, YouTube is steadily picking the case apart, including by identifying the operator of a “shell company” plaintiff whose earlier work will be familiar to fans of The Simpsons.
-
The CreativeFuture coalition, which represents companies and individuals in the film, TV, music, and publishing industries, is asking President Biden to help fight online piracy. Now that the felony streaming bill and the CASE Act have been passed, big tech companies such as Google and Facebook are key adversaries once again.
Permalink
Send this to a friend
Posted in Site News, Videos at 12:59 pm by Dr. Roy Schestowitz
Video download link
Summary: For self-hosting of videos over the World Wide Web (Gemini too can handle videos; its clients/browsers can, for example, link video files/URLs to external media players) it’s worth reviewing the full set of features made available by the standards because a lot can be accomplished without JavaScript and without unnecessary bloat/complexity
THERE is wide a range of products that can let one host, manage and serve videos. The GNU Project has one of its own. Many bits of software, however, are over-complicated and some simply urge the users to outsource hosting to some other company/ies. Social control media-like video hosting (e.g. YouTube) is part of the problem, not the solution, and it’s not cost-free; the cost is free speech or the freedom to control one’s channel, platform etc. Google’s currency has long been control. So don’t send videos Google’s way…
“A lot of people are ever so proud to be leaving YouTube, only to end up at the mercy of another company (LBRY and others in its orbit are notable among GNU/Linux folks); that’s neither self-hosting nor independence.”Today we ‘discovered’ the “poster” attribute (we heard about it before, but didn’t properly look into it), which lets one enhance the presentation of self-hosted videos. We’ve thus incorporated the changes for every future video. Many people do not truly understand the advantages or underestimate the possibilities of self-hosted videos. Uploading to YouTube is enticing as it seems “easy” and “cheap”… until things go wrong, well outside one’s own control. Google isn’t in this as a public service and some channels/videos are seen as unhelpful to advertisers, Google’s real clients/customers. The same is true for Twitter and Facebook, where some people still place videos that they’ve really worked hard on. Sooner or later many of those get removed and many such sites don’t last more than a decade anyway.
A lot of people are ever so proud to be leaving YouTube, only to end up at the mercy of another company (LBRY and others in its orbit are notable among GNU/Linux folks); that’s neither self-hosting nor independence. That’s just swapping one master for another. For a self-hosted PeerTube instance much more can be said that’s positive, provided there are many peers (I’ve tested it; for videos with a small audience there’s a lot of buffering, which can be painful).
One aspect often overlooked by so many is that all those “apps” and “(dis)services” (P2P or GAFAM-hosted) aren’t compatible with classic or standalone media players. When self-hosting media files it’s possible to also serve the files from Gemini browsers, for instance, as shown on the right. A media player of one’s choice will open a video when its link is pressed on (this example uses Amfora, which is command-line based). So in a sense this whole approach improves cross-protocol, not just cross-platform, support. █
Permalink
Send this to a friend
Posted in Free/Libre Software, GNU/Linux at 10:58 am by Dr. Roy Schestowitz
Video download link
Summary: An introduction to noisetorch (or NoiseTorch), an application that helps create virtual microphones/devices with reduced background noise
THE lack of access to physical stores here (local stores) means that buying used microphones (high end but a lot cheaper) isn’t possible and isn’t legal, either. In the meantime, in light of this article from this morning/afternoon, I’ve decided to try noise cancellation that does not rely on hardware-level DSP but instead refines the sound at software level (filtering based on thresholds with criteria centered around human voice). It turned out to be better than I had expected, albeit I still adjust some thresholds, seeing (or hearing) that some words get cut off, making the whole thing slightly less comprehensible (albeit without background noise).
“Given the low quality of the physical microphone that I use, the resultant sound (after such real-time processing) isn’t bad at all, so I’ll likely persist in using it until/unless I get an external one.”The video above concerns my experience setting up and adjusting the software, which could still use a touch of improvement. At the moment it’s strongly tied to Red Hat’s (IBM’s) sound stack and nothing else. Given the low quality of the physical microphone that I use, the resultant sound (after such real-time processing) isn’t bad at all, so I’ll likely persist in using it until/unless I get an external one. █
Permalink
Send this to a friend
Posted in GNU/Linux, IBM, OIN, Patents at 10:51 am by Dr. Roy Schestowitz
Video download link
Summary: Response to the puff piece entitled “How the Big Banks and OIN Can Lock Out Patent Trolls with Enabled Publications”
OIN does not work for “community” (or for Free software) but for banks and rich monopolies, as we already explained last week. A longtime reader brought to our attention the new article which the video discusses. Not only does this article lack substance (or clarity about what’s actually proposed); it reinforces the view that OIN works for the rich and powerful, not for powerless Free software developers.
“It mostly distracts from those of us who want to truly fix the status quo, e.g. working to abolish software patents.”IBM is very eager to be publicly seen as open and anti-racist, largely because of its past as an abusive and racist monopolist, profiting from racism and overcharging everyone owing to monopoly, guarded largely by patents.
Seeing how OIN has helped the EPO regime (media stunts of Benoît Battistelli and António Campinos), we can’t help but feel like OIN — no matter what its original intention and/or goals might have been — is no ally. It mostly distracts from those of us who want to truly fix the status quo, e.g. working to abolish software patents. █
Permalink
Send this to a friend
Content is available under CC-BY-SA