Links 13/5/2021: OpenSUSE Leap 15.3 on Finer Hardware, AMI Dabbling in Free Firmware

Posted in News Roundup at 12:26 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Audiocasts/Shows

      • FLOSS Weekly 629: Steven J. Vaughan-Nichols – Technology Journalism

        Doc Searls and Jonathan Bennett talk with Steven J. Vaughan-Nichols about what’s happening in technology journalism, with the open source world he knows perhaps better than any other journalist on the case, and with where he got started: in space and space technologies. (Bonus fact: Steven digs Starlink, and Jonathan is using it to participate in the show.)

      • “Hey, DT. FreeBSD Is Actually Unix!” (And Other Comments I Get)

        On this edition of “Hey, DT” I respond to questions and comments from viewers of the channel. Some of the topics include: Why I promote regular Linux distros rather than Libre-linux distros, do I prefer vanilla configs or customized configs, is FreeBSD really “Unix”, why I use anime thumbnails, shutdown menus for window managers, and am I part of the “divisive” Linux community.

      • Audacity Tried To Add Telemetry: Nobody Liked That

        Recently the Audacity team decided to make an interesting pull request, this pull request would be in telemetry, this is bad enough but the big problem is they didn’t communicate all what there plan actually was and everybody completely freaked out.

      • Run macOS on Linux with 1 COMMAND LINE

        Most of you probably know that you can only run macOS on hardware that Apple sells, at least if you’re not willing to go the hackintosh route, which can be painful and complex. Still, some of us might want, or need to test stuff out on Apple’s operating system, fortunately, there is now a simple solution to do just that, with just one command line.

    • Kernel Space

      • Linux Kernel 5.13 RC brings official support for Apple’s M1 chip

        It was reported last month that Linux was about to get official support for the new Macs with the M1 chip, which could potentially arrive in June with the upcoming Linux Kernel 5.13 release. The first RC build of Linux Kernel 5.13 was released this week, and Linus Torvalds himself confirmed that it supports Apple’s M1 chip.

        As seen in the release notes of the latest Linux update, the new 5.13 Kernel adds support for several chips based on the ARM architecture — including the Apple M1. This means that users will finally be able to run Linux natively on the new M1 MacBook Air, MacBook Pro, Mac mini, and iMac.

        It was already possible to run Linux on M1 Macs via virtual machines and even with a port from Corellium, but none of these alternatives run natively — which means they don’t take advantage of the maximum performance of the M1 chip. However, some developers had been working to include native support for M1 in the Linux Kernel, and now this has become a reality.

      • Linux 5.13 adds support for Apple Silicon

        Last year, Apple announced that the Mac will be transitioning from Intel to Apple Silicon – its own in-house designed chips and manufactured by Taiwan Semiconductor Manufacturing Company (TSMC). The transition is to take two years to complete, as said by Apple CEO Tim Cook during the Keynote at the annual developers conference WWDC (2020).

        It takes time to add native support for apps and even kernels. It was recently reported by AppleInsider that the latest version of Linux kernel (version 5.13) has introduced support for Apple Silicon. The kernel will now work with the first Apple Silicon chip – the M1. Linux 5.13 is now available as a release candidate which means it is now available for testing by the general public.

      • The first half of the 5.13 merge window

        As of this writing, just over 7,800 non-merge commits have been pulled into the mainline repository for the 5.13 development cycle. It does indeed seem true that 5.13 will be busier than its predecessor was. The work merged thus far affects subsystems across the kernel; read on for a summary of what has been merged so far.

      • A “kill” button for control groups

        The kernel’s control-group mechanism exists to partition processes and to provide resource guarantees (and limits) for each. Processes running within a properly configured control group are unable to deprive those running in a different group of their allocated resources (CPU time, memory, I/O bandwidth, etc.), and are equally protected from interference by others. With few exceptions, control groups are not used to take direct actions on processes; Christian Brauner’s cgroup.kill patch set is meant to be one of those exceptions.

        In current kernels, one way of acting on processes within a control group is through the “freezer”, which can be used to suspend (or resume) all contained processes. Beyond that, though, there are few control-group knobs that will directly affect a process’s state. Brauner’s patch set adds another one in the form of a control file in each non-root group called kill; it “does what it says on the tin”. Writing “1″ to that file will cause the immediate death of every process contained within the group (more correctly, it causes the immediate delivery of a SIGKILL signal to each, which has a similar effect). If the control group contains other groups, those, too, will be exterminated. Once the operation is complete, the group will normally be left in an entirely depopulated state.

        There are a couple of exceptions to this behavior, of course. The kill operation is defined to work on a process; if the process contains many threads, they will all suffer the same fate. But, if the control group in question is operating in the threaded mode, which allows the threads of a process to be split across multiple groups, that could lead to the untimely demise of threads that were not in the targeted group. So the kill operation will fail if attempted on groups running in the threaded mode.

        Similarly, the kill operation will not take down kernel threads, as that could lead to any of a number of surprising results. Writing to the kill file in a group containing kernel threads is allowed, but the kernel threads themselves will survive the operation. In such cases, the group will not be empty at the end.

      • AMD Publishes Initial Open-Source Linux Driver Code For “Beige Goby”

        AMD has published initial open-source Linux graphics driver code for a new GPU dubbed Beige Goby.

        Beige Goby is the latest Linux-specific codename being used for new hardware enablement in their graphics drivers… Following Dimgrey Cavefish, Sienna Cichlid, Navy Flounder, and others, the newest following their color and fish theme is the Beige Goby.

    • Benchmarks

      • Intel Xeon Platinum 8380 Ice Lake Linux Performance vs. AMD EPYC Milan, Cascade Lake

        Last month Intel launched their 3rd Gen Xeon Scalable “Ice Lake” processors for these 10nm server processors and SKUs up to 40 cores while boasting around a 20% IPC improvement overall and big reported improvements for AI workloads and more. Recently we received an Intel Ice Lake reference server with the dual Xeon Platinum 8380 processors so we can carry out our own performance tests. In this initial article is our first look at the Xeon Platinum 8380 Linux support in general and a number of performance benchmarks.

        The Intel 3rd Gen Xeon Scalable Ice Lake processors are a big improvement over 2nd Gen Cascade Lake processors with the transition to the 10nm Sunny Cove architecture and now offering processors up to 40 cores rather than topping out at 28 cores, but still lower than the likes of EPYC at 64 cores or Ampere Altra at even higher core counts. The new Xeon Scalable processors also now support eight channels of DDR4-3200, 64 lanes of PCI Express 4.0 per socket, and other improvements as outlined in the launch-day article.

    • Applications

      • Croc: Securely Transfer Files and Folders Between Computers

        There are lots of ways to transfer files between two or more computers. Today, we will discuss about yet another utility named Croc. This tutorial we’ll show you how to install Croc and how to use it to transfer files between computers.

        Croc is a file transfer system that sends files securely using end-to-end encryption, via a file transfer relay. If you are curious about the name, it is inspired by the fable of the frog and the crocodile. The Croc key advantages are speed, security, and simplicity, all-in-one. Transferring data using Croc is faster, because it acts as a relay server between the systems. It creates a full-duplex real-time communication layer between the two computers, so the “uploading” and “downloading” tasks occur simultaneously between those computers.

        Croc is a cross-platform tool. It is written in GO programming language and freely available under MIT license. You can install it on Linux, Mac, and Windows. Croc does not only work in same LAN but on any two computers connected to the internet.

    • Instructionals/Technical

      • 4 Social Media Command Line Tools (Facebook,Twitter,Reddit)

        In this article we are going to show you four social media command line tools for the most popular social networks like Facebook, Twitter and Reddit. They are interesting, fun and are another way of looking at social networks outside the browser.

      • How To Install Zoom on Debian 10 – idroot

        In this tutorial, we will show you how to install Zoom on Debian 10. For those of you who didn’t know, Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Zoom on a Debian 10 (Buster).

      • How to Install Sensu on Ubuntu 20.04 | RoseHosting

        Sensu is a free, open-source, and cross-platform monitoring tool used for monitoring system health and performance stats. The latest version of Sensu also known as a Sensu Go. It is designed for traditional servers, containers, applications, the cloud, and more.

      • How to Upgrade to Ubuntu 21.04 from 20.10 (Yes, Finally) – OMG! Ubuntu!

        You can finally upgrade to Ubuntu 21.04 from 20.10 as the boot-breaking bug blocking the process has been resolved — phew!

        In case you’ve been living somewhere remote, Ubuntu 21.04 ‘Hirsute Hippo’ is the latest short-term release of Ubuntu. It was released on April 22 but, due to the aforementioned issue, users on Ubuntu 20.10 were NOT advised to update.

        But now it’s safe for them to do so.

        And upgrade they might as Ubuntu 21.04 offers a newer Linux kernel, uses Wayland as the default display server, and features a decent dose of appearance tweaks, performance enhancements, and good ol’ software updates.

      • How to Use Linux Logger Command – Linux Hint

        In UNIX and Linux-type operating systems, the log is a file that records each action of the operating system. Whenever a user login to the system, it saves the record in the log file. It also allows the user to add any content to the file.

        For this, the term “logger” is the command-line tool that provides a shell command interface and gives the user an easy approach to add logs in the /var/log/syslog files. You can add entries into the log files using the “logger” command.

      • How to Use Taskset Command – Linux Hint

        To start with the “taskset” command, first, we need to know about process affinity. Process affinity is the scheduler property that helps to bind or unbind the process so that the process will run only with the allotted CPU.

        In Linux-like systems, there are multiple tools to set the affinity of the CPU of a process. One of the popular utilities is the “taskset” command that seems difficult, but breaking it with different steps makes it easier.

        With the help of the “taskset” command tool, the user can fetch or set the CPU affinity of a particular process with its given process id (PID). Not only this, but it also helps the user to assign CPU cores manually.

        Through this utility, one can perform two functions with the process affinity; first, you can set CPU affinity for the programs that are to be launched. Second, to set the CPU affinity for the programs already in a running state.

        The important thing to keep in mind that CPU affinity is signified as Bitmask but using the “taskset” options, you can display it numerically. You can specify the Bitmask list in a hexadecimal format (with or without 0x).

      • How to give macOS like look to Ubuntu 20.04 LTS – Linux Shout

        Although Ubuntu 20.04 LTS default interface is not that much attractive, we have options like KDE Plasms to get an eye-soothing desktop on it. Still, if you are a fan of the macOS interface then we can customize the default look of Ubuntu 20.04 LTS to get a mac OS X-like interface. Here are the steps to follow…

      • Type Less, Do More With Linux Command-Line Aliases

        The Linux terminal is a treasure trove for power users, allowing you to perform numerous operations through the command line. However, some of these regularly used commands can be long or complex, due to which typing them out each time may not be the best option.

        Is there a shortcut that you can use to assign a keyword to long commands and execute them using that keyword? With aliases, you can do that. This article will teach you how to set up, use, and remove Linux command line aliases.

      • 6 clever command-line tricks for fewer keystrokes

        Linux commands offer a lot of flexibility. This post details some ways to make them even more convenient to use by making use of some clever tricks.

      • TeamPass Password Manager installation on Ubuntu 20.04 LTS

        TeamPass is an open-source web-based password manager that also allows sharing of passwords. It is available to install on a Linux and Windows server along with an easy Docker Image way as well. It is also known as a collaborative password keeper because it allows sharing of the stored pass key folders with team members. Access rights can be defined for each user to control or limit them to access only a given set of data.

      • Openstack RDO && KVM Hypervisor: Rotating an image in PyQt5

        Code below slightly differs from [ 1 ] , which in turn references original idea proposed in [ 2 ] . Code below provides ability to traverse the folders and select desired image. Code in [ 1 ] requires the complete path to “jpeg” file to be submitted as command line argument.

      • Linux for Starters: Your Guide to Linux – Make a Bootable Ubuntu USB Stick in Windows – Part 3 – LinuxLinks

        This is a series that offers a gentle introduction to Linux for newcomers.

        One of the easiest ways to install Linux is by creating a bootable USB key. We will walk you through the process for the Ubuntu Desktop distro.

        Before we start, you’ll need a 4GB or larger USB stick, Windows XP or later, USB stick writing software (balenaEtcher), and an Ubuntu ISO file.

      • How to install Zoom Desktop on Deepin 20.2

        In this video, we are looking at how to install Zoom Desktop on Deepin 20.2.

      • Connect Raspberry PI with Matrix Keypad to get User Codes Input

        In this tutorial, I’m going to show you how to connect Raspberry PI to a matrix keypad and get user input from python.

        Common matrix keypads are made of thin, flexible material. Sometimes this base can also include an adhesive backside so that you can fix this by simply attaching it.

        The most common versions have buttons organized in 3 columns x 4 rows or 4 columns x 4 rows. The first model includes all number digits (from 0 to 9) plus “*” and “#”. The 4×4 version usually adds a final column with A, B, C and D letters.

    • Games

      • The Humble Heal: Covid-19 Bundle is now live with plenty of goodies

        Help charity, hopefully help save some lives and get some great games too. What’s not to like about the Humble Heal: Covid-19 Bundle. This is a 100% to charity bundle so neither Humble nor partners like us make anything from it, all for a good cause.

        “To help how we can, we’re doing what we do best; putting together bundles of awesome games, books, and software for you to enjoy. When you pick up the Humble Heal: Covid-19 Bundle, you’ll enjoy a variety of content and the knowledge that 100% of your purchase proceeds are going to Direct Relief, Doctors Without Borders (MSF), International Medical Corps (IMC), & GiveIndia. Help save lives with the Humble Heal: Covid-19 Bundle today.”

    • Distributions

      • SUSE/OpenSUSE

        • openSUSE Leap 15.3 Expands with armv7

          Developers of the openSUSE community are looking to utilize armv7l efforts in the context of openSUSE Step to evolve how openSUSE Leap and SUSE Linux Enterprise are developed together.

          The Step effort was announced in February to open up and expand architecture enablement for future SUSE Linux Enterprise (SLE) releases.

          Step is a community effort to rebuild SLE from the released sources packages in the openSUSE instance of the Open Build Service (OBS) with the intention to stay as compatible as possible with SLE. Just recently the project established armv7l in OBS as a Leap port.

      • IBM/Red Hat/Fedora

        • Enterprise Java Developer Relations and Community Engagement

          Mary Grygleski is a Java technologist and software engineer. She works on technical community outreach as a senior developer advocate at IBM. Mary works with hands-on code to architectural overviews, focusing on the Java ecosystem, especially Liberty, Microprofile and Reactive, as well as Enterprise Java. She is also knowledgeable about hybrid cloud Java deployments using Kubernetes and Red Hat OpenShift. She transitioned from Unix and C to Java and open source in the new millennium, and has worked for different software vendor companies as well as several major IT shops in the corporate world.

        • IBM Debuts Cloud, AI To Modernize Business | PYMNTS.com

          IBM is rolling out new advances in artificial intelligence (AI), hybrid cloud and quantum computing, which will help “its clients and partners accelerate their digital transformations, return to work smarter and build strategic ecosystems that can drive better business outcomes,” according to a press release.

          AI will be used to help customers access answers to questions up to eight times faster, and at around half the cost as it was previously, through automating how customers access, integrate and manage data without having to move it, the release stated.

        • Esri and IBM Team Up to Take on Climate Change with Call for Code
        • Esri and IBM Team Up to Take on Climate Change with Call for Code
      • Canonical/Ubuntu Family

        • Ubuntu Touch OTA-17 Released

          Good news for the Ubuntu Touch user as sixteenth stable update to the system, Ubuntu Touch OTA-17 is now available. According to the company behind, OTA-17 will be available over the next week.

          Ubuntu Touch now has support for NFC hardware. Just in case if you want to see it working, you can go through the Alfred’s GitHub, ut-nfcd-p2p-demo showcases support for two Ubuntu Touch devices communicating and writing NFC tags. You will also found the improved camera as the Camera flash, zoom, rotation, and focus is fixed. Mir is also updated from v1.2.0 to v1.8.1.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • AMI Is Getting Involved With Open-Source Firmware Development

        Well known BIOS provider AMI is getting in on the open-source system firmware game around OpenBMC and related projects.

        AMI’s (American Megatrends) proprietary BIOS offerings are well known and used by many motherboards but it turns out they are also getting involved with the open-source system firmware game given their engineering expertise and ability to provide services around it.

        AMI is getting involved in the open-source firmware projects and participated in last month’s Open Compute Project (OCP) system firmware call. Some details on their initial work can be found via the call that’s embedded below.

      • DJI FPV Video Out

        Glad I refrained from buying the overpriced DJI Smart controller just to get video out from the fpv goggles. Turns out somebody figured out how it does it.

      • Funding

        • Alternative Summer Of Code From China

          Students who want to spend their summer break “flipping bits not burgers”, to quote the Google of Summer of Code motto, now have another option for finding an open source project to contribute to in return for a stipend. Called the “Summer 2021 of Open Source Promotion Plan”, this initiative is open to students around the world. However, the languages used are English and Chinese with some participating open source projects only supporting the latter.

          To apply to be a participating organization all that is required is that the project is under an OSI-approved software license. As well as coding, other projects conducive to open source community development, such as translation of technical documents are supported although the total proportion of non-development projects must not exceed 20%. Mentors, who can oversee up to three projects each, will be paid a bonus of RMB 5,000 (around $775 US, £550) per successfully completed project.

          The deadline for application is May 20 and currently around 80 organizations are listed including Debian, Nebula Graph; XMake and ZStack; numerous Apache sub-projects, the Chinese communities of Emacs, Jenkins, Julia, PostgreSQL and Ubuntu; plus other Chinese-only open-source projects. As well as being one of the scheme’s Host organizations, openEuler, the open source version of its Linux distribution released by Huawei, is itself one of the participating Communities, but all 110 of the projects it has listed are in Chinese only.

      • Programming/Development

        • What are the Top React Native Features, limitations, PROS and CONS

          What are the Top React Native Features, limitations, PROS and CONS. Let’s see Overview of React Native. React Native is a substructure or a framework that is used to develop mobile applications on multiple platforms. It is ranked as the most sought-after cross-platform applications development framework currently.

        • Blackbird Announces First Ever Educational Version of JavaScript

          “Traditionally, code teaching systems use unmodified programming languages. These are engineering tools, and are very unfriendly to beginners,” said Ness Blackbird, cofounder of Blackbird. “Our educational version of JavaScript enables middle school students and teachers to learn real-world coding skills in a supportive, educational environment – all while having fun making their own games and animations.”

        • Blackbird Announces First Ever Educational Version of JavaScript

          Blackbird today announced the official release of the world’s first educational version of JavaScript. Blackbird’s Educational Version of JavaScript, for the first time, makes it feasible for middle school students and teachers to learn to code – and forms the foundation of Blackbird’s online system for middle school-focused code education.

        • Shell/Bash/Zsh/Ksh

          • A data checker’s checklist

            The BASHing data blog has been in recess while I worked on a new resource for digital data checkers and cleaners. I’ve now got something like an outline of topics for that resource, which I’m offering below. Comments from readers would be very welcome on things I’ve left out, and on things with which data workers would firmly disagree. BASHing data, meanwhile, will continue with occasional posts on miscellaneous topics (like next week’s post on some spectacular mojibake).

            The new resource will help data workers build data tables that cause the least trouble for downstream data users and processing applications. It explains what to look for in a data table but not how to look. There’s no code in the new resource, and no software recommendations. The data-working community is very diverse and includes Excel, R, Python and AWK/BASH wizards. Different workers will have different preferred strategies for checking data tables and for cleaning them. Each to their own!

        • Rust

          • Rustls: memory safety for TLS

            The movement toward using memory-safe languages, and Rust in particular, has picked up a lot of steam over the past year or two. Removing the possibility of buffer overflows, use-after-free bugs, and other woes associated with unmanaged pointers is an attractive feature, especially given that the majority of today’s vulnerabilities stem from memory-safety issues. On April 20, the Internet Security Research Group (ISRG) announced a funding initiative targeting the Rustls TLS library in order to prepare it for more widespread adoption—including by ISRG’s Let’s Encrypt project.

            Google has provided the funds that allowed ISRG to contract Dirkjan Ochtman to make some improvements to the library. Two of the items listed in the announcement are aimed at making Rustls integrate more easily with the large body of C code in use today; most of those programs use the C-based OpenSSL library for their TLS needs. As might be expected, ISRG and its executive director, Josh Aas, who authored the announcement, are rather excited by the possibilities of Rust and Rustls going forward

          • This Week in Rust 390
  • Leftovers

    • Science

      • Stanford scientists’ software turns ‘mental handwriting’ into on-screen words, sentences.

        The combination of mental effort and state-of-the-art technology have allowed a man with immobilized limbs to communicate by text at speeds rivaling those achieved by his able-bodied peers texting on a smartphone.

        Stanford University investigators have coupled artificial-intelligence software with a device, called a brain-computer interface, implanted in the brain of a man with full-body paralysis. The software was able to decode information from the BCI to quickly convert the man’s thoughts about handwriting into text on a computer screen.

        The man was able to write using this approach more than twice as quickly as he could using a previous method developed by the Stanford researchers, who reported those findings in 2017 in the journal eLife.

        The new findings, to be published online today (May 12, 2021) in Nature, could spur further advances benefiting hundreds of thousands of Americans, and millions globally, who’ve lost the use of their upper limbs or their ability to speak due to spinal-cord injuries, strokes or amyotrophic lateral sclerosis, also known as Lou Gehrig’s disease, said Jaimie Henderson, MD, professor of neurosurgery.

        “This approach allowed a person with paralysis to compose sentences at speeds nearly comparable to those of able-bodied adults of the same age typing on a smartphone,” said Henderson, the John and Jene Blume — Robert and Ruth Halperin Professor. “The goal is to restore the ability to communicate by text.”

    • Integrity/Availability

      • Proprietary

        • CloudLinux Launches TuxCare Brand, Consolidating all Enterprise Offerings
        • CloudLinux Launches TuxCare Brand, Consolidating all Enterprise Offerings

          CloudLinux, Inc., the company behind the successful CloudLinux operating system widely used in the hosting community and a sponsor of the open source AlmaLinux OS, announces TuxCare as an umbrella offering of the company’s family of enterprise support services. Packaging together KernelCare, Extended Lifecycle Support and current version Linux Support makes it easier for customers to get full coverage protection.

        • Remote Access Provider RemotePC adds new features for Linux Remote Access
        • Remote Access Provider RemotePC adds new features for Linux Remote Access

          After the RemotePC remote access application is downloaded on a Linux machine, users are able to login and remotely connect to any computer configured to their account.

        • Pseudo-Open Source

          • Privatisation/Privateering

            • Linux Foundation

              • An update on the UMN affair

                On April 20, the world became aware of a research program conducted out of the University of Minnesota (UMN) that involved submitting intentionally buggy patches for inclusion into the Linux kernel. Since then, a paper resulting from this work has been withdrawn, various letters have gone back and forth, and numerous patches from UMN have been audited. It’s clearly time for an update on the situation.
                The writing of a paper on this research [PDF] was not the immediate cause of the recent events; instead, it was the posting of a buggy patch originating from an experimental static-analysis tool run by another developer at UMN. That led developers in the kernel community to suspect that the effort to submit intentionally malicious patches was still ongoing. Since then, it has become apparent that this is not the case, but by the time the full story became clear, the discussion was already running at full speed.

                The old saying still holds true: one should not attribute to malice that which can be adequately explained by incompetence.

                On April 22, a brief statement was issued by the Linux Foundation technical advisory board (or TAB, of which your editor is a member) stating that, among other things, the recent patches appeared to have been submitted in good faith. Meanwhile, the Linux Foundation and the TAB sent a letter to the UMN researchers outlining how the situation should be addressed; that letter has not been publicly posted, but ZDNet apparently got a copy from somewhere. Among other things, the letter asked for a complete disclosure of the buggy patches sent as part of the UMN project and the withdrawal of the paper resulting from this work.

                In response, the UMN researchers posted an open letter apologizing to the community, followed a few days later by a summary of the work they did [PDF] as part of the “hypocrite commits” project. Five patches were submitted overall from two sock-puppet accounts, but one of those was an ordinary bug fix that was sent from the wrong account by mistake. Of the remaining four, one of them was an attempt to insert a bug that was, itself, buggy, so the patch was actually valid; the other three (1, 2, 3) contained real bugs. None of those three were accepted by maintainers, though the reasons for rejection were not always the bugs in question.

                The paper itself has been withdrawn and will not be presented in May as was planned. One can, hopefully, assume that UMN will not be pursuing similar lines of research anytime soon.

          • Entrapment (Microsoft GitHub)

        • Security

          • How Safe is Your Router Anyhow?

            Mathy Vanhoef, a Belgian researcher discovered several vulnerabilities in the Wi-Fi standard. Some of these flaws date back to 1997 and affects Wireless Routers used in the last 24 years.

            Vanhoef is a computer security postdoctoral researcher at New York University Abu Dhabi, and he published on Tuesday a study named “Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation.”

            Frag Attacks allow an attacker within a device’s Wi-Fi radio range to collect information about the owner and run malicious code on the device. Bad actors can use a computer, smartphone, or any other device that is able to connect to a wireless network to hack the Wi-Fi.

          • Billions of devices vulnerable to Wi-Fi ‘FragAttacks’ — what to do | Tom’s Guide

            Up to a dozen serious security flaws affect almost all Wi-Fi-enabled devices, including PCs, Mac, iPhones, Android phones, most routers and smart-home devices, says a Belgian security researcher. You’ll want to update Windows straight away; most other devices will have to wait for patches.

            Mathy Vanhoef, who in 2017 co-discovered the widespread KRACK flaws in Wi-Fi, groups these 12 new flaws under the name “FragAttacks.” He’s put an impressive amount of documentation online to explain the flaws, including a dedicated FragAttacks website, an academic research paper, a presentation slideshow, two YouTube videos and a software tool to detect vulnerable devices.

          • WordPress 5.7.2 Security Release

            WordPress 5.7.2 is now available.

            This security release features one security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

            WordPress 5.7.2 is a short-cycle security release. The next major release will be version 5.8.

            You can update to WordPress 5.7.2 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.

          • Support for Istio 1.8 has ended

            As previously announced, support for Istio 1.8 has now officially ended.

            At this point we will no longer back-port fixes for security issues and critical bugs to 1.8, so we heartily encourage you to upgrade to the latest version of Istio (1.9.5) if you haven’t already.

          • Bolt-On Security the Linux Way

            As longtime readers know, while I try to stay knowledgeable on the many sub-disciplines of information technology, my passion is for information security. Since it’s been a while since I’ve contributed any InfoSec knowhow, I wanted to rectify that. I couldn’t have timed this realization better, because (as you’ll see) the techniques on display are perfect for protecting your deluge of tax season documents.

            In this piece, I aim to provide a range of simple but effective options for encrypting a small number of files. In particular, these options are salient for use cases like tax filing, where users are sending sensitive documents to recipients with an unknown degree of technical proficiency. Fond as I am of PGP, I’ll bet you your refund check that your accountant doesn’t know the first thing about using it.

            Before going further, I’ll note that all of these file encryption techniques require you to use an additional channel for transmitting shared secrets, primarily passwords. The file will be sent through one pre-agreed channel, while the means of decrypting it will be sent via another.

            There are too many viable auxiliary channels to enumerate, but just make sure that you take reasonable steps to pick one that isn’t easily compromised. The fact that you are using an additional channel is itself protection against the file’s compromise: without it, sending an encrypted file and its decryption password on the same channel creates a single point of failure. Using two channels requires two successful attacks by your adversaries to fail.

            Let’s start at the lowest complexity (and security) technique and go to the highest. Some later entries are for the hardcore security types, but there’s something for everyone.

          • Privacy/Surveillance

            • A replacement for third-party cookies?

              HTTP cookies are small chunks of data, associated with a particular domain, that can be persistently stored by the browser. Once a site has stored its cookie, subsequent HTTP requests to the site will include the cookie information; the mechanism is used to keep users logged into a site, for example. As the name would imply, third-party cookies come from domains other than the first-party domain that the user visited. They can come from advertisers or social networks with visible content (e.g. ads, “like” buttons) on the visited page, but they also come via “invisible” page elements from tracking companies. Whenever content from those third-party sites is requested from any page, anywhere on the web, the cookie information goes along for the ride—allowing those sites to track users across the web.

              Over time, the privacy-invading attributes of third-party cookies have caused users, governments, and browser makers to examine them more closely and to make changes in behavior or laws (e.g. the GDPR) in order to thwart or restrict them. Firefox and Safari have both stopped accepting third-party cookies in the last year or two; other, less popular browsers (generally with a stricter stance on privacy), like Brave and the Tor Browser, were well ahead of the pack in that regard. Google described its plans for moving away from cookie-based tracking for Chrome in 2019 and touted FLoC as a replacement in early 2021. The company said that it planned to start rolling out the feature for some users starting in March.

              One of the goals of tracking users is to be able to provide those users with ads that are relevant to them. The creepiness of being tracked all over the web is simply an unpleasant side effect, or so we are led to believe. It is far from clear that being bombarded with ads for things that one had only idly searched for—or had already purchased—is the advertising nirvana that some seem to think that is, but it is certainly popular with advertisers. So Google, which derives a rather large pile of money from advertising, is interested in finding other ways to deliver relevant ads, with less of a creepiness factor, perhaps—enter FLoC.

    • Censorship/Free Speech

      • Online Meetings: The Temptation to Censor Tricky Questions

        Early in 2020, at the outset of the pandemic, the UN’s special rapporteur on torture and other cruel, inhumane or degrading treatment or punishment, Professor Nils Melzer of Switzerland, spoke out about the growing problem of cybertorture.

        The UN’s Forum on Business and Human Rights is taking place this week. It is online due to the pandemic. In the session about accountability and remedies for victims of human rights abuse, a participant asked about Google. A British parliamentary report and US Department of Justice investigation has used terms like digital gangster and unlawful to describe some of the things they do today.

        Yet when they entered the UN’s online event and asked a very general question about the connection from Professor Melzer’s analysis to Google’s modus operandi, the question vanished. They posted a subsequent question asking why the query was censored and it was immediately subject to censorship. This is the golden rule of censorship: don’t ask about censorship. Nobody ever made any complaints about the question.

    • Internet Policy/Net Neutrality

      • In Conversation With: The Founder of The First Social Media Platform

        Tom Truscott, founder of Usenet, speaks with Aaron Dinin to discuss how he accidentally created the first social media platform.

      • Mozilla files joint amicus brief in support of California net neutrality law

        Yesterday, Mozilla joined a coalition of public interest organizations* in submitting an amicus brief to the Ninth Circuit in support of SB 822, California’s net neutrality law. In this case, telecom and cable companies are arguing that California’s law is preempted by federal law. In February of this year, a federal judge dismissed this challenge and held that California can enforce its law. The telecom industry appealed that decision to the 9th Circuit. We are asking the 9th Circuit to find that California has the authority to protect net neutrality.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:


If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 21/6/2021: NVIDIA’s DLSS and Most Beautiful GNU/Linux Distributions

    Links for the day

  2. Neil's Misgovernment

    The GNOME Foundation has one member of staff fewer; the attack on the founder/father of Free/libre software activism and GNU (the "G" in GNOME) failed and backfired spectacularly

  3. IRC Proceedings: Monday, June 21, 2021

    IRC logs for Monday, June 21, 2021

  4. Virtual Injustice -- Part 14: How Mandatory ViCo Became the “New Normal”

    How mandatory ViCo hearings gradually became the "New Normal" at the EPO

  5. Links 21/6/2021: Rocky Linux 8.4, IPFire 2.25 - Core Update 157, and SUSE Linux Enterprise 15 SP3

    Links for the day

  6. There Are Bigger Scandals Than Revisionism and Brand Dilution at the Linux Foundation

    There are some misconceptions that need tackling; back in February (more than 4 months ago) the so-called 'Linux' Foundation decided to associate with yet another controversial drive that has nothing to do with Linux; some people think it's a new thing and leap to conclusions

  7. Techrights Video Gallery Without JavaScript

    Some of the improvements made this morning to the gallery of recent videos

  8. IRC Proceedings: Sunday, June 20, 2021

    IRC logs for Sunday, June 20, 2021

  9. Links 21/6/2021: Linux 5.13 RC7, IRC.com by Freenode

    Links for the day

  10. Virtual Injustice -- Part 13: Let the Games Continue…

    "It would be nice to think that the events of 28 May have given the Enlarged Board pause for thought."

  11. Links 20/6/2021: Akademy 2021 Underway and Linux Foundation Blasted

    Links for the day

  12. EPO: Fake Patents, Fake (Paid-for) Patent Coverage, and Fake Awards for Public Relations Purposes

    The media has been thoroughly corrupted, patent legitimacy has been severely damaged (far too many European Patents aren't in compliance with the EPC anymore), and Team UPC is trying to undermine the EPC and turn Europe into another Texas

  13. Changes in IRC and New Features Over Gemini Protocol or the World Wide Web

    We examine more closely some of the latest changes in the site and the capsule (Web and Gemini, respectively); we show that it’s possible to keep abreast of IRC using nothing but a text editor, a Gemini client… or even the command line alone

  14. IRC Proceedings: Saturday, June 19, 2021

    IRC logs for Saturday, June 19, 2021

  15. We Need and Deserve a Saner Patent System in Europe

    The laughing stock that the patent system, the patent law firms, and patent media became (over the past few years) must be replaced; at the moment we have a cabal connected to a bunch of criminals running the entire show and the public understandably grows impatient (at least people who are sufficiently informed; the criminals have already intimidated and bribed a lot of the media and they're still bribing more of it, as we shall demonstrate later today)

  16. [Meme] IRC Wars in a Nutshell

    In terms of large IRC networks, we’re in trouble (unless we self-host) because they seem to be dividing themselves along political lines rather than anything technical or something of an on-topic/relevant substance. Using networks for Free software projects/organisations to push one’s political agenda is not acceptable because it’s starting to seem like in IRC space, FN has become the Front Nationale (French) and LC is Liberal Coalition. Both FreeNode and Libera Chat have managed to turn from technical platforms into political parties, in effect using technical networks (intended for technical projects) to push someone's political agenda and thus misusing them for personal gain. There’s no free lunch. As it turns out, FreeNode’s new owner (Andrew Lee) has just outed himself as a huge Donald Trump supporter who speaks of “these fuckers who stole that shit” (he meant the election, which he insists Trump actually won in 2020).

  17. IBM Handles More Removals of Signatures From Its Hate Letter Against Richard Stallman

    Less than a day ago IBM processed a request for removal (from its hate letter); as someone put it in a letter to us, also less than a day ago: “When all of this started in 2019, the Red Hat GNU developers showed off their colours. The best way to attack an organisation is from the inside. Using GNU developers was a dead giveaway. Google and Microsoft are very much on the team with IBM. I believe they’ve made headway into the Free/Libre software community and have persuaded senior Debianties to go along with them.” That same message, from an anonymous GNU maintainer, said: “The strategy to target major distributions is clear and present danger. I’m not sure what arguments of persuasion are being used, but I’m pretty sure their main tool is currency. RMS needs a lot of strategic support from experts who will rally to the Free Software cause. He needs great lawyers, some corporate minds, and intelligence specialists.” Sometimes it seems or feels like by simply buying Red Hat (the staff) IBM infiltrated the GNU Project and now it is vainly making claims like 'GNU is IBM' and thus IBM et al can command/tell the FSF who should run FSF, not only GNU. Such entryism isn’t hard to see; “An open letter in support of Richard Matthew Stallman being reinstated by the Free Software Foundation” has meanwhile garnered 6,758 signatures. The opposite letter is only decreasing in support (signatures lost).

  18. Links 20/6/2021: Debian GNU/Linux 10.10 “Buster” Released and LF Revisionism Resumes

    Links for the day

  19. The EPO's Enlarged Board of Appeal Has Already Lost the Case in the Court of Public Opinion

    Personal views on the sordid state of the Enlarged Board of Appeal (EBoA), which by extension bodes poorly for the perception of independence in every Board of Appeal (BoA); the patent tribunals have been captured by patent maximalists who either stack the panels or intimidate judges into ruling in a particular way

  20. Virtual Injustice -- Part 12: Carl Josefsson – Down But Not Out!

    António Campinos still controls Josefsson, who controls all the judges, so in effect all the legal cases (including some about European software patents) are manipulated by the Office the judges are supposed to judge

  21. Links 19/6/2021: Wine 6.11 and Proton 6.3-5 RC

    Links for the day

  22. IRC Proceedings: Friday, June 18, 2021

    IRC logs for Friday, June 18, 2021

  23. Virtual Injustice -- Part 11: Perceptive Comments and Caustic Criticism

    The EPO‘s management managed to silence a lot of the critical media (handouts and threats from Benoît Battistelli and António Campinos), but silencing comments is a lot harder; though we don’t know which ones were moderated out of existence…

  24. Links 18/6/2021: Mir 2.4, ActivityWatch 0.11, Microsoft Breaks Its Own Repos

    Links for the day

  25. [Meme] When the 'Court' Drops

    As the EPO sneakily outsourced courts to American companies and parties in dispute depend on their ISP for “access to justice” there’s a catastrophic impact on the very concept of justice or the right to be heard (sometimes you don’t hear anything and/or cannot be heard)

  26. The EPO's Virtual Injustice and Virtual ('News') Media

    A discussion of this morning's post (part 10 in a series) about the shallow media/blog coverage that followed or accompanied last month's notorious EPO hearing

  27. Links 18/6/2021: LibreOffice 7.2 Beta, Elementary OS 6.0 Beta 2, and Linux Mint 20.2 “Uma” Beta

    Links for the day

  28. The Self-Hosting Song

    Cautionary tales about outsourcing one's systems to companies that could not care less about anyone but themselves

  29. IRC Proceedings: Thursday, June 17, 2021

    IRC logs for Thursday, June 17, 2021

  30. [Meme] Swedish Justice

    The EPO‘s patent tribunals have been mostly symbolic under the Benoît Battistelli and António Campinos regimes; giving them back their autonomy (and removing those who help Battistelli and Campinos attack their autonomy) is the only way to go now

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts