Links 1/10/2021: LLVM 13.0.0 Release and Linux Mint Plans

Posted in News Roundup at 4:48 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • System76 readies high-end Oryx Pro Linux laptops with Tiger Lake-H processor and Nvidia RTX dGPU options

        System76 is introducing its first high-end Linux-based customizable laptop dubbed the Oryx Pro. This model packs powerful components in a relatively slim case (238-265 mm profile) and offers the signature open source firmware with GPLv3 license code that grants users total control over the iGPU, GPU, keyboard, cooling system and battery.

        The Oryx Pro is powered by the Intel Core i7-11800H 8-core / 16-thread processor with integrated 32 EU UHD Xe graphics, which can be coupled with up to 64 GB of DDR4-3200 RAM plus up to 4 TB of NVMe PCIe 4.0 SSD storage via two M.2 slots. Users can opt for a15.6-inch or 17.3-inch display with FHD resolution, 144 Hz refresh rate and matte coating. There is also a choice between the Nvidia RTX 3070 and 3080 dGPUs. System76 mentions that these are the Max-Q versions, but does not specify the exact wattage, unfortunately. Nevertheless, there is a MUX switch, so the dGPU can be exploited to its full capacity. As far as the operating system is concerned, users can choose among the proprietary Pop!_OS 21.04 or 20.04 versions and the Ubuntu 20.04 LTS. Accessories include an external DVD-RW drive, mechanical switches for the keyboard (shipping in November), plus carrying bags for each size.

      • Red Hat / Fedora To Focus On Driving New Linux Video Improvements Around PipeWire

        PipeWire from the start was designed around handling the needs of both audio and video streams on Linux. While PipeWire is already in use for screencasting/recording under Wayland and working with Flatpak’ed applications, recently much of PipeWire’s focus has been on addressing the use-cases of JACK and PulseAudio on the sound side. Now that the audio support is in quite good shape, Red Hat engineers are back to focusing on improvements to the video support.

        As part of bolstering the Linux multimedia stack, Red Hat is going to be working on a fresh round of video feature work to PipeWire led by its founder Wim Taymans. In particular, the area they will be focusing on is improving the video capture support on Linux.

      • PipeWire and fixing the Linux Video Capture stack

        PipeWire has already made great strides forward in terms of improving the audio handling situation on Linux, but one of the original goals was to also bring along the video side of the house. In fact in the first few releases of Fedora Workstation where we shipped PipeWire we solely enabled it as a tool to handle screen sharing for Wayland and Flatpaks. So with PipeWire having stabilized a lot for audio now we feel the time has come to go back to the video side of PipeWire and work to improve the state-of-art for video capture handling under Linux. Wim Taymans did a presentation to our team inside Red Hat on the 30th of September talking about the current state of the world and where we need to go to move forward. I thought the information and ideas in his presentation deserved wider distribution so this blog post is building on that presentation to share it more widely and also hopefully rally the community to support us in this endeavour.

    • Audiocasts/Shows

      • A First Look At Q4OS 4.6 With The Plasma Desktop – Invidious

        In this video, I’m going to take a look at the recently released Q4OS 4.6, codenamed “Gemini.” Q4OS is a fast and friendly, desktop oriented operating system based on Debian 11 Testing. Q4OS now uses the Plasma desktop as its default.

      • LHS Episode #432: The Weekender LXXIX

        It’s time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we’re doing. We’d love to hear from you.

      • Hackaday Podcast 138: Breakin’ Bluetooth, Doritos Rockets, Wireless Robots, And Autonomous Trolling | Hackaday

        Hackaday editors Elliot Williams and Mike Szczys peruse the great hardware hacks of the past week. There’s a robot walker platform that wirelessly offloads motor control planning to a computer. We take a look at automating your fishing boat with a trolling motor upgrade, building the Hoover dam in your back yard, and playing Holst’s Planets on an army of Arduini. Make sure you stick around until the end as we stroll through distant memories of Gopher, and peek inside the parking garages of the sea.

    • Kernel Space

      • Rust Concurrency Philosophy: A Historical Perspective

        At first glance, Rust’s concurrency philosophy resembles that of Sequent’s DYNIX and DYNIX/ptx in the 1980s and early 1990s: “Lock data, not code” (see Jack Inman’s classic USENIX’85 paper “Implementing Loosely Coupled Functions on Tightly Coupled Engines”, sadly invisible to search engines). Of course, Sequent lacked Rust’s automatic checking, and Sequent’s software engineers made much less disciplined use of ownership than Rust fans recommend. Nevertheless, this resemblance has resulted in some comparisons of Rust with the DEC Alpha, which had a similar concurrency model.

        Interestingly enough, DYNIX and early versions of DYNIX/ptx used compile-time-allocated arrays for almost all of its data structures. You want your kernel to support up to N tasks? Very well, build your kernel to have its array of N task structures. This worked surprisingly well, perhaps because the important concurrent applications of that time had very predictable resource requirements, including numbers of tasks. Nevertheless, as you might expect, this did become quite the configuration nightmare. So why were arrays used in the first place?

        To the best of my knowledge, the earliest published complete articulation of the reason appeared in Gamsa et al.’s landmark paper “Tornado: Maximizing Locality and Concurrency in a Shared Memory Multiprocessor Operating System”. The key point is that you cannot protect a dynamically allocated object with a lock located within that object. The DYNIX arrays avoided deallocation (or, alternatively, provided a straightforward implementation of type-safe memory), thus allowing these objects to be protected with internal locks. Avoiding the need for global locks or reference counters was an important key to the performance and scalability prized by Sequent’s customers.

      • Rusting the Linux Kernel: Atomics and Barriers and Locks, Oh My!

        LKMM is not the most complex memory model out there, but neither is it the simplest. In addition, it is in some ways more strict than the C/C++ memory models, which means that strict adherence to coding guidelines is required in order to prevent compiler optimizations from breaking Linux-kernel code. Many of these optimizations are not localized, but are instead scattered hither and yon throughout the compilers, including throughout the compiler backends. The optimizations in the backends are a special challenge to Rust, which seems to take the approach of layering safety on top of (or perhaps within) the compiler frontend. Later posts in this series will look at several pragmatic options available to Rust Linux-kernel code.

        There is one piece of good news: Compilers are forbidden from introducing data races into code, at least not into code that is free of undefined behavior.

        With all of that out of the way, let’s look at Rust’s options for dealing with Linux-kernel atomics and barriers and locks.

    • Applications

      • Can Linux Run Windows EXE Files?

        Users who have recently migrated from Windows to Linux often wonder if they can run Windows apps and programs on their new system. The answer to this affects a user’s perspective of Linux in general, since operating systems should be easy to use and at the same time, welcoming to the idea of running different file formats.

        A straightforward answer to the question is—Yes. You can run EXE files and other Windows programs on Linux, and it’s not as complicated as it sounds.

        By the end, you’ll have a brief understanding of executable files, along with different ways to run said programs on Linux.

      • The best VPN for Linux for 2021 [Ed: How many of these links are just sponsored?]
    • Instructionals/Technical

      • How To Install Apache Maven on Debian 11 – idroot

        In this tutorial, we will show you how to install Apache Maven on Debian 11. For those of you who didn’t know, Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model, Maven can manage a project’s build, reporting, and documentation from a central piece of information.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Apache Maven on a Debian 11 (Bullseye).

      • How To Install PIP on Debian 11 Linux – TecAdmin

        Pip is a popular package management tool for Python. It allows the Python developers to install and manage additional Python libraries in their applications. This is a similar application to nvm for Node.js and composer for PHP. Pip stands for Preferred Installer Program.

        Rather than a package management utility, Pip can create a completely isolated environment for the Python application. In this tutorial, you will learn about the installation of Pip on the Debian 11 Linux system.

      • How To Install Samba File Sharing Server on Linux System

        The Samba file-sharing server of the SMB, in short, is an open-source file-sharing server specially designed for Linux systems. It allows sharing files among client PCs from a hosted server. It’s not a conventional FTP server type server, and it does not require hosted files for the client users. You can use the Samba file-sharing server on Linux to access the Windows files over a network. Samba can be used for both personal and business usage. In Samba, users get both read and write permission for file accessing. They can change, revise, edit files over the server, and the changes go live immediately. In a word, using the Samba for sharing files with clients with access permission is hassle-free and strong in Linux.

      • How To Voice Video Calls on XMPP and Matrix Made Simple

        This tutorial explains how to quickly voice and video call with friends and family using XMPP and Matrix telecommunication services. This tutorial’s aimed for people who want easy calls without technical knowledge especially school teachers and computing beginners. Thus, we will use Movim and Schildi via web browser so we can call everywhere both on desktop and mobile. Let’s do it.

      • How to Access Clipboard (Copy & Paste) History in Ubuntu via GPaste | UbuntuHandbook

        For those doing copy & paste actions frequently in Ubuntu Linux, GPaste remembers the clipboard history and allows to find them easily via few click.

        The clipboard is the place to store the text, image, file path and all the stuff that you last copied (or cut). The content in clipboard will be overwritten once you do another copy & paste action. So, when you trying to find out what you’ve copied earlier, a clipboard manager will be helpful.

      • How to Install and Set Up PM2 on Linux Servers

        Deployment is one of the most crucial and conclusive stages of software development. A proper deployment strategy is vital in delivering the best experience to your users while utilizing your services efficiently. However, this process also brings its own set of challenges with it.

        Node.js, the open-source JavaScript runtime, is a popular choice for building the backend infrastructure of your application by allowing you to run JavaScript outside web browsers. But what if your Node.js application crashes in production? Find out how you can avoid such scenarios in this article.

      • How to enable server-side FastCGI caching with Nginx and PHP – VITUX

        Nginx is an open-source and high-performance web server that can be used to speed up content and application delivery. Nginx enhances security, improves scalability, and also can be used as a high availability load balancer. It can be used as a reverse proxy and one of the most important uses of Nginx is content caching. One of the best approaches is to use Nginx as content caching. In this article, we will discuss Nginx FastCGI content caching for better performance of websites.

      • 4 Ways to Hide Desktop Icons in Ubuntu – Make Tech Easier

        If hiding the top bar and side panel isn’t enough, and you want everything removed from your Ubuntu desktop, then you’d probably also like to get rid of those pesky icons on its surface. Read on to learn how you can hide desktop icons in Ubuntu.

    • Wine or Emulation

      • Wine, Windows programs, and gaming on Debian GNU/Linux. The XBOX 360 controller is “just working” now!

        PC gaming, for me, is sort of a hit or miss thing.

        Even though Wine (If you’re feeling cheeky, the “Linux Subsystem for Windows”) and, for that matter, Steam with Proton, a Wine fork optimized for gaming, have advanced a lot.

        I use laptops, and the only way to get a GPU upgrade with a laptop is to buy a new laptop.

        (Well, external GPUs are becoming more of a thing, but I’m not really sure where the GNU/Linux support stands on that, and if it would mean a proprietary driver, no thanks anyway.)

        Anyway, even up to a couple of years ago, controllers under Wine were dicey and even getting an XBOX 360 controller to be recognized involved terrible hacks involving a userspace driver, blacklisting a kernel module (xpad), and then installing an XBOX 360 controller emulator program for Windows in Wine so you could map the output of the actual hardware to an emulated version of the controller, which would send it along to video games.

        What a pain in the ass! I mean, not as much of one as installing a GNU/Linux distribution in the 90s with winmodems and having to tell X your modelines, under pains and penalties of potentially frying your computer monitor. (How uncivilized!). Modern GNU/Linux should be no more difficult than a small tweak here, a tweak there, and you’re done. At it’s very worst, no problem is likely to come up that would be worse than something that could come up under Windows.

    • Games

      • Maintenance release: Godot 3.3.4

        While we’re busy working on both the upcoming Godot 4.0 and 3.4 releases (with a dev snapshot for 3.4 beta 5 available now), we still cherry-pick important bug fixes to the 3.3 branch regularly for maintenance releases (see our release policy).

        Godot 3.3.3 was released a month ago, and a handful of important fixes have been queued in the 3.3 branch since then. Most notably, users of the GDScript LSP in Visual Studio Code have been experiencing crashes in 3.3.3, which are fixed in this new Godot 3.3.4.

        Note: Version numbers can be confusing with three branches worked on in parallel – this release is 3.3.4, i.e. a maintenance update to the 3.3 branch. This is not the upcoming 3.4 feature release.

        Godot 3.3.4, like all future 3.3.x releases, focuses purely on bug fixes, and aims to preserve compatibility. It is a recommended upgrade for all Godot 3.3 users.

      • Steam Next Fest is live again with demos, livestreams and more | GamingOnLinux

        It’s that time again! From now until October 7 you get to try out various new demos on Steam, watch developer livestreams and much more.

        This is another wonderful chance to test out various games before they see a full release. For the games included in the event, they are supposed to be releasing somewhere between October 7, 2021 and May 1, 2022 so even if you find something you like it might be a while before you get to see the full complete thing.

    • Distributions

      • Arch Family

        • First Arch Linux ISO Powered by Linux Kernel 5.14 Is Now Available for Download

          That’s right Arch Linux fans, Arch Linux 2021.10.01 is up for grabs as I am writing this and it comes with Linux kernel 5.14 by default. The ISO image includes Linux 5.14.8 as default kernel since the recently released Linux 5.14.9 kernel is still in the Testing repos.

          Linux kernel 5.14 is the latest kernel branch available for GNU/Linux distributions, bringing new features like a much-enhanced AMDGPU graphics driver for AMD GPU users, much-improved EXT4 and F2FS filesystems, the core scheduling functionality to better protect your computers against some of those Spectre vulnerabilities, as well as some goodies for ARM 64-bit (AArch64) and RISC-V users.

      • Debian Family

        • Deepin 20.2.4 integrates global desktop search

          Barely a month and a half have passed since its previous launch and is here Deepin 20.2.4 , a smaller version than the Chinese distribution takes advantage of to introduce a new feature, as well as a maintenance update to use.

          If you are already using Deepin 20 and keep your system updated, you don’t have to do anything else, because you are up to date, but if you want to install the distribution from scratch, Deepin 20.2.4 is the recommended one at the moment. Although the truth is that we would have to go back a little earlier, to the launch of Deepin 20.2 , the latest regular version until what seems like a conscious change in development and releases.

          In summary, Deepin 20.2 was followed by Deepin 20.2.1 only with corrections, and since then the versions that have followed have been dedicated to applying patches, but also new features of relative importance, but one by one. Thus, Deepin 20.2.2 introduced a new application store with support for Android applications; Deepin 20.2.3 did the same with integrating OCR support to extract text from images …

          … And Deepin 20.2.4 launches what its developers have called an ” effective global search “, a new search function with which “quickly find the information you want”, they have in the official announcement . And what does this effective global search consist of? In what you imagine.

      • Canonical/Ubuntu Family

        • Linux Mint 20.3 is named ‘Una’ and Debian Edition (LMDE) 5 is called ‘Elsie’

          Back in July, we shared with you that Linux Mint 20.3 would be released around Christmas. Unfortunately, that was pretty much all we knew about the upcoming version of the Ubuntu-based operating system. Thankfully, today, the developers give us some more details.

          Not only do we now know the name of Linux Mint 20.3, but the moniker of the upcoming Linux Mint Debian Edition (LMDE) 5 too. Following Mint’s tradition of only using female names, the former will be named “Una,” while the latter shall be called “Elsie.”

        • Linux Mint 20.3 due by Christmas and project’s website receives a fresh look

          Clem Lefebvre, head of the Linux Mint project, has announced that the next version of Linux Mint, version 20.3, will be available by Christmas in three flavours – Cinnamon, MATE and Xfce. The new update is codenamed Una which is just one letter away from the codename of the current version, Uma. Accompanying today’s news, the project updated its website so that it looks modern and is easier to use.

          In its announcement, the Mint team said the upcoming version will have improved themes, for example, the titlebars of applications will be made larger allowing for larger buttons and making them easier to grab and move around. Further, they have been given rounder corners so they look more pleasant.

        • Monthly News – September 2021

          The new website is now fully ready and live on https://www.linuxmint.com. It looks minty, it works on all devices and it looks modern. It also does a better job than before at welcoming newcomers, explaining what Linux Mint is, why people love it and how to install it.

          It took longer than expected but the job is done and we’re glad we took the time to finally do it. I’d like to thank all the people who sent us feedback and who helped us with it.

          The website no longer shows ads and this blog announcement is no longer showing the community sponsors. These were tough decisions to take because they immediately reduce our income but they also make Linux Mint look more serious and professional. We’re hopeful they’ll help us grow in the long term and we’ll generate enough to not worry about it.

          We received a lot of positive feedback since the website went live so we know you really like it! I know we can’t please everybody and taste is subjective but for most people this is a very welcome change. Personally I remember how amazing the previous website looked when it was made in 2009, but what looked amazing then just simply looks outdated now. Although I grew attached to it since it represented part of our identity during these many years, getting the opportunity to redesign it during this development cycle was a relief and I’m very happy with the result. We are a modern operating system. We use Linux because it’s better, not because it’s free or because it’s old or because it didn’t embrace controversial design changes. We use it because it’s fast, because it works, because it does what we want. It was important for our website to not only convey these ideas but to look modern as well.

        • Chihuahua-sized robot dog developed

          The little quadruped was designed by MangDans in collaboration with Stanford Pupper.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Anti-cheat works on Linux, Firefox stumbles again, and HDR support – Linux news – September 2021 – Invidious

            This time, we have Red Hat hiring for HDR support on Linux, Firefox making more controversial decisions, and support for Linux from the major anti cheat providers, among a LOT of other linux gaming news.

          • Addressing gender-based online harms in the DSA [Ed: Mozilla spends money on politics and lobbying while firing actual engineers]

            Last year the European Commission published the Digital Services Act (DSA) proposal, a draft law that seeks to set a new standard for platform accountability. We welcomed the draft law when it was published, and since then we have been working to ensure it is strengthened and elaborated as it proceeds through the mark-up stage. Today we’re confirming our support for a new initiative that focuses on improving the DSA with respect to gender-based online harm, an objective that aligns with our policy vision and the Mozilla Manifesto addendum.

            An overarching focus of our efforts to improve the DSA have focused on the draft law’s risk assessment and auditing provisions. In order to structurally improve the health of the internet ecosystem, we need laws that compel platforms to meaningfully assess and mitigate the systemic risks stemming from the design and operation of their services. While the draft DSA is a good start, it falls short when it comes to specifying the types of systemic risks that platforms need to address.

          • MDN Web Docs at Write the Docs Prague 2021 [Ed: Mozilla does not mention the awful tragedy of outsourcing to to proprietary software of Microsoft, an attack on the Web itself]

            The MDN Web Docs team is pleased to sponsor Write the Docs Prague 2021, which is being held remotely this year. We’re excited to join hundreds of documentarians to learn more about collaborating with writers, developers, and readers to make better documentation. We plan to take part in all that the conference has to offer, including the Writing Day, Job Fair, and the virtual hallway track.

          • Superhero passwords may be your kryptonite wherever you go online [Ed: So Mozilla wants your passwords. Should you trust it?]

            A password is like a key to your house. In the online world, your password keeps your house of personal information safe, so a super strong password is like having a superhero in a fight of good vs. evil. In recognition of Cybersecurity Awareness month, we revisited our “Princesses make terrible passwords for Disney+ and every other account,” and took a look to see how fortified superhero passwords are in the fight against hackers and breaches. According to haveibeenpwned.com, take a look at the how many times these superhero passwords have showed up in breached datasets….

          • How to delete your jQuery Reject Plugin in 1 easy step.

            In my last post on testing Chrome version 100, I encouraged everyone to flip on that flag and report bugs. It’s with a heavy heart that I announce that Ian Kilpatrick did so, and found a bug.


            Also, if you happen to work on any of the following 1936 sites using this script, you know what to do (pick option Roman numeral 3, just to be super clear).

          • The Mozilla Blog: Analysis of Google’s Privacy Budget Proposal [Ed: The person who wrote it receives his salary from Google via Mozilla]

            Fingerprinting is a major threat to user privacy on the Web. Fingerprinting uses existing properties of your browser like screen size, installed add-ons, etc. to create a unique or semi-unique identifier which it can use to track you around the Web. Even if individual values are not particularly unique, the combination of values can be unique (e.g., how many people are running Firefox Nightly, live in North Dakota, have an M1 Mac and a big monitor, etc.)

            This post discusses a proposal by Google to address fingerprinting called the Privacy Budget. The idea behind the Privacy Budget is to estimate the amount of information revealed by each piece of fingerprinting information (called a “fingerprinting surface”, e.g., screen resolution) and then limit the total amount of that information a site can obtain about you. Once the site reaches that limit (the “budget”), further attempts to learn more about you would fail, perhaps by reporting an error or returning a generic value. This idea has been getting a fair amount of attention and has been proposed as a potential privacy mitigation in some in-development W3C specifications.

          • Niko Matsakis: Dyn async traits, part 2

            In the previous post, we uncovered a key challenge for dyn and async traits: the fact that, in Rust today, dyn types have to specify the values for all associated types. This post is going to dive into more background about how dyn traits work today, and in particular it will talk about where that limitation comes from.


            Early on in Rust, we debated whether dyn DoTheThing ought to implement the trait DoTheThing or not. This was, indeed, the origin of the term “dyn safe” (then called “object safe”). At the time, I argued in favor of the current approach: that is, creating a binary property. Either the trait was dyn safe, in which case dyn DoTheThing implements DoTheThing, or it was not, in which case dyn DoTheThing is not a legal type. I am no longer sure that was the right call.

      • SaaS/Back End/Databases

        • PostgreSQL 14 Ships with Improved Performance for Heavy Workloads

          The PostgreSQL team released the PostgreSQL 14 database, providing users of the widely deployed relational database with new features.

          PostgreSQL, also known as “Postgres”, is an open-source, object-relational database management system. It has been around for over 30 years and advertises itself as “the most advanced open-source relational database in the world”. It is developed by a worldwide team of volunteers and it is quite popular due to its stability and advanced features.

          PostgreSQL is perceived as a go-to solution for performing complicated, high-volume data operations. That’s because PostgreSQL is better at handling extraordinary database situations. Additional points that set PostgreSQL apart are the fact it is object-relational, ACID-compliant, highly concurrent, and offers NoSQL support. And the latest PostgreSQL 14 makes things even better.

      • LibreOffice on Chromebooks and Apache/OpenOffice

        • How to install LibreOffice 7.2 on a Chromebook

          Today we are looking at how to install LibreOffice 7.2 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

          If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

        • Apache Month in Review: September 2021

          Welcome to the latest monthly overview of events from the Apache community. Here’s a summary of what happened in September …

        • This Week In Security: OpenOffice Vulnerable, IOS Vulnerable, Outlook… You Get The Idea | Hackaday

          We start this week with a good write-up by [Eugene Lim] on getting started on vulnerability hunting, and news of a problem in OpenOffice’s handling of DBase files. [Lim] decided to concentrate on a file format, and picked the venerable dbase format, .dbf. This database format was eventually used all over the place, and is still supported in Microsoft Office, Libreoffice, and OpenOffice. He put together a fuzzing approach using Peach Fuzzer, and found a handful of possible vulnerabilities in the file format, by testing a very simple file viewer that supported the format. He managed to achieve code execution in dbfview, but that wasn’t enough.

          Armed with a vulnerability in one application, [Lim] turned his attention to OpenOffice. He knew exactly what he was looking for, and found vulnerable code right away. A buffer is allocated based on the specified data type, but data is copied into this buffer with a different length, also specified in the dbase file. Simple buffer overflow. Turning this into an actual RCE exploit took a bit of doing, but is possible. The disclosure didn’t include a full PoC, but will likely be reverse engineered shortly.

          Normally we’d wrap by telling you to go get the update, but OpenOffice doesn’t have a stable release with this fix in it. There is a release candidate that does contain the fix, but every stable install of OpenOffice in the world is currently vulnerable to this RCE. The vulnerability report was sent way back on May 4th, over 90 days before full disclosure. And what about LibreOffice, the fork of OpenOffice? Surely it is also vulnerable? Nope. LibreOffice fixed this in routine code maintenance back in 2014. The truth of the matter is that when the two projects forked, the programmers who really understood the codebase went to LibreOffice, and OpenOffice has had a severe programmer shortage ever since. I’ve said it before: Use LibreOffice, OpenOffice is known to be unsafe.

        • All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) [Ed: How many still use OpenOffice instead of LibreOffice]

          Venturing out into the wilderness of vulnerability research can be a daunting task. Coming from a background in primarily web and application security, I had to shift my hacking mindset towards memory corruption vulnerabilities and local attack vectors. This two-part series will share how I got started in vulnerability research by discovering and exploiting code execution zero-days in office applications used by hundreds of millions of people. I will outline my approach to getting started in vulnerability research including dumb fuzzing, coverage-guided fuzzing, reverse engineering, and source code review. I will also discuss some management aspects of vulnerability research such as CVE assignment and responsible disclosure.

      • FSF

        • FSF job opportunity: Outreach and communications coordinator

          The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity with a worldwide mission to protect computer user freedom, seeks a motivated and organized Boston-based individual to be our full-time outreach and communications coordinator.

          Reporting to the executive director, the outreach and communications coordinator works closely with our campaigns, licensing, technical, and operations teams to plan, write, edit, publish, and promote high-quality, effective materials, both digital and printed. These materials are a critical part of advancing the FSF’s work in support of the GNU Project, free software adoption, copyleft licensing, and freedom on the Internet; and against Digital Restrictions Management (DRM), software patents, and proprietary software. Nearly every publication from the FSF goes through this public-facing position, tying together our work across various constituencies.

      • Programming/Development

        • LLVM 14.0.0 Release Notes¶

          This document contains the release notes for the LLVM Compiler Infrastructure, release 14.0.0. Here we describe the status of LLVM, including major improvements from the previous release, improvements in various subprojects of LLVM, and some of the current users of the code. All LLVM releases may be downloaded from the LLVM releases web site.

          For more information about LLVM, including information about the latest release, please check out the main LLVM web site. If you have questions or comments, the LLVM Developer’s Mailing List is a good place to send them.

          Note that if you are reading this file from a Git checkout or the main LLVM web page, this document applies to the next release, not the current one. To see the release notes for a specific release, please see the releases page.

        • LLVM 13.0 Released With Official Flang Binary Packages, Improved OpenCL Clang Support – Phoronix

          LLVM 13.0 was tagged overnight as the latest half-year update to this widely-used, very powerful open-source compiler stack.

          LLVM 13.0 is now available with many features that accumulated over the course of the summer. Some of the LLVM 13 highlights include:

          - Flang as the Fortran front-end is now included in the official LLVM binary packages.

        • Giant Working NERF Gun Runs On Tiny Arduino | Hackaday

          Well, here it is: a shoe-in for the new world’s largest NERF gun. (Video, embedded below.) The Guinness people haven’t shown up yet to award [Michael Pick], but at 12.5 feet, this baby is over twice as long as the current record holder, which belongs to former NASA mechanical engineer Mark Rober and his now-puny six-foot six-shooter.

          We have to wonder if it is technically bigger than the six-shooter, because they seem to be roughly the same scale, except that [Michael] chose a much bigger model to start from. The main body is made from wood, and there are a ton of 3D-printed details that make it look fantastically accurate. The whole thing weighs over 200 pounds and takes at least two people to move it around. We especially love the DIY darts that [Michael] came up with, which are made from a PVC tube inside a section of pool noodle, topped off with a 3D printed piece for that distinctive orange cap.

        • Minimalist Timer Counts Down With LED Matrix | Hackaday

          Looking for something with a bit more style than the traditional kitchen timer, [Martin Jonasson] decided to take the last couple of months to design and build his own take on the idea using a rotary encoder, 16×9 LED matrix, and a Teensy 2.0 microcontroller. Were there better things he could have spent that time on? Possibly. But you probably wouldn’t have been reading it about it here, so we won’t trouble ourselves with such thoughts.

        • Canonical: What is an IoT marketplace?

          The Internet of Things (IoT) ecosystem is expanding at a rapid rate, with the number of devices growing every year. The increase in physical hardware being manufactured multiplies the amount of software needed to perform various functions on new platforms. There are a range of IoT use cases, including voice-controlling the lights in your home, monitoring air pollution, or the parking feature of a self-driving car. With various entities publishing specialised software for all these use cases (and many more), it can often be time-consuming to compare possible solutions. For somebody interested in working on an IoT project but unsure where to start, it can be difficult to discover the software you need. An IoT marketplace, as a centralised platform for IoT applications, can help to solve these issues.


          Often, using an IoT marketplace allows you to easily choose and install the software you want in one place. Thus, you don’t need to research the software you want to install, then navigate to the company page that owns that software, to search for individual download pages to then install the software you want in a non-standard way. Was the software pre-packaged and available for click-to-install? Would you need to extract the contents of the downloaded folder and run the installer in the terminal? This time-consuming process can all be optimised by using an IoT marketplace like the Snap Store.

        • Read and write XML files with wxWidgets

          XML files are a perfect choice for storing the settings of your wxWidgets cross-platform application. Confused about how to use the wxWidgets classes to read and write XML files? No worries. In this hands-on tutorial, you’ll learn how to read and write XML files with wxWidgets, using the classes wxXmlDocument, wxXmlNode and wxXmlAttribute. We’ll expand a previously presented wxWidgets template application, such that it stores its application window dimensions in an XML file.

        • QML Runtime features: part 1

          This post is a refresher about some features of the qml binary that is installed along with the Qt SDK, which should help to explain why we now prefer to use it, rather than older tools like qmlscene and qmlviewer.

        • Red Hat Pushing Microsoft Proprietary Software

          • SQL Server on Red Hat Enterprise Linux at Data Platform Virtual Summit 2021 [Ed: IBM only cares about money]

            At this year’s Data Platform Virtual Summit (DPS) 2021, I was honored to present “Monitoring SQL Server on Linux performance with Performance Co-Pilot and Grafana.” In this post I’ll cover some of the topics I touched on during my talk and include some suggestions for DBAs who might be new to Linux.

        • Java

          • New Red Hat Developer e-book: Quarkus for Spring Developers

            Red Hat Developer has published Quarkus for Spring Developers, a comprehensive, 149-page e-book introducing Quarkus to Java developers, with a focus on helping people familiar with Spring make the transition. This includes the Spring Framework and Spring Boot, and any other modules within the Spring ecosystem.

            While Java continues to be one of the most widely used programming languages for building applications, Java developers often struggle to make their applications smaller and faster to meet modern computing requirements.

            Quarkus is designed to help.

  • Leftovers

    • What a car’s cabin air filter looks like after nobody has changed it in 19 years. – BaronHK’s Rants

      I got a 2003 Chevy Impala from mom a couple of years ago for free because it needed all kinds of work.

      One thing that every car owner should know how to do themselves is change their engine and cabin air filters, because it’s not that hard and over the years they will plug up and could cause the systems they protect to malfunction or work less than ideally.

      But shops charge $70 and up for a cabin air filter job sometimes and $40 and up for an engine air filter. Since these should be replaced so often, the jobs can get really expensive. Not changing the cabin air filter can result in a dysfunctional HVAC system or damage to it’s components, weird smells, restricted air flow, and has some impact on gas mileage as the engine has to runthis system. Then it’s even more expensive.

    • Hardware

      • Pixel Pump Pick & Place Positions Parts Precisely | Hackaday

        You’ve finally decided to take the plunge and build a board with surface-mount parts. After carefully dispensing the solder paste with a syringe, it’s time to place the parts. You take up your trusty tweezers and reach to grab a SOIC-14 logic IC—only there’s not a great way to grab it. The IC is too long to grab one way and has leads obstructing the other. You work around the leads, drop the IC into place, and then pick up an 0402 resistor. You gently set the resistor into your perfectly dispensed solder paste, pull the tweezers away, and the resistor has stuck to your slightly magnetic tweezers. [Robin Reiter] realized that hobbyists and small manufacturers needed a better way to assemble their surface-mount designs, so he’s building the Pixel Pump Pick & Place, an open-source vacuum assembly tool.

    • Integrity/Availability

      • Proprietary

        • Security

          • Security updates for Friday

            Security updates have been issued by Debian (curl, krb5, openssl1.0, and taglib), Fedora (cifs-utils), SUSE (libqt5-qtbase and rubygem-activerecord-4_2), and Ubuntu (linux-raspi, linux-raspi-5.4 and linux-raspi2).

          • Baby’s Death Alleged to Be Linked to Ransomware [Ed: This happens on a much grander scale due to Microsoft]

            Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby’s death.

            A U.S. hospital paralyzed by ransomware in 2019 will be defending itself in court in November over the death of a newborn, allegedly caused by the cyberattack.

            As the Wall Street Journal reported on Thursday, the baby’s mother, Teiranni Kidd, gave birth to her daughter, Nicko Silar, on July 16, 2019, without knowing that the hospital was entering its eighth day of clawing its way back from the attack.

          • A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death

            When Teiranni Kidd walked into Springhill Medical Center on July 16, 2019, to have her baby, she had no idea the Alabama hospital was deep in the midst of a ransomware attack.

          • A Death Due to Ransomware

            What will be interesting to see is whether the courts rule that the hospital was negligent in its security, contributing to the success of the ransomware and by extension the death of the infant.

          • Privacy/Surveillance

            • Locked In Your Home

              What brand is your home? Do you live in a Google, Apple, or Amazon house? Because in a modern “smart home” you may choose only one, and that choice locks you into dependence on only that vendor and its approved partners for any future appliances and home gadgets. Your “AI” voice assistant may talk to you, but it won’t talk to its competitors.


              With the current trajectory, the smart home will become much like your phone–under a single vendor’s control, not yours. They will get to choose which appliances integrate, which services they use for your voice queries, and what happens to your personal data. If they do something you don’t like, it will be even harder (and more expensive) to switch to a competitor than it already is with a phone or laptop.

              Fortunately it’s not too late to change the current situation. If there is any hope for a smart home where you hold the keys, it must start with open standards for how devices communicate. Only then is there a space where truly open alternatives to Big Tech smart home gadgets can exist for the average consumer outside of do-it-yourself electronics projects.

              There is an effort underway with the industry organization Matter to create such standards but like with other industry standards membership and compliance is voluntary. Consumers should pressure existing smart home companies to comply with open standards and vote with their wallet. For our part, we will continue our work to build alternatives that don’t lock you in, based on our Social Purpose commitment to protect people’s privacy, security and freedom.

            • PhishLabs spying on my WordPress blog?

              WordPress gives me a list of where people link to my blog from, and today I noticed some company called PhishLabs. Including directly through from their main site and from a “threatintel” subdomain.

              It appears to be owned by Gartner, and claims that they do “digital brand and reputation management”, but I’m unable to determine exactly what they mean by this.

              I’ve had a WordPress blog before and I know that as soon as you start criticizing big corporations, they have these firms they hire to monitor blogs, figure out if what you’re saying is a “threat” to their brand, and from there….I don’t know what they want exactly.

    • Monopolies

      • Patents

        • Not a class ACT: the so-called App Association is simply an Apple Association and does NOT represent app developers’ interests in fair distribution terms [Ed: Microsoft AstroTurfing groups recycled]

          Enough is enough. While I have previously agreed, and may in the future agree, with ACT | The App(le) Association on some patent policy questions, its pro-Apple advocacy in the App Store antitrust context–which I already mentioned in May–gets worse by the month. Judges, policy makers, and journalists should see that lobbying scheme for what it is.

          Three months ago, New York-based attorney David Cohen wrote a blog post entitled “On Deceptive Apps and Practices: Unmasking the ACT App(le) Association.” Mr. Cohen was rightfully astonished when he saw ACT claiming to speak on small businesses’ behalf at a Federal Trade Commission (FTC) hearing. I trust he will not attempt to assert any copyright against me for borrowing the term “App(le) Association” from him, and I appreciate that he quoted me in the aforementioned post.


          In other words, Apple was using its mouthpiece named ACT to tell the media that Apple should continue with its stranglehold on app developers large and small. In reality, there’s not a single app developer out there who truly thinks Apple’s death grip is a good thing–and if any make public declarations to the contrary (which are few and far between), it’s because they expect (which doesn’t necessarily mean they’ve been promised) Apple to reciprocate that favor in some form or another.

          If ACT respected not only itself but also, more generally, human intelligence, it would have realized that when the New York Times exposes an apparent lack of credibility and legitimacy, it’s over. I mean, seriously, the NYT paragraph I quoted above should have given them and their other backers pause. Apple stops at nothing to defend its iOS app distribution monopoly, but other companies should be profoundly concerned that this App Store propaganda effort also discredits ACT’s work on other issues, such as SEPs, regardless of whether those positions may be correct.

        • [Older] On Deceptive Apps and Practices: Unmasking the ACT App(le) Association

          The ACT App Association should really be called the ACT Apple Association. It was founded in 1998 by Microsoft as a lobbying arm utilizing smaller player’ as a front to support its defense against antitrust charges on both sides of the Atlantic. Over the years, it remained a vehicle for Big Tech interests. Although hard to find (and strategically placed off the members’ page), if you scroll all the way down this page you see the ACT App(le) association’s main sponsors are Apple, Microsoft, Intel, Verizon, and AT&T (other recent sponsors have included Facebook, Oracle, and eBay).

          I have written about this “hide behind a supposed app association” charade last year. Since then, we’ve seen real app developers fight for their lives in the Epic Games vs. Apple litigation. However, the ACT App Association filed an amicus brief in support of… Apple (!), and its blog similarly takes Apple’s side. So why is an “app association” opposed to app developers’ interests?


          I hope the FTC understands why the association’s small app developers supposedly support Apple in the Epic v. Apple litigation, why these app developers supposedly care so strongly about standards essential patents (although app developers are never required to take SEP licenses), or how these app developers have the resources to support a 22-employee trade association. The answer is easy. It’s because the ACT App(le) Association represents Apple, Microsoft, Intel, Verizon and AT&T – not app developers.

          Also misleading is the Association’s claim at last week’s hearing to represent “thousands of small business software application development companies…located across every state in America.” The Association’s membership page lists thirty entities. Ten of these are European entities surprisingly listed without websites. The remaining ones include a venture capital company, a marketing company, a design company, and at least one entity that appears to be out of business. It is unclear how the remaining dozen or so entities amount to “thousands of small [app developers] … located across every state in America.”

Links 1/10/2021: KaiOS 3.0 and Xfce Update

Posted in News Roundup at 11:26 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Audiocasts/Shows

    • Kernel Space

      • Another system update adventure with RAUC, Barebox & Yocto Project – Bootlin’s blog

        After experiencing both SWupdate and Mender in the past we recently got the opportunity to work with another update framework for embedded systems called RAUC.

        This time the choice of RAUC as system upgrade framework was mainly motivated by the Phytec IMX6 board ecosystem which is based on both Barebox and Yocto Project.
        Indeed RAUC and Barebox are both developed by Pengutronix and both are designed to provide a complete and homogeneous solution that will be introduced in this post.

      • Paul E. Mc Kenney: So You Want to Rust the Linux Kernel?

        There has been much discussion of using the Rust language in the Linux kernel (for example, here, here, and here) and 2021 LInux Plumbers Conference had a number of sessions on this topic, as did Maintainers Summit. At least two of these sessions mentioned the question of how Rust is to handle the Linux-kernel memory model (LKMM), and I volunteered to write this blog series on this topic.

        This series focuses mostly on use cases and opportunities, rather than on any non-trivial solutions. Please note that I am not in any way attempting to dictate or limit Rust’s level of ambition. I am instead noting the memory-model consequences of a few potential levels of ambition, ranging from “portions of a few drivers”, “a few drivers”, “some core code” and up to and including “the entire kernel”. Greater levels of ambition will require greater willingness to accommodate a wider variety of LKMM requirements.

    • Benchmarks

      • Fedora Server 35 Performance Looking Good – Initial Benchmarks With Intel Xeon Ice Lake

        Given this week’s release of Fedora 35 Beta I have begun my benchmarking to look at how this next installment of Fedora Linux is shaping up given that it tends to be at the forefront of open-source innovations given Red Hat’s investments. For our initial F35 benchmarking is looking at the Fedora Server 35 Beta performance compared to Fedora 35 on a dual Intel Xeon Platinum 8380 server.

        This initial testing is quite straight-forward and from the same Intel Xeon Platinum 8380 “Ice Lake” reference platform, Fedora 34, Fedora 34 with all stable release updates, and Fedora 35 Beta were carried out for seeing how this H2’2021 Linux distribution release update is looking. The stable release of Fedora 35 is currently expected for the end of October.

    • Applications

      • Video Trimmer – quickly trim videos

        Video editing is the process of editing motion video footage. In the new age of personal video, video editing is becoming a central function of the desktop, with the popularity of video editing software ever increasing.

        Any self-respecting operating system that has ambitions on becoming the dominant force on the desktop therefore needs to have a good selection of video editing software. Video sharing websites such as YouTube are now enormously popular with hundreds of thousands of new videos uploaded every day.

      • MAKE MORE with Inkscape – Stroke Fonts

        Inkscape, the most used and loved tool of Fedora’s Design Team is not just a program for doing nice vector graphics. With vector graphics (in our case SVG) a lot more can be done. Many programs can import this format. Also, Inkscape can do a lot more than just graphics. The last article of this series showed how to design embroidery with Inkscape and the extension Ink/Stitch. This time, several extensions for Inkscape will be examined. All are helpful for working with so called Stroke or Hershey Fonts.

        Inkscape version 0.91+ includes an extension called Hershey Text – Extensions > Text > Hershey Text. This extension brings a small set of Stroke Fonts or Hershey Fonts. If you try testing all of the extensions Inkscape comes with, you might get to this one and ask yourself, “What is it for? It just renders text?”

    • Instructionals/Technical

      • How to Install GitLab on Debian 11

        GitLab is a free and open-source DevOps platform that allows teams to iterate faster and innovate together. It is a web-based tool developed by GitLab Inc. It is very similar to GitHub and provides a Git repository manager providing wiki, issue-tracking, and continuous integration and deployment. GitLab community edition is available absolutely free for development and production environment.

        In this tutorial, I will show you how to install GitLab with Nginx and Let’s Encrypt SSL on Debian 11.

      • How to Install & Create a VM on VirtualBox with Pop!_OS 20.04 – LinuxCapable

        VirtualBox is a free and open-source hypervisor for x86 and x86-64 virtualization, which the Oracle Corporation develops. The software targets users wishing to create virtual environments for servers and desktops that allow users and administrations to run multiple guest operating systems on a single computer for either testing methods or production use. VirtualBox may be installed on Windows, macOS, Linux, Solaris, and OpenSolaris.

        In the following tutorial, you will learn how to install VirtualBox on your Pop!_OS 20.04 desktop, along with creating a new Virtual Machine from scratch.

      • How to Install Tor Browser on Pop!_OS 20.04 – LinuxCapable

        Tor, also known as The Onion Router, is open-source, free software that enables anonymous communication when using online services such as web surfing. The Tor network directs the Internet traffic through an accessible worldwide volunteer overlay network with over six thousand relays and continues to grow. Many users want to find more ways to keep their information and activities anonymous or at least as private as possible, which has led to Tor Browser growing quite popular in recent years as it conceals a user’s location and usage from anyone conducting network surveillance or traffic analysis.

        The Tor network is intended to protect the personal privacy of users and their freedom and ability from conducting communication without having their activities monitored, and data were taken without their consent and used to sum it up.

        In the following tutorial, you will learn how to install the latest Tor Browser on Pop!_OS 20.04.

      • How to Add a User to Sudoers on Linux Mint – LinuxCapable

        When installing Linux Mint, the user account that was created during the initial setup has sudo rights. However, there may be a need to add additional sudo users or to remove the access. This is a straightforward process with a few commands.

        In the following tutorial, you will learn to add a user to the sudoers group on any current Linux Mint system.

      • How To Install Telnet on Ubuntu 20.04 LTS – idroot

        In this tutorial, we will show you how to install Telnet on Ubuntu 20.04 LTS. For those of you who didn’t know, Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network using a client-server protocol to establish a connection. Telnet listens to all the requests by the user usually on TCP port 23, but you can change it accordingly.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Telnet on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • What is Shebang in Linux Shell Scripting?

        The seemingly insignificant #! characters at the beginning of a shell script has a major significance on how your script will be executed.

      • What Nodes are broken? | Adam Young’s Web Log

        While I tend to think about the nodes in OpenStack term, the people that physically move the servers around are more familiar with their IPMI address. We have several nodes that are not responding to IPMI requests. Some have been put into the manageable state, some are in error.

      • Legible Error traces from openstack server show | Adam Young’s Web Log

        If an OpenStack server (Ironic or Nova) has an error, it shows up in a nested field. That field is hard to read in its normal layout, due to JSON formatting. Using jq to strip the formatting helps a bunch

      • Debugging a Clean Failure in Ironic | Adam Young’s Web Log

        My team is running a small OpenStack cluster with reposnsibility for providing bare metal nodes via Ironic. Currently, we have a handful of nodes that are not usable. They show up as “Cleaning failed.” I’m learning how to debug this process.

    • Games

      • Cyberpunk speedrunner platformer Aeon Drive is out now starring Kira Buckland | GamingOnLinux

        Developer 2Awesome Studio has released Aeon Drive, a cyberpunk themed platformer with a speedrunning theme.

        Aeon Drive stars Jackelyne, a space ranger desperate to get home. Voiced by actress Kira Buckland, who is best known for the voice of 2B in Nier: Automata, Reimi Sugimoto in JoJo’s Bizarre Adventure: Diamond Is Unbreakable, Trucy Wright in the Ace Attorney series, and Hiyoko Saionji in the Danganronpa series (and a lot more). Armed with a power sword and teleportation dagger, Jackelyne must dash through the neon-infused metropolis of Neo Barcelona, using time and space-bending abilities to find all the drive cores to fix her ship – and save the city from doom.

      • Steam is doing another Tabletop Fest starting October 21 all about RPGs | GamingOnLinux

        While today will see the Steam Next Fest arrive, Valve have more plans as the digital Tabletop Fest returns to Steam between October 21 – 25 and this time around it’s all about the RPGs.

        Kicking off at 10 AM PST / 5 PM UTC it will see a big sale with hundreds of titles discounted, so you might want to start filling up your wishlist. There will also be around 18 hours of streaming from developers, which is being done in partnership with Auroch Digital. Starting off with Robert Kurvitz, lead writer and designer on Disco Elysium.

      • The State of Linux Gaming – Invidious
      • The Ultimate BRRRT Simulator: Fully Featured A-10 Warthog Cockpit | Hackaday

        The Arduinos take input from switches and control knobs, but also run 7-segment displays and analog dials driven by servos. The panels were all laser-cut using MDF or perspex and backlit using LEDs.

      • The upcoming No VR Mod for Half-Life: Alyx shows off amazing progress | GamingOnLinux

        I consider Half-Life: Alyx played in VR to be one of the greatest gaming experiences I’ve ever had but for a lot of people it’s just not possible and so the No VR Mod is in progress.

        For whatever reason some cannot use VR be it due to price, physical ability and more. But if you still want to be able to experience the story first-hand you’re currently a bit stuck. There are a few hacky mods floating around to enable mouse/keyboard support but they’re all really quite rough. The No VR Mod looks like a different breed though, with smooth movement and it all just looks good.

      • XIGNCODE3 anti-cheat working towards Steam Deck support by launch | GamingOnLinux

        XIGNCODE3 is another popular anti-cheat like Easy Anti-Cheat and BattlEye that currently causes issues for Linux and it’s going to hopefully see support (thanks Reddit) for Linux and the Steam Deck by launch.

      • Proton Experimental Enables NVIDIA DLSS For D3D12 Games, Proton Now Handles More Games

        Valve published new versions of Proton and Proton Experimental last night.

        With the latest Proton Experimental update as of yesterday, NVIDIA’s Deep Learning Super Sampling (DLSS) is now working for Direct3D 12 games when setting the “PROTON_ENABLE_NVAPI=1″ environment variable and using a supported NVIDIA graphics card on a new enough driver. Proton was previously working for DLSS Vulkan titles while now DLSS for D3D12 games should be working with the above met conditions.

      • Steam Play Proton 6.3-7 is out now, Proton Experimental gets DLSS for DX12 games on Linux

        Two big bits of news for Steam Play Proton today with two new versions getting released so let’s take a look and see exactly what’s new for the Windows compatibility layer.

        Firstly, NVIDIA announced back in August that DLSS would come to Proton in September for DirectX 11 / 12. Well, their date was a bit off there it seems but Valve / CodeWeavers managed to pull in DLSS support for at least DirectX 12 in Proton Experimental as of September 30. To enable it you need to set PROTON_ENABLE_NVAPI=1 as a launch option for games. Additionally this release also fixes crashes in Project Wingman, Satisfactory and other Unreal Engine 4 games using the Vulkan renderer.

    • Desktop Environments/WMs

      • Xfce’s Apps Update for September 2021: New Releases of Thunar, Mousepad, Whisker Menu

        While we skipped August because of the summer holidays, the month of September 2021 brought some great releases, starting with the awesome Thunar file manager, which received not one but two maintenance updates, up to version 4.16.10.

        While Thunar 4.16.9 introduced support for using the move action when dragging files of different users, the ability to open the correct folder when middle-clicking in tree-view, fixes a issue where a folder was missing in history when it was opened in a new tab, and disabled automatic queueing of file transfers, Thunar 4.16.10 only addressed a regression that could crash the file manager when using the clipboard.

      • K Desktop Environment/KDE SC/Qt

        • Calamares and Hacktoberfest 2021

          Calamares is an independent Linux-distro-installer. It was recently added to FreeBSD ports as well, although you won’t be able to use it as an installer yet. The Calamares project is KDE-adjacent – but independent – so it participates ins some things that KDE projects do not. One of those things is Hacktoberfest.

        • August/September in KDE Itinerary

          Travel is slowly returning, and that shows in many improvements of KDE Itinerary being driven by real-world testing and feedback again in the past two month since the last summary.

    • Distributions

      • Download Linux – Linux Nightly

        Linux refers to the kernel on which distributions are built. You can think of it as the core to all systems that are running on Linux.

        Linux distributions are the download links featured above – such as Ubuntu, Fedora, Manjaro, etc. These are collections of software and configurations that have been packaged with the Linux kernel. A team of developers is responsible for each distro, and attaches their own branding or moniker (i.e. “Linux Mint) to it. Typically, the devs will release free updates and support for the distro they’ve created.

        Another term you’ll hear often is GNU, or GNU/Linux. The GNU project is responsible for a massive amount of the free software you’ll find availalble across all Linux distributions.

        While the Linux kernel provides an operating system with its core functionality, the GNU software, as well as software from other developers, allows us to interact with the operating system and do things. Since GNU and Linux are both so integral to Linux distributions, the term GNU/Linux is exceedingly common.

        Both the Linux kernel and GNU software are free. That’s why so many Linux distributions exist in the first place. Anyone is free to take these components, bundle them together, add their own spin to the package, and then release the finished product as a separate operating system (Linux distro). This is very different than systems like Microsoft Windows, where the code for the OS and its applications are locked tightly behind a closed source and copyright laws.

      • SUSE/OpenSUSE

        • GNOME, Plasma Releases Make Progress While Tumbleweed Rolls

          GNOME 41 has reached openSUSE Factory staging and KDE’s Plasma 5.23 is nearing a release in an openSUSE Tumbleweed snapshot as it progresses through staging.

          openSUSE’s rolling release turned out four snapshots this week and updated software packages like Mesa, curl, catfish, PipeWire, Perl and more.

          The 20210928 snapshot improved the transferring of data via an update of curl 7.79.1, which made it work with OpenSSH 8.7; the command line tool and library also adjusted a setup to not change connection data upon repeat invokes. An update of inkscape 1.1.1 fixed a crash and improved the startup time of the graphics editor application. Two other packages updated in the snapshot were yast2-network 4.4.26 and yast2-nfs-client 4.4.1; the latter had an update that supports systemd mount options in fstab.

        • openSUSE Tumbleweed – Review of the weeks 2021/39 – Dominique a.k.a. DimStar (Dim*)

          Dear Tumbleweed users and hackers,

          After the massive update in the last week due to a full rebuild caused by glibc 2.34, this week seems ‘somewhat’ quieter. Or at least from a Release manager PoV less involvement hungry. Yet, we managed to release 5 snapshots during this week (0923, 0924, 0926, 0927, and 0928).

      • IBM/Red Hat/Fedora

        • Junichi Uekawa: Garbage collecting with podman system prune.

          Garbage collecting with podman system prune. Tells me it freed 20GB when it seems to have freed 4GB. Wondering where that discrepancy comes from.

        • Use this tool to build an API without code | Enable Sysadmin

          Application programming interfaces (APIs) are like fuel for digital transformation, enabling companies to develop applications and microservices quickly. DataTrucker.IO is a new, free and open source (Apache 2.0) no-code/less-code API backend that decreases the time required to build APIs.

        • New application samples in Red Hat OpenShift 4.8 | Red Hat Developer

          As Red Hat OpenShift continues to evolve and improve, our efforts to promote developer success ramp up as well. The OpenShift developer dashboard provides sample applications that are just a few clicks away from deployment. These samples are spread across a wide range of software development interests and stacks, so you’ll probably find one of interest to you.

          For OpenShift 4.8, four new samples have been added, while four others have been updated. A total of 14 samples are at hand for the new or curious developer. We’ll review all the samples in this article.

        • 5 ways leaders can boost psychological safety on teams

          “Welcome to the family.” That’s how it should feel right from the start when new people join the team at any company.

          Of course, relating a workplace to a home is an ambitious promise. To live up to it, you need to ensure that your people experience a safe place where they can be who they are with no fear of being punished or humiliated for sharing their ideas, raising concerns, or making mistakes.

        • Contribute to Call for Code projects as part of Hacktoberfest

          We’re excited that Call for Code will be participating in Hacktoberfest again this year. Now in its eighth year, Hacktoberfest is a global online festival meant to drive contribution to and involvement in open source projects.

          Both Call for Code and Hacktoberfest encourage contributions from people of all backgrounds and skill levels. Call for Code is of course a great opportunity for experienced open source contributors to get involved in projects that address social and humanitarian issues, but if you’re brand new to open source projects, we’ve got you covered there as well. Our “Call for Code: Introduction to Open Source” online course is available at no cost and introduces you to key concepts, tools, and processes that you need to start contributing to any open source project. Start learning, and earn a badge by completing this course.

      • Canonical/Ubuntu Family

        • Linux Mint 20.3 “Una” Arrives This Christmas with Dark Apps and Other Visual Changes

          Linux Mint 20.3 will be dubbed “Una” and will be the third major update to the Linux Mint 20 series based on the Ubuntu 20.04 LTS (Focal Fossa) operating system series, which, of course, will be supported with software updates and security patches until 2025.

          Most probably, Linux Mint 20.3 “Una” will be derived from the recently launched Ubuntu 20.04.3 LTS point release, but, like with Linux Mint 20.2 “Uma”, Linux Mint 20.1 “Ulyssa”, and Linux Mint 20 “Ulyana”, it will stick to the long-term supported Linux 5.4 LTS kernel series rather than using the newer Linux kernel 5.`11.

        • Meet Mini Pupper: the Robot Dog That Is Just as Smart as a Border Collie

          Powered by a Raspberry Pi 4B microprocessor, Mini Pupper uses Ubuntu and ROS to run its FSN (Full Self-Navigation) System. It also supports SLAM (Simultaneous Localization and Mapping), which allows it to map its surroundings and learn in real-time from objects around it using Lidar or a camera sensor.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • KaiOS 3.0 with the current Gecko 84.0 is distributed

            KaiOS is based on the code of Mozilla’s Firefox OS and the third major version has just been released. The success of KaiOS shows how much Mozilla had backed the wrong horse with Firefox OS. Kai OS Technologies from Hong Kong did not concentrate the development of the operating system on smartphones or TV sets, but on the promising category of feature phones.

          • Firefox Wayland development in 2021

            It’s been long time from my last update about Firefox news on Linux and I’ve finally got some time to sum up what we’ve been working on for last year and what’s coming. There haven’t been introduced any new exciting features (from Linux perspective) for the last year but rather a hidden but important changes.

            From Linux desktop developers perspective 2021 is a year of Wayland. KDE has been shipping decent Wayland compositor which becomes default for Fedora 34. It’s actually pretty fast and gives you smooth feeling of “good old times” with X11/Gtk2/name-your-favorite environment where any graphics change was just instant without lags or slow transitions. I must mention Robert Mader who created a new Firefox Wayland SW backend for the KDE.

      • Productivity Software/LibreOffice/Calligra

        • Fixing a LibreOffice bug in less than eight hours!

          LibreOffice’s QA community works on identifying, testing and fixing bug reports from users around the world. Gabriele Ponzo, a long-time LibreOffice contributors and part of The Document Foundation’s Membership Committee, tells us about how a bug was recently fixed in just under eight hours…

      • CMS

        • Diamantedesk: Open-source Ticketing System for business

          Diamantedesk is an open source web-based Ticketing, help-desk solution aims to allow you to customize for business needs.

          Diamantedesk offers reliability, flexibility, scalability, and extensibility for many enterprise sectors like IT support, shipping, customer services, healthcare and more.

          It is built to improve customer service and convert feedback into valuable experience

          The system comes with a rich set of features and fancy look with informative dashboard filled with graphs, charts, and logs.


          It is published under the Open Software License (OSL 3.0).

      • Programming/Development

        • Qt 6.2 LTS adds a large number of modules and support for Apple Silicon and Windows 11 – itsfoss.net

          Qt 6.2 LTS is now available not only to be the first release with long-term support of the sixth major version of the framework , but also to start laying the foundations that will allow developers to truly transition from Qt 5 by having almost achieved the parity with version 5.15, which has become the penultimate LTS.

          Qt 6.2 LTS comes with many interesting news that should give it a strong boost and open the door to many projects to start the migration to the current major version of the framework . Of course, before starting to explain the news, those responsible recalled the main aspects of Qt 6, which already we summarized at the time .

          What stands out the most about Qt 6.2 LTS is the inclusion of a large number of new modules to approach parity with version 5.15, which are the following: Qt Bluetooth, Qt Multimedia, Qt NFC, Qt Positioning, Qt Quick Dialogs, Qt RemoteObjects, Qt Sensors, Qt SerialBus, Qt SerialPort, Qt WebChannel, Qt WebEngine, Qt WebSockets, and Qt WebView . On this aspect, the company has said that “the API for these modules is mostly compatible with previous versions of Qt 5 and will only require minor adjustments of the user code when it is transferred to Qt 6” .’

        • Qt Creator 5.0.2 released
        • Dirk Eddelbuettel: RcppArmadillo on CRAN: New Upstream

          Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 912 other packages on CRAN.

          This new release brings us Armadillo 10.7.0 released this morning by Conrad. Leading up to this were three runs of reverse dependencies the first of which uncovered the need for a small PR for subview_cols support which Conrad kindly supplied.

        • PoCL 1.8 OpenCL Implementation Coming With LLVM 13 Support, Better SPIR-V On CUDA

          PoCL is the open-source project implementing OpenCL for CPU-based execution as well as multi-device support by getting its Portable Computing Language implementation working atop NVIDIA GPUs via CUDA, AMD GPUs via HSA, and other experimental implementations through leveraging LLVM/Clang.

        • Arm Begins Adding Armv9 Support To The GNU Compiler Toolchain

          Arm engineers have begun landing their Armv9 enablement work in the GNU compiler toolchain.

          Yesterday brought the initial Armv9 commits to GNU Binutils. This included adding armv9-a to -march for the GNU Assembler as well as for GAS adding the Cortex-X2, Cotex-A510, and Cortex-A710.

        • Python

          • Awesome Python Video Tutorials Keep You Motivated | Hackaday

            Programming languages are one of those topics that we geeks have some very strong and often rather polarised opinions about. As new concepts in computing are dreamt up, older languages may grow new features, if viable, or get left behind when new upstarts come along and shake things up a bit. This scribe can remember his early days programming embedded systems, and the arguments that ensued when someone came along with a project that required embedded C++ or worse, Java, when we were mostly diehard C programmers. Fast forward a decade or two, and things are way more complicated. So much choice, so much opinion.

        • Java

          • 8 reasons why I learned Core Java | Opensource.com

            Computer programming, also known as coding for short, is not about which language you use. It’s about developing programming logic and learning to think like a programmer. The language you start with should be the one that helps you the most in this endeavor. So you have to ask yourself the question: “What do you want to do as a programmer?”

            For example, if you want to work on Android app development, video game development, desktop GUI applications, or just general software development, I think learning Java is an excellent option. It’s the language I chose, and it has made a whole world of programming available to me. In India, where I live, the average salary of a Java programmer is around 5.9 Lakhs per Annum (LPA) (it can be as high as 10 LPA, depending on your experience.)

            Java is a vast language, though, with lots of frameworks and variants to choose from. Core Java is the term the tech industry has developed to refer to the central components of the Java language—the thing that people use to write the frameworks and has developed the cottage industry around Java. I believe that Core Java is one of the most powerful skills you can acquire because understanding the basics of Java gives you a significant advantage when learning all of the related tools built on top of it.

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Security

          • Reproducible Builds (diffoscope): diffoscope 186 released

            The diffoscope maintainers are pleased to announce the release of diffoscope version 186. This version includes the following changes:

            [ Chris Lamb ]
            * Don't call close_archive when garbage-collecting Archive instances unless
              open_archive returned successfully. This prevents, amongst others, an
              AttributeError traceback due to PGPContainer's cleanup routines assuming
              that its temporary directory had been created.
              (Closes: reproducible-builds/diffoscope#276)
            * Ensure that the string "RPM archives" exists in the package description,
              regardless of whether python3-rpm is installed or not at build time.
            [ Jean-Romain Garnier ]
            * Fix the LVM Macho comparator for non-x86-64 architectures.

          • Crashes in OpenBSD, DragonFly BSD and Electron due to deprecation of the IdenTrust root certificate

            The termination of the IdenTrust root certificate (DST Root CA X3) used to cross-sign the Let’s Encrypt CA root certificate resulted in problems with Let’s Encrypt certificate validation in projects using older versions of OpenSSL and GnuTLS. Problems also affected the LibreSSL library, the developers of which did not take into account past experience related to failures that occurred after the AddTrust root certificate of the Sectigo (Comodo) certification authority expired.

            Recall that in releases of OpenSSL up to and including the 1.0.2 branch and in GnuTLS before release 3.6.14 , there was an error that did not allow the correct processing of cross-signed certificates, if one of the root certificates used for signing expired, even if other valid ones were saved. chains of trust (in the case of Let’s Encrypt, the aging of the IdenTrust root certificate does not allow verification, even if the system supports its own Let’s Encrypt root certificate valid until 2030). The essence of the error is that older versions of OpenSSL and GnuTLS parsed the certificate as a linear chain, while according to RFC 4158, a certificate can represent a directed distributed circular graph with several trust anchors that need to be considered.

          • BloodHound – Hacking Active Directory Trust Relationships

            Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use it to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.

            It is a single page JavaScript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor.

          • Getting Started With Kali

            Kali is a Debian based distribution aimed at penetration testing. I haven’t felt a need to use it in the past because Debian has packages for all the scanning tools I regularly use, and all the rest are free software that can be obtained separately. But I recently decided to try it.

            Here’s the URL to get Kali [1]. For a VM you can get VMWare or VirtualBox images, I chose VMWare as it’s the most popular image format and also a much smaller download (2.7G vs 4G). For unknown reasons the torrent for it didn’t work (might be a problem with my torrent client). The download link for it was extremely slow in Australia, so I downloaded it to a system in Germany and then copied it from there.


            Installing VMs for both these distributions was quite easy. Most of my time was spent downloading from a slow server, trying to get SCSI emulation working, working out how to convert image files, and testing different compression options. The time spent doing stuff once I knew what to do was very small.

          • Privacy/Surveillance

            • Coalition Letter to the 48th U.N. Human Rights Council (HRC) on Pegasus – Access Now

              We, the undersigned civil society organizations and independent experts, call on Member States of the U.N. Human Rights Council (HRC) to take urgent action at the ongoing 48th regular session of the HRC to denounce the unfolding and unprecedented scale of human rights violations by States facilitated by the use of the NSO Group’s Pegasus spyware and provide immediate, robust support for impartial and transparent inquiries into the abuses.

              We are deeply alarmed by the Pegasus Project revelations, a major investigation conducted by Forbidden Stories, and a consortium of 16 media organizations, alongside Amnesty International who was a technical partner in the investigations. The investigation was based on a leak of 50,000 phone numbers of potential targets of NSO Group surveillance technology, a list which includes journalists, activists, human rights defenders, lawyers, world leaders, and civil society actors. So far, at least 180 journalists in 20 countries were identified as potential targets of Pegasus spyware between 2016 to June 2021.

              Adding to the revelations, further cases of targeted surveillance continue to unfold. The most recent victim targeted by Pegasus spyware is the Budapest-based photojournalist Dániel Németh. According to an investigation by media organization Direkt36 and forensic analysis by Citizen Lab, independently validated by Amnesty International, two of Németh’s phones were hacked by a government client of the NSO in early July 2021. Németh is not the only Hungarian journalist to be hacked using Pegasus, Amnesty International’s forensic checks confirmed that two of Direkt36 investigative journalists, András Szabó and Szabolcs Panyi, and another investigative reporter, Brigitta Csikász, were also hacked in 2019.

            • Act now against spyware, coalition tells UN Human Rights Council – Access Now

              As the U.N. Human Rights Council (HRC) convenes at the ongoing 48th regular session, Access Now joins 94 civil society organizations and independent experts in urging member states to denounce abuses facilitated by spyware technologies.

              The Pegasus Project revealed a long list of journalists, activists, human rights defenders, lawyers, world leaders, and civil society actors that were a target of NSO Group’s Pegasus Spyware. The U.N. HRC should mandate comprehensive measures to investigate and prevent further violations linked to the sale, export, and use of Pegasus spyware and cases of targeted surveillance.

              “Member States must urgently act to address the perpetual human rights abuses by States facilitated by NSO Group’s Pegasus spyware,” said Laura O’Brien, UN Advocacy Officer at Access Now. “The clandestine surveillance industry must be held accountable.”

              The recent revelations showcased the unprecedented scale of human rights violations by States facilitated by the use of Pegasus with Budapest-based photojournalist Dániel Németh being the latest victim targeted by the spyware.

    • Freedom of Information/Freedom of the Press

      • Russian journalist acknowledges emigration, denounces new felony charges as effort to silence his investigative reporting

        Roman Dobrokhotov, the editor-in-chief of The Insider, has responded to new criminal charges that he allegedly crossed the Russian border illegally. The criminal case “was conjured out of thin air,” he argued in an editorial published by The Insider, asserting that he was within his rights when he left the country in August, weeks after federal agents raided his home and interrogated his parents. Russian officials seized his international passport at the time, but Dobrokhotov says he maintains his general civil passport.

    • Civil Rights/Policing

      • Why the cybersecurity industry should treat civil society as critical infrastructure – The Record by Recorded Future

        Cybersecurity risks now affect everyone, but those risks aren’t the same everywhere. The Record spoke with Access Now’s Asia Policy Director and Senior International Counsel Raman Jit Singh Chima about how the human rights organization helps secure activists and journalists around the world. Chima, who also serves as the organization’s global security lead, shared details about risks facing human rights defenders in the Asia-Pacific region—from spyware and social media monitoring to disrupting access to certain apps or the entire Internet.

        Protecting civil society from these threats must be a key part of cybersecurity policy discussions, Chima told The Record, much like we think about how we need to protect power grids and other utilities that keep society functioning.

        “Understand that people who protect civil liberties, rights, and democracy are critical infrastructure and need to be talked about as such when you engage in cybersecurity conversations with national governments in this region,” he explained.

With Microsoft, Security Breaches Are Presumed

Posted in Deception, Microsoft, Security at 10:18 am by Dr. Roy Schestowitz

Video download link | md5sum 90baecb5d2c9d010cbd33c5e9a387984

They migrated to Azure for 'security'Summary: A video about the current media coverage about Azure being inherently bad when it comes to security

LAST night we republished an article from a Microsoft whistleblower who had seen from the inside how insecure Azure really is. Nothing has improved since then and days ago it made the news, highlighting a longstanding issue that Microsoft refuses to address. Microsoft’s own clients complained about it years ago.

“Nothing says it better like Microsoft’s own words. When it talks honestly.”The video above concerns this whole matter and some broader issues, knowing that Microsoft does not actually care about the security of Azure ‘tenants’ (that’s what they are; they pay rents to be controlled and even neglected by Microsoft). Nothing says it better like Microsoft’s own words. When it talks honestly.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Links 1/10/2021: More Gemini Migrations, Proton 6.3-7

Posted in News Roundup at 6:45 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Instructionals/Technical

      • Gemini: the misaligned incentives

        How does gemtext suck? Let me count the ways: [...]

      • Going From A Domain Name to IP Address in DNSDB: Some “Pro Tips” To Keep In Mind

        Virtually every DNSDB user makes domain name to IP address queries. Often that will be quite straight forward, but today we’re going to talk about some of the times when you may run into surprises – and how you can easily deal with them.

      • Setting up a Gemini server

        I could not get agate to start correctly, it would not bind to the ipv4 port 1965. After some desultory troubleshooting I used gemserv instead.

        I didn’t bother compiling gemserv to use GGI, just static content.

      • Pimping My Type – Improving My Website’s Typography

        Anyway, since doing the research for the typography post, I discovered Oliver’s YouTube channel and newsletter, Pimp My Type. He’s a professional typographer, so when I learned that he offers free website typography reviews, I was on that like a tramp on chips!

      • [Old] An Introduction to JQ

        However, some things never stick in my head, nor my fingers, and I have to google them every time. jq is one of these.

        I know it’s a powerful tool, but I always end up back at Google and then copying and pasting a solution from somewhere. So I solve my problem but never learn the tool.

        It’s time to fix that. In this article, I’m going to go over the basics building blocks of jq in enough depth that you will be able to understand how jq works. Of course, you still might occasionally need to head to google to find a function name or check your syntax, but at least you’ll have a firm grounding in the basics.

    • Games

      • Why D&D over other RPGs?

        It’s true that our version of D&D is modified beyond recognition. Which is fine since it’s an open source game.

        It’s true that I’m a fan of D&D as a brand, as a shorthand, as a community, whereas I don’t touch “gamer” stuff with the proverbial ten-foot pole.

        It’s not true that this is out of ignorance with other systems. “Just play Fiasco” we went from Fiasco to D&D after trying both. And, we’ve mashed in stuff from Fiasco into “our” D&D.

        I had read around 200 core books until finally giving the much maligned D&D a shot. I had believed the anti-hope of haters on Usenet and TBP. “AC doesn’t make sense”, “Levels don’t make sense”, “It’s so unrealistic” etc. And I felt so dumb for looking at it last because it was exactly what I had been longing for all this time.

      • Valve Releases Proton 6.3-7 with Support for Life is Strange: True Colors, DXVK 1.9.2

        Coming about five weeks after Proton 6.3-6, the Proton 6.3-7 release is here to add support for the Life is Strange: True Colors, Quake Champions, Divinity: Original Sin 2, eFootball PES 2021, EVERSLAUGHT VR, as well as WRC (World Rally Championship) 8, 9 and 10 video games.

        This means that you’ll now be able to play these games on your Linux-powered computer using the new Proton version. However, it should be noted the fact that the Quake Champions and Divinity: Original Sin 2 games will apparently brake after a game update, so you shouldn’t update them yet.

    • Desktop Environments/WMs

      • Greyscale screens for anxiety

        One thing I didn’t expect to work so well was having my computer screen set to greyscale mode the past few days. I’d enabled it to test the accessibility and contrast of a design I was working on and… I didn’t turn it off.

    • Distributions

      • IBM/Red Hat/Fedora

        • Fedora Linux declared a ‘digital public good’

          Fedora Linux has been recognized as a “digital public good” by the Digital Public Goods Alliance (DPGA), a strategy group set up by UNICEF to promote sustainable development through open-source solutions that contribute to an equitable world.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • SaaS/Back End/Databases

        • YottaDB Continuous Integration / Continuous Delivery

          At YottaDB we have a network of a couple dozen machines that include all Supported platforms, ranging from Raspberry Pi Zeroes to x86_64 servers. We run the YottaDB test system across these machines most weekends, and frequently overnight as well. The normal run checks out the current master source code, builds it, and runs it on these machines against the current master test system. The source code is built and tested two ways, “DBG” builds with asserts that detect error and out-of-design conditions for us to debug, and “PRO” builds that are built the way binary distributions are delivered, and which invoke the recovery code for these error and out-of-design conditions. The tests involve extensive simulated crashes and recovery. They also randomly vary a number of parameters to test the various permutations and combinations of operating conditions.

      • FSF

        • Licensing/Legal

          • Can Radio Benefit From An Open Source Society?

            Radio has never been on the leading edge as an industry full of tech oriented companies so open source can be a solution that allows these companies to focus on what they are good at – delivering amazing content.

            Isn’t that the name of the game?

            Collaboration in the spirit of open-source could be an engine for much needed growth as well.

      • Programming/Development

        • Common mistakes when using libcurl

          I’ve been traveling this road for a while. Here’s my collection of 15 of the most common mistakes and issues people will run into when writing applications and services that use libcurl. I’ve also done recorded presentations on this topic that you can watch if you prefer that medium.

        • Things unlearned

          This post is part of a series, starting at Reflections on a decade of coding.

          This is one of my favorite questions to ask people: what are some things that you used to strongly believe but have now changed your mind about?

          I want to focus especially on ideas that I wasted a lot of time on, or that got in the way of success.

        • Fun with glibc and the ctype.h functions

          I got really bored tonight and went down some rabbit holes and turned up something from about a year ago. If you follow the latest Linux type stuff, you probably remember this, but if not, this might seem new to you. It’s just something dumb and amusing.

        • CHERI Software Release for Summer 2021

          The CHERI protection model provides architectural primitives to protect computer systems from widely-exploited security vulnerabilities. CHERI revises the hardware/software architectural interface with hardware support for capabilities that can be used for fine-grained memory protection and scalable software compartmentalization. Supported by DARPA (the US Defense Advanced Research Projects agency) as well as UKRI (UK Research and Innovation) and its Digital Security by Design (DSbD) program, CHERI is the work of a large research team at the University of Cambridge, SRI International, Arm and many industrial and academic collaborators throughout the world.

        • Understanding AWK

          It turns out Awk is pretty simple. It has only a couple of conventions and only a small amount of syntax. As a result, it’s straightforward to learn, and once you understand it, it will come in handy more often than you’d think.

          So in this article, I will teach myself, and you, the basics of Awk. If you read through the article and maybe even try an example or two, you should have no problem writing Awk scripts by the end of it. And you probably don’t even need to install anything because Awk is everywhere.

  • Leftovers

    • You Are Enough
    • The Holiness of Degradation

      with a title and a line from Leslie Jamison

      Anne says, what if you are notsick or bad, what if you are Katie?

    • Instituting Liberty: Contested, Changing, Conflicted Definitions

      Records of UT administrators describe an institute that would be “dedicated to the study and teaching of individual liberty, limited government, private enterprise and free markets” and promote “intellectual diversity.” Most people, myself included, support individual liberty. The remaining phrases are highly ideological and should be in scare quotes.

      Does “limited government” enhance individual liberty, or does it really mean using government power to protect concentrated wealth and limit our collective ability to create a decent society? Does “private enterprise” really mean allowing corporations to use that concentrated wealth to undermine democratic decision-making? Do those corporations champion “free markets” only as long as they can extract profit, running to the government for bailouts when they fail?

    • Desire in Our Times: A Conversation With Amia Srinivasan

      What is it about sex that makes talking about it with political and moral honesty so difficult? It’s so easy to fixate on its purely political aspects, relying on the simplicity of a relationship with black-and-white consequences. It’s so tempting to reduce it to the absolutely personal, just someone’s preference, beyond anyone else’s understanding or judgment. Even among feminists, the tensions between the intimacy of sex, its potential for violence, and the fact that its participants, limitations, and consequences often fall under the supervision of public authorities are perennial sources of conflict.

    • Misquoting Einstein Is Fast And Stupid, But Not Accurate

      I was writing something a while ago, and had reason to quote the famous aphorism “Computers are incredibly fast, accurate, and stupid; humans are incredibly slow, inaccurate, and smart.” I’ll bet you’ve heard a variation on that quote before, and probably have seen a meme or two with it. It’s usually attributed to Einstein.

    • A Time of Plague in an Era of Corruption, Mistrust and Irrationality

      That so many are willing to take the word of any contrarian rather than that of peer reviewed science is astonishing. But after decades of government and corporate malfeasance and abuses, it isn’t too difficult to understand the roots for this skepticism. Indeed, government agencies and business institutions have constructed this atmosphere of distrust. Just one look at the CIA, the military, or the tobacco and fossil fuel industries and we get a litany of lies, crimes, and the obfuscation of those crimes. Indeed, most drug companies have gotten away with the many crimes they have committed, with the recent opioid scandal and the Sackler family coming to mind. But there is also a kind of collective fear and a legacy of anti-scientific credulity that is common in far-right political circles that goes beyond justified criticism of and opposition to the crimes of the powerful.

      None of this is especially original. Climate change deniers have long latched on to the proclamations of a small, but loud, group of scientists who confirm their narrative. A major part of this is thanks to a well funded campaign of disinformation by the fossil fuel industry who began lying to the public about the damaging effects of burning fossil fuels decades ago. And there are dozens of think tanks in Washington whose sole purpose it to peddle corporate propaganda to politicians on the dole and a public that is already inclined to be against any scientific warning that may alter the Western lifestyle. But there is also a conspiratorial way of thinking about these things. The very real and existential issue of climate catastrophe has been linked to crackpot theories about a tyrannical “one world government.” Those who have been alienated from society often become targets for this kind of delusion. And social media amplifies it all through echo chambers of confirmation bias, connecting the alienated with one another, albeit in a very superficial manner.

    • China’s Fortune Cookie Crumbles

      Ross Ashcroft Michael Hudson, always great to have you back on Renegade Inc.

      Michael Hudson It’s good to be back here. Thanks for having me.

    • The rise of dark web design: how sites manipulate you into clicking

      Dark design has proven to be an incredibly effective way of encouraging web users to part with their time, money and privacy. This in turn has established “dark patterns”, or sets of practices designers know they can use to manipulate web users. They’re difficult to spot, but they’re increasingly prevalent in the websites and apps we use every day, creating products that are manipulative by design, much like the persistent, ever-present pop-ups we’re forced to close when we visit a new website.

    • Science

      • Teaching an algorithm to identify cancer from sequence data

        Algorithms have been used to identify cells in sectional images of tissue samples. For instance, if tissue cells appear atypical, the algorithm will spot this and determine if the cells are cancerous. DNA sequence data from tumours is now being used along with imaging data to identify cancers.

    • Health/Nutrition

      • ‘Eye-Popping Rip-Off’: Americans Pay Nearly Double Rest of World Combined for Top Meds

        As public health advocates fumed over efforts by right-wing congressional Democrats to water down prescription drug pricing reforms proposed in their own party’s flagship Build Back Better package, a report published Thursday by a leading progressive advocacy group revealed that Americans are paying nearly twice as much for the 20 bestselling medications as the rest of the world combined.

        “Empowering Medicare to push back against inflated drug prices is the responsible and commonsense way to stand up to the industry’s greed.”—Rick Claypool,Public Citizen

      • ‘Let Them Know How You Feel,’ Voters Urged as Pharma-Backed Dems Tank Drug Cost Plan

        Supporters of drug pricing reform expressed alarm Wednesday at efforts by right-wing congressional Democrats—including some of the biggest recipients of Big Pharma campaign contributions—to water down progressive-led efforts to lower the world’s highest prescription medication costs.

        Mirroring key items on Big Pharma’s wishlist, corporate Democrats are taking aim at proposed drug pricing reforms in the $3.5 trillion Build Back Better budget reconciliation package. According to Politico:

      • University in ‘Europe’s Oil Capital’ Votes to Divest from Fossil Fuels

        A Scottish university in “Europe’s oil and gas capital” has voted to sell all of its fossil fuel investments over the next four years.

        The University of Aberdeen, which has strong ties with the North Sea oil and gas industry, announced today that its governing body had voted to exclude fossil fuel extraction companies from its £52.7 million investment portfolio by 2025. It currently has an estimated £3.1 million invested in fossil fuels, according to campaigners.

      • Sickening, Indeed: the Horrors of Big Pharma

        For this reason, there is good cause to expect that his new book, Sickening: How Big Pharma Broke American Health Care and How We Can Repair It, would make a substantial contribution to the current debate over controlling drug prices. (Unfortunately, its publication date is not until February.) The book is indeed useful in documenting the failures of the pharmaceutical industry, but it comes up painfully short in the remedies.

        The first part of the book goes over some of the major scandals of the pharmaceutical industry over the last three decades. It notes the overuse of statins, a drug designed to lower cholesterol. Abramson points out that statins are often prescribed for women, based on clinical trials showing their effectiveness for men. In spite of the lack of evidence of benefit, expensive statins have been prescribed for millions of women over the last three decades.

      • ‘You Should Get the Vaccine Despite the Media Telling You You Should’

        Janine Jackson interviewed Jim Naureckas about Covid and corporate media  for the September 24, 2021, episode of CounterSpin. This is a lightly edited transcript.

      • ‘Not Ashamed’: Democratic Congresswomen Testify About Their Personal Abortion Stories
      • Opinion | These Pfizer-Backed GOP Lawmakers Are Heading to Q-Anon Anti-Vax Summit
      • House Oversight Won’t Hurt, But the Fight for Abortion Is Waged at Grassroots
      • With Infrastructure on the Brink, Manchin Refuses to Negotiate
      • Critics Slam Manchin for Invoking ‘Brutal Fiscal Reality’ to Defend Tanking of Biden Agenda

        Just ahead of Sen. Joe Manchin’s Thursday declaration that $1.5 trillion is his topline number for the reconciliation bill, the corporate Democrat referred to the United States’ so-called “brutal fiscal reality” on Wednesday to defend his opposition to the Democratic Party’s 10-year, $3.5 trillion package—a justification progressives criticized as baseless and a threat to Americans’ future well-being.

        “While I am hopeful that common ground can be found that would result in another historic investment in our nation, I cannot—and will not—support trillions in spending or an all or nothing approach that ignores the brutal fiscal reality our nation faces,” Manchin (D-W.Va.) said Wednesday night in a statement, adding that he wants to “pass on a better America to the next generation.”

      • Manchin: If You Want to Save the Planet, Elect More Progressives in 2022

        Sen. Joe Manchin said Thursday that securing sweeping climate legislation to safeguard the planet for future generations requires electing more progressives—unlike him—in 2022.

        The corporate Democrat’s assertion came as he announced to a crowd of reporters that his topline number for the broad reconciliation bill is $1.5 trillion—a fraction of the $3.5 trillion demanded by progressive lawmakers for the 10-year Build Back Better plan that includes investments to strengthen the safety net and tackle the climate emergency.

      • Manchin Admits Getting His Bill Passed and Then Tanking Progressive Package Was Always the Plan

        Sen. Joe Manchin admitted Thursday, ahead of a scheduled House vote on the Senate-passed bipartisan infrastructure bill, that it had been corporate Democrats’ plan all along to first secure passage of their fossil fuel-friendly legislation and then undermine the party’s more ambitious reconciliation package that proposes investing up to $3.5 trillion over a decade in clean energy and the social safety net.

        The conservative West Virginia Democrat told reporters Thursday that on July 28, he secured a signed agreement (pdf) from Senate Majority Leader Chuck Schumer (D-N.Y.) outlining his conditions for voting on the final reconciliation bill.

      • Manchin Goes After Abortion Rights in Latest Reconciliation Bill Opposition
      • Relying on Public-Private Partnerships Has Weakened America’s Pandemic Response

        As the United States continues to record thousands of cases of Covid infection and as many as 2,000 deaths per day, many Americans are scrambling to get rapid tests for extra reassurance as they return to school, work and start to travel. But rapid tests are hard to find on stores shelves across the country—and when you finally track them down, they cost from $10 to $15 per test. As it happens, that’s because there’s a nationwide shortage of rapid tests. Meanwhile, other countries have plentiful amounts of tests—in Germany, for instance, rapid testing, along with vaccination, has become the bedrock of their plan to live with the virus. There, rapid testing is widely used and available outside of restaurants and gyms and other facilities. Why is something that could be so instrumental to managing the pandemic so hard for Americans to get their hands on?

      • Being “Pro NBA Player” Means Being Pro-Vaccine

        Many of America’s pro athletes are union workers, albeit union workers with a decidedly distorted social position, relative to organized working-class people more broadly. They benefit greatly from collective bargaining. As is the case for all workers, unions are a pro athlete’s best friend. Just do your own investigation into what conditions and wages were like before unions—pro sports were part playground, part sweatshop.

      • YouTube cracks down on anti-vax misinformation

        The new policy builds on existing rules against COVID-19 vaccine misinformation, which have led to the removal of 130,000 videos since October. YouTube says it has taken down more than 1 million videos for violating its overall COVID-19 medical misinformation policy.

      • Zero tolerance: YouTube blocks all anti-vaccine accounts

        The company said that while accounts will be taken down, so will any posts which express unfounded concerns about vaccines or falsely state that some vaccines cause autism or cancer or something else the vaccine has never been proven to cause.

    • Integrity/Availability

      • DoS Attacks against our Online Game

        Based on the rising player number the urge to deal with the DoS problem is larger than ever. A few months ago for example we organized a Tournament for everyone in the community to participate. Unfortunately the event was the continuous target of DoS attacks for multiple hours, with players fleeing from one server to the next, trying to find a safe refuge. These bandwidth graphs for our servers in Netherlands and Germany respectively illustrate the problem: [...]

      • Proprietary

        • Ransomware contractor paints a different picture of the genre [iophk: Windows TCO]

          A threat actor, who claims to have worked for the REvil ransomware group among others, has cast doubt on the common tendency to associate individuals from a particular country who do such work as acting for the governments of the same countries.

        • Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities

          Tokarev reported the vulnerabilities to Apple between March 10 and April 29, but the last time he heard back from Apple about the three vulnerabilities was August 6, August 12, and August 25, respectively. Then the researcher said he told Apple on September 13 he would publish details of the bugs unless he heard back.

          It was only after he went public with details about the unpatched bugs that Apple reached out, according to Tokarev, who shared Apple’s email with Motherboard.

        • Apple’s fortress of secrecy is crumbling from the inside

          The tension might have stayed at a low simmer were it not for a Slack channel — #remote-work-advocacy — created in September 2020 to promote a more flexible working environment. By the summer of 2021, it had reached roughly 2,800 members, with conversations growing increasingly lively. After Cook made his announcement, employees knew they had to send a message. It was a small push back against management that would lay the groundwork for months of employee organizing and perhaps change the Apple workforce forever.

        • Security

          • Privacy/Surveillance

            • Facebook’s Latest Scandals: The Banality Of Hubris; The Messiness Of Humanity

              Over the last few weeks, the WSJ has run a series of posts generally called “The Facebook Files,” which have exposed a variety of internal documents from Facebook that are somewhat embarrassing. I do think some of the reporting is overblown — and, in rather typical fashion regarding the big news publications and their reporting on Facebook, presents everything in the worst possible light. For example, the report on how internal research showed that Instagram made teen girls feel bad about themselves downplays that the data actually shows a significantly higher percentage of teens indicated that Instagram made them feel better:

            • CIA, NSA Block Ads Network-Wide To Protect Agencies. Ron Wyden Says Rest Of Gov’t Should Do The Same.

              Not everyone uses an ad-blocker. But most people do. And no matter how much online publications claim ad blocking is the same thing as stealing, it really isn’t. If they’re bent out of shape about it, it’s because they assault users with ads, burying content behind a wall of uncurated virtual salesmen. If it bleeds, it leads, the old saying goes, but now it refers to readers’ processing power and data allotments.

            • Hillicon Valley — Presented by Ericsson — Senators gear up for Facebook hearing

              Facebook’s head of global safety will face off with members of the Senate Commerce consumer protection subcommittee on Thursday as part of the panel’s first in a series of hearings focused on kids’ safety. As criticism of the tech giant heats up following recent bombshell reports, the panel will convene again next week to hear testimony from a Facebook whistleblower.

            • Face detection for my leaf blower

              The short of it: I have a face detection algorithm running which, when a certain individual enters the field of the Pi’s vision, triggers a servo that powers on the blower, releasing a powerful air blast.

            • Apple AirTag Zero-Day Weaponizes Trackers

              An unpatched stored cross-site scripting (XSS) bug in Apple’s AirTag “Lost Mode” could open up users to a cornucopia of web-based attacks, including credential-harvesting, click-jacking, malware delivery, token theft and more.

              That’s according to Bobby Rauch, an independent security researcher who said that it’s possible to use the zero-day to fully weaponize an AirTag, with the ability to attack random strangers (or specific targets) should they interact with it.

              Stored XSS, also known as persistent XSS, occurs when a malicious script is injected directly into a vulnerable web application. An attack then only requires that a victim visit a compromised web page.

    • Defence/Aggression

      • They Fled the Taliban. Now They’re in a Tent City in New Mexico.

        In late August, 26-year-old Abul Ahmed was heading to his university in Kabul to fill out some paperwork when he got a call from a friend. “Don’t go to your house, because it’s dangerous. The Taliban are there,” Abul recalled being told. Abul said he wasn’t going to leave his family, but after the Taliban took over Kabul, he knew they couldn’t stay at home. “The Taliban broke into our compound, and they stole our car,” he told me. “They beat up my uncle and searched our stuff.”

      • Jan 6 Committee Subpoenas 11 Individuals Who Organized Trump Rally That Day
      • Open for Military Business: Ebola Research at Canada’s Only BSL-4 Lab

        By the time Qiu started work on Ebola, the mishandling of the SARS epidemic by China’s leadership was well-known worldwide. Officials had been fired for misbehavior. China had called upon leading scholars in the US, like W. Ian Lipkin, and Chinese scholars with significant success abroad, such as George Gao, to help reorganize its public health system, especially its disease surveillance methods. That year, a group of scientists from Guangdong, the centre of the SARS pandemic, arrived in Winnipeg to tour the Canadian Science Centre for Human and Animal Health, which includes both the NML, now managed by PHAC (Public Health Agency of Canada), and the animal diseases lab managed by the Canadian Food Inspection Agency. China was negotiating its agreement with France, which led to the construction of the BSL-4 at the Wuhan Institute of Virology.

        Natalie Salat, a reporter for Legion, a magazine about Canada’s military history, came to Winnipeg to write about the facility after the visitors from China had come and gone. Their attendance was presented to her as a mark of the NML’s global importance. Salat was told that the NML had partnerships with the Department of National Defence, the University of Manitoba, the US Centers for Disease Control and Prevention, the US Bioterrorism Response Network, etc. Stefan Wagener, whom Salat identified as the centre’s scientific director for biosafety and environment, told her that everyone who worked at the lab for more than ten days had to have a rigorous security clearance. He jokingly said that if he told her anything else about the detailed security measures in place, he’d “have to kill her.”227

      • The Untold Story of Why Palestinians Are Divided

        Palestinian political disunity is tied to the fact that the issue of representation in Palestinian society has always been an outcome of one party trying to dominate all others. This dates back to Palestinian politics prior to the establishment of Israel on the ruins of historic Palestine in 1948, when various Palestinian clans fought for control over the entire Palestinian body politic. Disagreements led to conflict, often violent, though, at times, it also resulted in relative harmony – for example, the establishment of the Arab Higher Committee (AHC) in 1936.

        These early years of discord duplicated themselves in later phases of the Palestinian struggle. Soon after Egyptian leader, Jamal Abdel Nasser, relinquished his influential role over the Palestine Liberation Organization (PLO) following the humiliating Arab defeat in 1967, the relatively new Fatah Movement – established by Yasser Arafat and others in 1959 – took over. Since then, Fatah has mostly controlled the PLO, which was declared in Rabat, in 1974, to be the “sole legitimate representative of the Palestinian people”.

      • Who Lost Afghanistan? H.R.

        What it does not show, and what Pentagon leaders don’t seem to understand, is why.

        Whitlock’s book reads like a synopsis of the many essays, books and cartoons I produced over 20 years, which were rejected by most newspapers and news websites because editors and producers refused to publish content that criticized the war.

      • What Are The Prospects For Peace? An Interview With Coleen Rowley

        Coleen Rowley is an attorney, peace activist and whistleblower. She’s a retired FBI Special Agent and former FBI Minneapolis Division Legal Counsel. For her exposure of the FBI’s pre-911 failures, she was named one of Time Magazine’s “Persons of the Year” in 2002. We are extremely honored that she took the time to talk to us and share her views. Her responses below are exactly as she provided.

        The questions here are not philosophical or abstract. They focus on the realities of the international power struggle unfolding in real time. They directly address the role of the U.S. in the escalating tensions and its capacity to reduce them. We also probe the role of everyday citizens in affecting the relationship the U.S. now has and will have with the rest of the world community.

      • Survey Confirms Los Angeles Sheriff’s Department Is Still Home To Dangerous Gangs, Has No Solid Plan To Eliminate Them

        The Los Angeles Police Department has spent years compiling a “gang database.” The term “compile” is used loosely, because the LAPD decides people are gang members just because they know gang members, or are related to them, or live in the same buildings, or work near them, or pass through gang-controlled neighborhoods, or go to school with gang members, or just (as non-gang people are wont to do) wear clothes, shoes, and hats. It’s ridiculous.

      • Opinion | Good Riddance to the Horrible Failures of CENTCOM

        The bad news stemming from the ill-planned and ill-managed U.S. evacuation of the Afghan capital just kept coming in. The Washington Post put it this way in blowing the whistle on the culminating disaster: “U.S. military admits ‘horrible mistake’ in Kabul drone strike that killed 10 Afghans.”

      • The Myth of a New “Cold War” Between the U.S. and China/Russia

        Outraged French President Emmanuel Macron denounced the Biden-approved agreement as blatant “Trumpism” and withdrew the French ambassador to the U.S., the first and only such termination of diplomatic relations with France in some 250 years. “Trumpism” has in recent years come to be defined as “America First” or “MAGA,” Make America Great Again, including the imposition of U.S. tariffs not only against China but against Western European nations and Canada. At the time Democrats and leading U.S. corporate think tanks, including the Council on Foreign Relations, pilloried Trump’s tariffs but the Biden administrations has largely maintained them all and indeed, expanded their scope and impact. No doubt, there are always major divisions within the U.S. ruling class – not to mention among and between their international counterparts – when their base economic interests are in conflict.

        Pivot to Asia

      • Constructive Criticism Rooted in Respect: A View from Vietnam

        In other words, because Mr. Pierre has the passport of a former colonial power that brutally exploited Vietnam and its people until it was decisively defeated at the Battle of Điện Biên Phủ in 1954, he doesn’t have the right to constructively criticize anything that is happening here in 2021.

        Vietnam and presumably other countries that France colonized get an unlimited pass on any societal problem, big or small. What does that have to do with the existential problem of air and water pollution? You guessed it: absolutely nothing.

      • Black Residents of Minneapolis Say They Need More Cops—Not Fewer

        Minneapolis, Minn.—On a quiet Sunday afternoon, Don Samuels emerged from his home on the northern wing of this city, wearing a black hoodie with “Pratt” printed on the chest. Clinging to his iPhone, Samuels sat on the porch as he typed the final words of a message he had been writing to a woman.

      • Mali junta’s sovereignty push arouses hope, fear amid troubled anti-jihadist struggle

        “But even though many Malians like the emphasis on national sovereignty, they are also concerned about where it may lead,” Tounkara continued. “If private security companies and Malian troops achieve military victories, that may well strengthen anti-French sentiment. On the other hand, if Bamako cuts ties to France and to its regional allies, it risks finding itself ostracised in the anti-jihadist struggle in the Sahel, without reliable partners to support it. That would be enormously disappointing to the Malian people.”

      • Arson attack on house of critic of Islam in Dresden, Germany

        The so-called Molotov cocktail was thrown onto the balcony on the first floor of the shell of the building in the street Brückenstraße at around 3:30 a.m. last Saturday. As a result, a fire broke out. The resulting damage to property cannot yet be quantified. The Police Counter-Terrorism and Counter-Extremism Centre has taken over the investigation.

    • Transparency/Investigative Reporting

      • Scientist: Mysterious beacons source of MS Estonia survey interference

        A scientist says he believes he has found the source of mysterious interference experienced in sonar and other devices during an investigation into the wreck of the MS Estonia, which sank in 1994 with the loss of 852 lives. The scientist, a hydrographer called Peeter Ude, says the source is transmitter beacons installed on the sea-bed and close to the wreck, but who placed them there, why and when remains unclear, he says.

    • Environment

      • 50 years of Greenpeace: Looking back and looking forward

        Some observers object, claiming that “there is no limit to growth,” or “no limit to human ingenuity,” but the lessons of the natural world tell us otherwise. Some extreme technology-obsessed billionaires imagine that we’ll colonize other planets and leave the depleted Earth behind.

        I ask this question to myself virtually every day: How do we change the human trajectory, away from growth, chaos, and collapse? What path will lead us toward genuine sustainability? I suspect that our progeny — and all other species — will be far better off if we embrace our relationship with the living Earth, learn from nature itself, consciously contract, slow our economies, and allow wild, untrammeled natural habitats to expand.

      • Joe Manchin, America’s Climate Decider in Chief, Is a Coal Baron

        This story originally appeared in The Guardian and is republished here as part of Covering Climate Now, a global journalism collaboration cofounded by The Nation and Columbia Journalism Review to strengthen climate coverage.

      • ‘Be Our Climate President’: Biden White House to Face Full Week of Protests

        Climate justice campaigners plan to descend on Washington, D.C. in October to protest outside the White House for a week straight, calling on President Joe Biden to declare a climate emergency and end all new fossil fuel projects.

        The Build Back Fossil Free coalition announced the People Vs. Fossil Fuels: Biden’s Test demonstrations, to be held October 11-15, in a statement Thursday. The week of action will come just before COP 26, a United Nations climate summit scheduled to begin in Scotland at the end of next month.

      • The New ‘Con’ in Conservation: Why the Proposed Voluntary, Paris Agreement-Style, ‘30×30’ Target for Protected Areas Won’t Save the World’s Biodiversity

        Proposals to protect a third of the Earth for wildlife (or even ‘half Earth’, as suggested by some extremist conservationists) have been around for decades, but the idea has only been taken up as a serious proposition over the last couple of years. A target of 30% by 2030 has been included in a new draft action plan for 2020 to 2030 under the global Convention on Biological Diversity. A coalition of 60 governments led by France and Costa Rica is lobbying heavily for the idea.

        During the World Conservation Congress just finished in Marseille, I asked the French government’s co-coordinator of this so-called ‘High Ambition Coalition’ how they foresaw the target working in practice. Key issues are not clear. Would each country have to designate 30% of its territory for conservation, or would it be a global target and, if so, how would it be determined which countries protected what, bearing in mind that biodiversity is very unevenly distributed around the planet?

      • Energy

        • PennEast Pipeline Cancelation Could Signal ‘End of an Era’ for Unnecessary Fossil Fuel Projects

          A major natural gas pipeline in Pennsylvania was canceled this week in the face of a thicket of legal obstacles and intense local opposition. The cancelation may punctuate what could be the end of a decade-long pipeline building frenzy in the U.S. as federal regulators begin to heed calls from activists and local communities to increase scrutiny over unneeded pipelines crisscrossing the country. 

          The PennEast pipeline would have carried Marcellus shale gas from Luzerne County, Pennsylvania, across the Delaware River and to Mercer County, New Jersey. But the developers of the project canceled it on September 27, citing its inability to obtain state-level water quality permits from New Jersey. The decision came three months after the company won a case before the U.S. Supreme Court related to the corporation’s ability to seize state land using eminent domain authority.

        • Head of California Utility Regulator Resigns Less Than One Year Into Six-Year Term

          The head of California’s powerful utility regulator announced to staff that she would be leaving her position at the end of the year, less than one year into a six-year term.

        • Oil Production To Grow Over the Next Five Years, OPEC Says

          In that year, the planet will have 9.5 billion people who will consume 108 mbd of crude oil, although the diffusion of energy efficient technologies could reduce the oil demand by over 8 mbd. Despite this, oil “will continue to be the fuel with the largest share in the world energy basket.”

      • Wildlife/Nature

        • Wild Birds Will Be Protected Once Again, As U.S. Resumes Enforcing Rules On Companies

          The Biden administration said Wednesday it will draft rules to govern the killing of wild birds by industry and resume enforcement actions against companies responsible for deaths that could have been prevented, a longstanding practice that ended under President Donald Trump.

          The move came as North American bird numbers have plummeted drastically in recent decades. That decline was punctuated by news Wednesday that the famed ivory-billed woodpecker and 22 other species of flora and fauna have gone extinct.

      • Overpopulation

        • Religion, religiosity, fertility and contraception in Sub-Saharan Africa – Part 1, Introduction to studies of religion

          How important is religion and belief in the supernatural for family life, contraceptive use, fertility, and family size? Presumably many of our readers have considered the role played in high-fertility societies by the belief that “children are God’s will”. In this blog series based on a literature review1, we focus on Sub-Saharan Africa (SSA) and summarize much evidence about the importance of religion and religiosity. SSA has the highest degree of religiosity and highest fertility rate in the world. In part 1 below, we give background on scientific research into religion – an active field with intriguing theories and findings.

        • We Used Up All the Earth’s Resources on July 29th—Here’s What That Means for the Planet (and Us)

          This year, Earth Overshoot Day fell on July 29th, which means humans currently use 74% more resources than what the planet can regenerate. In this episode of Good Together, Brightly’s co-founder and CEO, Laura Wittig, spoke with Sarah Baillie, the population and sustainability organizer at the Center for Biological Diversity, about how our everyday consumption plays a role and what we can do to ensure our resources are sustained.

        • Over-population: Threat to mankind

          Finding a long-term solution to overpopulation is bringing down the human population which our earth can support and living with decent conditions is all that’s needed. If the equilibrium doesn’t maintain it creates a misbalance on the environment and economy. It’s a fancy issue for those that don’t know the way overpopulation could be a threat to mankind and our earth evolved changes within the past few decades. Somewhere the population increasing with the speed of sunshine and somewhere it’s minimal.

          Overpopulation is an alarming threat and if not taken into control, it will cause severe consequences in the future. Literacy and poverty are the two main causes that should be taken in control with the right steps to avoid the misbalance. Overpopulation is the evil root for climate change, poverty, unemployment, and conflicts. There are a million children who don’t have family their adoption is an option and home or shelter will be provided to them and collectively as humans, we have the power to make a world a better place to live in.

    • Finance

      • Progressives Deliver Message to Democrats on Infrastructure: ‘Don’t F**k This Up’

        The progressive activists in the stands at Wednesday night’s congressional baseball game held up a series of banners, one of which said “Dems Don’t Fuck This Up,” and another that read “Our Lives Are a Game: Pass $3.5T.” A third banner declared: “Reconciliation First / Hold the Line.”

        “We are going to make sure we deliver the entirety of the president’s agenda, because… 96% of Democrats in the House and Senate agree that that’s the right thing to do.” —Rep. Pramila Jayapal

      • Progressives Remain United on Holding Democrats to Infrastructure Promises
      • Opinion | Close This Perverse Tax Loophole in Order to Save Jobs and Fund Infrastructure

        The multi-trillion-dollar budget reconciliation bill moving through Congress represents an enormous opportunity to invest in unmet human and environmental needs. It’s also the best chance we have to close loopholes that help the wealthy avoid their fair share of taxes.

      • Opinion | When the New York Times Colludes With the Billionaire Class

        According to a White House analysis (9/23/21), the country’s 400 wealthiest families have an effective tax rate of just over 8%. At the New York Times (9/23/21), reporter Jim Tankersley was quick to cast doubt on the figure.

      • “A Moral Crisis”: Reverend William Barber on Why Congress Must Pass $3.5 Trillion Bill

        Activists continue to call on Democratic leaders to pass the $3.5 trillion Build Back Better Act, which expands the social safety net and includes measures to address the climate crisis. Progressives remain resolute in their opposition to passing a bipartisan $1 trillion infrastructure bill unless it is paired with the larger package. The Build Back Better Act represents “economic investment in the lives of poor and low-wealth people in this country,” says Reverend William Barber, co-chair of the Poor People’s Campaign. “The question here is not ‘What will it cost if we do this?’ What will it cost if we don’t do this?”

      • Schumer Announces Deal Reached With GOP Senators to Fund Government Through Dec
      • Utilities Took $1.25 Billion in Pandemic Aid Then Shut Off Power to Households Nearly 1 Million Times: Report

        Over a dozen leading U.S. utility companies took more than a billion dollars of publicly-funded pandemic bailout money while pulling the plug on power to vulnerable households nearly a million times, according to a new report out Thursday.

        “It is clear that private utilities prioritize profits and shareholder satisfaction over all else, including customer health and the climate.”—Chris Kuveke, BailoutWatch

      • “In Those Pictures, You Can See the Community”

        In East and West Garfield Park, Chicago, we sought out residents’ archives to shed light on a neighborhood the city neglected.

      • When Will the US Break Free from the Clutches of Its Grifters?

        Thus it surprises nobody to discover that when Donald Trump and the people around him learned, in mid-November of 2020, that there was absolutely no meaningful voter fraud in that month’s election, they chose, instead of acknowledging the truth, to go ahead with a plan to raise over $200 million dollars (and counting).  That even today “President Trump” is sending out one or two fundraising emails a day, each one with the tiny “make this a recurring donation” box pre-checked.

        Republican appointees on the US Supreme Court cracked open the door for professional grifters in 1976 when, for the first time in American history, the Court redefined politicians taking money from billionaires away from being “political corruption” and “bribery” — what such behavior had been called since the beginning of the republic — to instead say it was a mere “exercise of free speech” on the part of the morbidly rich.

    • AstroTurf/Lobbying/Politics

      • When Democrats Go Small, They Lose Big

        President Franklin Delano Roosevelt taught Democrats how to keep power by enacting bold programs that spoke to the pressing needs of working-class Americans. Unfortunately, the heirs to what is still referred to as “the party of FDR” have spent the better part of 75 years trying to unlearn that lesson.

      • Social Media Regulation In African Countries Will Require More Than International Human Rights Law

        There has been a lot of focus on moderation as carried out by platforms—the rules social media companies base their decision on what content remains online. There has however been limited attention on how actors other than social media platforms, in this case governments, seek to regulate these platforms. 

      • Progressives Hold the Line as ‘Manchema’ Side With Oligarchy Against Biden Agenda

        Political observers predicted three options late Thursday as it remained unclear whether Speaker of the House Nancy Pelosi would still hold a vote on the Bipartisan Infrastructure Framework, or BIF, which has stirred a Capitol Hill fight between a small band of corporate Democrats in Congress and the rest of the party anchored by the Congressional Progressive Caucus.

        As of this writing, there was no final word other than promises earlier in the day by Pelosi that a vote would come—even though fresh public comments from Sen. Joe Manchin (D-W.V.) made it clear that a chasm remains between his opposition and that of Sen. Kyrsten Sinema (D-Ariz.) and House Democrats  on the $3.5 trillion Build Back Better Act that must ultimately be passed via the bicameral reconciliation process.

      • Donald J. Trump: Traitor

        “There is an unfolding assault taking place in America today,” President Biden said in Philadelphia on July 13. “An attempt to suppress and subvert the right to vote in fair and free elections, an assault on democracy, an assault on liberty, an assault on who we are — who we are as Americans.”

        All the world knows who is leading that assault: Donald Trump. Why then isn’t the President, or Democrats, or liberal and progressive opinion writers calling Trump and his high-ranking followers traitors? Not just “fascists” and “autocrats” but traitors. Aren’t the Trumpists committing treason by actively subverting constitutional democracy, the very fabric of our political system?

      • Most Americans Want Dems in Charge of Congress Next Year, Polling Data Shows
      • In Anti-Reconciliation Blitz, Exxon Spent $275,000 on Facebook Ads in One Week
      • Biden’s Immigration Policy Picks Up Where Trump Left Off

        Mass opposition to Donald Trump began with immigration. His racist rhetoric and barbaric policies around immigrants and asylum-seekers are what first fueled outrage among liberals, as well as among people who were otherwise apolitical. Politicians, pundits, and rank-and-file Democratic voters alike rightfully decried Trump’s migrant policies, with some going as far as to compare the administration to the Nazi regime.

      • YouTube Deletes RT German-Language Channels Over COVID-19 ‘Misinformation’

        Video-sharing platform YouTube has deleted two German-language channels managed by Russia’s state-owned media company RT, prompting Moscow to blast the company for “censorship” and vow retaliation.

      • Keynote Speech by President of the Republic of Finland, Sauli Niinistö, at the FIIA Forum, Helsinki, 29 September 2021

        An important legacy of the original Conference on Security and Cooperation in Europe, held here in Helsinki in 1975, was the spirit of that meeting. The willingness of competitors and adversaries to sit at the same table, despite their disagreements. Such a spirit is in high demand today, on the global level.

        We urgently need to respond to fundamental questions of war and peace, climate change and biodiversity loss, pandemics and the challenges of new technologies. We can only succeed in that together. It is a question of our common human responsibilities. What kind of a world will we leave to future generations?

        Above all, these are not some distant global issues, somehow detached from our national interests. They are at the heart of our own security. And therefore, they reside at the very centre of Finland’s foreign and security policy.

    • Censorship/Free Speech

      • U.S. Supreme Court Upholds Public School Students’ Off-Campus Speech Rights

        The case, Mahanoy Area School District v. B.L., involved a public high school student who was placed on the junior varsity cheerleading squad after failing to make varsity. Out of frustration, Brandi Levy (later identified by her full name since she is no longer a minor) shared a “snap” with her middle finger raised and text that said, among other things, “fuck cheer.” The message was posted on a Friday night from a local convenience store. The cheerleading coaches suspended Levy from the J.V. squad for a year after one of her Snapchat connections took a screen shot of the message and shared it with them.

        The school justified the punishment of Levy’s off-campus speech by invoking the Supreme Court’s opinion in Tinker v. Des Moines Independent Community School District (1969), which held that students may not be punished for their on-campus speech unless the speech “materially and substantially” disrupted the school day or invaded the rights of others. The school further justified Levy’s suspension on the ground that social media posts generated off campus can easily be brought onto campus given the widespread use of cell phones and the internet. We argued that Tinker should not be used to punish off-campus speech—including social media speech.

        In ruling in favor of Levy, the Supreme Court did not go as far as we had hoped. The Court held that Tinker may sometimes justify restrictions to off-campus speech: “[W]e do not believe the special characteristics that give schools additional license to regulate student speech always disappear when a school regulates speech that takes place off campus.”

      • Leader of Prestigious Yale Program Resigns, Citing Donor Pressure

        Four months of wrangling over the program later, Professor Gage resigned after the university administration informed her that a new advisory board it was creating to oversee the course under previously ignored bylaws would be dominated by conservative figures of the donors’ choosing, including, against her strong objections, Henry A. Kissinger, the former secretary of state under President Richard M. Nixon.

        Her resignation, which Yale has not yet made public, raises the question of where universities draw the line between honoring original agreements with donors and allowing them undue sway in academic affairs. It’s a question that can become turbocharged when colliding political visions, and the imperatives of fund-raising, are involved.

      • Iranian Singer Googoosh Raises Her Voice To Keep Her Nation’s Culture Alive

        She was forbidden from participating in any type of public gathering. “They tried hard to erase me—I mean, erase my name, erase my position, erase my songs, erase my face, erase the memory of me,” she says. “But they couldn’t.”

        At the peak of her career, Googoosh was forced to live in silence for 21 years. Then, in July of 2000, the government granted her permission to visit her family in Los Angeles, and she left. Her first stop was in Toronto. At the Air Canada Center Arena, 18,000 fans waited for her return with open arms.

        Reminiscing about that auspicious day when she returned to the stage, Googoosh tears up. “I was speechless, and then I had fear,” she explains. “I didn’t know if I can take care of these people. But it happened.”

      • In Hong Kong, access to online museum about Tiananmen Square appears blocked

        Hong Kong users have not been able to access the website from the city since Thursday without using virtual private networks. Internet service provider PCCW declined to comment. Providers HKBN and 3HK did not respond to requests for comment.

        “This is a disgraceful act to erase historical memory,” the online museum said in a statement.

        Police officers take away a cardboard featuring the image of Goddess of Democracy from the June 4th museum in Hong Kong on Sept. 9, 2021.Kin Cheung / AP Hong Kong police said they could not comment on individual cases, but said national security legislation states that “police may require service providers to take actions to prohibit electronic messages posted on electronic platforms that are likely to endanger national security.”

      • Govt wants to impose centralised censorship office: RSF

        In a statement issued on Wednesday, the Reporters Without Borders (RSF) said that along with its Pakistani partner, the Freedom Network, it is supporting the campaign that Pakistani journalists have launched against the proposed legislation.

        The draconian proposed law was unveiled in June and would create a powerful new entity called the Pakistani Media Development Authority (PMDA).

      • Woman gets death, fine for blasphemy in Lahore

        The judge, after going through the statements of the witnesses and their cross examination, observed that the oral and material evidence proved beyond reasonable doubt that the suspect wrote and distributed the writings attributed to her.

      • Xiaomi censorship allegations may cloud its global ambitions, expansion plans

        Last week, a report by the Lithuanian defence ministry’s National Cyber Security Centre (NCSC) alleged that Xiaomi’s Mi 10T 5G smartphone, which is widely sold in Europe, has a built-in ability to detect and censor terms such as “Free Tibet”, “Long live Taiwan independence” or “democracy movement”.

      • First look: Rick Scott probes LinkedIn, Microsoft on censoring U.S. journalists in China

        Sen. Rick Scott (R-Fla.) sent a letter to Microsoft and LinkedIn leadership on Thursday questioning why LinkedIn censored the profiles of U.S. journalists from the company’s China-based platform this week, according to a letter obtained by Axios.

        Driving the news: LinkedIn — which is owned by Microsoft — notified several U.S. journalists this week, including Axios’ Bethany Allen-Ebrahimian, that their accounts will no longer be viewable in China due to “prohibited content” on their profile.

    • Freedom of Information/Freedom of the Press

    • Civil Rights/Policing

    • Internet Policy/Net Neutrality

      • Google, NBC Bring Dumb Cable TV Blackout Feuds To Streaming

        For years cable TV has been plagued by retrans feuds and carriage disputes that routinely end with users losing access to TV programming they pay for. Basically, broadcasters will demand a rate hike in new content negotiations, the cable TV provider will balk, and then each side blames the other for failing to strike a new agreement on time like reasonable adults. That repeatedly results in content being blacked out for months, without consumers ever getting a refund. After a few months, the two sides strike a new confidential deal, your bill goes up, and nobody much cares how that impacts the end user. Rinse, wash, repeat.

      • My changing (citation) style of external links here on Wandering Thoughts

        Instead, the growing amount of information I include about the link is a quiet reaction to the unfortunate fact that over time, an increasing number of URLs will stop working. More and more I’ve come to feel that the more information I include about a URL, the better for the future, both for me and for other people. If I put in the full title and even the name the author uses, there’s a higher chance that some copy of the page can be found in search engines, even if the domain changes, the site is restructured, the form of the URLs all change, and so on.

      • Open Access Model Can Leverage Historic Funding to Drive Broadband Expansion

        The model comes with several inherent benefits over conventional approaches, the conference heard. “When a community owns [the infrastructure] they’re going to build it to the specs they need,” McKinley explained. “Private [carriers] will employ cost-cutting methods wherever they can.”

    • Monopolies

      • Google Urges EU Judges to Slash ‘Staggering’ $5 Billion Fine

        The search-giant’s power over mobile phones is the focus of a week-long court hearing. Google’s lawyers are arguing that the European Commission blundered by demanding changes to allegedly anti-competitive contracts with suppliers of phones running its Android operating system — the engine room for the vast majority of mobile devices in the region.

      • Patents

        • How to respond to China’s bid to join the CPTPP

          The CPTPP is largely an agreement to treat companies equally, regardless of the country they come from. Importantly, it is intended to be a ‘high quality’ agreement. So, for instance, while Article 2.4 focuses on the elimination of customs duties, China has recently demonstrated a willingness to use informal trade restrictions, such as unofficial instructions to simply not process goods coming from Australia. Such moves would certainly be against the spirit of the CPTPP.

      • Copyrights

        • Eddy Grant Copyright Infringement Lawsuit Against Donald Trump Moves Forward

          Eddy Grant filed the lawsuit in New York in September 2020 after the campaign used his work in an online video. The clip features a fast train mean to represent the Trump campaign, while Joe Biden trails along in a manually operated vehicle. Twitter removed a viral copy of the video following a copyright claim from Grant.

          Eddy Grant is just one of many artists who pushed back against the Trump campaign using his music. Other artists who objected to their music being featured in political campaigns include Neil Young, The Rolling Stones, Panic! at the Disco and many more.

        • Disney and Scarlett Johansson have settled their lawsuit

          Terms of the settlement weren’t disclosed

        • YouTube TV and NBCUniversal agree to ‘short’ extension to avoid channels disappearing

          According to NBCUniversal, the standoff over carriage — which has become all too common in the streaming wars, particularly when it comes to regional sports programming — involved a demand for what an NBCUniversal source close to the matter described as a fair rate relating to marketplace terms. A spokesperson for YouTube, meanwhile, said that the company was negotiating for terms that it sees as fair based on industry standards and the size of its service. The spokesperson also said that NBCUniversal asked YouTube TV to bundle Peacock, which the spokesperson claimed would result in users paying twice for the same content.

        • Cloudflare Books Partial Victory in ‘Thothub’ Piracy Lawsuit

          Cloudflare has booked a partial victory in a piracy lawsuit filed by several models whose photos leaked online. The CDN provider previously offered its proxying service to the now-defunct website ‘Thothub’. The court agreed with Cloudflare that there’s no evidence for direct infringement, but the contributory copyright infringement claim remains intact.

        • Accused Pirate Asks Court to Dismiss Lawsuit from Suspended ‘Copyright Troll’

          An accused pirate has asked a Texas federal court to dismiss a copyright lawsuit filed by Malibu Media. The adult entertainment company, which has sued thousands of people over the years, is currently suspended by California’s Franchise Tax Board. The defense argues that, due to this suspension, the company is not allowed to maintain a lawsuit.

        • Copyright Continues To Be Abused To Censor Critics By Entities Both Big And Small

          We’ve talked far too many times about how the DMCA takedown processes across internet industries as they stand are wide, wide open for abuse. From churches wielding copyright to attempt to silence critics engaging in protected speech, to lawyers using copyright to try to silence critics engaging in protected speech, to freaking political candidates abusing YouTube’s DMCA notice process to silence critics engaging in protected speech… well, you get the idea. The point is that we’ve known for a long, long time that the current method by which the country and companies currently enforce copyright law tilts so heavily towards the accuser that it’s an obvious avenue for misuse.

[Meme] Over-the-Web JavaScript Itself is the Problem (Someone Else’s Server Running Code on Someone Else’s PC)

Posted in Free/Libre Software, FSF at 3:19 am by Dr. Roy Schestowitz

Alex Oliva et al (including Richard Stallman) mentioning Gemini: Alexandre Oliva: The WWWorst App Store

Yesterday (by FSF): FSF announces JShelter browser add-on to combat threats from nonfree JavaScript | Keeping your freedom intact when registering or renewing as a DMCA agent

I told you. Just move to Gemini. I've made more JS.
Workarounds are not solutions. Maybe another approach is, let’s get off the Web (to the extent possible). There are also benefits for the environment and that scales well for residential connections (hosting from home, self-hosting).

Gemini near 1700 October
Gemini near 1,700 known capsules now. It’s growing fast. More of us adopt it [1, 2].

Summary: JavaScript as a concept (Web sites running code on someone else’s computer) is flawed; for more things we need to adopt and spread something like Gemini (where such a mindset is strongly and actively discouraged)

IRC Proceedings: Thursday, September 30, 2021

Posted in Site News at 2:53 am by Needs Sunlight

Also available via the Gemini protocol at:

Over HTTP:

HTML5 logs

HTML5 logs

#techrights log as HTML5

#boycottnovell log as HTML5

HTML5 logs

HTML5 logs

#boycottnovell-social log as HTML5

#techbytes log as HTML5

text logs

text logs

#techrights log as text

#boycottnovell log as text

text logs

text logs

#boycottnovell-social log as text

#techbytes log as text

Enter the IRC channels now

IPFS Mirrors

CID Description Object type
 Qmd9ygn4gGEK7rTg8GZft7VHcYfkMJcEnPCXzhxipKxPh7 IRC log for #boycottnovell
(full IRC log as HTML)
HTML5 logs
 Qmf8okkFW8ybyX61qSZi9pbQFb8UdyLxdNk1P9NXrb4sB3 IRC log for #boycottnovell
(full IRC log as plain/ASCII text)
text logs
 QmecFeoDDPtHJD7HYMkMzyCmWv9ixiB9kxFK8iaWZuWMsP IRC log for #boycottnovell-social
(full IRC log as HTML)
HTML5 logs
 QmWExioLPiQ8iVYroH7HwaL7tEni4Mpr3HTWbTH4oQFi6p IRC log for #boycottnovell-social
(full IRC log as plain/ASCII text)
text logs
 QmZt8ZTaKy2TJeuLT7Gz3krB9FtkUAfM6Dsa7Mrhck3WKF IRC log for #techbytes
(full IRC log as HTML)
HTML5 logs
 QmUWhsMaDi7Y4zNZYmALtj7167guEnrAWbZN44Vrs7Dv1L IRC log for #techbytes
(full IRC log as plain/ASCII text)
text logs
 QmZgMVVVp4zC9XoGgC9BYobrrRYQZNkyFV5tVaZBiDF1Mo IRC log for #techrights
(full IRC log as HTML)
HTML5 logs
 QmeAFyt44V5vahpGxwEogEbJMozJ9rdU1BmE7h5aSxU6YK IRC log for #techrights
(full IRC log as plain/ASCII text)
text logs

IPFS logo

Bulletin for Yesterday

Local copy | CID (IPFS): QmRXKRPosZ7Bz2MggcSzikrb6U91AxeDNghC3nQk4eD4fh

Links 1/10/2021: GhostBSD 21.09.29 ISO, Free Software Foundation (FSF) Vs JS Mess

Posted in News Roundup at 2:05 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • The 4 Invaluable Benefits of Switching to Linux

        Linux is an operating system used in everything from phones to cars and complex supercomputers, yet you can also use it to power your personal computer. The desktop may not be the space where you’re most likely to encounter Linux, but it’s more than worth your consideration.

        Far from being merely another tool for the job, there are several big benefits that come from taking the time to try out, learn, and maybe even stick with using the Linux desktop. Here are four advantages of switching to Linux:

        1. A Free Course in Digital Ethics

        The free and open-source community views software differently from what you encounter on commercial operating systems. On Windows, macOS, Android, and iOS, most apps come exclusively as binaries whose code you don’t have access to. This binary, though sometimes available for free, is generally a product that you pay for.

        The Linux world doesn’t focus on the binary but on the code itself. This code is a language, and the only way to know what it’s doing is to read it. If you (or other Linux users) can’t read the code, you have no way to know what it’s actually doing. You can only have the developer’s word.

        Free software is based on the four freedoms. Here they are, as defined by the Free Software Foundation…

    • Audiocasts/Shows

    • Kernel Space

      • Linux 5.14.9
        I'm announcing the release of the 5.14.9 kernel.
        All users of the 5.14 kernel series must upgrade.
        The updated 5.14.y git tree can be found at:
        	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.14.y
        and can be browsed at the normal kernel.org git web browser:
        greg k-h
      • Linux 5.10.70
      • Linux 5.4.150
      • New AMD Linux Audio Driver Patches Posted – Aimed For Enhancing Chromebook Support – Phoronix

        In addition to Linux 5.15 adding a new AMD audio driver for “Van Gogh” APUs such as found in the forthcoming Steam Deck, AMD’s open-source Linux driver engineers have also been working on other audio improvements — this time on the Chromebook front.

        A set of eight AMD Linux audio patches were sent out today. These audio patches of relevance to Renoir and Cezanne platforms seems to be driven by the Google Chromebook “Guybrush” board but may prove relevant to other hardware moving forward. That Guybrush Zen 3 Chromebook has been known since the end of last year when it began appearing in Chromium OS sources.

      • Microsoft Bluetooth Mouse Loves Linux. A GNU/Linux review of the mouse that wants a better home.

        When I bought this laptop last year, I needed a Bluetooth mouse. Nothing fancy, nothing that would break the bank. Amazon had a “Microsoft Bluetooth Mouse” in Warehouse Deals for $9.99!

        In fact, for that $10, you got a Bluetooth 5.0 LE device, no less, with battery life that goes on for months and months of constant use.

        The problem I kept hitting was that it just doesn’t work very well with Windows 10. In fact, despite all of the “This works great with Windows 10!” nonsense on Amazon, from Microsoft, the facts are that it is very frustrating due to the Bluetooth stack on Windows being utter crap.

      • Intel

    • Applications

    • Instructionals/Technical

      • How to Install Snort on Ubuntu 20.04

        Snort is an open-source lightweight network Intrusion Prevention System for running a network intrusion detection system (NIDS). Snort is used to monitor the package data sent/received through a specific network interface. Network intrusion detection systems can catch threats targeting your system weakness and vulnerabilities using signature-based detection and protocol analysis technologies.

        When NIDS software is installed and configured correctly, can identify different kinds of attack and suspicions things like CGI attacks, network policy violations, SMB probes, malware infections, a compromised system, stealth port scan, etc.

      • How to Install MERN Stack for JS Based Applications on Ubuntu 20.04

        MERN stack is a combination of MongoDB, Express, React, Node. All of them are based on Javascript and the stack is used to build modern web applications. It is comprising the front-end (React), back-end (Node and Express), and database components (MongoDB).

      • How to Install Magento on Rocky Linux and AlmaLinux

        Written in PHP, Magento is a popular open-source, and versatile eCommerce platform that provides businesses with an online shopping cart. It leverages various PHP frameworks such as Symfony and Laminas to enhance its functionality and usability.

        Magento provides you with an Administrator’s control panel that helps you create your online shop, manage product catalog, monitor transactions and invoices, and keep track of customers’ purchase behavior among many other tasks.

      • How to install ZOOM client on Debian 11 Bullseye Linux

        Zoom is a popular video conferencing software available for multiple operating systems including Linux. Here we learn the simplest way to install Zoom client on Debian 11 Bullseye Linux.

        Zoom as a conferencing software can be used to perform telephone and video conferences. The basic functions of Zoom can be used free of charge and registration is not absolutely necessary. Zoom is available both as a program for the computer and as an app for all Android and iOS devices.

        Even if the use of Zoom is basically free of charge, not all functions of the program are available to you in the basic free version. Not only is the number of participants in a conference limited to 100 people, but also its duration. If there are more than two people, the maximum conversation limit will be up to 40 minutes.

      • How to Install and Use Telnet on Debian 11 Bullseye – LinuxCapable

        Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network using a client-server protocol to establish a connection to Transmission Control Protocol port number 23

        In the following tutorial, you will learn how to install Telnet on a Debian 11 Bullseye operating system.

      • How to Install The Lounge IRC Client on Debian 11 Bullseye – LinuxCapable

        The Lounge is a web-based IRC client written in Node.js and can be installed and then accessed from any modern browser for a native-like experience without having a dedicated application installed.

      • How to Backup Linux Filesystem Using dump Command

        On a Linux operating system environment, mastering how to create and restore backups is a very important skill set. It is easier for well-versed Linux user to attain their data backup goals from the terminal environment without the need for a GUI-oriented application package.

        The Linux dump utility is effective in creating filesystem backups on an availed storage device. However, the filesystem supported by this backup utility disregards the likes of ReiserFS and FAT.

      • How To Install WordPress with LEMP (Nginx, MariaDB, and PHP) on Debian 11 Bullseye – LinuxCapable

        WordPress is the most dominant content management system written in PHP, combined with MySQL or MariaDB database. You can create and maintain a site without any prior knowledge in web development or coding. The first version of WordPress was created in 2003 by Matt Mullenweg and Mike Little and is now used by 70% of the known web market, according to W3Tech. WordPress comes in two versions: the free open source WordPress.org and WordPress.com, a paid service that starts at $5 per month up to $59. Using this content management system is easy and often seen as a stepping stone for making a blog or similar featured site.

        In the following tutorial, you will learn how to install self-hosted WordPress using the latest Nginx, MariaDB, and PHP versions available.

      • How to Install & Configure Wine on Pop!_OS 20.04 – LinuxCapable

        Wine is an open-source compatibility layer that allows you to run Windows applications on Unix-like operating systems like Linux, FreeBSD, and macOS. It is an interface that translates Windows system calls into equivalent POSIX calls used by Linux and other Unix-based operating systems.

        For Linux users, Wine is a savior when running Windows-based applications on UNIX systems. However, not all Windows applications will run in Wine and may have strange crashes or bugs. The Wine AppDB is a database containing a list of applications that have been tested and confirmed to work under Wine.

      • How to Install & Use PHP Composer on Debian 11 Bullseye – LinuxCapable

        Composer is an application-level package manager for the PHP programming language similar to NPM for Node.Js or PIP for Python. Composer provides a standard format for managing all dependencies of PHP software and the required libraries by downloading all the required PHP packages of your project and managing them for you. It is used by most modern PHP frameworks such as Laravel, Drupal, Magento, and Symfony.

        In the following tutorial, you will learn how to download and install composer, along with some essential how to work with composer on Debian 11 Bullseye.

      • How to Install Discord on Debian 11 Bullseye – LinuxCapable

        Discord is a free voice, video, and text chat app used by tens of millions of people ages 13+ to talk and hang out with their communities and friends. Users communicate with voice calls, video calls, text messaging, media, and files in private chats or as part of communities called “servers.” Discord is available on Windows, macOS, and Linux Distros.

        In the following tutorial, you will learn how to install Discord client on Debian 11 Bullseye.

      • How to Install Opera Browser on Debian 11 Bullseye – LinuxCapable

        Opera is a freeware, cross-platform web browser developed by Opera Software and operates as a Chromium-based browser. Opera offers a clean, modern web browser that is an alternative to the other major players in the Browser race. Its famous Opera Turbo mode and its renowned battery saving mode are the best amongst all known web browsers by quite a margin, along with a built-in VPN and much more.

        In the following tutorial, you will learn how to install Opera Browser on Debian 11 Bullseye.

      • How to Install Python 3.9 on Debian 11 Bullseye – LinuxCapable

        Python is one of the most popular high-level languages, focusing on high-level and object-oriented applications from simple scrips to complex machine learning algorithms. The Python language was created by Guido van Rossum and released in 1991, Python 2 in 2000, and Python 3 in 2008. Currently, the latest series in Python is 3.9 brings forward significant changes to language features, and how the language is developed along with a performance boost in new string functions, dictionary union operators, and more consistent and stable internal APIs.

      • How to Install Slack on Debian 11 Bullseye – LinuxCapable

        Slack is one of the most popular collaboration communication platforms in the world. From it was initial launch in 2013, it has grown. It is now favored amongst development teams and corporations to integrate so many services, run groups, and meetings, amongst other things. The way Slack works is to create channels for your teams, topics, customers, or co-workers. Slack also features voice and video calls, file sharing.

        In the following tutorial, you will know how to install the Slack communication platform on Debian 11 Bullseye.

      • How to Install Snap & Snap-Store (Snapcraft) on Debian 11 Bullseye – LinuxCapable

        By default, Debian does not come with Snap or Snap Store installed as this is a feature that was built by developed by Canonical as a faster and easier way to get the latest versions of software installed on Ubuntu systems, and Snap packages are installed from a central SNAP server operated by Canonical.

        Given that Ubuntu is based on Debian, Snap can be installed and, for the most part, work with most packages. There are a few conflicts with specific packages, especially when Debian spits out a new release, luckily Debian stable releases are few and far between. The issue with Snaps VS APT package manager is that Snaps are self-contained, which results in an increased .snap due to having all its dependencies included. In contrast, APT is much lighter than its snap counterpart because it doesn’t need to bundle dependencies.

      • How to Install Steam on Debian 11 Bullseye – LinuxCapable

        Steam is a video game cross-platform that Valve created. It was launched as a standalone software client in September 2003 as a way for Valve to provide automatic updates for their games and expanded to include games from third-party publishers and now boasts a library filled with thousands if not tens of thousands of games across all gaming consoles.

        In the following tutorial, you will learn how to install Steam on your Debian 11 Bullseye desktop.

      • What Does chmod 777 Mean

        Linux operating systems, like most others, offer multiple users to use the same system. This requires implementing different permissions for different files and folders to ensure the privacy of operation.

        The chmod command is used for changing these permissions for the files and folders.

        Chmod stands for change mode, and “mode” means permissions in Linux terminologies.

        In this tutorial, we’ll cover what chmod 777 means and what the command does.

      • How to Install and Use Zsh Shell in Ubuntu and Other Linux

        Oh my Zsh! Give your Linux Terminal a makeover using this guide. Here, we explain how to install, use and configure several themes in Zsh.

      • How to install tmux on Linux – Unixcop

        tmux is an open-source terminal multiplexer for Unix-like operating systems. It allows multiple terminal sessions to be accessed simultaneously in a single window.

        Tmux is useful for running more than one command-line program at the same time. It can also be used to detach processes from their controlling terminals, allowing remote sessions to remain active without being visible.

      • How to launch Steam games using Rofi | Hund

        I recently figured out how to launch my Steam games from the shell today. This means that I can now start my games via my application launcher Rofi.

      • How to install the Nessus vulnerability scanner on Rocky Linux – TechRepublic

        Nessus is a very popular vulnerability scanner used by tens of thousands of organizations across the globe. And although Nessus doesn’t prevent attacks, it does a fantastic job of checking for vulnerabilities and loopholes in your company’s infrastructure.

      • How to install DeSmuME on a Chromebook

        Today we are looking at how to install DeSmuME on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

        If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

        Most ROMs work, they must be extracted and in your Linux Files in your file manager.

      • How to Install Overlord on Linux – Unixcop

        Overlord provides a python-based console CLI which used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules such as C2, Email Server, HTTP web delivery server, and the modules and scripts will be generated on a cloud provider of choice.

        Overlord is still under development and it inspired and uses the Red-Baron Terraform found on Github.

        The tool supports AWS and Digital Ocean.

      • How To Install Hugo on Ubuntu 20.04 LTS – idroot

        In this tutorial, we will show you how to install Hugo on Ubuntu 20.04 LTS. For those of you who didn’t know, Hugo is an open-source static website generator designed for small projects and informative sites. It is written in the Go language, making it very secure and extremely fast. Hugo provides a great writing experience and is optimized for website viewing. Hugo supports unlimited content types, taxonomies, menus, dynamic API-driven content, and more, all without plugins. Additionally, you can output your content in multiple formats, including JSON or AMP

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Hugo static website engine on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • How To Install FFmpeg on Debian 11 – idroot

        In this tutorial, we will show you how to install FFmpeg on Debian 11. For those of you who didn’t know, FFmpeg is one of the best multimedia frameworks that can be used to encode, decode, transcode, and play nearly all multimedia files that have been created on any platform. FFmpeg compiles and runs on Linux, Mac OS, Microsoft Windows, BSD systems, and many more.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the FFmpeg on a Debian 11 (Bullseye).

      • Figuring out Intel’s WiFi glitches on the AX210 chipset. / Debian GNU/Linux tells you it’s glitching. Windows somewhat obscures the glitches. / More T-Mobile Nokia Trash Can lulz. – BaronHK’s Rants

        I finally figured out what will make the Intel AX210 WiFi Chipset stay connected to my router and stable, without complaining about expecting hardware encrypted frames, and “software error detected in firmware” and deauthenticating for “reason 3”, among other problems.

    • Games

      • Valve’s Steam Deck dev kit got the early benchmark treatment | GamingOnLinux

        Shared on a Chinese news website, one lucky recipient of the Steam Deck developer kit decided to show off some benchmarks although they probably weren’t supposed to.

        We already knew that the Steam Deck had some pretty impressive internals, and that Valve had said it’s “the most powerful gaming handheld in the world” in their YouTube advert. However, we’ve not really seen any good numbers until now.

        Something to remember is that this is a dev kit, and so tweaks are likely to be made before the consumer units go out. Not only that but plenty of developers will no doubt be tweaking their games ahead of time. There will also be multiple updates to the Steam Play Proton compatibility layer before release too for running Windows games on it.

      • Third in the To The Moon series, time-loop adventure Impostor Factory is out | GamingOnLinux

        Ready for more adventuring that might make you need a tissue to dry your eyes? Freebird Games are back for the third game in the To The Moon series with Impostor Factory.

        Described as a “bonkers time-loop tragicomedy murder mystery thriller featuring multiple casualties and a suspicious cat” I still don’t quite get if it’s a sequel, a prequel or what. The good thing is you don’t need to know either, as it’s playable completely standalone to their previous games. This time the story is focused on a character named Quincy, who was invited to some sort of party at a suspicious secluded mansion that has a time machine in the bathroom and somewhere along the way people start dying.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • A future pentablet review

          Hey, look what I just received! A tablet from GAOMON for a video review oriented GNU/Linux and Krita (soon).

      • GNOME Desktop/GTK

        • If you use DuckDuckGo, you probably aren’t reading this.

          DuckDuckGo doesn’t put any of my posts on the front page of its results even when you specifically search for them.

          According to Wikipedia, DuckDuckGo has an “anti-content farm” policy that was created by CEO Gabriel Weinberg, and it was designed to filter out “sources of low quality articles”.

          While there’s nothing wrong with this in theory, in fact, I am quite angry that they don’t think that what I have to say should be in their results at all, even if you search specifically for me.

          Techrights has a page about DuckDuckGo’s shifty practices. Also, another one updated with more nasty things they do in 2021.

          GNOME Web defaults to DuckDuckGo as a way to earn search royalties, and some others do too. They pay very little, but more than Google will to some smaller projects, and so unfortunately Tor also uses it and this after the pittance of something like $40,000 in a one off donation, if memory serves correctly.

          Interestingly, GNOME Web has been making the Google experience better lately. In addition to lying to it with UA hacks to make it think you use Chrome and to silence the Get Chrome spam, they’ve added a YouTube ad blocker in the version “41” release and also, the option (disabled by default) in the privacy settings to get instant search results if you use Google.

    • Distributions

      • Nitrux 1.6.1 Is Here as One of the First Distros to Ship with Linux 5.14 as Default Kernel

        The new release, Nitrux 1.6.1, is here with Linux kernel 5.14.8 as default kernel, alongside Linux kernel 5.10.69 LTS and Linux kernel 5.4.149 LTS for users who want to use a long-term supported kernel, as well as the KDE Plasma 5.22.5 desktop environment, KDE Gear 21.08.1 and KDE Frameworks 5.86 software suites.

        On top of that, it includes the recently released Inkscape 1.1.1 scalable vector graphics editor and Mozilla Firefox 92 as default web browser, which is available as a sandboxed AppImage by default.

      • How To Pick a Linux Distribution

        I have suffered from distrohopping. Now that I have settled for the last two years, here are some tips to save your time.

      • BSD

      • Screenshots/Screencasts

      • IBM/Red Hat/Fedora

        • Advance your Red Hat OpenShift skills to run Kubernetes at enterprise scale

          As organizations expand their footprint within cloud-native architectures, Red Hat OpenShift and Red Hat products that extend its functionality become key to scaling infrastructure to manage more workloads and applications. Red Hat now offers an extensive portfolio of training and certifications to teach the skills required for these advanced Red Hat OpenShift capabilities.

          We have recently launched advanced training courses to help teams and individuals looking to increase self-sufficiency in Red Hat OpenShift administration. And we have even more that are currently in development. We’ll provide some course highlights in this post.

        • Red Hat Ansible Automation Platform 2 Drives Cloud-Native Automation and Helps Developers Become Automators

          Red Hat, Inc., the world’s leading provider of open source solutions, today announced Red Hat Ansible Automation Platform 2 as the company’s new standard for hybrid cloud automation. Refined for the evolving realities of computing at hybrid cloud scale, the latest version of the platform adds self-contained automation capabilities while shifting automation more deeply into the application development lifecycle.

        • Red Hat Ansible Automation Platform 2 Now Fully Restructured For A Hybrid Cloud-Native World

          Red Hat has announced Red Hat Ansible Automation Platform 2 as the company’s new standard for hybrid cloud automation. Refined for the evolving realities of computing at hybrid cloud scale, the latest version of the platform adds self-contained automation capabilities while shifting automation more deeply into the application development lifecycle.

    • Devices/Embedded

      • Open Hardware/Modding

        • Super 8 Camera Brought Back To Life

          The Super 8 camera, while a groundbreaking video recorder in its time, is borderline unusable now. Even if you can get film for it (and afford its often enormous price), it still only records on 8mm film which isn’t exactly the best quality of film around, not to mention that a good percentage of these cameras couldn’t even record audio. They were largely made obsolete by camcorders in the late ’80s and early ’90s, although some are still used for niche artistic purposes. If you’d rather not foot the bill for the film, though, you can still put one of these to work with the help of a Raspberry Pi.

        • Powercoders and Arduino #Include Promote Equal Opportunities

          The Arduino #include program was first announced as part of 2021’s Arduino Day. Since then we’ve been working with Powercoders, which runs a bootcamp to promote equality in the IT industry.

    • Free, Libre, and Open Source Software

      • Open Source is a Relay Race: Reflections from our Outgoing Interim General Manager

        I’ve been an individual member and occasional volunteer of the OSI for a long time, but signing on in August 2020 as Interim General Manager was a jump into the deep end. Much of OSI’s past work was informed by the connections and conversations held with members and stakeholders in person, so we had to chart a different path while still grounded by the COVID-19 pandemic.

        My challenge was to look for ways to continue our work during lockdown, keep the organization moving forward through a transitional year and support the board on its journey towards a visioning body that works with a staff-driven organization. Now it’s time to hand things over to our new Executive Director, Stefano Maffulli but first I’d like to recap my time spent in navigating these waters.


        I’m leaving OSI but will still be active in the free and open source software community. I’m looking forward to seeing all of you at in-person events again (eventually) and at many online events like SeaGL and the CROSS Research Symposium or on upcoming video calls where we’re collaborating to build a robust, diverse, welcoming and sustainable future for open source practitioners and advocates.

        As I step down from my year as the Interim General Manager, I’m proud to remain a friend and individual supporting member of the OSI.

      • Events

        • Linux Plumbers Conference Matrix and BBB integration

          The recently completed Linux Plumbers Conference (LPC) 2021 used the Big Blue Button (BBB) project again as its audio/video online conferencing platform and Matrix for IM and chat. Why we chose BBB has been discussed previously. However this year we replaced RocketChat with Matrix to achieve federation, allowing non-registered conference attendees to join the chat. Also, based on feedback from our attendees, we endeavored to replace the BBB chat window with a Matrix one so anyone could see and participate in one contemporaneous chat stream within BBB and beyond. This enabled chat to be available before, during and after each session.

          One thing that emerged from our initial disaster with Matrix on the first day is that we failed to learn from the experiences of other open source conferences (i.e. FOSDEM, which used Matrix and ran into the same problems). So, an object of this post is to document for posterity what we did and how to repeat it.

        • Bottomley: Linux Plumbers Conference Matrix and BBB integration [LWN.net]

          James Bottomley explains how the integration of Matrix and BigBlueButton was done for the just-concluded Linux Plumbers Conference.

        • Debian Reunion Hamburg 2021 is almost over…

          The Debian Reunion Hamburg 2021 is almost over now, half the attendees have already left for Regensburg, while five remaining people are still busy here, though tonight there will be two concerts at the venue, plus some lovely food and more. Together with the day trip tomorrow (involving lots of water but hopefully not from above…) I don’t expect much more work to be done, so that I feel comfortable publishing the following statistics now, even though I expect some more work will be done while travelling back or due to renewed energy from the event! So I might update these numbers later

      • Web Browsers

        • Mozilla

          • This Week in Glean: Announcement: Glean.js v0.19.0 supports Node.js

            From the start, the Glean JavaScript SDK (Glean.js) was conceptualized as a JavaScript telemetry library for diverse JavaScript environments. When we built the proof-of-concept, we tested that idea out and created a library that worked in Qt/QML apps, websites, web extensions, Node.js servers and CLIs, and Electron apps.

            However, the stakes are completely different when implementing a proof-of-concept library and a library to be used in production environments. Whereas for the proof-of-concept we wanted to try out as many platforms as possible, for the actual Glean.js library we want to minimize unnecessary work and focus on perfecting the features our users will actively benefit from. That meant, up until a few weeks ago, Glean.js supported browser extensions and Qt/QML apps. Today, that means it also supports Node.js environments.

          • These Weeks in Firefox: Issue 101
          • Dyn async traits, part 1

            Over the last few weeks, Tyler Mandry and I have been digging hard into what it will take to implement async fn in traits. Per the new lang team initiative process, we are collecting our design thoughts in an ever-evolving website, the async fundamentals initiative. If you’re interested in the area, you should definitely poke around; you may be interested to read about the MVP that we hope to stabilize first, or the (very much WIP) evaluation doc which covers some of the challenges we are still working out. I am going to be writing a series of blog posts focusing on one particular thing that we have been talking through: the problem of dyn and async fn. This first post introduces the problem and the general goal that we are shooting for (but don’t yet know the best way to reach).

          • Firefox Add-on Reviews: Top anti-tracking extensions

            The truth of modern tracking is that it happens in so many different and complex ways it’s practically impossible to ensure absolute tracking protection. But that doesn’t mean we’re powerless against personal data harvesters attempting to trace our every online move. There are a bunch of browser extensions that can give you tremendous anti-tracking advantages…

      • FSF

        • FSF announces JShelter browser add-on to combat threats from nonfree JavaScript

          The Free Software Foundation (FSF) today announced the JShelter project, an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection. The project is supported by NLnet Foundation’s Next Generation Internet (NGI) Zero Privacy & Trust Enhancing Technologies fund. Collaborators include Libor Polčák and Bednář Martin (Brno University of Technology), Giorgio Maone (NoScript), and Ana Isabel Carvalho and Ricardo Lafuente (Manufactura Independente). The JShelter browser add-on is in development and the first release is available.

          Most modern Web sites contain a growing number of programs that the user’s Web browser downloads and runs automatically as pages are loaded. While these JavaScript programs can provide functionality to a site in conjunction with native browser features, they are also a significant liability both from security and privacy perspectives. Moreover, the software is typically licensed under unethical terms by the FSF’s standards, disempowering users and hampering learning and security. With a thirty-six year history of defending software ethics, The FSF recognizes the importance and urgency of both aspects of the problem and its role in solving this significant challenge. In response, the FSF has been working on an ambitious new initiative, the JShelter browser extension. This browser add-on will limit the potential for JavaScript programs to do harmful actions by restricting default behavior and adding a layer of control. JShelter is a significant next step in the FSF’s “Free JavaScript Campaign,” providing a new tool that can be used in conjunction with another related extension, GNU LibreJS, which allows the user to identify and run only freely licensed scripts.

        • Keeping your freedom intact when registering or renewing as a DMCA agent

          DMCA agent registration only lasts three years before it must be renewed. Use these add-ons to register and renew without the use of nonfree JavaScript.
          Users shouldn’t be forced to use nonfree software when interacting with their own government. Every user has the right to control their own computing, and the government shouldn’t be forcing you to download and install proprietary software just to take advantage of its services. But when it comes to registering and renewing the status as an agent under the Digital Millennium Copyright Act (DMCA) in the United States, that’s exactly what the government expects you to do.

          The U.S. Copyright Office requires a registered agent to renew their status every three years to help ensure that the agent directory stays up to date. However, the renewal can only be done online, and you are required to use nonfree software. We find this unacceptable. Fortunately, three years ago we devised a way to complete an agent’s registration circumventing the use of nonfree Javascript. Today, we confirm the process still works and it can be applied to renewal as well. We encourage everyone to learn more about these tools to access your government services in software freedom.

      • Programming/Development

        • A tale of two toolchains and glibc

          Over the past few years, the LLVM toolchain has seen increasing development and adoption alongside the older, more established GNU toolchain. The emergence of this new two major toolchain world is bringing challenges and questions for projects that need to support both, in particular the GNU C library (glibc), which only supports GCC.

          Is it worth it to fix glibc (and other projects which support only GCC) to build with LLVM? Is it better to just replace them with alternatives already supporting LLVM? Is it best to use both GCC and LLVM, each for their respective supported projects?

          This post is an exploration starting from these questions but does not attempt to give any definite answers. The intent here is to not be divisive and controversial, but to raise awareness by describing parts of the current status-quo and to encourage collaboration. The obvious elephant in the room, licensing, is left out despite being a very important topic.

        • Ratiu: A tale of two toolchains and glibc
        • 7 Open-source solutions to build eCommerce system with Vue

          Vue is a popular JavaScript framework for building frontend web apps. It is proven to be a reliable, production-ready, and development environment for enterprises.

          Vue framework community enriches it every day with reusable open-source components for almost everything.

          In this article, we explore the open-source options to build an eCommerce personalize shopping experience with Vue.

        • Perl/Raku

          • My Favorite Warnings: exiting

            Perl has various ways to transfer control out of the normal flow: die(), goto(), return(), next, last, and redo are among the sorts of things I mean. Not all of these are suitable for all circumstances, and Perl issues an exiting warning for unsuitable cases.

  • Leftovers

    • The Power and Danger of Groupthink

      Unfortunately, modern technology has brought us a new era of Groupthinkers. I have been dealing with it for years. This mind numb phenomenon is also called, The Echo Chamber. The high tech internet based tech firms are full of it. They see this as a good thing. Evan as a virtue. How dare anyone stand up to the vast majority of our high tech monopoly!

      The most obvious reason for me to oppose them is that simply put, I don’t fit in with them. I never have, nor will I ever. As a child of God, I was made to be an original.

      I used to refer to myself as an idea man. I had a lot of great ideas. I still do. There are of course many challenges to being that way. One is, how does one implement this into something real? Second is, how do I present this to others in order to gain interest?

    • Science

      • The Challenge and Promise of Quantum Computing

        Quantum computing is still very much in the experimental stages, but it’s starting to look like it could eventually be feasible and practical.

        “After decades of experimental and theoretical efforts, we are now seeing the first examples of quantum computational advantage in the areas of quantum computing and quantum simulation,” said Narang. “The opportunity now exists to build and use the most powerful quantum computers and quantum simulators to enable new applications and new science, made accessible and jointly developed by the community.”

        There are a variety of applications for quantum computing if the science becomes mainstream; some already known, others still to be discovered.

        Weidt pointed out that “the usefulness of the applications of quantum computing scales somewhat with the number of high-quality qubits.”

        “As we scale up, quantum computing is poised to radically change the way we approach problems in fields like chemistry. The vast processing power of quantum computers means we can, for example, simulate complex chemical compounds. This has implications for improved drug discovery, better batteries and cleaner fertilizers, he detailed.

    • Hardware

      • The Coming Copper Shortage: Aluminium Or Carbon Nanotubes To The Rescue? | Hackaday

        The use of aluminium in wiring is unlikely to bring a smile to the face of anyone who has had to deal with it in a 1960s, or early 1970s-era house. The causes behind the fires and other accidents were myriad, including failure to deal with the higher thermal expansion of aluminium, the electrically insulating nature of aluminium oxide, and the general brittleness of aluminium when twisted.


        As the world moves to massively expand the use of electrical cars and installation of wind turbines, copper demand is predicted to outstrip current copper supply. With aluminium likely to make a big return as a result, it’s worth taking a look at modern-day aluminium-based wiring, including copper-clad aluminium and the use of carbon-based replacements.

    • Health/Nutrition

      • Cocaine, ecstasy found in river at Glastonbury Festival

        A river that runs through the Glastonbury Festival, the largest greenfield music festival in the world, is contaminated with illicit drugs such as cocaine and ecstasy because stoned revellers often urinate on the ground, scientists said.

        Researchers from Bangor University found that concentrations of MDMA, known as ecstasy, quadrupled downstream in the Whitelake River in the week after the Glastonbury Festival when it was last held in 2019.

    • Integrity/Availability

      • Proprietary

        • Security

          • Security updates for Thursday

            Security updates have been issued by Debian (libxstream-java, uwsgi, and weechat), Fedora (libspf2, libvirt, mingw-python3, mono-tools, python-flask-restx, and sharpziplib), Mageia (gstreamer, libgcrypt, libgd, mosquitto, php, python-pillow, qtwebengine5, and webkit2), openSUSE (postgresql12 and postgresql13), SUSE (haproxy, postgresql12, postgresql13, and rabbitmq-server), and Ubuntu (commons-io and linux-oem-5.13).

    • Environment

      • Energy

        • New study shows that drought could shut down the biggest US Hydro Plants in the next few years

          According to newly-released projections from the US Bureau of Reclamations, there’s a significant chance that both Lake Powell and Lake Mead — the largest hydroelectric power sources in the country — will stop working in the next few years.

          Lake Powell had already dropped to about 33% of its capacity in July 2021. According to the Bureau’s new calculations, there’s a 34% chance of reaching “critically low reservoir elevations” by 2023. There’s a 25% chance it’ll happen by 2024.

          Lake Powell isn’t quite as dire, with only a 12% chance of dropping to critically low capacity by 2024. That likelihood goes up by another 10% in 2025, and will likely keep going up. from there.

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts