Desktop/Laptop

• Tuxedo InfinityBook Pro 14: Linux notebook lightweight with GeForce RTX 3050 Ti [Ed: From Germany, translated by machine]

  Tuxedo has presented the InfinityBook Pro 14, which is trimmed for a low weight with high graphics performance. It uses a processor from Intel’s Tiger Lake-H35 mobile series – the quad-core Core i7-11370H with a thermal design power (TDP) of 35 watts – and Nvidia’s GeForce RTX 3050 Ti graphics chip.

  As a Max-Q variant with a TDP of 35 watts, the GPU is trimmed for high efficiency. When the CPU load is low, the GeForce RTX 3050 Ti can also squeeze energy from the processor and thus allow itself up to 50 watts.

  In this maximum configuration, Tuxedo installed a 14-inch, viewing-angle display with low-temperature polycrystalline silicon technology (LTPS) in a high 16:10 format. The screen displays 2880 × 1800 pixels, illuminates with 400 cd / m² and almost completely covers the sRGB color space.

• 6 Reasons Why Linux Phones and Laptops Aren’t Cheap

  Linux is free as in freedom and free as in cost, but that doesn’t mean it comes cheap. Sure, you can download a GNU-based operating system and load it up on your computer without paying a cent. But if you want to buy a PC that already has a free and open-source desktop pre-installed, that’s going to cost you, and it’s probably going to cost you a lot.

  Why is this? Let’s look at six reasons that preinstalled Linux hardware doesn’t come cheap.

Audiocasts/Shows

• KDE Plasma 5.23 (25th anniversary edition) – New Breeze theme, accent colors, and Wayland – Invidious

• Jshelter: FSFs New Tool Against Non Free Javascript – Invidious

  The FSF has been running a compaign against non free javascript for the past 8 years and Jshelter is the next step along that journey, the purpose of this extension is to limit the privacy invasive nature of Javascript

Kernel Space

• Progress report: Asahi Linux brings forth a usable basic desktop on Apple’s M1

  Efforts to bring Linux to Apple Silicon have resulted in a basic functional desktop, according to the Asahi Linux team.

  The project kicked off in earnest with a lengthy blog post earlier this year detailing the challenges involved in getting the OS onto Apple’s latest and greatest.

  Since then Apple M1 support has been sidling into the Linux kernel and by August the GNOME desktop was shown booting up with the experience described as “not great, but usable.”

  September’s progress report, published today by founder Hector Martin, was packed with good news for fans of the project, including the comment that Asahi Linux “is usable as a basic Linux desktop” albeit without GUI acceleration.

  As for what desktop, Martin told The Register: “Whatever desktop you want, that’s up to you!”

• Linux is now ‘usable as a basic desktop’ for M1 Macs – 9to5Mac [Ed: 9to5Mac on Linux... when it's controlled by Apple via bad hardware]

  According to the progress report of September, Asahi Linux is running better than ever, although it still lacks GPU acceleration on M1 Macs as the team approached version 5.16 of the software.

  The team was able to merge some drivers such as PCIe bindings, PCIe drive, and USB-C PD drive. Princtrl drive, I2C driver, ASC mailbox driver, IOMMU 4K patches, and Device Power Management are still in review.

• Linux on the M1: progress report for September 2021 – OSnews

• Linux Finally Runs on Apple’s M1-Based Computer Natively | Tom’s Hardware

  Bringing Apple M1 support to Linux has been quite a journey so far as Apple’s system-on-chips (SoCs) use loads of proprietary technologies and methods, and Apple has not been exactly cooperative. However, developers have managed to run Linux on an Apple M1-based system and at this point the machine can be used for basic things.

  Asahi Linux, a project and community that is working to port Linux to Apple Silicon Macs, is usable as a basic Linux desktop on an Apple M1-powered PC, but without GPU acceleration, according to the progress report.

  So far, developers of Asahi Linux have managed to merge various drivers (PCIe, USB-C PD, etc.) and bindings (PCIe) for Linux 5.16. They also managed to make things like pinctrl driver (Apple GPIO pin control), I2C driver, device power management, NVMe + SART driver, and DCP (display control) driver work.

  “With these drivers, M1 Macs are actually usable as desktop Linux machines,” said Hector Martin, the head of the project. “While there is no GPU acceleration yet, the M1′s CPUs are so powerful that a software-rendered desktop is actually faster on them than on e.g., Rockchip ARM64 machines with hardware acceleration.”

• Paul E. Mc Kenney: Rusting the Linux Kernel: Summary and Conclusions

  We have taken a quick trip through history, through a number of the differences between the Linux kernel and the C/C++ memory models, sequence locks, RCU, ownership, zombie pointers, and KCSAN. I give a big “thank you” to everyone who has contributed to this discussion, both publicly and privately. It has been an excellent learning experience for me, and I hope that it has also been helpful to all of you.

  To date, Can Rust Code Own Sequence Locks? has proven the most popular by far. Porting Linux-kernel code using sequence locking to Rust turns out to be trickier than one might expect, in part due to the inherently data-racy nature of this synchronization primitive.

  So what are those advocating use of Rust within the Linux kernel to do?

• Can the Kernel Concurrency Sanitizer Own Rust Code?

  Given the data-race-freedom guarantees of Rust’s non-unsafe code, one might reasonably argue that there is no point is the Kernel Concurrency Sanitizer (KCSAN) analyzing such code. However, the Linux kernel is going to need unsafe Rust code. Furthermore, even given unanticipated universal acclamation of Rust within the Linux kernel community combined with equally unanticipated advances in C-to-Rust translation capabilities, a significant fraction of the existing tens of millions of lines of Linux-kernel C code will persist for some time to come. Both the unsafe Rust code and the C code can interfere with Rust non-unsafe code, and furthermore safe code can violate unsafe code’s assumptions as long as it is in the same module. For all I know, this last caveat might also apply to unsafe code in other modules for kernels built with link-time optimizations (LTO) enabled.

• Taming the BPF superpowers

  Work toward the signing of BPF programs has been finding its way into recent mainline kernel releases; it is intended to improve security by limiting the BPF programs that can be successfully loaded into the kernel. As John Fastabend described in his “Watching the super powers” session at the 2021 Linux Plumbers Conference, this new feature has the potential to completely break his tools. But rather than just complain, he decided to investigate solutions; the result is an outline for an auditing mechanism that brings greater flexibility to the problem of controlling which programs can be run.

  The kernel has had the ability to enforce signatures on loadable modules for years, so it makes sense to consider creating the same mechanism for BPF programs. But, while kernel modules and BPF programs look similar — both are code loaded into the kernel from user space, after all — there are some significant differences between them. The safety of kernel modules is entirely dependent on the diligence of developers. They are built and distributed via the usual channels, are tied to specific kernel versions, and can last for years; they present a stable API to user space. BPF programs, instead, benefit from safety built into (and enforced by) the loader. They are often dynamically built and optimized, they are patched at run time to avoid being tied to kernel versions, and they have a different lifetime; often, they are created on the fly and quickly thrown away. These differences suggest that the same signing mechanism might not work equally well for both types of program.

• Graphics Stack

  • Intel Removes ASTC Hardware From Gen12.5+ Graphics – Phoronix

    Somewhat of a surprising change with Intel Gen12.5 graphics is that they have removed the hardware supporting Adaptive Scalable Texture Compression (ASTC). Intel’s Linux graphics driver has now been updated to address Gen12.5+ foregoing hardware support for ASTC texture compression.

    Adaptive Scalable Texture Compression was much welcomed on the scene particularly by Linux/open-source folks when more than a decade ago S3TC texture compression was quite common but patent-encumbered and posed complications for open-source usage/adoption. ASTC support was added as official extensions to OpenGL and OpenGL ES nearly a decade ago for this lossy block-based algorithm. Since Intel Gen9/Skylake graphics there has been support for ASTC in the graphics hardware while now with Gen12.5 graphics that hardware is being removed.

Benchmarks

• AMD Ryzen 9 5900HX / ASUS ROG Strix G15 Is A Nicer Experience On Ubuntu 21.10

  Earlier this week I posted benchmarks showing how Intel Tiger Lake performance has improved nicely for Ubuntu 21.10 compared to Ubuntu 21.04. Of course, readers immediately wondered whether this also applied on the AMD laptop side… So here are some tests using an AMD Ryzen 9 5900HX with the ASUS ROG Strix G15 AMD Advantage laptop under Ubuntu 21.04, Ubuntu 21.10, and then also looking at running Linux 5.15 + Mesa 21.3-devel Git for an even more bleeding edge experience.

Applications

• Squid 5.2 is available

  The Squid HTTP Proxy team is very pleased to announce the
  availability of the Squid-5.2 release!
  
  
  This release is a security release resolving several
  vulnerabilities and bugs found in the prior Squid releases.
  
  
  The major changes to be aware of:
  
   * SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2
     (CVE-2021-28116 aka ZDI-CAN-11610)
  
   Due to an out of bounds memory access Squid is vulnerable to an
   information leak vulnerability when processing WCCPv2 messages.
  
   This problem allows a WCCPv2 sender to corrupt Squids list of
   known WCCP routers and divert client traffic to attacker
   controlled routers.
  
   This attack is limited to Squid proxy with WCCPv2 enabled and
   IP spoofing of a router IP address configured as trusted in
   squid.conf.
  
  
   * SQUID-2021:6 Improper Certificate Validation of TLS server
     certificates
     (CVE-2021-41611)
  
   When validating an origin server or peer certificate, Squid may
   incorrectly classify certain certificates as trusted.
  
   This problem allows a remote server to obtain security trust
   when the trust is not valid. This indication of trust may be
   passed along to clients allowing access to unsafe or hijacked
   services.
  
   This problem is guaranteed to occur when multiple CA have
   signed the TLS server certificate. It may also occur in cases
   of broken server certificate chains.
  
  
   * Bug 4922: Improve ftp://... filename extraction
  
   Since 3.5 Squid has incorrectly truncated FTP downloads when
   the transfer is made in ASCII mode (with ';type=' argument).
   This release can be expected to work when downloading from all
   FTP servers.
  
  
   * Bug 5164: a copy-paste typo in HttpHdrCc::hasMinFresh()
  
   This bug shows up as incorrect HIT and MISS results when
   caching responses from a server using Cache-Control:min-fresh.
  
  
    All users of Squid are encouraged to upgrade as soon as
    possible.
  
  
  See the ChangeLog for the full list of changes in this and
  earlier releases.
  
  Please refer to the release notes at
  
  http://www.squid-cache.org/Versions/v5/RELEASENOTES.html
  
  when you are ready to make the switch to Squid-5
  
  This new release can be downloaded from our HTTP or FTP servers
  
  http://www.squid-cache.org/Versions/v5/
  
    ftp://ftp.squid-cache.org/pub/squid/
    ftp://ftp.squid-cache.org/pub/archive/5/
  
  or the mirrors. For a list of mirror sites see
  
  http://www.squid-cache.org/Download/http-mirrors.html
  
  
  http://www.squid-cache.org/Download/mirrors.html
  
  If you encounter any issues with this release please file a bug
  report.
  
  https://bugs.squid-cache.org/
  
  Amos Jeffries
  

• Squid 5 Proxy Server Stable Release – itsfoss.net

  After three years of development , a stable release of the Squid 5.1 proxy server is presented , ready for use on production systems (the 5.0.x releases were beta). After making the 5.x branch stable, from now on, only fixes for vulnerabilities and stability problems will be made in it, and minor optimizations are also allowed. Development of new features will be done in the new experimental branch 6.0. Users of the previous stable 4.x branch are encouraged to plan a migration to the 5.x branch.

• Squid Proxy Server 5.2 Bugfix Release Now Available

  Squid is one of the most popular proxy/cache server, and the 5.2 version fixes several vulnerabilities and bugs found in the prior Squid releases.

  Squid is a widely-used caching proxy server for Linux and Unix platforms. This means that it stores requested Internet objects, such as data on a Web or FTP server, on a machine that is closer to the requesting workstation than the server.

  In other words, it redirects object requests from clients (in this case, from Web browsers) to the server.

  Proxies provide added layers of security and cache services that make loading processes faster. Squid supports several caching protocols, such as hypertext caching protocols (HTCP), internet cache protocol (ICP), cache array routing protocol (CARP), and web cache communication protocol (WCCP). It also processes caching requests from Domain Name Server (DNS) lookups and Secure Sockets Layer (SSL).

  Now that a new version has been announced, let’s see what has changed in Squid 5.2.

• CommaFeed, Read Your Favorite News In One Place Everywhere

  CommaFeed is an RSS feed reader accessible via web browser and can be used easily everywhere. In short, it is an alternative to Google News. It looks very simple and lightweight, and works fast! User can just subscribe news from websites they like and read them anywhere they go. Registration is free and the software behind is free as in freedom. This simple tutorial explains how to use CommaFeed for first timers. Let’s start reading!

  [...]

  For server admins, CommaFeed allows selfhosting and has ability to work with multiple other RSS clients.

• Announcing Istio 1.10.5

  This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.10.4 and Istio 1.10.5.

• OpenStack Xena, the 24th OpenStack release, is out

  It was out at 3pm, and I managed to finish uploading the last bits to Unstable at 9pm… Of course, that’s because all of the packaging and testing work was done before the release date. All of it is, as usual, also available through a Bullseye non-official backports repository that can be added using extrepo (ie: “extrepo enable openstack_xena”).

Instructionals/Technical

• Check Laptop battery status and level From CLI in Linux – OSTechNix

  Finding your Laptop battery status in GUI mode is easy. You could easily tell the battery level by hovering the mouse pointer over the battery indicator icon in the task/top bar. But, how about from the command line? Not everyone know this. The other day a friend of mine asked how to check his Laptop battery level from Terminal in his Ubuntu desktop – hence this post. Here I have included five simple methods which will help you to check Laptop battery status and level in Terminal in any Linux distribution.

• How To Install Plex Media Server on Debian 11 – idroot

  In this tutorial, we will show you how to install Plex Media Server on Debian 11. For those of you who didn’t know, Plex is a free piece of software that allows you to organize your movies, TV shows, music, and photos in one beautiful elegant interface and stream those media files on your PC, phone, TV, on the network or over the Internet. Plex can run on Linux, FreeBSD, macOS, Windows, and various NAS systems.

  This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Plex Media Server on a Debian 11 (Bullseye).

• How To Use Ungoogled-Chromium Browser on Ubuntu [Ed: Bad suggestion there, DuckDuckGo [1, 2]]

  A Chromium web browser version with Google integration completely removed for privacy-oriented computer users, that is Ungoogled-Chromium. This tutorial will explain how to install it on Ubuntu, use DuckDuckGo Search engine, and make it default browser with quick and clear instructions. Let’s do it!

• How to Install Linux Kernel 5.14 on Linux Mint 20

  Linux kernel 5.14 is out and with many new features, support, and security. The Linux 5.14 kernel release has gone through seven release candidates over the last two months and benefits from the contributions of 1,650 different developers. Those that contribute to Linux kernel development include individual contributors and prominent vendors like Intel, AMD, IBM, Oracle, and Samsung.

• How to Install Vivaldi Browser on Ubuntu and Other Linux Distributions [Ed: "It's FOSS" is pushing non-FOSS or proprietary software to people.]<

  Vivaldi is an increasingly popular web browser. It is based on Chromium, so you have Chrome like features, but it adds several other features to give a different, intuitive interface.

  It comes with tab grouping, ad blocker, mouse gestures, notes manager and even allows adding macros. You could even use split viewing to view multiple pages at once. It also respects your privacy, unlike Chrome.

• How to Install and Use SQLite On Ubuntu 20.04 LTS Focal Fossa

  Learn the commands to install SQLite Database server on Ubuntu 20.04, 18.04, or 21.04 for creating and managing Databases using it.

  What is SQLite?

  In spite of the many options available for database systems, SQLite is the standard and most simple system. This free, compact, and command-line database program allows you to share data easily with others and save it in a simple format. It is a widely used database application in computers, smartphones, and other everyday applications.

  Also, the SQLLite format is used for many desktop applications such as CAD programs, version control systems, record-keeping tools, financial analysis tools, media catalogs, and so forth.

  This type of database engine is sometimes called an embedded database as well since you can run it as a part of another program. SQLite becomes even more powerful with the SQLite browser as it is a graphical and completely free software platform for developing and designing SQLite databases. These codes are free to use for private and commercial purposes because SQLite is part of the public domain.

  Installing SQLite can be an easy task, but it requires correct knowledge. That’s why we have written this tutorial to give you in-depth details on installing and using SQLite on Ubuntu 20.04.

• How to access and manage RHEL within Red Hat Satellite | Enable Sysadmin

  If you use Red Hat Satellite to manage your infrastructure, you probably occasionally run into situations where you need to access Red Hat Enterprise Linux (RHEL) systems to gather information directly, make changes to systems, review log files, analyze performance metrics, troubleshoot issues, and more.

  Previously, if you were in the Satellite web interface and needed to drill down to a specific RHEL system to complete a task, you would generally need to open a secure shell (SSH) client application, establish an SSH connection, and authenticate to the host. Once you were logged in over SSH, you could run the necessary commands on the host.

• How to test pull requests in a web browser | Red Hat Developer
  [Ed: Red Hat is pushing Microsoft proprietary software to people. As usual…]

• What is EFS (Elastic File System) in AWS and how to use it [Ed: Proprietary vendor lock-in is something to be avoided, not advertised]

  Amazon Elastic File System(EFS) provides an NFS file system for use with AWS Cloud services and on-premises resources which is simple, scalable, fully managed. We can mount this file system either on AWS Cloud or our on-premises servers. It is built to scale on-demand, grows and shrinks automatically. This means it can grow and reduce its capacity as we add or delete files on it. It is an alternative to our legacy NFS Server.
  Amazon EFS can be quickly and easily created from the Web Console of AWS. This service manages the infrastructure for us, which means we can avoid the complexity of deploying, patching, and maintaining complex file system configurations.
  Amazon EFS supports the Network File System version 4 (NFSv4.1 and NFSv4.0) protocol.

• Sudo 1.9.8: intercepting commands • Sudo Blog

  A month ago, when sudo 1.9.8 was still under development, we checked out the new log_subcmds option. It allows you log all commands (with some limitations) that are executed by a command started through sudo. For example, you can see if a shell was started through a text editor. The intercept option brings this one step further: you can prevent sub-commands from even running.

• How To Install Mono on Debian 11 [Ed: How to hand over Debian to Microsoft]

  In this tutorial, we will show you how to install Mono on Debian 11. For those of you who didn’t know, Mono is a free, open-source development platform based on the .NET Framework. Mono supports most modern operating systems with 32-bit and 64-bit architecture. A growing family of solutions and an active and enthusiastic contributing community helps position Mono to become the leading choice for the development of cross-platform applications.

  This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Mono Framework on a Debian 11 (Bullseye).

• How to Install Blender in Ubuntu 20.04, 21.10 [All the Ways] | UbuntuHandbook

  This tutorial shows all the ways to install the 3D creation software Blender in Ubuntu, including Snap, Flatpak, native Deb packages, and compile from source tarball.

  Blender is a free open-source software for creating animated films, visual effects, computer games. It’s available to install in Ubuntu via a few different package formats. Here you may choose the one that you prefer.

• How to Install and Use TermRecord on CentOS 8 – Unixcop

  TermRecord is a simple open source tool written in Python, allows saving terminal sessions to an easy-to-share, self-contained HTML file.

  In this guide, we will show you how to install TermRecord on CentOS 8.

• OpenSSL: Check SSL Certificate Expiration Date and Get more info – Unixcop

  I will keep this tutorial short and easy to follow. With OpenSSL commands, So we can get much information from a https site like the certificate expiration date, the issuer of the certificates and fingerprint, and more things Lets start now .

• Linux Fu: Globs Vs Regexp | Hackaday

  I once asked a software developer at work how many times we called fork() in our code. I’ll admit, it was a very large project, but I expected the answer to be — at most — two digits. The developer came back and read off some number from a piece of paper that was in the millions. I told them there was no way we had millions of calls to fork() and, of course, we didn’t. The problem was the developer wasn’t clear on the difference between a regular expression and a glob.

  Tools like grep use regular expressions to create search patterns. I might write [Hh]ack ?a ?[Dd]ay as a regular expression to match things like “HackaDay” and “Hack a day” and, even, “Hackaday” using a tool like grep, awk, or many programming languages.

• [Short Tip] Accessing tabular nushell output for non-nushell commands – /home/liquidat

  After I learned how subshells can be executed within nushell I was confident that I could handle that part.

• How to install Doxygen on Ubuntu 20.04 LTS focal fossa – Linux Shout

  The commands in this tutorial to install Doxygen on Ubuntu 20.04 LTS can be used for Ubuntu 18.04/21.04, Linux Mint, Debian, ElementaryOS, MX Linux, POP!OS, and other similar distros.

  Doxygen is a free software documentation tool. Using special comments in the source code, Doxygen creates documentation in HTML , LaTeX , CHM (help files under Windows), XML , RTF , PostScript , PDF and man pages . Doxygen analyzes both the comments and the source code itself in order to identify and document modules, classes, methods, and functions as well as various types of variables.

• How to change the MAC address on Ubuntu 20.04 using Macchanger – VITUX

  Macchanger is an amazing Linux utility that can be used to view as well as to change the MAC address of any desired networking device. This utility can be conveniently installed on any Linux distribution and then you can use it just the way you like. In this article, we will begin with the installation of this utility on a Ubuntu 20.04 or Linux Mint 20 system and then we will teach you how you can change the MAC address with the help of this utility.

• How to Install Gitea Git service on Debian 11

  Gitea is a free, open-source, self-hosted, and well-known Git server written in the Go programming language. It is a version control platform similar to Github. It is robust, scalable and offers many features including issues and time tracking, repository branching, file locking, and tagging, merging, and many others. If you are looking for a self-hosted Git service, then probably Gitea is the best option you can use.

  In this tutorial, I will show you how to install Gitea on Debian 11.

• How to Install Icinga 2 Monitoring Software on Debian 11

  Icinga2 is a free, open-source and one of the most popular network monitoring tools. It is written in PHP and C++, and allows you to monitor network resources, notifies outages and generates performance data for reporting. It is capable of monitoring various protocols including SMTP, POP3, HTTP, NNTP, ping, CPU load, disk usage, switches, routers, and more. It is made from two stacks Icinga2 and Icinga Web 2. Icinga2 is used as a monitoring server while Icinga Web 2 is the web interface to keep monitoring.

  In this article, I will show you how to install the Icinga2 monitoring server on Debian 11.

• How to Install Git Version Control System on Debian 11

  Git is a distributed version control system that was originally developed by Linus Torvalds in 2005. It has since been made available as an open-source project, allowing for more people to contribute and use it across all platforms of development without charge. It has since grown to be the most widely used distributed version control system (DVCS) in the world. Git became so popular because of its speed, reliability, security, and ease of use. These qualities have allowed it to become a fundamental part of GitHub – one of the largest code repositories in the world – which has over 20 million users on its website alone.

  Despite being such an essential tool for many people around the globe, there are still some who don’t know how to install Git on Debian 11 operating systems. This tutorial will show you how to do just that.

• How To Suspend A Process And Resume It Later In Linux – OSTechNix [Ed: Old but updated today]

  Picture this scenario. You run a program. But, you don’t know how long it will take to finish. The process keeps running several minutes. You can’t wait that much longer, because some other important programs are waiting in the queue. Have you ever been in a situation like this? No worries! I just found a simple trick to suspend a process and resume it later in Linux.

  What I am going to do is just pause the currently running process, do some other important tasks, and then resume the stopped process after all other processes are completed. This can be very useful when you have less RAM or Processor to do multi-task. You can pause the running processes at any time, and resume them later, without having to start them all over again. Now let us go ahead and learn to suspend or pause a running process and resume it later in Linux and Unix-like operating systems.

Games

• Vagrus – The Riven Realms is a deep and slow post-apocalyptic fantasy RPG out now | GamingOnLinux

  Slow, lots of reading involved and pretty deep mechanically with lots to keep an eye in, Vagrus – The Riven Realms is officially out now. Not one for gamers who want constant action. Vagrus is a game about heading up a travelling caravan that goes through a completely ruined world.

  Vagrus is a game that blends quite a few different genres together. It has open-world exploration done through a world-map, which leads into exploring new locations where you will learn about the world and trade to keep your caravan going. Then there’s also the brutal turn-based combat, which has a couple different types.

• Ion Fury gets a big 2.0 patch ahead of the Aftershock expansion in 2022 | GamingOnLinux

  Developer Voidpoint has put up a rather big patch to fix up and improve various parts of the retro shooter Ion Fury. This 2.0 update prepares the game for the Aftershock expansion releasing later in 2022.

  A big update ready for new and returning players that enables powerups to be used on the go with a new inventory system, revamped controller support and big performance enhancements. On top of that the game has seen a rebalancing effort for weapons, like the Chain Gun now having more ammo and pushes you back more.

Desktop Environments/WMs

• IceWM 2.8 window manager released

  Available release of a lightweight window manager of IceWM 2.8 . IceWM provides full control through keyboard shortcuts, the ability to use virtual desktops, taskbar and application menus. The window manager is configured through a fairly simple configuration file, it is possible to use skins. Built-in applets are available for monitoring CPU, memory, traffic. Several third-party GUIs for customization, desktop implementations, and menu editors are being developed separately. The code is written in C ++ and is distributed under the GPLv2 license.

• K Desktop Environment/KDE SC/Qt

  • KDE Gear 21.08.2

    Over 120 individual programs plus dozens of programmer libraries and feature plugins are released simultaneously as part of KDE Gear.

    Today they all get new bugfix source releases with updated translations, including…

  • KDE e.V. is looking for a web designer (Hugo) for environmental sustainability project

    KDE e.V., the non-profit organisation supporting the KDE community, is looking for a web designer to implement the environmental sustainability project (KDE Eco) website with Hugo. Please see the job ad for the web designer for more details about this employment opportunity. We look forward to your application.

  • Kalendar: A New KDE … Calendar App! And More – Kockatoo Tube

  • Brushwork study

    I woke up too early after a nightmare, and so I decided to sit at my desk and paint. It’s been two weeks I’m thinking non-stop about values, brushes, and edges…

    After a first set of random strokes on my canvas, I sent it to the filter “Stylize” of Gmic. I applied the style of “A rose” by John White Alexander (1900, Public domain). You’ll see easily how the palette of this amazing piece contamined the base sketch I had. Then I painted over this chaos of merged shapes. My brain started to precise the scene you can see on the final artwork and, during the process, I felt happy with it. I was probably still processing the lovecraftian horror show of my bedtime, or maybe it was the listening of masterpieces by Camille Saint-Saëns in my headphones?

Distributions

• New Releases

  • Feren OS 2021.10 — iterative improvements

    Unlike the last snapshot, this is a ‘calm before the storm’ snapshot as Feren OS’s new Store and new icon set update are in the works and neither of them are anywhere near ready yet.
    Anyway, today, I’m proud to announce the release of Feren OS 2021.10. These releases are a regular occurence that usually occur every 4 months and provide the latest updates to Feren OS at the time of the ISO’s release right from the get-go.

  • Feren OS 2021.10 Available to Download

    Feren OS 2021.10 Available to Download, Feren OS is a desktop Linux distribution based on Ubuntu and featuring the KDE Plasma desktop. The project’s latest snapshot is Feren OS 2021.10 which includes a new lock screen, new splash screen, and a customized Firefox experience.

  • ExTiX 21.10 KDE Plasma together with Anbox (“Android in a Box” with Google Play Store pre-installed) :: Build 211007

    I have made a new version of ExTiX – The Ultimate Linux System. I call it ExTiX 21.10 KDE Anbox Live DVD. (The previous KDE/Anbox version was 20.12 from 201208). I have now included Anbox (Android in a Box – Anbox puts the Android operating system into a container, abstracts hardware access and integrates core system services into a GNU/Linux system. Every Android application will be integrated with your operating system like any other native application). So now you can run Android apps in ExTiX. GAPPS (Google Play Services and Google Play Store) are pre-installed in ExTiX 21.10. The second best thing with ExTiX 21.10 is that while running the system live (from DVD/USB) or from hard drive you can use Refracta Snapshot (pre-installed) to create your own live installable Ubuntu/Anbox system. So easy that a ten year child can do it!

• Screenshots/Screencasts

  • MX Linux 21 RC1

    Today we are looking at MX Linux 21 RC1, the KDE edition. It comes with Linux Kernel 5.11, based on Debian 11, KDE 5.20, and uses about 1GB of ram when idling. Enjoy!

  • MX Linux 21 RC1 Run Through – Invidious

    In this video, we are looking at MX Linux 21 RC1.

  • Linux overview | Ubuntu Budgie 21.10 – Invidious

• PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

  • Kernel Updates Available » PCLinuxOS

    The following kernels are available for PCLinuxOS. Kernel 5.4.151. Kernel 5.10.71 and Kernel 5.14.10.

• SUSE/OpenSUSE

  • New Survey Aims to Gain Packager, Maintainer Insights [Ed: When it comes to morale, real communities around GNU/Linux have the morale and motivation; SUSE and IBM cannot get them to work as unpaid volunteers or slaves]

    The openSUSE Project is trying to gather more information from open-source developers, development teams, packagers and maintainers through the latest survey that will run from Oct. 7 until Oct. 29.

    There are tools to monitor the health of packages, but the project doesn’t have tools to monitor the health of packagers.

• IBM/Red Hat/Fedora

  • RHEL 8.5 is ready for testing | ZDNet

    Getting ready to upgrade your Red Hat Enterprise Linux (RHEL)? You can get a look at the future with the just-released RHEL 8.5 Beta. Best of all, you’ll no longer need an explicit beta subscription to get the operating system. From here on out, all Red Hat accounts come with an unlimited quantity of Red Hat Beta Access subscriptions.

  • Rotate and archive logs with the Linux logrotate command | Opensource.com

    Logs are great for finding out what an application is doing or troubleshooting a possible problem. Almost every application we deal with generates logs, and we want the applications we develop ourselves to generate them too. The more verbose the logs, the more information we have. But left to themselves, logs can grow to an unmanageable size, and they can, in turn, become a problem of their own. So it’s a good idea to keep them trimmed down, keep the ones we’re going to need, and archive the rest.

  • 3 phases to start a DevSecOps transformation | Opensource.com

    DevSecOps is another step in the DevOps journey for your organization. Breaking down your transformation into phases facilitates working directly with developers and other team members. A phased approach also allows you to get feedback from those affected by the change and iterate as necessary.

  • The Future of Connected Cloud Architecture

    The pandemic has shown us how fragile our infrastructure services and resilience can be, when faced with a loss of access to datacenter resources, either by way of physical or remote access through reliance on outsourced providers. That’s why at the height of the pandemic last year, we witnessed a significant rethink about the pace at which we move applications and data to the cloud. A major health insurer in Australia whom I spoke to recently said they have moved more data to the cloud than ever before in order to have the capabilities for a remote and diverse team to be able to work on solving digital business use cases.

  • Architecting the way: Julio Villarreal Pelegrino

    A fear of failure can stymie an organization’s transformation efforts. Transformation isn’t just about technology. Culture and process are integral components, and change to one or both can create fear in an organization.

    Julio Villarreal Pelegrino, distinguished architect, hybrid cloud, at Red Hat advises, “Don’t be afraid to fail. Fail fast and fail often, but learn from failure, incorporate the lessons learned, and share the feedback.”

    Pelegrino is a part of the first batch of Distinguished Architects at Red Hat: Senior-level technical contributors who’ve continued to advance in their careers working directly with customers and applying experience and knowledge of Red Hat technologies.

  • COVID-19 vaccination requirement for U.S. associates and contractors

    Red Hat’s top priority remains the health and safety of our associates. Throughout the pandemic, we have encouraged vaccination globally, given associates time off to get vaccinated, sponsored vaccination clinics, covered the cost of vaccination for associates in countries where a free vaccine was not available, and required vaccination for associates re-entering offices. Today we are taking another important step: To comply with new U.S. government regulations mandating that employees of federal contractors be vaccinated against COVID-19. As a government contractor, Red Hat must and will require all associates and contractors in the United States to be vaccinated.

  • Checkpoint and restore in Kubernetes | Red Hat Developer

    In 2015, an issue was opened against Kubernetes about supporting container migration. The problem description mentioned Checkpoint/Restore In Userspace (CRIU) on Linux as a possible basis for a solution. Around the same time, I started to look into how to integrate CRIU into the container stack.

    Checkpoint and restore in the container stack

    The basic steps to migrate running containers from one node to another—which could also be called stateful migration—are to checkpoint the container on the source node, transfer the checkpoint image to the destination node, and restore the container on the destination node. This way, the container is migrated without losing its state.

    In 2015, however, the container stack was not ready to support checkpoint and restore in the orchestration layer (Kubernetes). The container runtime layer, runc, offered limited support for checkpointing and restoring containers, but that support was not yet available in the higher layers of the container stack.

    Over the years, I was involved in bringing checkpoint and restore support to these upper layers of the container stack. Around 2018 I implemented checkpoint and restore support in Podman. Bringing checkpoint and restore support, and thus migration support, to Podman required many changes in runc and CRIU. It was necessary to support different Linux security techniques used in containers, including SELinux, AppArmor, and seccomp, before Podman could migrate a container from one node to another without losing any of its state.

  • IT metrics lessons learned: 3 tips | The Enterprisers Project

    Your technology metrics could all appear to be on an upward trajectory, but if you aren’t measuring what matters, or if those numbers aren’t meaningful to key stakeholders, you’ll likely have trouble proving the value and impact of your IT organization.

    We asked CIOs who recently won the 2021 Kansas City CIO of the Year ORBIE Awards for their best IT metrics lessons learned during the course of their careers. The awards were presented by the Kansas City CIO Leadership Association, a professional community that annually recognizes CIOs for their excellence in technology leadership.

• Debian Family

  • Tails 4.23 is out

    Automatic upgrades are available from Tails 4.19 or later to 4.23.

  • Kentaro Hayashi: Sharing mentoring a new Debian contributor experience, lots of fun

    I recently did mentoring a new Debian contributor. This is carried out in a framework with OSS Gate on-boarding.

Devices/Embedded

• Mobile Systems/Mobile Applications

  • HD Certified Android TVs From Kodak, TCL, Sony, And Others: Extragavant Picture Quality Wrapped With Smart Features | Most Searched Products – Times of India

  • Hisense’s new A6G 4K Android TV lineup now up to $160 off at new lows from $310 – 9to5Toys

  • The next Android TV soundbar may be coming from an unlikely place

  • Amazon Fire TV Stick 4K Max vs. NVIDIA Shield TV 4K | Android Central

  • Android 12 Game Mode support starts to show up in mobile games – PhoneArena

  • OnePlus Android 12 Tracker: Here are all the official OxygenOS 12 beta builds to download and install

  • Pixel 6 price, features, and accessories leaked ahead of Oct 19 launch – Liliputing

  • Firefox for Android’s new tab page is now even more customizable than Chrome (APK Download)

  • Nokia XR20 review: A rugged phone with mainstream appeal | Android Central

  • 7 Android Apps That Let You Personalize Your Phone’s Keyboard and Fonts

  • Android 12 source code has been published in AOSP

    Google has announced the release of the source code Android 12 under the Android Open Source Project (AOSP). This means that the company has kicked off the new version of the popular mobile operating system, which in the coming months should begin to reach some device models through OTA updates.

    In order to give Android 12 an early start in real environments, the first devices to receive it will be Google’s Pixel smartphones. Users will be able to install the system by OTA update or by downloading the corresponding image to the device and entering it manually without having to unlock the boot loader or have to delete the data. According to the vice president of engineering of Google, Dave Burke, at the end of the year it will begin to reach the terminals of partners such as Samsung, OnePlus, Oppo, Realme, Tecno, Vivo and Xiaomi.

    In terms of data and features related to the system, Android 12 has had the contribution of 225,000 users for testing the beta versions. On the other hand, and in the words of Dave Burke, it promises to offer “the biggest design change in the history of Android” thanks to the implementation of the new design language: Material You .

Free, Libre, and Open Source Software

• The 2021 Kernel Maintainers Summit

  • The 2021 Kernel Maintainers Summit

    The Kernel Maintainers Summit is an invitation-only gathering of top-level kernel subsystem maintainers; it is concerned mostly with process-oriented issues that are not easily worked out on the mailing lists. There was no maintainers summit in 2020; plans had been made to hold it in an electronic form, but there turned out to be a lack of things to talk about. In 2021, though, a number of interesting topics turned up, so an online gathering was held on September 24 as part of the Linux Plumbers Conference.

  • Looking back at the UMN episode

    Earlier this year, a bad patch sent by a researcher from the University of Minnesota (UMN) set off a bit of a crisis within the kernel development community when it become known that some (other) patches from UMN were deliberate attempts to insert vulnerabilities into the kernel. Some months after that episode had been resolved, the 2021 Maintainers Summit revisited the issue to see if there are any lessons to be learned from it.

  • Requirements for accelerator drivers

    In August, a long-running dispute over drivers for AI accelerators flared up in the kernel community. Drivers for graphics accelerators are required to have at least one open-source implementation of the user-space side of the driver (which is where most of the logic is). Drivers for other types of accelerators have not, so far, been held to that same standard, which has created some friction within the community and an inconsistent experience for developers. The 2021 Maintainers Summit took up this issue in the hope of creating a more coherent policy.

  • The trouble with upstreaming

    The kernel development community loudly encourages developers to get their code into the upstream kernel. The actual experience of merging code into the mainline is often difficult, though, to the point that some developers (and their employers) simply give up on the idea. The 2021 Kernel Maintainers Summit spent some time discussing the ways in which the community makes things harder for developers without coming up with a lot of ways to make things better.

  • How to recruit more kernel maintainers

    The kernel development process depends on its subsystem maintainers, who are often overworked and, as a result, grumpy. At the 2021 Kernel Maintainers Summit, Ted Ts’o brought up the topic of maintainer recruitment and retention, but failed to elicit a lot of new ideas from the assembled group.

  • Using Rust for kernel development

    The Rust for Linux developers were all over the 2021 Linux Plumbers Conference and had many fruitful discussions there. At the Maintainers Summit, Miguel Ojeda stepped away from Plumbers to talk about Rust in a different setting. What will it take to get the Rust patches merged? The answers he got were encouraging, even if not fully committal.

    Ojeda started by asking the group whether the community wanted Rust in the kernel. If it goes in, he said, it should do so as a first-class citizen. In his discussions he has encountered a number of kernel developers who are interested in the language; many of them are quite open to it. He has gotten help from a number of those developers in the process. Some groups, including the Android team, actively want it, he said.

  • Conclusion: is Linus happy?

    The final session of the Kernel Maintainers Summit is traditionally given over to Linus Torvalds, who uses the time to talk about any pain points he is encountering in the process and what can be done to make things run more smoothly. At the 2021 Summit, that session was brief indeed. It would appear that, even with its occasional glitch, the kernel development process is working smoothly.

    Torvalds started by saying that the 5.15 merge window was not the easiest he has ever experienced. Part of the problem, he suggested, was that the merge window came at the end of the (northern-hemisphere) summer; much of Europe had been on vacation, and that led to a lot of pull requests showing up at the end of the merge window. In general, though, things are working. His biggest annoyance, perhaps, is having to say the same things over and over during each merge window. The core maintainers know how the process works, those in less central positions tend to make the same mistakes repeatedly; when he takes over 100 pull requests during a merge window, it can add up to a fair amount of irritation.

• Web Browsers

  • Opera Browser » PCLinuxOS

    Opera Browser has been updated to 80.0.4170.16 and shipped to the software repository.

  • Vivaldi Browser » PCLinuxOS

    Vivaldi Browser has been updated to version 4.3.2439.39 and shipped to the software repository.

  • 10 Useful Features of Brave You Didn’t Know Existed – Make Tech Easier

    The Brave browser has been gaining in both popularity and userbase for some time now and for good reason. The privacy-centric browser is full of nifty features that make it a top contender against Google Chrome. Let’s find out what these useful features are that make Brave a good alternative.

  • Chromium

    • Google Trumpets The Success Of Their Chrome “RenderingNG” Performance Initiative – Phoronix

      For the better part of the past decade Google has been pursuing performance improvements to their Chrome/Chromium web browser as the “RenderingNG” initiative to provide faster web page performance, lower memory consumption, and better battery life. This current work is finally wrapping up in 2021 to great success.

      In a new blog post on Wednesday, Google is talking up “150% or more faster graphics rendering” compared to older versions of Chrome along with a “6x reduction in GPU driver crashes on problematic hardware”. Or even with the new Chrome 93 to 94 transition alone they are proclaiming up to 8% more responsive web pages, up to 1400 years of CPU time per day saved, and up to 0.5% improved battery life.

    • DIY compile chromium

      The saga has been going on for a couple of weeks. I am compiling chromium in EasyOS. Each build takes 13 hours, running on a Lenovo PC with Intel 8th gen. i3 CPU, 32GB RAM, swap partition on internal SSD, the source on an external USB3 SSD.

      [...]

      I don’t recommend installing in a container, as video playing is choppy, with audio out of sync. I think that the other chromium SFS, the official build, does play OK in a container — from memory — but as it runs with the “–no-sandbox” option you get that warning message.
      Note to pup and *dog users. SFSs in EasyOS are a bit different, the SFS won’t work for you, as-is. EasyOS has glibc 2.33, and if your pup has an older glibc then it probably won’t work. Also, you would need to open it up and modify /usr/bin/chromium script so that it runs as ‘spot’. There is folder ‘.control’ that you won’t need.
      Very ambivalent about compiling chromium. So many issues, so many patches. Think maybe should just use the official build from Google. I read some comments, some other distro maintainers are thinking the same thing, mostly because of the API keys problem.

    • DMA-BUF Support In WebRTC

      It will be almost three years since we landed initial support for screensharing on Wayland with the use of PipeWire in the WebRTC project. This enabled screensharing support in both major Linux browsers. Last year I implemented support for window sharing, added support for PipeWire 0.3 and added support for DMA-BUF and MemFD buffer types. Problem was, as it turned out, the DMA-BUF support was not implemented in a correct way.

      The original implementation was using mmap() to get the buffer content. This worked correctly for current Intel GPUs, but was terrifically slow on e.g. AMD GPUs. Proper solution is to use OpenGL context to get the content from buffer. However, there were many implementations using mmap() already, including WebRTC and we needed a way how to properly communicate between the server and the client that when the client advertises DMA-BUF support, it means it doesn’t use mmap() and goes through OpenGL context instead.

    • Chrome 96 To Feature Improved WebRTC Code, Better Wayland Screensharing

      Jan Grulich has been working on a new DMA-BUF implementation within the WebRTC code as the original DMA-BUF buffer sharing code was found to be inadequate. In particular, the original DMA-BUF mmap-based approach was found to perform very slow with the AMD Radeon Linux graphics driver and instead this new implementation allows using an OpenGL context to get the context from the buffer. Long story short, after a lot of work that new WebRTC DMA-BUF code is now good to go.

  • Mozilla

    • Implementing form filling and accessibility in the Firefox PDF viewer – Mozilla Hacks – the Web developer blog

      Last year, during lockdown, many discovered the importance of PDF forms when having to deal remotely with administrations and large organizations like banks. Firefox supported displaying PDF forms, but it didn’t support filling them: users had to print them, fill them by hand, and scan them back to digital form. We decided it was time to reinvest in the PDF viewer (PDF.js) and support filling PDF forms within Firefox to make our users’ lives easier.

      While we invested more time in the PDF viewer, we also went through the backlog of work and prioritized improving the accessibility of our PDF reader for users of assistive technologies. Below we’ll describe how we implemented the form support, improved accessibility, and made sure we had no regressions along the way.

• Productivity Software/LibreOffice/Calligra

  • The Apache Software Foundation Announces Apache® OpenOffice® 4.1.11

    The Apache® Software Foundation (ASF), the world’s largest Open Source foundation, announced today Apache OpenOffice® 4.1.11, the popular Open Source office-document productivity suite.

    Used by millions of organizations, institutions, and individuals around the world, Apache OpenOffice delivered 317M+ downloads* and provides more than $25M in value to users per day. Apache OpenOffice supports more than 40 languages, offers hundreds of ready-to-use extensions, and is the productivity suite of choice for governments seeking to meet mandates for using ISO/IEC standard Open Document Format (ODF) files.

  • Apache OpenOffice 4.1.11 Released – Increased Font Size In Help, Other Mundane Changes

    The Apache Software Foundation today announced the release of Apache OpenOffice 4.1.11 as their 14th release while stewarding this open-source office suite.

    The Apache Software Foundation talks up this new v4.1.11 release as providing “dozens of improvements, features, and bug fixes” and they say “Apache OpenOffice delivered 317M+ downloads* and provides more than $25M in value to users per day. Apache OpenOffice supports more than 40 languages, offers hundreds of ready-to-use extensions, and is the productivity suite of choice for governments seeking to meet mandates for using ISO/IEC standard Open Document Format (ODF) files.”

  • 10 more videos from the LibreOffice Conference 2021

    We recently posted the first batch of videos from the LibreOffice Conference 2021. Now, here are some more! Check out the playlist, using the button in the top-right – or scroll down for links to individual videos (PeerTube also to come)…

  • LibreOffice QA/Dev Report: September 2021

• FSF

  • LibrePlanet 2022 returns online: Submit your session proposal by Dec. 1 — Free Software Foundation — Working together for free software

    The fourteenth edition of the Free Software Foundation’s (FSF) conference on technology and social justice will be held in spring 2022, online. The Call for Sessions is now open, and will close on December 1, 2022. Potential talks should examine free software through the lens of this year’s theme: Living Liberation.

  • LibrePlanet 2022 CFS office hours — Free Software Foundation — Working together for free software

    The LibrePlanet call for sessions is open now, will be open until December 1, and we want to hear from you!

    Speaking at a conference, and even submitting a proposal, can be intimidating or hard. Luckily, some great, experienced speakers are volunteering their time to help out during the CFS office hours.

    Whether you want to propose a talk and want feedback on your idea, proposal wording, talk title, or just advice on how to deal with nerves, there is one more office hour slot scheduled over the next few weeks.

  • GNU Projects

    • GNU nano 5.9 was released

      Version 5.5 brought the option –minibar, for a minimized user interface, and version 5.6 brought the spotlighting of a search match, in black on yellow by default. Subsequent versions added a few minor things and fixed some bugs.

    • GNU nano 5.9 Text Editor Comes with YAML Syntax Highlighting Support

      The legendary open source text editor GNU Nano has released version 5.9. Take a look at what features this new release brings.

      Nano is a simple command-line text editor inspired by Pico and included by default in the most Linux distributions. It aimed to “emulate Pico as closely as is reasonable and then include extra functionality”. Released as free software by Chris Allegretta in 1999, today nano is part of the GNU Project.

      Besides basic text editing, nano offers features like undo/redo, syntax highlighting, interactive search-and-replace, auto-indentation, line numbers, word completion, file locking, backup files, and internationalization support.

• Programming/Development

  • Intel C For Metal Compiler Updated With Support For XeHP & DG1 – Phoronix

    Intel’s CM Compiler is out with its first big update since earlier in the year for advancing their “C For Metal” GPU programming language effort.

    One of Intel’s (open-source) GPU computing projects we don’t often hear too much talk about is their C for Metal (CM) compiler. Intel C for Metal is a general purpose GPU programming language designed to provide close-to-Assembly level performance on Intel graphics hardware. C for Metal can be used for media processing and other domains at great speed. Those looking for a tutorial / sample code around CM can find Intel’s documentation on 01.org.

  • Dirk Eddelbuettel: RQuantLib 0.4.14: More Calendars plus Update

    A new release 0.4.14 of RQuantLib was uploaded to CRAN earlier today, and has by now been uploaded to Debian as well.

    QuantLib is a very comprehensice free/open-source library for quantitative finance; RQuantLib connects it to the R environment and language.

  • Two security improvements for GCC [LWN.net]

    It has often been said that the competition between the GCC and LLVM compilers is good for both of them. One place where that competition shows up is in the area of security features; if one compiler adds a way to harden programs, the other is likely to follow suit. Qing Zhao’s session at the 2021 Linux Plumbers Conference told the story of how GCC successfully played catch-up for two security-related features that were of special interest to the kernel community.

  • Improvements to GCC’s -fanalyzer option

    For the second year in a row, the GNU Tools Cauldron (the annual gathering of GNU toolchain developers) has been held as a dedicated track at the online Linux Plumbers Conference. For the 2021 event, that track started with a talk by David Malcolm on his work with the GCC -fanalyzer option, which provides access to a number of static-analysis features. Quite a bit has been happening with -fanalyzer and more is on the way with the upcoming GCC 12 release, including, possibly, a set of checks that have already found at least one vulnerability in the kernel.

    When GCC is invoked with -fanalyzer, it runs a module that creates an “exploded graph” combining information on the state of the program’s control and data flow. That state includes an abstract representation of memory contents, known constraints on the values of variables, and information like whether the code might be running in a signal handler. The analyzer then uses this graph to try to explore all of the interesting paths through the code to see what might happen.

  • GNU Toolchain Begins Landing RISC-V Bitmanip/Zbs Instructions Support

    The GNU toolchain (initially with the GNU Assembler) has begun landing support for RISC-V’s Zbs instructions that are part of the Bitmanip extension to the processor ISA.

    Zbs is part of RISC-V’s Bitmanip extension, the “bit manipulation” additions to the RISC-V architecture focused on delivering code size reduction, better performance, and lower energy consumption. The 1.0 Bitmanip extension was frozen this summer and thus now moving on to compiler/toolchain support. More details on Bitmanip and the specific Zbs instructions via this repository.

  • Qt for Python release: 6.2 is here!

    We are really happy to tell you that following the Qt release, Qt for Python is also available!

    Many things happened on this release, we decided to communicate a little more on the details of the major milestones that we achieved on this release.

    You might have notice that last week only the Windows wheels are available on PyPi, that was due to the wheel size increase from the new modules, but luckily the PyPi team managed to address this quickly.

  • Excellent Free Tutorials to Learn Nim – LinuxLinks

    Nim is a statically typed compiled systems programming language. It combines successful concepts from mature languages like Python, Ada and Modula. The syntax of Nim resembles that of Python.

    It is designed to be “efficient, expressive, and elegant” supporting metaprogramming, functional, message passing, procedural, and object-oriented programming styles by providing several features such as compile time code generation, algebraic data types, a foreign function interface (FFI) with C, C++, Objective-C, and JavaScript, and supporting compiling to those same languages.

    The compiler and the standard library are licensed under the MIT license.

  • BBC Micro:bit Reads Morse Code With MakeCode | Hackaday

    We always have mixed feelings about the drag-and-drop programming languages. But we were impressed with [SirDan’s] Morse code decoder built with the graphical MakeCode. Granted, it is reading 5 element groups from a button on the BBC micro:bit and not worrying about details such as intercharacter or interelement spacing or word spacing. But it is still a nice demo for MakeCode.

  • Perl/Raku

    • My Favorite Warnings — A Belated Introduction | Tom Wyant [blogs.perl.org]

      A couple installments into this series of blog posts, I realized an introduction to Perl warnings would be appropriate, with some words on how to turn them off, and why you probably do not want to. Yes, this should have been the first post in the series, but I didn’t know it would actually be a series, and, well, maybe better late than never.

      The Perl compiler/interpreter can emit warnings when it finds things that may indicate a problem with the code. These are not (yet) enabled by default, but experience has shown that enabling them can highlight conceptual and logic errors.

      Back in the early days of Perl 5, these were enabled using the -w command-line option, or by setting the $^W variable to a true value. But this mechanism had two drawbacks: it was all-or nothing, and it was global in scope. Certainly the value of $^W could be localized, but localization does not prevent a called module from seeing changes made by its caller.

  • Rust

    • Dyn async traits, part 4

      In the previous post, I talked about how we could write our own impl Iterator for dyn Iterator by adding a few primitives. In this post, I want to look at what it would take to extend that to an async iterator trait. As before, I am interested in exploring the “core capabilities” that would be needed to make everything work.

Standards/Consortia

• A fork for the time-zone database?

  A controversy about the handling of the Time Zone Database (tzdb) has been brewing since May, but has come to a head in recent weeks. Changes that were proposed to simplify the main database file have some consequences in terms of time-zone history and changes to the representation of some zones. Those changes have upset a number of users of the database—to the point where some have called for a fork. A September 25 release of tzdb with some, but not all, of the changes seems unlikely to resolve the conflict.

  The time-zone database is meant to track time-zone information worldwide for time periods starting at the Unix epoch of January 1, 1970. But, over the years, it has accumulated a lot of data on time zones and policies (e.g. daylight savings time) going back many years before the epoch. As with anything that governments and politicians get involved with, which time zone a country (or part of a larger country) is in, whether it participates in daylight savings time (DST), and when the DST switches are made, are arbitrary and subject to change, seemingly at whim. Tzdb has been keeping up with these changes so that computer programs can handle time correctly since 1986 or so, when it was often called the “Olson database” after its founder, Arthur David Olson.

Hardware

• why I do not buy the Oculus Quest

  Oculus is part of Facebook, a company that does many evil things including surveillance, censorship and tax avoidance, The Quest cannot be used without a Facebook account and it runs Android, a nonfree OS. Installing a free OS such as PureOS or the GUIX system seems to be impossible, since the bootloader is most likely locked down. Of course I don’t want to play nonfree games such as VRChat, which most likely spy on the player. By contrast VSekai is free software built on top of the Godot engine. The Godot engine runs on my Talos II and most likely it will also run on the Librem 5, and future hardware based on the Libre-SOC which I have been contributing to. Cardboard is great if ungoogled.

• Google Rolls Out Emission-Curbing Tools for Nest Thermostat

  This offering from Google is false advertising. There is no means for an electricity customer to select the source of the electricity provided to their premises.

• i.MX8X Lite takes on IIoT and Vehicle-to-Everything applications

  NXP has launched a headless “i.MX8X Lite” SoC for automotive telematics, V2X, and IIoT, with up to 2x Cortex-A35 cores plus a Cortex-M4 core and a security block with V2X acceleration and NXP EdgeLock security.

  Automotive telematics was one of the key applications mentioned by NXP when it announced the up to quad-core, Cortex-A35 i.MX8X system-on-chip back in 2017. Now, NXP has announced a headless, 1x or 2x -A35 i.MX8X Lite variant with an even greater emphasis on telematics and a special focus on emerging automotive systems that support V2X (Vehicle-to-Everything) communications.

  The Linux-driven SoC is also suitable for industrial IoT applications that require low power consumption, security, and connectivity, but do not require graphics. NXP announced the i.MX8X Lite via sites such as NewElectronics.

• PICMG IoT.1 firmware specification targets IoT sensors and effecters – CNX Software

  The PICMG consortium is better known for COM Express and COM HPC standards for x86 industrial computers-on-module, but last year they started catering to the IIoT sector with the introduction of the microSAM System-on-Module (micro Sensor Adapter Modules) standard for microcontrollers and IIoT sensors.

  The consortium has now ratified the IoT.1 firmware specification defining a communication standard between sensors/effecters and local IoT controllers such as microSAM specified by PICMGs IoT.0 specification.

• WattUp 1W active energy harvesting developer kit enables at-a-distance wireless charging – CNX Software

  Two years ago, we noted Energous’ WattUp hearables developer kit that would charge earbuds with the company’s WattUp near-field wireless charging technology. The company has now introduced the WattUP 1W active energy harvesting developer kit capable of charging multiple IoT devices with at-a-distance wireless charging.

  The kit is said to be “active” because there’s a 6-inch transmitter, let’s call it a power gateway, and several IoT devices that harvest energy from it. Traditional passive solutions will harvest ambient energy from the surrounding environment, and may not deliver enough power, and do so unpredictably.

Health/Nutrition

• Finland joins Sweden and Denmark in limiting Moderna COVID-19 vaccine | Reuters

  Finland on Thursday paused the use of Moderna’s COVID-19 vaccine for younger males due to reports of a rare cardiovascular side effect, joining Sweden and Denmark in limiting its use.

Integrity/Availability

• Proprietary

  • Matthew Palmer: Discovering AWS IAM accounts

  • Security

    • Vulnerability in Apache http server 2.4.49 allowing files outside of the site root to be retrieved

      As a matter of urgency generated update of http-server Apache 2.4.50, which eliminated already actively exploited 0-day vulnerability ( the CVE-2021-41773 ), allowing you to access your files from areas outside the site root. The vulnerability can be used to load arbitrary system files and source texts of web scripts that are readable by the user under which the http server is running. The developers were notified of the problem on September 17, but were able to release the update only today, after cases of using the vulnerability to attack sites were recorded on the network.

      The danger of the vulnerability mitigates the fact that the problem manifests itself only in the recently released version 2.4.49 and does not affect all earlier releases. The stable branches of conservative server distributions have not yet used the 2.4.49 release ( Debian , RHEL , Ubuntu , SUSE ), but the issue has affected continuously updated distributions such as Fedora , Arch Linux and Gentoo , as well as the FreeBSD ports .

    • CVE-2021-41773 – Apache web server Path traversal – Blueliv

    • Apache HTTP Server Project patches exploited zero-day vulnerability | ZDNet

      According to a security advisory dated October 5, the bug is known to be actively exploited in the wild.

      Apache HTTP Server is a popular open source project focused on the development of HTTP server software suitable for operating systems including UNIX and Windows.

      The release of Apache HTTP Server version 2.4.49 fixed a slew of security flaws including a validation bypass bug, NULL pointer dereference, a denial-of-service issue, and a severe Server-Side Request Forgery (SSRF) vulnerability.

    • Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

      Following responsible disclosure, the issue has been rectified in Yamale version 3.0.8. “This release fixes a bug where a well-formed schema file can execute arbitrary code on the system running Yamale,” the maintainers of Yamale noted in the release notes published on August 4.

    • Security updates for Thursday [LWN.net]

      Security updates have been issued by Debian (firefox-esr), Mageia (cockpit, fail2ban, libcryptopp, libss7, nodejs, opendmarc, and weechat), openSUSE (curl, ffmpeg, git, glibc, go1.16, libcryptopp, and nodejs8), SUSE (apache2, curl, ffmpeg, git, glibc, go1.16, grilo, libcryptopp, nodejs8, transfig, and webkit2gtk3), and Ubuntu (linux-oem-5.10 and python-bottle).

    • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

      • FontOnLake: Previously unknown malware family targeting Linux [Ed: This isn't a Linux issue; seems like a rootkit one has to put inside one's system, but they're conflating infection with something else and misplace blame]

        ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting systems running Linux. Modules used by this malware family, which we dubbed FontOnLake, are constantly under development and provide remote access to the operators, collect credentials, and serve as a proxy server. In this blogpost, we summarize the findings published in full in our white paper.

Finance

• How the IMF loan-sharks the global south

  When you take out a loan or get a credit card, the headline figure is the “APR” – the annual percentage rate of interest. But anyone who’s ever borrowed because they were poor and needed money has learned the hard way that APRs are pure fiction.

  To get the true APR (what economists politely call the “effective” APR) you have to factor in the fees, penalties and other gotchas that turn reasonable seeming interest rates into perennial, inescapable debt-traps.

Internet Policy/Net Neutrality

• Warning: the EU’s Digital Services Act could repeat TERREG’s mistakes – European Digital Rights (EDRi)

  On 30 September, the Committee of Legal Affairs (JURI) in the European Parliament approved its draft report on a Single Market For Digital Services (Digital Services Act). We had expressed our concerns about negative fundamental rights implications of some proposed measures in the report to the Members of the European Parliament. However, it did not stop the JURI Committee from giving them their green light.

Monopolies

• Patents

  • [GuestPost] Opinion: Skirting FRAND requirements under the guise of promoting innovation and efficiency (Part II) [Ed: Longtime Team UPC liar Annsley Merelle Ward (shilling for patent trolls by publishing completely fake news for them) is trying to portray opposition to a patent cartel as disingenuous, not even revealing the conflict of interest (colleagues, employer, and clients)]

    In courtrooms across the globe, arguments continue to rage as to the extent of an SEP owner’s FRAND undertaking. In exchange for getting their technology incorporated into a standard (meaning that, if essential to the standard, that technology has to be used by users of the standard), SEP owners have to give an undertaking – known as a FRAND undertaking. This undertaking obliges SEP owners to be prepared to licence their patents on Fair, Reasonable and Non-Discriminatory (FRAND) terms. Otherwise, unlike normal patents where competitors do not have to use the technology, SEP owners are in a position which could allow them to extract extremely high and possibly anti-competitive royalties from their competitors or stop them from participating in the standard and market completely (which were vices the European Commission wished to be addressed with the ETSI IPR Policy). Thus, the FRAND undertaking is a safeguard that seeks to balance users’ interests with SEP owners’ interests in protecting their IP. But the courtroom debates in the US, Germany, UK and China have raised numerous unanswered questions about what this means. How wide or narrow is this FRAND undertaking? To whom is the FRAND undertaking owed? What does FRAND even mean? The second question was subject to the CJEU referral in the Nokia v Daimler (see previous posts here), but which has so far remained unanswered in Europe. In the second of a two-parter opinion piece, two US patent and anti-trust litigators in the form of Mark Selwyn, Tim Syrett and Alix Pisani of WilmerHale (who have acted in some of these cases) discuss their view of what is going on and where the answer might, and should lie.

  • [Guest Post] Monsanto’s conspicuous African cotton patent [Ed: Monsanto should go to Hell. Bayer is still slaughtering people and they pretend to be feeding people, when in fact preying on them with patents while pushing with seeds cancer-causing chemicals]

    This guest post, addressing Monsanto’s OA18791A patent, is brought to you by Lodewijk Van Dycke. Lodewijk is a PhD candidate and affiliated researcher at KU Leuven Centre for IT & IP Law (CiTiP) and a scholarship holder at Max Planck Institute for Innovation and Competition. His main areas of research include law, agricultural policy and international development.

    [...]

    This article is about Monsanto’s OA18791A patent. The initials OA give away that the patent is an OAPI patent. OAPI (Organisation Africaine de la Propriété Intellectuelle) is an IP organisation that has subsumed the IP competence of 17 West and Central African countries. The closing initial A suggests the patent is just an application, but this is not true. OAPI granted the patent on 31 May 2019. It belongs to a patent family whose priority goes back to the US provisional patent application US62/249,758 or US201562249758P. The PCT number of the family, which includes applications in the EPO, China and Australia, is WO2017079266A1.

Kernel Space

• Graphics Stack

  • NVIDIA driver 470.74 Proprietary Release – LinuxStoney

    NVIDIA Corporation has unveiled a new release of the proprietary driver NVIDIA 470.74 . The driver is available for Linux (ARM64, x86_64), FreeBSD (x86_64) and Solaris (x86_64).

  • NVIDIA Vulkan Beta Driver 470.62.05 rolls out for Linux

    More improvements and new extensions have landed for the NVIDIA Vulkan Beta Driver with version 470.62.05 out now.

  • NVIDIA 470.62.05 Beta Brings Vulkan Video Updates – Phoronix

    VIDIA today published their newest Vulkan beta driver update for Windows and Linux with some new extension support plus Vulkan Video enhancements.

    Following yesterday’s Vulkan 1.2.195 spec release, VK_KHR_format_feature_flags2 and VK_KHR_maintenance4 are now supported. Those are some subtle but important extensions moving forward.

Games

• The Long Dark – Episode Four is out now | GamingOnLinux

  Hinterland has released Episode Four “Fury, Then Silence” of The Long Dark story mode getting one step closer to reaching the conclusion with big updates planned in future.

  “A murderous gang of convicts have captured Mackenzie. Desperate to escape one of the darkest corners of Great Bear Island, he must somehow survive his fiercest enemy yet. Can Mackenzie recover the Hardcase, continue his search for Astrid, and save the innocents caught up in this deadly confrontation?”

• Fun, Franchises and ReMastered Classic Games

  This of course brings me to the last two weeks in which I purchased two aRPGs (Action RPGs). One was a remastered version of an absolute classic, Diablo 2: Resurrected. It’s basically the same game as 20 years ago with a total visual overhaul. Every other aspect of the game has been left untouched. The second is a much newer game that came out in the last couple years for the Switch and recently made it’s way to Steam and runs on Linux via Proton: Minecraft: Dungeons.

• Valve opens up a Steam Deck to explain why it thinks you shouldn’t

  Valve has posted an official teardown of its upcoming handheld gaming PC, the Steam Deck. Before diving into the teardown, though, the company spends about a minute to strongly caution against taking one apart unless you’re sure you know what you’re doing.

• Valve tears down Steam Deck (but don’t you dare do this at home)

  Indeed, the 5-minute video goes into great detail on how to perform Steam Deck surgery, and even states you have the “right” to open up your Steam Deck, but more than half of the video discourages you from doing so.

Desktop Environments/WMs

• K Desktop Environment/KDE SC/Qt

  • KDE Gear 21.08.2 Is Out to Improve Dolphin, Okular, Konsole, Gwenview, Kate, and Other Apps

    KDE Gear 21.08.2 is here about five weeks after the first point release to KDE Gear 21.08 with more improvements for your favorite KDE apps, including the popular Dolphin file manager, which no longer stays open in the background after running an archive operation using the context menu and then exiting the app.

    KDE’s standard document viewer app Okular has been updated in KDE Gear 21.08.2 to automatically enable the “Force rasterization” setting when printing a document using a scaling mode that requires this setting to be active, as well as to strip off trailing newline characters when copying text and prompt users to save a read-only file on a different location.

Devices/Embedded

• Introducing raspberrypi.com

• Mobile Systems/Mobile Applications

  • NVIDIA is reportedly testing an Android TV 11 update for the SHIELD TV

  • The first Android 12-based custom ROMs are ready for you to install

  • Android 12 Gets A Tasty New Dessert Name – Tech

  • Google Assistant ‘Quick Phrases’ Feature Spotted on Android 12 Beta, Lets You Skip ‘Hey Google’ Trigger | Technology News

  • Top 10 Best Strategy Games For Android

  • Dear Privacy Aware Android App Devs – Please Use UnifiedPush

    UnifiedPush is a protocol and small collection of tools for Android and Linux that, as their site says, “let the user choose how push notifications are delivered. All in a free and open source way”.

    It uses what it calls “Distributors” to give notifications for apps that support it. For example, it currently has three distributors available – FCM (Google Firebase), Gotify and what it calls NoProvider2Push, a hardcore and experimental way of sending notifications without a push provider, but requires a static IP address on your device.

    Of those three, two are the most obvious options – FCM and Gotify.

  • Zuckerberg’s Early Notes on Privacy Now Haunt Facebook in Suit

    Facebook Inc. was ordered by a court-appointed referee to search for any personal notes by the company founder that haven’t been destroyed and might be relevant to a consumer lawsuit accusing the social networking giant of failing to safeguard privacy in the years leading up the Cambridge Analytica scandal.

Free, Libre, and Open Source Software

• Web Browsers

  • Mozilla

    • Data@Mozilla: My first time experience at the SciPy conference

      In July 2021, I and a few fellow Mozillians attended the SciPy conference with Mozilla as a diversity sponsor, meaning that our sponsorship went towards paying the stipend for the diversity speaker, Tess Tannenbaum. This was my first time attending a SciPy conference and also my first time supporting data science recruiting efforts at a conference. The conference involved the showcasing of the latest open source Python projects for advancement in scientific computing. I was eager to meet the contributors of many commonly used data science Python packages and hear about new features in upcoming releases. I was excited about having this opportunity as I strongly believe that conference attendance is an extremely rewarding experience for networking and learning about industry trends. As a Data Scientist, my day to day work often involves using Python libraries such as scikit-learn, numpy and pandas to derive insights from data. It felt particularly close to heart for a technical and data science geek like me to learn about code developments and use cases from other enthusiasts in the industry.

      One talk that I particularly enjoyed was on the topic of Time-to-Event Modeling in Python led by Brian Kent and a few other data science experts. Time-to-Event Modeling is also referred to as survival analysis, which was traditionally used in biological research studies to predict lifespans. The speakers at the talk were the contributors of some of the most popular survival analysis python packages. For example, Lifelines is an introductory Python package that can be used for starters in survival analysis. Scikit-Survival is another package built on top of Scikit-learn, which is a commonly used package in machine learning. The focus of the talk was around how survival analysis could be useful in many different scenarios, such as in customer analytics. There is also increasing usage of survival analysis in SaaS businesses where it can be used to predict customer churn, which can help companies plan their retention strategies. I am curious how Mozilla can potentially apply survival analysis in ways that also respects data governance guidelines.

    • New Release: Tor Browser 10.5.8

      Tor Browser 10.5.8 is now available from the Tor Browser download page and also from our distribution directory.

      This version updates Firefox on Windows, macOS, and Linux to 78.15.0esr. This version includes important security updates to Firefox.

• Openness/Sharing/Collaboration

  • Open Access/Content

    • Open Access Ninja

      There have been open access beer recipes before – indeed, brewing culture in by nature collaborative and open. But the point of Open Access Ninja isn’t (merely) making beer – it’s making a point. It’s that malamudian showmanship.

• Programming/Development

  • Python

    • Dutch python meeting: structural pattern matching – Sebastiaan Zeeff

      Structural pattern matching (PEP (python enhancement proposal) 634) is the main new feature of the new python 3.10.

      Not everyone was happy with structural pattern matching. One of the comments: I see the match statement as a domain specific language that looks like python, but that does something surprisingly differently. Yes it is a special mini-language. A bit like regular expressions, which is also a special mini-language within python.

      What is structural pattern matching?

Rethink, Not Reform

Psychiatry Films and Politics: Filmmakers Take Issue with my CounterPunch Review of Their Doc

There is one disclaimer at the end of Cured which I could not imagine that the filmmakers would have inserted on their own without pressure from the APA and establishment psychiatry. Owing to my speculation of establishment psychiatry pressure—which has been reported in other psychiatry films (more later on A Beautiful Mind)—the Cured filmmakers reached out to me, and we had a teleconference discussion for approximately an hour, which I’ll get to.

As I previously noted, Cured includes a graphic portrayal of the use of electroconvulsive therapy (ECT), commonly known as electroshock, to “cure” homosexuality, showing just how traumatizing and brain injuring ECT was for its victim patients. Cured also points out that another commonly used barbaric “treatment” was “aversion therapy,” in which electric shock to the genitals and/or nausea-inducing drugs were administered simultaneously with the presentation of homoerotic stimuli; and Cured notes that psychiatry also attempted to “cure” homosexuality with castration and lobotomy.

The Gates Foundation Avoids a Reckoning on Race and Power

Over the last year, Doctors Without Borders has faced a major scandal, as more than 1,000 current and former employees signed on to a letter accusing the Nobel Peace Prize-winning humanitarian organization of institutional racism, citing a colonial mentality in how the group’s European managers view the developing world.1

Such an allegation would be serious in any field, but it deserves another level of scrutiny in the context of global health and humanitarianism, two fields built on a paternalistic premise: rich white people from wealthy nations setting themselves up as saviors of poor people of color. The assumptions embedded in this model have provoked increasingly popular calls to “decolonize” the sector, and many organizations have responded by invoking social justice rhetoric, claiming, for instance, that their work intersects with the Black Lives Matter movement.2

Stoller says Facebook shutdown shows company is ‘incompetent’

“What the outage yesterday shows as well as a bunch of these [documents], is that that in fact is true, Mark Zuckerberg is incompetent,” Stoller said. “And that’s why the only reason that he has market power in social networking is because he is engaged in monopolization.”

Health/Nutrition

• Opinion | It’s the Algorithm, Stupid!

  The difference between cocaine and crack cocaine is almost entirely one of pH, the relative scale of acidity or alkalinity. Regular cocaine in its original plant form, coca leaf, is commonly consumed by people across the mountainous parts of South America and has been for millennia, much as caffeine has been used through drinking tea in parts of Asia. It causes little to no harm; people can drink coca tea with no more impact than the caffeine from a soft drink.

• In Historic First, WHO Approves Vaccine to Prevent Malaria

• AZ Gov Can’t Restrict Money From Schools With Mask Rules, Treasury Dept Says

• ‘Holy Hell’: Idaho’s Far-Right Lt. Gov. Bans Vaccine Mandates With Governor Out of State

• ‘Entirely Unsurprising’: Merck Slammed for 4,000% Markup of Taxpayer-Funded Covid Drug

  The New Jersey-based pharmaceutical giant Merck is facing accusations of price gouging after it charged the U.S. over $700 per patient for a taxpayer-funded coronavirus treatment that, according to research, costs just $17.74 to produce.

  “This is why we need to waive patents on all Covid treatments and vaccines.”

• Moderna Founders Make Forbes 400 Richest List as Company Refuses to Share Vaccine With Poor

  Two of Moderna’s founders landed on this year’s Forbes 400 list of the richest people in the U.S. as the Massachusetts-based pharmaceutical giant continues to rake in major profits from its coronavirus vaccine—and resists calls to share the recipe with the rest of the world.

  Moderna chairman and co-founder Noubar Afeyan, board member and co-founder Robert Langer, and early investor Timothy Springer each appeared on the Forbes list for the first time.

• Facebook’s whistleblower report confirms what researchers have known for years

  But for researchers who study social media, the internal study that sparked the controversy was mostly confirmation of what they already knew — that Instagram makes teen girls feel worse about their bodies, and that they blame the platform for anxiety, depression, and suicidal thoughts.

  Megan Moreno, principal investigator of the Social Media and Adolescent Health Research Team at the University of Wisconsin-Madison, says Haugen’s interpretation of the internal research squares perfectly with other work done on social media, especially Instagram.

Integrity/Availability

• Proprietary

  • Canopy Parental Control App Wide Open to Unpatched XSS Bugs

    The vulnerability arises because the system is failing to sanitize user inputs. The input field allows 50 characters, Young found, “which was plenty to source an external script.”

    He said there are multiple ways to exploit the issue.

  • Security

    • Privacy/Surveillance

      • ‘Historic Moment’: EU Approves Call for Sweeping Ban on Facial Recognition Surveillance

        The European Parliament has overwhelmingly approved a call to ban facial recognition surveillance—a development heralded by the technology’s foes as a “big win for human rights.” 

        The vote on the resolution was 377-248. While the measure is nonbinding, the EUObserver reported Wednesday that its passsage means “Parliament now has for the first time an official position advocating for a ban on biometric mass surveillance, which sends a strong signal for negotiations of the first-ever EU rules on AI systems.”

      • Court Documents Show The FBI Used A Whole Lot Of Geofence Warrants To Track Down January 6th Insurrectionists

        The new hotness for law enforcement isn’t all that new. But it is still very hot, a better way to amass a list of suspects when you don’t have any particular suspect in mind. Aiding and abetting in the new bulk collection is Google, which has a collection of location info plenty of law enforcement agencies find useful.

      • Tone Deaf Facebook Did Cripple VR Headsets When Borked BGP Routing Took Down All Of Facebook

        For over a year now, we have discussed Facebook’s decision to require users of Oculus VR headsets to have active Facebook accounts linked to the devices in order for them to work properly. This decision came to be despite all the noise made by Oculus in 2014, when Facebook acquired the VR company, insisting that this very specific thing would not occur. Karl Bode, at the time, pointed out a number of potential issues this plan could cause, noting specifically that users could find their Oculus hardware broken for reasons not of their own making.

      • Belgian Government Wants To Add Encryption Backdoors To Its Already-Terrible Data Retention Law

        Earlier this year, a data retention law passed by the Belgian government was overturned by the country’s Constitutional Court. The law mandated retention of metadata on all calls and texts by residents for one year, just in case the government ever decided it wanted access to it. Acting on guidance from the EU Court on laws mandating indiscriminate data retention elsewhere in the Union, the Constitutional Court struck the law down, finding it was neither justified nor legal under CJEU precedent or under Belgium’s own Constitution.

      • Twitter Sells MoPub Ad Platform to AppLovin for $1.05 Billion

        The social-media company acquired MoPub in September 2013 for $350 million as a way to expand its advertising business and help place ads inside of other apps, as well as build an auction for Twitter’s own ad product.

      • What’s good, bad, and missing in the Facebook whistleblower’s testimony

        The Senate largely ate it up. Long frustrated by Facebook’s size and power — and, one suspects, by its own inability to address those issues in any constructive way — senators yielded the floor to Haugen to make her case. During the hearing titled “Protecting Kids Online: Testimony from a Facebook Whistleblower,” Haugen walked senators through most of The Wall Street Journal’s Facebook Files, touching on ethnic violence, national security, polarization, and more during her testimony.

        For their part, senators sought to paint the hearing in historic terms. There were repeated comparisons to Big Tobacco, and a “Big Tobacco moment.” “This research is the definition of a bombshell,” said Sen. Richard Blumenthal (D-CT), who led the hearing.

      • Facebook’s ‘snow day’: Massive outage reveals world’s dependence

        It also showed that despite the presence of Twitter, Telegram, Signal, TikTok, Snapchat, and a bevy of other platforms, nothing can easily replace the social network that over the past 17 years has effectively evolved into critical infrastructure. The outage came the same day Facebook asked a federal judge that a revised antitrust complaint against it by the Federal Trade Commission be dismissed because it faces vigorous competition from other services.

        There are certainly other online services for posting selfies, connecting with fans or reaching out to elected officials – but those who rely on Facebook to run their business or communicate with friends and family in far-flung places saw this as little consolation.

      • Google to auto-enable this security step for millions of accounts

        Google has announced that it will auto-enable 2-step verification (2SV) for an additional 150 million accounts by the end of this year. The company will also require more than 2 million YouTube creators to turn on 2SV. According to the company, 2SV is one of the most reliable ways to prevent unauthorised access to accounts and networks. Google says that they are only auto-enrolling accounts that have the proper backup mechanisms in place.

      • Confidentiality

        • A text message routing company suffered a five-year-long breach

          The [breach] in question was brought to light in a Securities and Exchange Commission filing Syniverse published last week. In it, Syniverse shares that in May 2021 it “became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization.” The company did its due diligence notifying law enforcement and conducting an internal investigation, resulting in the discovery that the security breach first started in May 2016. That’s five years of (possibly) unfettered access.

        • Company That Routes Billions of Text Messages Quietly Says It Was [Breached]

          The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”

        • Perfect Timing: Twitch Gets Compromised With Voluminous Leak Of Data Via Torrent

          It’s no secret that Amazon-owned Twitch has had a rough go of it for the past year or so. We’ve talked about most, if not all, of the issues the platform has created for itself: a DMCA apocalypse, a creative community angry about not being informed over copyright issues, unclear creator guidelines for content that result in punishment from Twitch while some creators happily test the fences on those guidelines, and further and ongoing communication breakdowns with creators. All of that, mind you, has taken place over the last 12 months. It’s been bad. Really bad!

        • Twitch confirms major data breach after its source code and secrets leak out

          The leak has been labeled as “part one,” suggesting that there could be more to come. While personal information like creator payments is included, this initial leak doesn’t appear to include passwords, addresses, or email accounts of Twitch users. Instead, the leaker appears to have focused on sharing Twitch’s own company tools and information, rather than code that would include personal accounts.

        • Massive Twitch hack reveals source code, creator payouts, and a Steam rival

          Well, this is bad. Twitch, the ultra-popular streaming site, appears to have been [breached]. An anonymous leaker on the 4chan message boards released a 125GB torrent that allegedly contains source code for the streaming service, along with payout information for creators and details about an unreleased Amazon Steam rival dubbed “Vapor.”

Defence/Aggression

• OO7: License to Kill?

  All the Bond movies deal with foreign enemies. From the mountain tops in Switzerland to the sandy beaches in Jamaica, from the sleazy streets of Las Vegas to the charms of Venetian canals, Bond has hunted down Britain’s enemies. (There are even tours “On the Tracks of OO7,” promising “trips, tours and events to the fascinating James Bond filming locations around the world.”) He is not a local London Bobbie. The MI6 agent always finds ways to thwart global plots to take over the world.

  That’s fine. But who are the enemies? Many are underground groups like SPECTRE (SPecial Executive for Counter-intelligence, Terrorism, Revenge and Extortion), or in legal terms, non-state actors with global ambitions. The distinction between state enemies and non-state actors is central to the question of who gives Bond his licence to kill. For if the enemy were a state actor, as was originally the Soviet Union or North Korea, one might assume the British consider themselves at war with such an enemy. In that case, some would assume Bond would have a legal right to kill enemy agents as he does.

• ‘This Wasn’t Justice. This Was Cruelty’: Calls to Abolish Death Penalty Follow Ernest Lee Johnson Execution

  Human rights defenders renewed calls for the abolition of capital punishment in the United States after the state of Missouri on Tuesday executed Ernest Lee Johnson, an intellectually disabled man.

  “A disabled Black man was killed by the state of Missouri tonight. We must #EndTheDeathPenalty.”

• A Massive Fail on Crime Reporting by The New York Times, NPR

  On September 27, 2021, the FBI released much-anticipated crime data on that most unusual year 2020. The statistics revealed a continued steady decline in major crimes overall—apart from one unfortunate outlier: homicides. Despite homicides being at historic lows, especially when compared to the 1980s and 1990s, the murder rate last year rose by 30 percent compared to the previous year. This rise has left journalists and analysts seeking explanations. Yet the notoriously volatile nature of short-term crime data renders such efforts futile. Ascribing a short-term fluctuation to any particular cause—even a global pandemic—is impossible.

• Taliban Fashion and Why It Matters

  “Call me old-fashioned but the thing that stands out from the photos isn’t their fashion choices but that they are carrying MASSIVE GUNS,” the Politico railed.

  They’re not looking hard enough. If big guns defined the Taliban, I would be more worried whenever I see heavily-armed soldiers at Penn Station.

• No Militarization of Space Act

  It is being sponsored by five members of the House of Representatives led by Representative Jared Huffman. In a statement announcing the September 22nd introduction of the measure, Huffman called the U.S. Space Force “costly and unnecessary.”

  The arms and aerospace industries, which have a central role in U.S. space military activities, will no doubt be super-active in coming weeks working to stop movement of the legislation.

• France and the Fraying of NATO

  It’s also a good thing that Biden’s withdrawal of U.S. troops from Afghanistan was poorly orchestrated with the lingering “coalition partners” such as Britain, French and Germany, producing angry criticism. It’s great that the British prime minister proposed to France a “Coalition of the Willing” to continue the fight in Afghanistan following the U.S. withdrawal—and better that it was dead in the water. (Maybe the French better than the Brits remember the Suez Crisis of 1956, the disastrous joint Anglo-French-Israeli effort to reimpose imperialist control over the canal. Not only did it lack U.S. participation; Eisenhower rationally shut it down after warnings from the Egyptians’ Soviet advisors.) It’s good that these three countries heeded the U.S. command to uphold their NATO promise to stand with the U.S. when attacked; that they lost over 600 troops in a fruitless effort; and that in the end the U.S. didn’t see fit to even involve them in the end plans. It’s good to wake up to the fact that the U.S. imperialists could care less about their input or their lives, but only demand their obedience and sacrifice.

  It’s wonderful that Germany, despite obnoxious U.S. opposition, has maintained its involvement in the Nordstream II natural gas pipeline project along with Russia. The last three U.S. administrations have opposed the pipeline, claiming it weakens the NATO alliance and helps Russia (and urging purchase of more expensive U.S. energy sources instead—to enhance mutual security, don’t you see). The Cold War arguments have fallen on deaf ears. The pipeline was completed last month. Good for global free trade and for national sovereignty, and a significant European blow to U.S. hegemony.

• The Ultimate Drug War Crackdown

  But one big problem is that throughout the decades of drug warfare, there have been crackdowns — big crackdowns. 

  Many federal judges, for example, some of whom have considered themselves to be fierce drug warriors, have long imposed maximum jail sentences on drug-law violators. 

• Report: Trump’s Former Aides Plan to Defy January 6 Commission’s Subpoenas

• Opinion | Why Does Congress Fight Over Funding Childcare But Not F-35s?

  “How’re you going to pay for it?” clearly applies only to “money for people,” never to “money for war.” Rational policy making would require exactly the opposite approach.

• US Rolls Out New Cybersecurity Requirements for Rail, Air [iophk: Windows TCO]

  Homeland Security Secretary Alejandro Mayorkas announced the measures Tuesday at a virtual cybersecurity conference, warning that recent incidents such as the SolarWinds [crack] and the Colonial Pipeline ransomware attack showed that “what is at stake is not simply the way we communicate or the way we work, but the way we live.”

  The new security directives target what the Department of Homeland Security and the Transportation Security Administration describe as “higher risk” rail companies, “critical” airport operators, and air passenger and air cargo companies.

Environment

• For the US, the climate plan is more walls and armed agents at the US-Mexico border

• Tory MP Backing Net Zero Took £5,000 Donation From Chair of Top Race Car Manufacturer

  A Conservative MP who helps run two parliamentary climate groups has taken a £5,000 donation from the chair of a leading racing car manufacturer.

  Sara Britcliffe has represented the constituency of Hyndburn and Haslingden in East Lancashire since 2019, one of the “Red Wall” seats won by Tory MPs in former Labour heartlands. 

• New Climate Journalism Awards Honor Chroniclers of the ‘Defining Story of Our Time’

  As the winners of the inaugural Covering Climate Now Journalism Awards were announced Wednesday evening, environmental campaigners hailed the new prizes for elevating journalists who chronicle one of the world’s most crucial news stories—but one critics say is woefully underreported by U.S. corporate media.

  Covering Climate Now (CCNow) is a collaborative effort co-founded by Columbia Journalism Review (CJR) and The Nation and joined by hundreds of partner outlets including Common Dreams.

• Creative Commons Announces New Board Members: Angela Oduor Lungati, Glenn Otis Brown & Jeni Tennison

  On behalf of the entire Creative Commons Board of Directors, I am delighted to announce the appointment of three new members of the Board: Glenn Otis Brown, Angela Oduor Lungati, and Jeni Tennison. Glenn is one of CC’s original architects: he was our Executive Director from 2002-2005, and then served on the Board from 2009-2012. He returns to CC with a deep sense of our history and fresh ideas for our future. Angela and Jeni are both long-time supporters of Creative Commons and leaders in the open knowledge movement, who are joining the board with a wealth of experience in technology and innovation. We are truly honored and grateful to have all three of them join us at this critical stage in the development of CC, as we celebrate our 20th anniversary and look to the future of better sharing.

• How to Turn Off the Tap on Plastic Waste

• Opinion | Climate Journalism Is Coming of Age

  This column is part of Covering Climate Now, a global journalism collaboration co-founded by Columbia Journalism Review and The Nation to strengthen coverage of the climate story. Mark Hertsgaard is CCNow’s executive director and the environment correspondent of The Nation. Kyle Pope is the editor and publisher of CJR.

• Big Oil Lobby Spending Millions to Gut Key Build Back Better Climate Provisions: Report

  As House Democrats prepare to grill representatives of Big Oil about their efforts to spread climate misinformation, a new InfluenceMap report details how fossil fuel trade groups are spending millions of dollars to mislead Americans against President Joe Biden’s widely popular $3.5 trillion Build Back Better plan and its robust climate provisions.

  “Big Oil talks a big game about supporting climate solutions—that is, until it might affect their banner profits and wealthy executive paydays.”

• Opinion | Steven Donziger and the Judicial Executioners of the Corporate State

  Judge Loretta Preska, an advisor to the conservative Federalist Society, to which Chevron is a major donor, sentenced human rights attorney and Chevron nemesis Steven Donziger to six months in prison Friday for misdemeanor contempt of court after he had already spent 787 days under house arrest in New York. 

• White House to Restore Key Elements of Nation’s ‘Bedrock Environmental Law’ Gutted by Trump

  “The National Environmental Policy Act is critical to ensuring that federal project managers look before they leap—and listen to experts and the public on a project’s potential impacts to people and wildlife alike.”

  “Assessing all cumulative impacts and alternatives for a project will mean better federal decisions, better outcomes for communities, and better results for public health.”

• US/UK Blocking UN Effort to Enshrine Clean Environment as Universal Human Right

  As environmental campaigners stress the urgency of a United Nations Human Rights Council resolution recognizing “the human right to a safe, clean, healthy, and sustainable environment,” reporting out Tuesday spotlights the U.S. and U.K.’s refusal to support the proposal.

  The resolution—backed by dozens of countries—is before the 47-member Human Rights Council (HRC), which is in an ongoing session this week.

• Climate Journalism Is Coming of Age

  This column is part of Covering Climate Now, a global journalism collaboration cofounded by Columbia Journalism Review and The Nation to strengthen coverage of the climate story. Mark Hertsgaard is CCNow’s executive director and the environment correspondent of The Nation. Kyle Pope is the editor and publisher of CJR.

• Energy

  • Price Spikes Puncture Fracking’s Promise to Keep Natural Gas Prices Low

    Natural gas’s notorious price volatility has been making a comeback — in a big way.

    The UK is experiencing a natural gas price surge so severe that the government stepped in to prevent a cascade down the supply chain that threatened to create food shortages. In the U.S., deals to sell natural gas this winter carry a price tag that’s roughly double or triple the costs in recent years, with a few traders placing bets that U.S. prices could multiply again, hitting $40 per thousand cubic feet (mcf), up from about $5 now. Major bank Citi said it won’t rule out $100/mcf for cargoes of liquefied natural gas (LNG) this winter, a tab for the supercooled form of the fossil fuel that’s used to ship it between continents which dwarfs even today’s record-setting heights.

  • “Low-carbon” Misses the Point: Arguments Favoring Nuclear Power as a Climate “Solution” are Fundamentally Misframed

    The climate argument for using nuclear power assumes that since nuclear power generation directly releases no CO2, it can be an effective climate solution. It can’t, because new (or even existing) nuclear generation costs more per kWh than carbon-free competitors—efficient use and renewable power—and thus displaces less carbon per dollar (or, by separate analysis, per year): less not by a small margin but by about an order of magnitude (factor of roughly ten). As I noted in an unpublished 17 Aug letter to The New York Times:

    Thus nuclear power not only isn’t a silver bullet, but, by using it, we shoot ourselves in the foot, thereby shrinking and slowing climate protection compared with choosing the fastest, cheapest tools. It is essential to look at nuclear power’s climate performance compared to its or its competitors’ cost and speed. That comparison is at the core of answering the question about whether to include nuclear power in climate mitigation.

  • Ticking Time Bombs: California Oil Spill Spurs New Calls to Ban Offshore Oil Drilling

    California Governor Gavin Newsom has declared a state of emergency after a devastating oil spill off the coast of Huntington Beach sent up to 144,000 gallons of crude oil into the Pacific Ocean. Investigators say a split in an underwater pipeline, likely damaged by a ship anchor, is the source of the oil spill. The pipeline owner, Texas-based Amplify Energy, didn’t report the leak until 12 hours after the Coast Guard was first notified, and beaches in the area are expected to be closed for months as crews race to minimize the environmental damage. “California’s offshore oil platforms are a ticking time bomb,” says Miyoko Sakashita, oceans program director at the Center for Biological Diversity. “It’s time to shut them down.”

  • Solar energy is a new cash crop for farmers – when the price is right

    His experience parallels a rising number of U.S. farmers who are growing solar energy alongside crops or livestock. It’s an idea with big promise at a time of rising focus on climate change and the need to transition away from fossil fuels.

  • ‘Another Day, Another Catastrophic Oil Spill’: Leak in Texas Fuels Calls to ‘Keep It in the Ground’

    A crude oil spill at a Marathon Petroleum refinery in Texas City outside of Houston on Wednesday—just the latest in a series of recent leaks—sparked fresh calls for rapidly phasing out fossil fuels and transitioning to 100% renewable energy.

    “The crazy thing is to expect that this won’t keep on happening every damn day until we just keep the oil in the ground.”

  • Only Two in 200 ‘Green Zone’ Events at COP26 Mention Fossil Fuels

    The UK organisers of the upcoming COP26 climate summit have come under fire for approving just two events that refer to fossil fuels, the primary driver of climate change, in a programme of public events happening alongside the main conference.

    The government-managed “Green Zone”, set to take place in the Glasgow Science Centre, will feature talks, films and performances, separate from the “Blue Zone” that will host the official United Nations negotiations.

• Wildlife/Nature

  • Biden Administration Defends Wildlife Services’ Killing of Eight Wolf Pups in Idaho

    The Biden administration has defended the U.S. Department of Agriculture’s Wildlife Services’ actions in Idaho after the agency preemptively killed eight wolf pups from Idaho’s Timberline pack in response to complaints from a rancher grazing livestock on public lands.

    “Killing these wolf pups was inhumane, unscientific, and indefensible,” said Joe Bushyhead with WildEarth Guardians. “Wolves face enough persecution in Idaho already at the hands of the state. The Biden administration should not be using federal resources to make a bad situation even worse.”

• Overpopulation

  • Opinion | What if Eating Animals Was the Main Cause of the Climate and Biodiversity Crises?

    As the world sinks into climate anxiety amid a global pantomime of broken promises and unconcealed corruption, is it possible that the solution to the climate and biodiversity crises could be cheap, quick and driven by the grassroots?

  • Water as Weapon of War: Activists Say Israel is Drying Out the West Bank to Drive Out Palestinians

    Last weekend, around 600 Israeli, Palestinian and international activists marched across Masafer Yatta in the Occupied West Bank to deliver a water tanker to Palestinian villagers. Their message was clear: Water is a human right, and Israel is depriving Palestine of this basic necessity.

  • UN Urges World to Act Now to Combat ‘Looming Water Crisis’

    “We need to wake up to the looming water crisis.”

    That’s what World Meteorological Organization Secretary-General Petteri Taalas said Tuesday to mark the publication of a new report, which shows that as the fossil fuel-driven climate emergency intensifies floods and droughts, access to clean water is expected to become even more unequal—increasing the importance of sustainable resource management.

Finance

• Republicans Lie That It’s Democrats’ — Not Trump’s — Debts That Need to Be Paid

• McConnell Says He’ll Allow Vote on Raising Debt Ceiling Through December

• Bernie Sanders Says Key Obstacle to Passing Reconciliation Is Corporate Media

• The Democrats’ One Chance to Cut Child Poverty in Half

  Here’s how it works. Parents of children aged 6 and younger across the country are receiving direct payments of up to $300 per month per child, or $3,600 per year per child. The payments drop to $250 a month for children between the ages of 6 and 17, and phase out for families with higher incomes.It’s an historic expansion of the original credit that’s already helping millions of working families.The direct payments are coming because the Child Tax Credit is a refundable tax credit. Normal, non-refundable tax credits simply cut your taxes. But a refundable tax credit, like the Child Tax Credit, helps you even if you don’t earn enough for it to reduce your taxes — so it’s a direct payment to you.Say you owe $3,000 in taxes. A non-refundable tax credit of $3,600 won’t be worth $3,600 to you. It would just reduce your taxes to zero. So you wouldn’t get the full benefit. And if you don’t owe any taxes to begin with, a non-refundable tax credit wouldn’t do you any good at all since you can’t reduce your taxes to less than zero dollars. But a refundable tax credit would help you. You’d get the money no matter what, the full $3,600. That’s why this expansion is such a big deal: it ensures that the money gets to lower-income families.The early results show that this policy is a game-changer. Over 3 million more households with children now report having enough to eat  after just the first two payments. More report being able to make rent, stay in their homes, and afford basic necessities. And 3 million children have been lifted out of poverty. It’s reduced racial disparities, as well. Hunger has fallen by one-third among Latinx families and by one-quarter among Black families.It bears repeating that if the credit is made permanent, and reaches everyone it should, it could cut child poverty in half.Yet the Republican Party — the so-called “party of family values” — is dead set against it. That’s because the program works.Every single Republican in Congress voted against the American Rescue Plan, which contained the initial expansion of the Child Tax Credit. You can bet they’re all going to vote against making that expansion permanent as part of the Democrats’ $3.5 trillion budget plan. It’s obvious: they do not care about helping working families. Democrats must get this done, no matter how staunch the Republican opposition. In the richest country in the world, it is inexcusable that millions of our children are living in poverty. For decades, almost all economic gains have gone to the top, leaving working families behind. This historic expansion of the Child Tax Credit is a crucial step towards righting this wrong. Poverty is a policy choice. Congress must make the Child Tax Credit permanent.

• Elizabeth Warren Probes “Corrupt” Link Between Tax System and Private Sector

• Biden Gives Democrats Green Light to Weaken the Filibuster for Debt Ceiling Vote

• Recent White House Study on Taxes Shows the Wealthy Pay a Lower Rate Than Everybody Else

  A decade ago, in an essay for The New York Times, Warren Buffett disclosed that he had paid nearly $7 million in federal taxes in 2010. “That sounds like a lot of money,” he wrote. “But what I paid was only 17.4 percent of my taxable income — and that’s actually a lower percentage than was paid by any of the other 20 people in our office. Their tax burdens ranged from 33 percent to 41 percent and averaged 36 percent.”

  The words “taxable income” are doing a lot of work in that sentence.

AstroTurf/Lobbying/Politics

• The Mounting Confusion of President Biden’s National Security Policy

  Not even Eisenhower had the experience that Biden accumulated over nearly 50 years in government that included 20 years on the Senate Foreign Relations Committee (12 of those years as chairman or ranking member) in addition to eight years in the White House as vice president.  During the campaign of 2019-2020, Biden frequently cited his trips to more than 60 countries and his one-on-ones with more than 100 national heads of state.  Biden privately boasted about his ability to dominate the national security bureaucracy, stressing that not even the “military will fuck with me.”

  Now, we are nine months into his administration, and there is no comprehensive picture of Biden’s priorities in foreign policy, let alone a Biden doctrine or strategy.  Biden has proclaimed an end to “forever wars,” but U.S. forces remain active in Iraq and Syria, where there are more than 3,000 U.S. combat forces.  Elsewhere, the United States is conducting shadowy operations and drone strikes in such places as Libya, Somalia, and Yemen.  So there is no reason to believe that U.S. forever wars will actually end.

• Forbes Reveals Why the US Government Is Trying to Extradite Venezuelan Diplomat Alex Saab

  The US would far prefer to just quietly extradite Saab to Miami, use whatever means necessary to extract sensitive information from him, and then warehouse him in the world’s largest prison system. Forbes uses the euphemism “under pressure” by US prison authorities as the means to force Saab to “shed light on Venezuela’s post-sanction economic network.” Saab already reports that his surrogate captors in Cabo Verde, described below, have unsuccessfully employed torture to try to break his will and induce him to betray Venezuela.

  That an elite business magazine such as Forbes is featuring a diplomat from a country aspiring to become socialist is a testament to the growing international movement to free the imprisoned Alex Saab and an indication of the weakness of the US case against him.

• Media Praise ‘Mavericks’ for Blocking Aid to American People

  President Joe Biden’s agenda, once seemingly on life support after a small coterie of right-wing Democrats announced they’d oppose pairing a social spending bill with infrastructure legislation, has a new lease on life—thanks to progressive Democrats who held the line.

• Globalization Meets Entropy…and We Lose

  Entropy, which is the Third Law of Thermodynamics, is defined as “a scientific concept, as well as a measurable physical property that is most commonly associated with a state of disorder, randomness, or uncertainty.” In more understandable terms, it basically says the universe and all its systems move toward chaos, not organization. Additionally, the more complex a system, the more energy it takes to maintain order and the more likely it is to break down.

  This is an easy concept to understand in our current societal systems — they are extremely complex, take enormous amounts of energy to maintain, and thanks to their complexity are increasingly likely to break down. A simple example would be our transportation systems — it’s easy to walk down a path. When you convert the path into a multi-lane highway and fill it with thousands of vehicles, maintaining “order,” as in preventing accidents, gets a lot harder and much, much more expensive.

• Opinion | Senate Must Pass Voting Rights Reform So States Can Protect Democracy

• AT&T Set Up And Paid For OAN Propaganda Network; Yet Everyone Wants To Scream About Facebook

  We’ve noted for a while there’s a weird myopia occurring in internet policy. As in, “big tech” (namely Facebook, Google, and Amazon) get a relentless amount of Congressional and policy wonk attention for their various, and sometimes painfully idiotic behaviors. At the same time, just an adorable smattering of serious policy attention is being given to a wide array of equally problematic but clearly monopolized industries (banking, airlines, insurance, energy), or internet-connected sectors that engage in many of the same (or sometimes worse) behaviors, be they adtech or U.S. telecom.

• Sanders Pushes Back After Manchin Says He Doesn’t Want to Create ‘An Entitlement Society’

  Senate Budget Committee Chair Bernie Sanders responded forcefully on Wednesday to remarks from Sen. Joe Manchin, one of just two senators holding up the Build Back Better budget reconciliation package containing key parts of President Joe Biden’s agenda.

  “Does Sen. Manchin really believe that seniors are not entitled to digest their food and that they’re not entitled to hear and see properly?”

• Biden Gives Democrats a Green Light to Weaken the Filibuster for Debt Ceiling Votes

  After previously opposing such a move, President Joe Biden on Tuesday said it is a “real possibility” that Democrats will change Senate rules to exempt debt ceiling votes from the 60-vote legislative filibuster—a reversal that comes as the U.S. is careening toward a default on its financial obligations.

  “Senate Republicans are playing a dangerous game with the debt ceiling. It could destroy our credit, jobs, and family savings.”

• Did the Constitution Pave the Way to Emancipation?

  Now, with his newest book, The Crooked Path to Abolition, Oakes brings his trilogy to a close. If Freedom National focused on the actions Republicans took to end slavery and Scorpion’s Sting explained how they expected those actions would accomplish their goal, The Crooked Path explores the legal and political justification behind the antislavery program—namely, that the Constitution was in fact an antislavery document, contrary to the claims of both slavery’s defenders and the noisiest faction of its radical critics. Even if it deprived the federal government of any power to abolish slavery within the Southern states, the Constitution provided a number of powerful tools for limiting slavery’s spread. While some of this argument is familiar from the earlier books, in The Crooked Path we get a more detailed and focused emphasis on the Constitution itself.

• European Parliament Votes For Ban On Biometric Mass Surveillance

  Members of the European Parliament have adopted a report on the use of Artificial Intelligence in Criminal Law. The file includes a paragraph that speaks out in favour of a ban on any processing of biometric data, including facial images, for law enforcement purposes that would lead to mass surveillance in publicly accessible spaces. With error rates of up to 99%, ineffective facial surveillance technology has nothing to do with targeted searches. The report also calls for a ban on AI-based predictive policing.

• Creative Commons’ Response to Wikimedia Foundation’s WIPO Observer Application Being Blocked

  Yesterday, we were disappointed to learn that the Wikimedia Foundation’s application for observer status at the World Intellectual Property Organization (WIPO) was blocked due to opposition by China for the second time after its initial application in 2020.

• Facebook whistleblower to meet with Jan. 6 committee: report

  The House select committee could hear from Haugen as early as Thursday, according to the network. The lawmakers on the committee are tasked with investigating the events surrounding the Jan. 6 insurrection, in which supporters of former President Trump stormed the Capitol in an effort to stop Congress from certifying Joe Biden’s 2020 election win.

  CNN reported that the committee wants to know from Haugen how the platform was used to organize and encourage the violent protest.

• Facebook whistleblower to talk to January 6 committee

  The select committee is also interested in hearing from Haugen, CNN has learned, as she could provide insight into how Facebook was used to ultimately facilitate violence that occurred at the US Capitol on January 6.

• Bill requiring companies report cyber incidents moves forward in the Senate [iophk: Windows TCO]

  The bill would require owners and operators of critical infrastructure groups to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. It would also require critical infrastructure groups, nonprofits and most medium to large businesses to report making ransomware attack payments within 24 hours.

• TSA to issue regulations to secure rail, aviation groups against cyber threats [iophk: Windows TCO]

  According to Mayorkas, the directive will require these groups to “identify a cybersecurity point person” charged with reporting cybersecurity incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), along with establishing “contingency and recovery plans” in the case of cyberattacks.

• U.S. to tell critical rail, air companies to report [breaches], name cyber chiefs [iophk: Windows TCO]

  The upcoming changes will make it mandatory for “higher-risk” rail transit companies and “critical” U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose [breaches] to the government and draft recovery plans for if an attack were to occur.

Misinformation/Disinformation

• Chinese ‘Disinformation’ and US Propaganda

  In Western media’s latest anti-China crusade, unsubstantiated allegations of a Chinese disinformation campaign—which the reports themselves admit have had little engagement on social media, and nonexistent impact offline—supposedly represent a very serious threat to the US.

• Reining in doctors promoting COVID-19 misinformation

  A little over a month ago, I wrote about how the Federation of State Medical Boards (FSMB) had recently issued a statement asserting that physicians who spread COVID-19 misinformation should be subject to disciplinary measures by their state medical boards up to and including revocation of their medical licenses. Given that there have been some developments on that front since then, I thought that now would be a good time for an update and a bit more discussion on the general issue of what should be done about physicians who promote misinformation not just about COVID-19 and COVID-19 vaccines, but medical misinformation, antivaccine conspiracy theories, and pseudoscience in general. At the time of my original post, I expressed major skepticism that the FSMB’s statement would result in any action. The situation is perhaps not as bad as I had predicted then, but it’s also not so great, either.

• City Loses Case for Streaming Revenues, 1/3 Get News from Facebook, Open Broadband Project

  A recent study from The Pew Research Center, published late last month, found that 31 percent of Americans routinely receive their news from Facebook.

Censorship/Free Speech

• Content Moderation Case Study: Twitter’s Self-Deleting Tweets Feature Creates New Moderation Problems

  Summary: In its 15 years as a micro-blogging service, Twitter has given users more characters per tweet, reaction GIFs, multiple UI options, and the occasional random resorting of their timelines.

• Resident Evil 4 VR Dialogue Reportedly Censored by Facebook

  Multiple sources have now reported that Resident Evil 4′s dialogue has been altered according to the requests of Facebook, the producer of Oculus Quest headsets. According to the claims, Capcom agreed to the requests, and developer of the VR version, Armature Studios, made them accordingly. While the gratuitous violence and gore Resident Evil is known for is apparently untouched, several sexually-charged or flirtatious comments have been cut.

Freedom of Information/Freedom of the Press

• Russian Journalist Anna Politkovskaya Was Killed 15 Years Ago

  On October 7, 2006, Anna Politkovskaya, a reporter for Novaya Gazeta, was gunned down in the entry of her building in Moscow. She belonged to a generation that started out on its journalistic path as perestroika began, a group that actively built the new journalism. During the first war in Chechnyam, she reported deeply on the suffering and fate of ordinary people, soldiers and their mothers, Chechen women, children, and old people. She showed the human dimension of war, a quality that some, to this day, wrongly consider a distinction of women’s reporting from hot or war spots. Moreover, she sometimes participated in helping the people she wrote about—she helped residents of a nursing home evacuate from Chechnya.

Civil Rights/Policing

• Abolition, Cultural Freedom, Liberation

• Nine Decades of Secular Humanism

  Humanism means helping people, and secular means doing it without supernatural religion. The movement soared three centuries ago in The Enlightenment, when bold thinkers sought to end the divine right of kings, end church abuses, create democracy, launch human rights, halt the privileges of aristocrats, and bring other reforms such as personal equality, free speech and a social safety net.

  Thomas Hobbes envisioned a “social contract” in which people granted power to government to gain protection. John Locke sought separation of church and state. Baron Montesquieu outlined a democracy with judicial, executive and legislative branches. Voltaire sneered at Christianity as “the most ridiculous, the most absurd and bloody religion that ever infected the world.” Baruch Spinoza was excommunicated by Jews for doubting a personal god. Francis Bacon developed the scientific method of seeking facts. David Hume said scientific inquiry makes miracles implausible.

• Baby Talk Fascists: Reflections on a Summer Encounter

  It was very instructive regarding a topic I had not previously understood with sufficient clarity: the significant extent to which current American anti-abortion sentiment and activists are linked to a broader right-wing neofascist world view and movement.

  I was approached by numerous OR proselytizers across the street from the besieged clinic. Beyond expressing their standard horror at the “murder of babies,” OR activists informed me that…

• “Becoming Abolitionists”: Derecka Purnell on Why Police Reform Is Not Enough to Protect Black Lives

  Derecka Purnell draws from her experience as a human rights lawyer in her new book, published this month, “Becoming Abolitionists: Police, Protests, and the Pursuit of Freedom,” to argue that police reform is an inadequate compromise to calls for abolition. Since the murders of George Floyd in Minneapolis and Breonna Taylor in Louisville in 2020, many states have passed laws aimed at reforming police, but congressional talks at the federal level have broken down. Purnell reflects upon her personal journey as a Black woman who believed in police reform before pivoting to abolition, saying, “I became a part of social movements who pushed me to think more critically … about building a world without violence and how to reduce our reliance on police.”

• Police Reform Is Not Enough to Protect Black Lives

• Peace Officers: a New Division of Salem Police Department

  The proposed Goals and Objectives of the SPD include the list below for Safety.

• Stephen Breyer Is Getting Paid to Play Hamlet

  Nearly half of the Supreme Court spent the summer and early fall on a national gaslighting tour. Justices Clarence Thomas, Samuel Alito, Amy Coney Barrett, and Stephen Breyer all gave high-profile speeches or interviews during which they extolled the nonpartisan nature of the court. They further used their bully pulpits to attack the media and accuse it of misleading the public about the court’s stark political divide.

• Closing Rikers Island Is a Matter of Life and Death

  Isaabdul Karim wasn’t sentenced to death. In fact, he was never sentenced at all. But after the father of two was accused of a nonviolent parole violation and sent to Rikers Island, on September 19, he became the 11th person this year to die in a New York city jail.

• ‘Kellogg’s On Strrr-ike’: 1,400 Workers Walk Off Job to Protect Benefits

  Roughly 1,400 workers who make Corn Flakes, Froot Loops, Frosted Flakes, Raisin Bran, and Rice Krispies walked off the job on Tuesday to demand a fair contract, bringing all of the Kellogg Company’s U.S. cereal factories to a halt in one of the nation’s latest strikes.

  Anthony Shelton, president of the Bakery, Confectionery, Tobacco Workers, and Grain Millers International Union (BCTGM), on Tuesday expressed the union’s “unwavering solidarity with our courageous brothers and sisters who are on strike against the Kellogg Company” in four cities: Local 3G in Battle Creek, Michigan, where the company is headquartered; Local 50G in Omaha, Nebraska; Local 374G in Lancaster, Pennsylvania; and Local 252G in Memphis, Tennessee.

• Trump Is Gone, But the US Is Still Putting Migrants Through Hell

• Opinion | Protecting Workers Will Help Protect Democracy

• Body cam footage shows Minneapolis police celebrating hitting protesters with rubber bullets

  A spokesman for the Minneapolis Police Department told KSTP that they are unable to comment on the footage due to an ongoing internal investigation.

• Body cam footage shows Minneapolis police allegedly ‘hunting’ anti-police brutality protesters

• Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim’s Name, Address And Telephone Number

  It’s a rare example of a so-called keyword warrant and, with the number of search terms included, the broadest on record. (See the update below for other, potentially even broader warrants.) Before this latest case, only two keyword warrants had been made public. One revealed in 2020 asked for anyone who had searched for the address of an arson victim who was a witness in the government’s racketeering case against singer R Kelly. Another, detailed in 2017, revealed that a Minnesota judge signed off on a warrant asking Google to provide information on anyone who searched a fraud victim’s name from within the city of Edina, where the crime took place.

• Sarah Everard vigil: Police officers contacted arrested woman on Tinder

  Ms Stevenson said she had also become the focus of internet conspiracies since her arrest and “can’t count the amount of death threats I’ve had”.

  She said people had claimed she was a “crisis actor” paid to attend the vigil and get arrested to legitimise attacks on the police.

  She added that many of the threats had been about kidnapping her.

• Fifty officers contacted me on dating app, says woman arrested at Sarah Everard vigil

  “I do not understand why someone would do that. It is almost like an intimidation thing, saying ‘look we can see you’, and that…”

• The French Catholic church acknowledges a staggering pattern of sexual abuse

  The sheer number was overwhelming: between 1950 and 2020 at least 216,000 children were sexually abused in France by Catholic clergy. Thus, on October 5th, concluded a two-year, independent inquiry commissioned by the church. Jean-Marc Sauvé, the president of the commission that conducted the investigation, said it uncovered “the lead weight of silence smothering the crimes” committed by 2,900-3,200 clergy. If lay members were also included, the number of abused could reach 330,000.

Internet Policy/Net Neutrality

• Does An Internet Infrastructure Taxonomy Help Or Hurt?

  We’ve been running our Greenhouse discussion on content moderation at the infrastructure level for a bit now, and normally all of the posts for these discussions come from expert guest commentators. However, I’m going to add my voice to the collection here because there’s one topic that I haven’t seen covered, and which is important, because it comes up whenever I’m talking to people about content moderation at the infrastructure level: do we need a new taxonomy for internet infrastructure to better have this discussion?

• FCC Finally Gets Off Its Ass To Combat SIM Hijacking

  So for years we’ve talked about the growing threat of SIM hijacking, which involves an attacker covertly porting out your phone number from right underneath your nose (sometimes with the help of bribed or conned wireless carrier employees). Once they have your phone identity, they have access to most of your personal accounts secured by two-factor SMS authentication, opening the door to the theft of social media accounts or the draining of your cryptocurrency account. If you’re really unlucky, the hackers will harrass the hell out of you in a bid to extort you even further.

• If Your Takeaway From Facebook’s Whistleblower Is That Section 230 Needs Reform, You Just Got Played By Facebook

  Here we go again. Yesterday, the Facebook whistleblower, Frances Haugen, testified before the Senate Commerce Committee. Frankly, she came across as pretty credible and thoughtful, even if I completely disagree with some of her suggestions. I think she’s correct about some of the problems she witnessed, and the misalignment of incentives facing Facebook’s senior management. However, her understanding of the possible approaches to deal with it is, unfortunately, a mixed bag.

Monopolies

• EU to file anti-trust against Apple over NFC chip: claim

  The European Union is set to file an anti-trust suit against Apple over the NFC chip technology it uses for tap-and-go payments, a report claims.

• EXCLUSIVE Apple to face EU antitrust charge over NFC chip – sources

  Preliminary concerns were Apple’s NFC chip which enables tap-and-go payments on iPhones, its terms and conditions on how mobile payment service Apple Pay should be used in merchants’ apps and websites, and the company’s refusal to allow rivals access to the payment system.

  The European Commission has since narrowed its focus to just the NFC chip, which can only be accessed by Apple Pay, one of the sources said.

• Facebook Whistleblower to Congress: Regulate Big Tech. Silicon Valley Can’t Be Trusted to Police Itself

  Facebook whistleblower Frances Haugen testified to Congress Tuesday, denouncing the company for prioritizing “astronomical profits” over the safety of billions of users, and urging lawmakers to enact strict oversight over Facebook. Haugen’s testimony gave a rare glimpse into the secretive tech company, which she accused of harming children, sowing division by boosting hateful content, and undermining democracy. “Facebook wants you to believe that the problems we’re talking about are unsolvable. They want you to believe in false choices,” Haugen said at the hearing. Roger McNamee, a former mentor to Mark Zuckerberg, says a U.S. business culture “where CEOs are told to prioritize shareholder value at all cost” is partly to blame for Facebook’s design. “We have abdicated too much power to corporations. We have essentially said we’re not going to regulate them.” We also speak with tech reform activist Jessica González, who says Haugen’s testimony has exposed how little Facebook regulates its platform outside the English-speaking world. “Facebook has not adequately invested to keep people safe across languages,” says González. “There is a very racist element to the lack of investment.”

• Copyrights

  • ACE Anti-Piracy Coalition Takes Control of Dozens of Pirate IPTV Domains

    The powerful global anti-piracy coalition Alliance for Creativity and Entertainment has taken over yet more pirate IPTV-related domains. The latest wave includes more than three dozen new additions to a rapidly growing list. All indications suggest that ACE gave the suppliers an ultimatum – shut down and hand over your domains or face more vigorous legal action.

  • RIAA Secures ‘Victory’ Against YouTube Rippers and Seeks $82 Million in Damages

    The RIAA has secured an important victory in its piracy lawsuit against YouTube-rippers FLVTO.biz and 2conv.com and their Russian operator. A Virginia federal court has issued a default judgment in favor of several prominent music companies. The RIAA also requests over $82 million in damages, which has yet to be signed off in court.

  • Introducing InclusiveAccess.org

    Against this backdrop, a new sales model known as “Inclusive Access” has taken off. Also known as automatic textbook billing, this model adds the cost of digital course content into students’ tuition and fees. Hardly known five years ago, one in three college students reported participating in at least one Inclusive Access course during the 2020-21 academic year.

Is Linux Faster Than Windows? [Ed: Poor and false statements all around, e.g. "Windows and Linux have been around roughly the same amount of time (both were begun around 1990)"]

Audiocasts/Shows

• The Linux Link Tech Show Episode 925

  facebook down, lets encrypt root cert expiration, more support woes, and happier times

• FLOSS Weekly 650: Decentralizing Social Networks – James Vasile

  Can social media be decentralized? James Vasile of Open Tech Strategies and DSNP is working on several projects at once toward that goal. Vasile touches on these goals and much more including the fediverse, palgorithms (personal algorithms), advantages and limits of clouds and blockchains. It’s a fascinating, wide-ranging discussion with Doc Searls and Jonathan Bennett of FLOSS Weekly.

• I’m Playing 0 A.D. When I Should Be Working – Invidious

  So I went to the office today with the intention of making a proper video, but once I sat down at the computer, I started playing my favorite free and open source game 0 A.D. I quickly realized that I wasn’t going to make any real content today.

• The NEW Linux For Everyone Show: Meet Jerry Morrison – Invidious

  Introducing the new Linux For Everyone show! Jason’s making room for a couple new co-hosts. In this first trailer, meet Jason’s friend and musical partner-in-crime Jerry Morrison.

• Archcraft 2021.09.25 Quick overview #Shorts – Invidious

  A Quick overview of Archcraft 2021.09.25

• Enterprise Linux Security Episode 05 – The “Attacker” Mindset – Invidious

  We’ve talked about Enterprise Linux Security from the worldview of the system administrator, but what’s it like on the other side? In this episode, Jay and Joao are joined by Atalay Kelestemur, an Ethical Hacker, as we discuss the mindset of the attacker.

• Linus Tech Tips Linux Challenge: Our Reaction | Jupiter Extras 76

  Our virtual LUG of experts had a lot to say about the Linus Tech Tips Switch to Linux challenge. We recap what is going on, how it could go wrong, and what we hope happens.

  This release is an excerpt from our LINUX Unplugged live stream on Tuesday, October 5th, 2021.

• Coding Gungan Style | Coder Radio 434

  It’s final push time on a big project for Mike, but Chris is the one who is exhausted. Still we’ve got some new insights into testing and thoughts on an emerging category of developer.

  Plus, why the hermit developer is alive and well, some important feedback, and a Python tip.

Kernel Space

• Raspberry Pi “V3D” Driver Landing Support For Multiple Sync Objects – Phoronix

  A new batch of drm-misc-next updates were sent out today for staging in DRM-Next ahead of the Linux 5.16 merge window. With this week’s changes there is a notable addition for the Broadcom V3D DRM kernel driver, which most notably is for the Raspberry Pi 4 and newer.

• Linux 5.16 Preps More Display Code For Alder Lake P & DG2/Alchemist – Phoronix

  In Linux 5.14 Intel introduced initial Alder Lake P enablement driver support including around the new “XeLPD” display block. With Linux 5.15 there was the initial enablement around DG2/Alchemist graphics. Now for Linux 5.16 is a significant amount of new driver code for actually getting the display support into shape for both DG2 and ADL-P.

• Progress Report: September 2021 – Asahi Linux

  It’s been a busy month! We’ve had a lot of movement in kernel land, as well as some tooling improvements and reverse engineering sessions. At this point, Asahi Linux is usable as a basic Linux desktop (without GPU acceleration)! The ground had been shifting until now, but we’re seeing drivers settle down. Let’s take a look at what’s been going on.

• Asahi Linux Progress Report September [LWN.net]

  The Asahi Linux project has a progress report on its goal of running Linux on Mac M1 hardware.

• Asahi Linux On The Apple M1: “Usable As A Basic Linux Desktop” Sans GPU Acceleration

  The Asahi Linux project that has been working nearly the past year on bringing up Apple M1 support under Linux has issued their September 2021 porting and reverse engineering report.

  With the progress made over the past month, “Asahi Linux is usable as a basic Linux desktop (without GPU acceleration)!”

  There are many new Apple M1 driver submissions under review for mainline inclusion on Linux, including around pinctrl, I2C driver, ASC mailbox, IOMMU 4K handling, and device power management. CPU core frequency scaling support meanwhile is currently undergoing a clean-up before being posted as a “request for comments” series. There is also development work happening on the RTKit layer, NVMe + SART, and DCP code.

  Bringing up the Apple M1 graphics with a kernel DRM driver and the necessary OpenGL/Vulkan Mesa driver code remains the big elephant in the room but progress continues to be made there too.

Applications

• Slimbook Battery 4 Released with Improved Power-Saving Features

  We spotlighted Slimbook Battery optimiser a couple of years ago, describing it as an essential tool for those looking to get longer battery life on Linux.

  Today, a major update to the battery tuning tool was released. It is said to extend compatibility to a ‘greater number of laptop brands’ (and Ubuntu-based distros) and offer improved power-saving prowess — yup: even if your laptop isn’t made by Slimbook!

  Slimbook Battery 4 also works with the Spanish PC company’s custom AMD and Intel controller apps. Paired together they unlock additional performance enhancing or power-saving possibilities.

• Weekly-ish recap — 6 October 2021: Inkscape 1.1.1

  The team finally released the first update to Inkscape v1.1. It comes mainly with bug fixes — a lot of them, in fact — so you’d do yourself a big favor by upgrading.

  And yes, I know I’m preaching to the choir with this, but the excitement is still strong witrh Martin’s ongoing work on pages support.

• 10 Best Linux Tools For Digital Artists [2021]

  There is no shortage of graphic design software for Linux users. While it is possible to create stunning graphics and make professional edits with several online software, today’s focus is on the most effective, memory-friendly software for Linux.

  Please note that these applications are listed randomly and not in order of their popularity, complexity, functionality, or price.

• FWUPD 1.7 Released With Supporting More Hardware For Firmware Updates On Linux

  FWUPD and the Linux Vendor Firmware Service (LVFS) continue to serve as a resounding open-source success for allowing an increasing amount of hardware to support firmware updates on Linux from system/motherboard UEFI to disk drives and various peripherals. LVFS is now serving up more than two million firmware downloads a month while FWUPD 1.7 is out today with supporting firmware updates on even more hardware.

Instructionals/Technical

• Create mongodb & web-based interface container on Docker – Linux Shout

  MongoDB doesn’t need an introduction, the one who is system administrating and developing would already know about it. It is a NoSQL database available to install on popular operating systems to provide a database without a fixed structure, hence easily scalable. Here in this article, we will learn the steps to easily install or create a MongoDB Database server container on the Docker Engine platform.

• How to Mount SMB Shares on Ubuntu?

  SMB is a client-server, file-sharing protocol that stands for Server Message Block which was invented by IBM in 1984 for the purpose of allowing computers to access files for reading or writing on a remote host using the LAN (Local area network). The SMB protocol that makes available the files or directories that are accessed on the remote host are called shares. This means that we can mount a shared file or directory to our system using the local area network.

  SMB was previously known as CIFS and is the old version or dialect of SMB which stands for Common Internet File System which was created by Microsoft and is a particular implementation of the Server Message Block protocol.

  In this article, we will provide you with each and every little step on how to mount SMB shares on Ubuntu using the Samba file server. Samba uses the SMB protocol and has the same function as SMB i-e enabling file sharing on Local area networks with other systems. But before going forward let me highlight a point that this article assumes that you have already shared a directory on a remote system and you will access that directory in this article.

• How to install Cassandra on Debian 11

  Cassandra or Apache Cassandra is an open-source NoSQL database initially developed by Facebook but later moved on to Apache license; therefore, it is now known as Apache Cassandra as well. The NoSQL databases are primarily used to compete in the current technology era by providing support to process graphical content, videos. As Cassandra belongs to the NoSQL category, it stores data in the form of key value pairs and uses its own query retrieving language known as CQL (Cassandra Query Language). The outermost shell of Cassandra is known as Cluster and it consists of several nodes, nodes are just the instance of Cassandra running on a machine.

• How to mount USB drive in CentOS

  A USB drive, also known as a USB flash drive or a pen drive, is a widely used external storage device that can be utilized to back up or transfer data from one system to another. As the file system is supported in a GUI Operating System such as Windows and GNOME Desktop in CentOS, which helps you to immediately mount a USB and access its data. However, most CentOS users prefer to mount the USB drive using the command-line method as they are used to working around the terminal. If you are one of them, you have to manually mount the USB drive in your CentOS terminal to access the USB data.

  This post will demonstrate to you how to mount a USB drive in CentOS. So, let’s start!

• How to use Nginx with Docker Compose

  Docker Compose is a tool that is utilized for defining and running several containers as a single service. It is used in staging, development, and testing environments. Docker Compose works by defining a stack in its “.yml” file and then executing it by utilizing docker-compose command. Docker Compose permits you to link multiple containers together and deploy an application with only one command. It also assists in maintaining the continuity of the Integration workflow.

  Using Docker Compose, you can create multiple containers and add local or official images such as “Nginx”. Inside a Docker Container, you can install packages, add or remove various settings of that specific container. In this post, we will talk about how to use Nginx with Docker Compose.

  To use Nginx with Docker Compose, you need to install and enable Docker and Docker Compose on your system. Follow the post to proceed with the installation procedure.

• How to use Debian 11 live USB

  You may require more than one operating system at once while keeping your device on a single parent OS. You can do so by using a third-party tool to install the other operating system virtually and can be used: for example, VirtualBox is being widely used to get the Linux-based OS on your host operating system. Most of the users keep Windows as their primary OS and install the other operating system on virtual machines. Contrary to these virtual machines access, you can make a live USB of the secondary OS that helps to use that operating system without affecting the functionality of the primary OS.

• How to use apt-get command on Debian 11

  The apt-get command is a common and useful Linux command. Linux OS users have definitely used the “apt-get” command. If you are new to Linux, then you must know the usage of this command. The “apt-get” command is the Advanced Package Tool (APT) that handles software installation and removing. In this Article, several uses of apt-get commands on Debian 11(Linux OS) will be discussed in detail which will be very helpful for both beginners and users of the Debian system.

  The apt and apt-get commands are used for management of packages, the difference is that all the functions performed by apt-get, apt-cache and apt-config commands are solely performed by apt command so this is also the reason that apt command is now getting popular day by day.

• How to Install and Use Okteta for RAW Data Files in Linux

  Not many Linux editors can match the processing power of Okteta in terms of handling the complexities of raw data files. Okteta meets its functional objectives through the implementation of simplified algorithmic raw data display mechanisms.

• How to Install PHP 8.0 on openSUSE 15 Leap

  PHP 8.0 is a significant update of the PHP language released on November 26, 2020, a giant leap forward from the existing PHP 7.4 release. The new PHP contains many new features and optimizations, including named arguments, union types, attributes, constructor property promotion, match expression, null safe operators, JIT and improvements in the type system, error handling, and consistency.

  In the following tutorial, you will learn how to install PHP 8.0 on openSUSE 15 Leap.

• How to Install Nginx with Let’s Encrypt TLS/SSL on Ubuntu 20.04

  NGINX is an open-source, free HTTP server software. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for e-mail (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. The goal behind NGINX was to create the fastest web server around, and maintaining that excellence is still a central goal of the Nginx project. NGINX consistently beats Apache and other servers in benchmarks measuring web server performance and is now the most popular used web server according to W3Tech.

  In the following tutorial, you will learn to install Nginx on Ubuntu 20.04 LTS using the default Ubuntu repository or the alternative PPA by Ondřej Surý with a free TLS/SSL certificate from Let’s Encrypt.

• How to Change Between Users on Linux

  According to the su man page, the su command is used to either become another user during a login session or switch to the superuser.

• How To Install Logwatch on Ubuntu 20.04 LTS – idroot

  In this tutorial, we will show you how to install Logwatch on Ubuntu 20.04 LTS. For those of you who didn’t know, Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and generate a report and then mail the details to your email.

  This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Logwatch monitoring log file on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

• How to Install Duf Disk Usage Utility on Debian 11 Bullseye

  No, it is no Duff beer if that rings a bell. Today, we are talking about Duf disk utility, an open-source, free “Disk Usage Free Utility” written in Goland and released under MIT license. The disk utility supports multi-platforms such as BSD, Linux, macOS, and Windows operating systems.

  Duf is a command-line utility to find disk usage in Linux and Unix-like systems terminals. One of the excellent features of Duf is its ability to display the disk usage details in a beautiful, user-friendly layout in tab form. Some extra features with Duf include disk usage out in JSON output.

  In the following tutorial, you will learn how to install Duf on Debian 11 Bullseye.

• How to install Shotcut video editor on a Chromebook in 2021

  Today we are looking at how to install Shotcut video editor on a Chromebook Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

• How to install WPS Office 2019 on Linux Lite 5.4 – Invidious

  In this video, we are looking at how to install WPS Office 2019 on Linux Lite 5.4.

• Find Files and Directories in Linux Like a Pro

  This guide will show you how to use “find” and “locate” commands to find files and directories on your Linux file systems.

  There are times when you want to access a specific file but can’t find it on your Linux system. While there are many ways with which we can search and locate files and directories on Linux, the easiest and quickest is probably through the terminal.

Games

• Latest Steam Client Update Brings PipeWire Desktop Capture on Linux, Reduces Vulkan Pre-Caching Sizes

  The new stable Steam Client update is packed with lots of goodies for Linux users, starting with the availability of the PipeWire desktop capture feature, which can be enabled if you launch the Steam Client with the -pipewire command-line option.

  It also reduces the size of Vulkan pre-caching datasets by splitting and versioning them according to the capabilities of your graphics driver, as well as of Proton versions available in your system. Due to this change, the Vulkan pre-caching datasets will start from scratch after updating to the new Steam Client version.

• Godot Engine – Dev snapshot: Godot 3.4 beta 6

  The upcoming Godot 3.4 release will provide a number of new features which have been backported from the 4.0 development branch (see our release policy for details on the various Godot versions). This beta 6 build provides additional features and fixes to bugs reported against previous builds.

  If you already reviewed the changelog for the previous beta, you can skip right to the differences between beta 5 and beta 6.

  As usual, you can try it live with the online version of the Godot editor updated for this release.

• RedMagic 6S Pro Review: Gaming Is Serious Business.

  Gaming phones have been around for years at this point, but in many ways, they’re just beginning to hit their stride. Early models played it safe, while newer models are much bolder about being gaming-first devices. The RedMagic 6S Pro is a perfect example of this. Not only does it pack some serious punch in the chipset and hardware, but it’s full of gaming features, not to mention style. Let’s take a further look in this review.

• Get a look inside the Steam Deck in Valve’s latest video | GamingOnLinux

  Want to see inside a Steam Deck? Valve has delivered in the latest video although they’re keen to remind people not to do any of this yourself.

  Valve say it’s both a “How to” video and a “Why you shouldn’t do any of this”. Although they mention once you have it you have a right to do so, it’s not recommended. With everything packed so tightly together they’re giving a warning about damage to batteries, something that could cause a fire so there’s a threat to your life kind of warning involved if you do it wrong. The warranty also doesn’t cover any damage done by you if you really choose to do this.

• Steam Deck: How to disassemble Valve’s handheld gaming PC (and why you shouldn’t) – Liliputing

  Valve’s Steam Deck is a handheld gaming PC with a 7 inch display, built-in game controllers, a custom AMD processor with RDNA 2 graphics, and a starting price of $399, which makes the Steam Deck one of the most affordable devices in its category.

  But the entry-level model has just 64GB of eMMC storage, which means you have to pay $529 or more to get a version with a faster, higher-capacity PCIe NVMe solid state drive. The good news is a new video from Valve shows exactly how to open up the Steam Deck and add or upgrade an SSD. The bad news is Valve highly recommends you don’t actually do that, since there’s a high risk that you’ll damage your device.

• Linux Gamers Demolish Steam Hardware Survey – Invidious

  Gaming on linux has always been fairly niche but it’s slowly over time gaining more traction, and for the past 3 months Linux gamers have made up 1% of the market share, that might now sound like a lot but let’s put that into perspective.

Distributions

• BunsenLabs put on a lot of weight since Crunchbang and doesn’t support HiDPI out of the box. But there are other options.

  But over the years, GNOME packed on the pounds until my laptop, with its Sempron 3000+ and 1 GB of RAM just could not run it anymore. At least not if you wanted to do anything with the laptop.

  [...]

  GNOME is the only desktop that actually supports them properly out of the box, and that’s why I got so used to GNOME on Fedora and carried over using GNOME on this PC.

  Much of the work on proper scaling support was Canonical, because hey, open source. Everyone has an itch to scratch and at the end of the day, hopefully problems get solved.

  I doubt Red Hat ever would have looked into this. How many corporate laptops, or headless servers, are going to benefit from HiDPI displays that basically Macs and a few PCs have in them?

  In closing, Bunsenlabs is just not a distribution I can say I recommend.

  It’s not enough of a RAM savings that anything remotely modern will benefit too much from, and if you’re under that much memory pressure, you should probably look into setting up a KDE distribution with ZSwap in play.

  I can’t see the reason to recommend a desktop with less features, or one with a higher learning curve, or one that they’re just shoving all of GNOME into anyway to a person when they ask what can be done for an older system.

  I do think the fact that nobody is worried about doing better than KDE is, is a little concerning, but it’s nowhere near as bad as the situation on Windows. Since Microsoft considers a 3 year old PC ancient trash, and your RAM modules are soldered in, good luck trying to upgrade that. But moving over to a nice efficient GNU/Linux distribution is one way to buck the trend in software bloat.

• PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

  • Obs Studio » PCLinuxOS

    Open Broadcaster Software is free and open source software for video
    recording and live streaming has been updated to 27.1.2.

  • Mozilla Thunderbird » PCLinuxOS

    The Mozilla Thunderbird email client has been updated to 91.2.0 and shipped to the software repository for PCLinuxOS.

  • Signal Desktop » PCLinuxOS

    The Signal Desktop messaging client with privacy in mind has been updated to 5.19.0 and shipped to the software repository.

• Arch Family

  • Can you build ARCH from source? Let’s see!

    Apart from the object to build arch minimal base without systemd and its libraries, the idea or question that came to mind was whether you can build all your packages from the Arch recipes. Since Artix now is autonomous and relies on its own software base, not Arch, the same question applies, and I suppose the same applies to Manjaro. Most of the core pkgbuilds in Artix are just copies of Arch. Systemd may not be there but many of its libraries or pieces are still there. But let’s say you just want to build Arch, authentic and 100% true arch.

    The short answer is NO!
    The long answer is explained here:

    The minimal base/chroot of a system you must have to build Arch packages is base + base-devel – linux or boot loader. This is a chroot that Arch describes. Any additional dependencies are listed in the PKGBUILD as (dependencies, makedepends, checkdepends, …). So by adding the prescribed added dependencies you must have all that you need to build the “prescribed package”, right?

• IBM/Red Hat/Fedora

  • Red Hat Releases Beta Peek at Upcoming RHEL 8.5

    Less than five months after the release of Red Hat Enterprise Linux 8.4, Red Hat today released the beta version of it flagship server operating system, RHEL 8.5. Along with improvements and new features that are an expected part of any Red Hat release, this beta release is also easier for users to access and take for a test drive that previous betas have been.

    It also continues the 6-month release cadence that Red Hat announced at Red Hat Summit 2019, when it first introduced the RHEL 8 family. Assuming that things stay on schedule, the ready-for-prime-time version of RHEL 8.5 should drop in November.

  • Red Hat Enterprise Linux 8.5 Now Available As Beta

    Red Hat today made available the Red Hat Enterprise Linux 8.5 (RHEL 8.5) beta, incorporating a half-year of improvements to this flagship enterprise Linux distribution.

    Red Hat Enterprise Linux 8.5 beta brings a number of evolutionary improvements to RHEL8. Among the RHEL 8.5 Beta highlights are:

    - New system roles for Microsoft SQL Server, VPN configuration, Postfix (this role now fully supported), NTS timesync, and LVM VDO storage volume handling.

  • Red Hat Enterprise Linux 8.5 Enters Beta Testing with Live Kernel Patching on the Web Console

    Red Hat Enterprise Linux 8.5 is the fifth maintenance update to the latest and greatest Red Hat Enterprise Linux 8 operating system series and brings various new features to RHEL’s web console, such as live kernel patching without using the command line tooling and enhanced performance metrics to help you identify and prevent performance issues.

    Also new in Red Hat Enterprise Linux 8.5 are several new system roles for configuring, automating, and managing services on your Red Hat Enterprise Linux installations. These include RHEL system role for VPN, RHEL system role for Postfix, RHEL system role for timesync, RHEL system role for Storage, and RHEL system role for Microsoft SQL Server.

  • Stratasys’ New Data Security Offering Uses Red Hat Linux Platform; David Egts Quoted

    Stratasys has unveiled a data security platform for additive manufacturing to help meet the cybersecurity requirements of U.S. government and defense agencies as they increase adoption of 3D printing.

    The company said Thursday its ProtectAM offering uses the Red Hat Enterprise Linux platform, which provides continuous data security in compliance with the requirements outlined in the Defense Information System Agency’s Security Technical Implementation Guide.

    David Egts, chief technologist for North America public sector at Red Hat, said the company’s Red Hat Enterprise Linux helps users meet software security requirements for sensitive computing without compromising scalability, innovation and flexibility.

  • IT hiring’s big miss: How to hire for aptitude | The Enterprisers Project

    On the surface, it’s easy to see IT hiring difficulties as a symptom of the pandemic. 2020 alone was an exercise in roller-coaster talent economics, and some recent reports indicate that hiring is slowing as fears of rising case numbers swell.

    But to place the blame solely at the feet of the pandemic belies the fact that there’s been a consistent widespread need for exceptional IT talent for years. As recently as 2019 organizations struggled to find the right people for their IT positions.

    At issue is the hiring process itself. Understandably, many recruitment efforts have emphasized technical experience over soft skills, which are harder to measure but by no means less important. By narrowing their focus, potential employers have limited their talent pool and left no room for less traditional, more diverse applicants. What’s missing, it seems, is a focus on aptitude – the unstated skillset that breeds innovation and drives new ways of thinking.

  • Following a DevSecOps maturity model | Opensource.com

    DevSecOps is in many ways another level of DevOps maturity for an enterprise. Executive management and other stakeholders understand the concept of a maturity model, making it a helpful way to explain the value of this shift. Following a maturity model also helps you tell a story that includes the people, process, and technology changes that come with a DevOps-to-DevSecOps transformation.

  • Find and compare Python libraries with project2vec | Red Hat Developer

    The open source world provides numerous libraries for building applications. Finding the most appropriate one can be difficult. There are multiple criteria to consider when selecting a library for an application: Is the project well maintained by a healthy community? Does the library fit into the application stack? Will it work well on the target platform? The list of potential questions is large, and a negative response to any of them might lead you to reject a project and look for another one that provides similar functionality.

    Project Thoth, a set of tools for building robust Python applications, is creating a database of information about available projects. This article is a progress report and an invitation to join project2vec, which is currently a proof of concept. The ideas behind this project can be applied to other language ecosystems, as well.

  • Upgrade, Virt, Cloud, IoT, and CoreOS test days

    Fedora test days are events where anyone can help make sure changes in Fedora Linux work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed to Fedora Linux before, this is a perfect way to get started.

  • 3 focus areas for DevSecOps success

    When it comes to adopting DevSecOps, organizations sometimes focus on overarching goals like improving business agility or digital transformation. Such a broad scope can make DevSecOps adoption difficult. Instead, companies might find more success by breaking down their focus into three areas: increasing team collaboration, incorporating a new mindset with tools, and measuring progress.

  • Davie Street Enterprises leaps into Industry 4.0 with edge technologies

    Davie Street Enterprises (DSE), our fictional case study company with real-world problems, has made significant progress in its modernization efforts in this past year. The company has automated a large part of its IT infrastructure and has completely revamped its development processes using DevSecOps.

    It has also rebuilt the Parts and Supply (PAS) system to allow for more efficient supply chain management. With these successes behind it, DSE is feeling a little more confident in its plans to transform the company.

• Canonical/Ubuntu Family

  • Ubuntu Frame offers a snaps-based shell for developing edge-device GUIs

    Canonical has released “Ubuntu Frame,” a Wayland based fullscreen graphics shell for Ubuntu Core and other snaps-enabled distros for designing secure, easily deployable interactive kiosk, signage, and IoT applications.

    Canonical’s Ubuntu Frame is not a GUI application, but rather a fullscreen graphics shell for third-party graphics applications. The shell software is based on the widely adopted Wayland display server, which was fully embraced in Ubuntu 21.04 after a long transition from Canonical’s homegrown Mir. Ubuntu Frame is designed to run under Ubuntu Core, although it can run on standard Ubuntu variants and any distro that supports Canonical’s containerized snaps package mechanism (see farther below).

  • Canonical launches Ubuntu Frame for embedded displays

    Canonical, the company behind the Ubuntu operating system, has announced the launch of Ubuntu Frame. The new product seeks to give developers a way to easily build and deploy applications on embedded displays such as interactive kiosks and digital signage solutions.

    According to the company, the availability of Ubuntu Frame now means that developers do not need to integrate and maintain partial solutions such as DRM, KMS, input protocols or security policies. This will free up more time for developers to focus on content that’ll be shown on the display and reduce the number of bugs and vulnerabilities in code that is no longer necessary.

  • Ubuntu Frame is a secure display server for embedded systems – CNX Software

    Canonical has announced and released the Ubuntu Frame display server for embedded systems such as interactive kiosks, digital signage solutions, or any other embedded devices with a graphical output. The solution aims to allow developers to build and deploy graphical applications more easily and quickly, as Ubuntu Frame requires less code since, as Canonical explains, there’s no need to integrate and maintain partial solutions such as DRM, KMS, input protocols, or security policies.

    Ubuntu Frame fullscreen shell is based on Wayland, requires snaps support, and offers compatibility with existing graphical toolkits such as Flutter, Qt5/6, GTK3/4, Electron, and SDL2, as well as support for web-based graphical applications written with HTML5 and/or Java.

Devices/Embedded

• Raspberry Pi 4 SSD Case With Stats Display

  In this project, we’re going to be taking my previous Raspberry Pi Desktop Case design and adapting it to accommodate an SSD underneath the Pi.

  The case uses the same Raspberry Pi and Ice Tower combination that I used on the last version, but this time I’m going to add a Geekworm mSata SSD shield and a 128gb SSD. I’ve chosen an mSata shield and drive as these are typically quite a bit cheaper than NVME drives, and you don’t get that much benefit from using an NVME drive as you’re limited by the maximum speed of the USB 3 port in any case. You only really benefit from an NVME drive if it is connected through a PCIe port.

  You can buy a premade kit to assemble your own Pi SSD Case from my Etsy store.

• Open Hardware/Modding

  • BreadBin Is An 8-bit TTL CPU On A Breadboard, In A Bread Bin | Hackaday

    The total circuit is incredibly compact for a complete CPU, using just 33 chips. This includes 64 KB of flash to store programs as well as a 555 timer to generate a clock signal. I/Os are limited to simple eight-bit input and output buses, but a sixteen-bit address bus gives it plenty of space to add ROM, RAM or fancier interfaces.

  • Duco is a wall-climbing robot that paints circuit murals | Arduino Blog

    An Arduino Uno board controls Duco through a motor shield. It has two stepper motors, a servo motor, a linear actuator, and a UV light. It is capable of switching between two different pens — normally the conductive and dielectric ink. The UV light cures the ink after Duco applies it to a wall. Most of Duco’s frame parts were 3D-printed.

  • OMNi is a modular, omnidirectional robot for museum duties | Arduino Blog

    Museums allow people to explore topics in history, science, and much more through the use of exhibits that are often comprised of screens or some other interactive medium. Staff are given the role of visiting each one periodically and checking to see if they still work correctly as well as guide visitors around the area, thus taking them away from other tasks. To solve this problem, a pair from EDM Studio in Vancouver (Will Donaldson and Darran Edmundson) wanted to build an autonomous telepresence robotic platform, called “OMNi,” which could do both on its own.

  • Portenta H7 Lite Connected brings back WiFi & Bluetooth – CNX Software

    Arduino has launched another Arduino Pro board! Well, sort of. Let’s not get too excited. The Portenta H7 Lite Connected is based on last month’s Portenta H7 Lite that itself was a cost-optimized version of Portenta H7 board without a wireless module, USB-C video output, and only fitted with the lower cost Microchip ATECC608 secure element.

• Mobile Systems/Mobile Applications

  • Play Movies & TV on Android becomes Google TV – NotebookCheck.net News

  • How to Fix the “Unfortunately Gboard Has Stopped” Error on Android

  • Samsung Enabled Android 12′s Best Feature in New One UI Beta

  • Android 12 Is Out,But Only if You Want It Badly Enough | Digital Trends

  • Now Playing on Pixel rolling out cloud search for Android 12 – 9to5Google

  • The first games to support Android 12′s Game Mode are rolling out

  • Best Android app deals of the day: Heroes of Flatlandia, more – 9to5Toys

Free, Libre, and Open Source Software

• Web Browsers

  • Mozilla

    • Mozilla Releases Security Updates for Firefox and Firefox ESR | CISA

      Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR . An attacker could exploit some of these vulnerabilities to take control of an affected system.

      CISA encourages users and administrators to review the Mozilla security advisories for Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2.

    • Baby Steps

      In the previous “dyn async traits” posts, I talked about how we can think about the compiler as synthesizing an impl that performed the dynamic dispatch. In this post, I wanted to start explore a theoretical future in which this impl was written manually by the Rust programmer. This is in part a thought exercise, but it’s also a possible ingredient for a future design: if we could give programmers more control over the “impl Trait for dyn Trait” impl, then we could enable a lot of use cases.

    • Control your data for good with Rally – Mozilla Hacks – the Web developer blog

      Let’s face it, if you have ever used the internet or signed up for an online account, or even read a blog post like this one, chances are that your data has left a permanent mark on the interwebs and online services have exploited your data without your awareness for a very long time.

      The Fight for Privacy

      The fight for privacy is compounded by the rise in misinformation and platforms like Facebook willingly sharing information that is untrustworthy, shutting down platforms like Crowdtangle and recently terminating the accounts of New York University researchers that built Ad Observer, an extension dedicated to bringing greater transparency to political advertising. We think a better internet is one where people have more control over their data.

    • Introducing Abby Parise – The Mozilla Support Blog

      It’s with great pleasure that I introduce Abby Parise, who is the latest addition to the Customer Experience team. Abby is taking the role of Support Content Manager, so you’ll definitely see more of her in SUMO. If you were with us or have watched September’s community call, you might’ve seen her there.

• Productivity Software/LibreOffice/Calligra

  • LibreOffice project and community recap: September 2021 – The Document Foundation Blog

    Here’s our summary of updates, events and activities in the LibreOffice project in the last four weeks – click the links to learn more!

• FSF

  • GNU Projects

    • GIMP’s official mirrors and mirror policy

      As far as we could remember, organizations from all over the world have supported the GNU Image Manipulation Program by mirroring 🪞 our file downloads. This is important as we may have to sustain dozens of thousands downloads a day.

• Programming/Development

  • How to Remove Characters from Strings in JavaScript

    JavaScript provides users with various methods and properties for string manipulation, to transform those strings or to search useful information from those strings. Sometimes we have various lines of code in which we need to make changes, search for a character or replace a character or remove a character from a string.

    All these tasks become difficult to do and hence methods are provided by JavaScript that makes the job easier. Users can easily use these methods to manipulate a string and transform it. In this article we’ll discuss how to remove characters from strings in JavaScript, various ways and methods provided by JavaScript along with examples for your better understanding.

  • How to remove white empty spaces from Strings in JavaScript

    Manipulating string is a useful task while programming as it helps us in finding words, replacing words and especially for removing white spaces from string. JavaScript provides various built-in methods to users for manipulating with strings.

    Removing whitespaces from a string can be complex when it comes to tabs and line breaks and while you’re working with various lines of codes but JavaScript provides users with methods through which it becomes easier to manipulate strings and remove whitespaces from them and that’s why in this article we’ll discuss different methods and ways to remove whitespaces from a string in JavaScript, their explanation and how they’re used along with examples.

  • How to use git stash and git stash pop commands

    Git helps to control the version of your projects. Git is a well-known software used by programmers to work in a collaborative manner to achieve specific goals. The Git repositories are hosted by GitHub that helps to work online and assist the programmers to share their project or code files there. Moreover, Git is backed up by several operations or commands also like Git stash, Git stash apply, Git stash pop, Git stash drop. Inspired by the importance of Git, today’s guide will provide fundamental information about Git stash and Git stash pop; and use of both commands/operations in Ubuntu.

  • How to remove git remote

    Git is an open-source software with version control support that allows the users to store, edit and track the changes of projects.

    There are various benefits in using Git that include: fast and efficient processing on shared projects as well as monitoring the security of the projects. However, one of the major reasons for the emergence of Git is the remote repository access; the Git remote repository is available on the server and multiple contributors can make changes to it. Users can clone the remote repository to their machines and can retrieve required information from Git repository locally or it can help to do experimental analysis on the files of the repository without affecting its originality on the server. This cloning phenomenon allows to establish the connection between git remote repository and local repository; moreover, it also supports creating several clones of a single git repository so that multiple stakeholders can get access to the same project and can-do changes parallelly. The terminal support of Ubuntu can be used to add or remove the remote repositories as your local one.

  • How to make git local same as remote

    Git support of managing local and remote repositories has contributed to making computing a better experience. The remote repositories are managed on the server, whereas local repos are maintained on the machine and can be accessed without internet availability. Git offers two streaming supports: one is upstream, and the other is downstream; the upstream refers to where you clone your rep, and downstream allows you to integrate your work with other works.

    As Git is distributed version control software, working in a parallel manner may acquire the confusion state as there are several contributors making changes on a single project. Thus, it is recommended that the remote and local repositories must be synchronized to avoid any mishaps like you may require to fall back to some previous versions, which can be budget and time-consuming.

    While working in an environment where sometimes you have to make changes on remote, and you want that same changes must be present on your local repository as well. Keeping in view the importance of synchronization, we have prepared this guide to demonstrate the steps of keeping the local repository the same as remote…

  • How to output git log with first line only

    Git is one of the well-known repositories for version control systems and used widely among programmers to keep an eye on the changes being performed regularly. Sometimes, it is observed that fetching the history does not fulfill the purpose of it; so, you need to filter the content accordingly. Git provides this facility with its git log command; git log is used to display the content from history by filtering it according to the options provided.

    If you have a long list of commits and you want just basic information about commits; then the git log command provides a one line display of every commit. We have prepared this post to demonstrate the usage of git log command to get the output of commit in one line only: Let’s start this guide from general usage of git log followed by our targeted area:

  • Auto-Accepting in QSortFilterProxyModel

    In Qt 5.10, we added support for recursive filtering in QSortFilterProxyModel, which means keeping all parents of items matching the filter.

    One of the comments in the blog post about that feature was “Sometimes, you do not only want to show parents for a match (so the match is visible), you may (also) want to show children for a match”. This is indeed something I saw a need for, more than once. For instance, you filter a large tree for a project name but then you want to see all sub-tasks of that project as well, rather than see only those that contain the project name while those that do not are hidden.

  • Perl/Raku

    • Rakudo Weekly News: 2021.40 It’s here!

      With a MoarVM, NQP and Rakudo merge (at 922 commits and 335 files changed by 16 contributors), the work on the new-disp branch that started about 18 months ago, was finally made mainstream. Special kudos to everybody who was involved in what was the biggest internal change since the MoarVM backend was initially conceived. Jonathan Worthington reports about in The new MoarVM dispatch mechanism is here! (/r/rakulang, Twitter comments).

    • vrurg: Merging Symbols Issue

  • Python

    • Python 3.10 Officially Released with New Syntax / Typing Features [PPA]

      After several alpha, beta and rc tests, the Python programming language finally released version 3.10 today!

      Python 3.10 will receive bug-fix updates in next 18 months. After that, it’s supported with 5-year security updates until October 2026.

    • How to open URL in python

      Python is an interpreted language; it has different libraries to perform various functions. A Uniform Resource Locator (URL) is actually a web address to open a specific site. Sometimes while working in python we need to fetch data from a website, for this we have to open the url of a specific website. So, to open a URL in python we need to import the specified module and perform some steps to open that URL. In this article we will discuss how to open a URL in Python using “urllib.request” and “webbrowser” modules on Ubuntu (Linux OS) through a defined procedure.

    • How to use Python readline() function

      There are many useful methods of Python which we can use in our programs. One of the handy methods is python readline() method, it reads one complete line from a specified file at a time by default. You can also read more than one line or complete file using readline() method using different conditions like using size argument. The readline() method inserts a new line (\n) at the end of returned String.

      In this Article we discussed the usage of the readline() method in python and how to run it on a Linux system.

    • How to Rename File in Python

      We can rename files in Linux terminal using different approaches, one of the approaches is using Python which is discussed in this article. We cannot write Python code directly on the terminal, we create a separate file in a text editor. The “rename” is one of the operating system functions so we will use a Python OS module for this purpose.

  • Shell/Bash/Zsh/Ksh

    • How to remove special characters using sed

      Sed command is a Linux utility that can be used to perform lot of operations that includes insert and delete operations, find/search and replace operations. The sed command allows Linux users to edit and apply several functions on files without opening them directly. The sed command support editing functionalities that vary from beginners’ level to advanced level: For instance, inside a text file these operations can be performed on several datatypes: characters, numeric, special characters, alphanumeric et.,

      Keeping in view the importance of sed command; our today’s guide will explore several ways to remove special characters using sed command in Ubuntu.

    • How to use sed character classes

      Stream Editor (sed) is known as a powerful editor because of its wide range of supported functionalities like substituting, editing, deleting and many more. While Stream Editor has the long list of characters that provide assistance to manage the files automatically: these characters are enclosed in a set of similar characters known as Character Classes; these classes contain the characters of alike families.

      For instance, the digits while using sed are accessed through [[:digit:]] class and the alphanumeric characters are stored in the class named as [[:alnum:]]. Similarly, all the characters belong to some specific character class; knowing the importance of these classes, our today’s guide is focused to provide a deep insight into character classes in sed.

    • Bash Associative Array Explained With Examples In Linux – OSTechNix

      This is the second article as part of bash arrays. In the previous article, we have discussed how to work with Indexed arrays in Bash. In this guide, we will discuss about Bash Associative Array in detail with examples in Linux.

      Associative arrays work based on key-value pairs. In some languages, it is also called dictionaries or hash maps. The main difference between Indexed and Associative arrays is, Indexed arrays works based on index value, and each element in the array is mapped to a particular index position of the array. An associative array uses a “key” to map the value instead of index positions.

  • Java

    • Check Java processes on Linux with the jps command | Opensource.com

      On Linux, there are commands to view processes running on your system. A process is any ongoing event being managed by the kernel. A process is spawned when you launch an application, but there are also many other processes running in the background of your computer, including programs to keep your system time accurate, to monitor for new filesystems, to index files, and more. The utilities, such as those included in the procps-ng package, that monitor these processes tend to be intentionally generic. They look at all processes on your computer so you can filter the list based on what you need to know.

      On Linux, you can view processes with the ps command. It is the simplest way to view the running processes on your system.

Qwant — a European search engine

Qwant is a European search engine that respects your privacy. I learned about it from a Twitter thread. The European Processor Initiative announced last week that their first RiscV test chip samples were delivered and booted successfully. I tweeted that I would be happy to see not just European CPUs but also European software services, alternatives to Google, Facebook, LinkedIn and others.

Hardware

• A history of cell phone ownership… – Jon’s FOSS Blog

  I wanted to make a historical list of phones that I’ve owned over the years and the reasons why I purchased them in particular. I generally buy phones on the ‘S’ year (tick-tock cycle) when the small improvements have been made to it over time versus the major redesign years!

• Atari ST Still Manages Campground Reservations After 36 Years | Hackaday

  “Don’t fix it if it ain’t broke”. That’s what we guess [Frans Bos] has been thinking for the past few decades, as he kept using his Atari ST to run a booking system for the family campground. (Video, embedded below.)

  Although its case has yellowed a bit, the trusty old machine is still running 24/7 from April to October, as it has done every year since 1985. In the video [Frans] demonstrates the computer and its custom campground booking system to [Victor Bart].

Health/Nutrition

• Combating COVID-19 anti-vaxxers: lessons from political philosophy

  Challenging the scepticism and resistance in the public response to the COVID-19 vaccine is deeply important to the state of public health. This is a critical conversation because people are protesting the COVID-19 vaccines not just in South Africa, but globally too.

  As a teacher of political philosophy, I think it’s important to dispel the notion that the call to vaccinate is an infringement on acceptable liberal freedoms.

  Based on a significant number of years of studying, reading and teaching the works of the world’s most important philosophies, I am of the view that the anti-vaxxer position that being “forced to take the vaccine is an infringement on their liberal rights” is a misinformed stance.

Integrity/Availability

• Proprietary

  • Pseudo-Open Source

    • Openwashing

      • Open Source Firmware Monthly Cadence of New Releases for Ampere® Altra®

        Ampere is committed to supporting open-source firmware on its platforms. Open-source firmware is critical to the datacenter ecosystem and future innovation. Our customers require these solutions to work seamlessly on their platforms. In this whitepaper, we discuss how Ampere meets this need through our support for TianoCore/EDK, LinuxBoot, OpenBMC and OpenOCD.

      • Ampere Computing Steps Up With Monthly Open-Source Firmware Releases – Phoronix

        We have covered previously how Ampere Computing has been working on open-source firmware for their Ampere Altra processors and their reference server designs while now they are stepping up to the plate and committing to a monthly release cycle for their open-source firmware.

        Ampere has already proven themselves as the most capable AArch64 server vendor to date and with their new Ampere Altra Max at 128 cores per socket showing they can compete with the latest offerings from AMD and Intel for highly scalable workloads. They are also now making inroads on their open-source firmware strategy.

      • Sony Has Begun Accelerating Their Contributions To Open-Source / Linux – Phoronix

        At last week’s Linux Foundation Open-Source Summit / Embedded Linux Conference there was a Sony presentation about their history with open-source/Linux and how since last year they have been “accelerating” their open-source contributions.

        Hiroyuki Fukuchi and Kazumi Sato of Sony had an interesting presentation about how they have utilized open-source/Linux over the past two decades in their consumer electronics and how their relationship with open-source has evolved over that time. It also covered their work on establishing an open-source program office at the company and how their contributions have most recently changed.

    • Privatisation/Privateering

      • Linux Foundation

        • Open Source 5G Ecosystem Solutions on Display at ONE Summit, as US Government Hosts Security Mini Summit

          LF Networking (LFN), which facilitates collaboration and operational excellence across open source networking projects, today announced its 5G Super Blueprint initiative will host use case demonstrations across 5G, edge, IoT, and cloud native during Open Networking & Edge (ONE) Summit + Kubernetes on Edge Day, October 11-12, 2021.

          The 5G Super Blueprint is a community-driven integration of multiple open source initiatives that, collaboratively, demonstrate end-to-end use cases of end user implementation architectures. LFN creates a framework based on these integrated initiatives and projects to then develop blueprints, defined by a community-driven process that allows end-to-end solution use cases across vertical markets.

        • Open source’s slowly growing role in Fintech | ZDNet

          Well, that’s different. Most of the time when a business realizes a process helps them they embrace it. But, despite 69% of financial technology leaders saying open-source software and methodology increases productivity, they’re not so keen on implementing governance programs. This insight came from the Fintech Open Source Foundation’s (FINOS) 2021 State of Open Source in Financial Services Survey.

  • Security

    • Security updates for Wednesday [LWN.net]

      Security updates have been issued by Fedora (cryptopp), Mageia (apache), Slackware (httpd), and Ubuntu (squid, squid3).

    • Monthly Report (September 2021)
      

      Reproducible Builds

      There have been 3 releases of rebuilderd this month, 0.14.0, and two minor bugfix releases, 0.14.1 and 0.14.2.

      The 0.14.0 release introduced experimental support to rebuild Tails images in #66. Tails is a portable operating system that’s known for it’s strong focus on privacy and security, and commonly used by activists, journalists and various human-rights NGOs. It already had reproducible images for a long time (since around 2017), but you had to reproduce the images manually. Starting with this release you can setup rebuilderd to monitor Tails for new releases and automatically attempt to recreate the release from source, on your own independent build system

    • Reproducible Builds in September 2021 — reproducible-builds.org

      The goal behind “reproducible builds” is to ensure that no deliberate flaws have been introduced during compilation processes via promising or mandating that identical results are always generated from a given source. This allowing multiple third-parties to come to an agreement on whether a build was compromised or not by a system of distributed consensus.

      In these reports we outline the most important things that have been happening in the world of reproducible builds in the past month:

    • TuxCare Services Launches Database Live Patching for MySQL, MariaDB and PostgreSQL – No Maintenance Window Required [Ed: Ambitious claims as they assume 100% assurance all patches would not cause any conflicts or require some form of human intervention, testing, debugging etc.]

      -TuxCare announced today the availability of DatabaseCare, its live patching service for the most common open-source enterprise-grade databases, MySQL, MariaDB and PostgreSQL — which is a first in the industry.

    • Company That Routes Billions of Text Messages Quietly Says It Was Hacked

      A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.

    • Syniverse Hack – Schneier on Security

      No details about the hack. It could be nothing. It could be a national intelligence service looking for information.

    • Apache Releases Security Update for Apache HTTP Server | CISA

      The Apache Software Foundation has released Apache HTTP Server version 2.4.50 to address two vulnerabilities. An attacker could exploit these vulnerabilities to take control of an affected system. One vulnerability, CVE-2021-41773, has been exploited in the wild.

    • Twitch Data Leak 2021 Includes 125GB Private Data

      Another breach of the year 2021 is the Twitch Data Leak, which comprises 125GB of company data as well as the platform’s source code. An anonymous member on 4chan leaked the data on October 6, 2021.

      Twitch confirmed the incident on Twitter yesterday, following the release of the data. Twitch has not revealed any information about the incident, such as how such sensitive information was stolen by the hacker.

Defence/Aggression

• Was Passenger Name Record data exploited to kidnap Belarusian journalist? Access Now calls for EU investigation – Access Now

  There is still no sufficient outcome to Access Now’s request for an investigation into the potential role data disclosure between the EU and Belarus played in the grounding of Ryanair flight FR4978, and kidnapping of Belarusian journalist Raman Pratasevich, and partner, Sofia Sapega.

  On September 27, European Commissioner Ylva Johansson partially answered some questions raised in the letter sent on August 25, and indicated that “based on information gathered […] neither have the Belarusian authorities requested [Lithuania and Greece] to provide [PNR] information, nor have these Member States provided any data”.

  Access Now welcomes the initial reply, and will continue to follow up with the Commission to understand how this investigation was conducted, and to request answers to the original additional questions regarding the potential sharing of PNR data via other data sharing agreements, including Interpol.

Internet Policy/Net Neutrality

• Iraq’s elections must not be tainted by internet shutdowns – Access Now

  No to internet shutdowns in Iraq these elections — Access Now and the #KeepItOn coalition demand an open, accessible, and secure internet for all.

  “Iraq’s long history of shutting down the internet during times of national importance must not repeat during this upcoming election,” said Hayder Hamzoz, Founder of INSM Network for Digital Rights in Iraq. “People in Iraq have the right to access information, express opinion, and communicate with each other — all vital elements of the democratic process.”

  Scheduled for October 10, Iraq’s twice postponed general elections are a target for authorities seeking to censor and disconnect the population. The country’s record of shutting down the internet is long and deliberate, and includes a near-total shutdown and blocking of Facebook, Twitter, WhatsApp, Instagram, and other social and messaging apps throughout large-scale protests in 2019, and shutdowns during unrest in Basra in 2018.

Monopolies

• Has Facebook become too powerful?

  Global outage is the company’s latest headache, as whistleblower accuses it of putting profits above safety and privacy.

• Lawyers reveal five must-have changes for going green [Ed: Ridiculous, absolutely ridiculous greenwashing. EPO too does this nonsense. Can't make up this nonsense. Monopolies and litigation ... are GREEN.]

  Counsel from India discuss the changing role of in-house lawyers and steps they can take for a sustainable future

• Patents

  • Unilin Successfully Defends Laminate Waterproofing Patents in Europe [Ed: Misleading headline; those are not actual courts but administrative tribunals that are rigged and corrupted by the Office]

    On September 28, Unilin Technologies successfully defended an opposition against its European Patent EP 3294969 B1 (“the ’969 Patent”). The European Patent Office dismissed all arguments regarding novelty and inventive step of the opponent in a nine-hour oral hearing and decided that the ‘969 Patent was valid.

    [...]

    Unilin and the Mohawk group have been for many years practicing one of the embodiments of the technology through its Hydroseal, WetProtect and Revwood products. More recently, Unilin Technologies added the technology to its worldwide

  • Acasti Pharma Awarded Composition-of-Matter Patents for GTX-101 in Europe, China and Mexico and for GTX-102 in Japan

  • Polish Industrial Property Law looks set to undergo a revolutionary makeover [Ed: Well, the EPO and UPC harm Poland but people don't decide, corporations do.]

    With regard to patents, the legislation intends to introduce a preliminary patent application. However, the information available does not outline what this procedure would look like. There is also a plan to incorporate all provisions concerning patents contained in other acts, which would lead to the repeal of the Act on the Filing of European Patent Applications and the Effects of European Patent in the Republic of Poland (14 March 2003).

  • Patent on sustainable energy [Ed: These patents are a menace to this planet because they merely prevent companies from coming to market with greener solutions, fearing patent lawsuits, but this is an EPO greenwashing puff piece]

    If we want to reach the climate goals set for 2030 and 2050, we are going to have to do our utmost to continue developing sustainable energy technologies. In order to make appropriate government policy, it is important whether a technology builds primarily on earlier technology or depends on scientific research. This is the contention of doctoral candidate Peter Persoon.

    Hundreds of thousands of patents relating to energy technology are registered with the European Patent Office. By referring in turn to other patents, each of these documents forms part of a huge technological knowledge network, in some way comparable to academic publications within a specialty. “Not every technology is patented and many patents will never be used,” explains Peter Persoon. “But the great thing is that every patent offers a detailed description and has been put through a quality check.”

    And so patents can shed light on the knowledge structure underpinning sustainable energy technologies such as wind turbines and solar cells, Persoon points out. For his doctoral studies at Technology, Innovation & Society (TIS), the physicist delved into this mountain of patents. “What does a technology like this need in order to be taken further? What kind of parties are involved in this development, and where can they be found?”

  • Awaiting Vaping Verdict, Altria Faces Challenge To iQos Tobacco Devices

    As it awaits a decision from the Federal Trade Commission on its vaping partnership with Juul Labs Inc., Altria Group Inc. has been ordered to stop importing and marketing iQos tobacco-heating products in the United States.

    Last week, the International Trade Commission issued a final determination that Altria and Philip Morris International Inc. infringed upon two patents owned by British American Tobacco’s Reynolds American Inc. subsidiary.

  • Eight things to know about the patent filing process

    Patent filing can seem complex. If you’re thinking of filing a patent, but aren’t sure where to start, you’re in the right place. Here, we cut through the jargon to identify eight key things to know about the pre-filing, filing and post-filing process.

    [...]

    In Europe, it’s possible to file a patent application at the European Patent Office (EPO) from which you can centrally prosecute an application. Granted ‘EP’ patents can be validated in a number of countries post-grant. Note that the EPO isn’t related to the EU. Patents granted by the EPO can be validated in the UK.

• Trademarks

  • Low-hanging fruit? Counsel review Amazon’s influencer crackdown

    After Amazon settled a case against two influencers who encouraged the sale of counterfeits on its site, some brands question its desire to go after the big guns