Bonum Certa Men Certa

Links 02/06/2022: Fedora Linux 36 Elections and GNU/Linux on iPad



  • GNU/Linux

    • Desktop/Laptop

      • Have an old iPad lying around? You might be able to make it run Linux soon | Ars Technica

        If you have a 2013- or 2014-era iPad sitting around unused because it's not getting updates from Apple anymore and has stopped running the apps you need, some developers are working on an alternative software solution for you. Developer Konrad Dybcio and a Linux enthusiast going by "quaack723" have collaborated to get Linux kernel version 5.18 booting on an old iPad Air 2, a major feat for a device that was designed to never run any operating system other than Apple's.

        The project appears to use an Alpine Linux-based distribution called "postmarketOS," a relatively small but actively developed distribution made primarily for Android devices. Dybcio used a "checkm8" hashtag in his initial tweet about the project, strongly implying that they used the "Checkm8" bootrom exploit published back in 2019 to access the hardware. For now, the developers only have Linux running on some older iPad hardware using A7 and A8-based chips—this includes the iPad Air, iPad Air 2, and a few generations of iPad mini. But subsequent tweets imply that it will be possible to get Linux up and running on any device with an A7 or A8 in it, including the iPhone 5S and the original HomePod.

        This isn't the only project devoted to running Linux on Apple's hardware. One project, Asahi Linux, has been dedicated to reverse-engineering support for the M1 chips in Apple's Macs and sending the patches upstream so that they can be integrated into the Linux kernel. Another, Project Sandcastle, has a build of Android up and running on an iPhone 7. Apps like iSH will give you a Linux shell running on top of iOS or iPadOS—not the same as running Linux on the hardware directly, but useful in some circumstances.

      • Older iPads May Soon Be Able To Run Linux

        Older iPads with the Apple A7- and A8-based chips may soon be able to run Linux. "Developer Konrad Dybcio and a Linux enthusiast going by "quaack723" have collaborated to get Linux kernel version 5.18 booting on an old iPad Air 2, a major feat for a device that was designed to never run any operating system other than Apple's," reports Ars Technica.

      • Make Use OfHackable $219 Pinebook Pro Linux Laptop Back on Sale After Frustrating Yearlong Delay

        Pine64, the developers of Linux-based single-board computers, has announced the upcoming availability of the Pinebook Pro, an inexpensive laptop with upgradable components meant as an alternative to Chromebooks. The laptop had been out of stock for a year due to supply chain problems that have gripped the technology industry.

        Pinebook Pro Back on Sale After Delays

        Pine64's Lukasz Erecinski made the announcement of the Pinebook Pro's going back on sale in an official blog post, while the company also issued a YouTube video summarizing the announcement:

        The announcement had itself been meant to go out earlier in May, but Erecinksi had become ill. After a year of unavailability, the laptop will be available in June 2022 for $219 from Pine64's official store. The laptop had been previously enthusiastically reviewed by MUO as a "FOSS laptop that doesn't suck."

        "It has been a year since we were able to ship the Pinebook Pro, and ever since the last batch sold out we have been continually asked to bring it back," Erecinski said.

        The main reason for the delay in the availability of the machine has been sourcing IPS panels for the Pinebook Pro's 14-inch screen.

      • Beta NewsHP Dev One laptop running System76's Ubuntu Linux-based Pop!_OS now available

        Last month, the open source community was abuzz with excitement following a shocking announcement from System76 that HP was planning to release a laptop running the Pop!_OS operating system. This was significant for several reasons, but most importantly, it was a huge win for Linux users as yet another hardware option was becoming available. Best of all, HP employees have been trained by System76 to offer high-quality customer support. If you aren't aware, System76 support is legendary.

        At the time of the announcement, details about the hardware were a bit scarce, but I am happy to report we now have full system specifications for the 14-inch HP Dev One laptop. Most interestingly, there is only one configuration to be had. The developer-focused computer is powered by an octa-core AMD Ryzen 7 PRO 5850U APU which features integrated Radeon graphics. The notebook comes with 16GB RAM and 1TB of NVMe storage, both of which can be user-upgraded later if you choose.

      • HP releases its $1,099 Linux laptop for developers | Ars Technica

        The previous workstations used Ubuntu 20.04 preloaded with software packages aimed at data scientists. However, the Dev One runs Pop!_OS, an Ubuntu-based Linux distribution from System76.

        System76 also makes its own laptops, desktops, servers, and the Launch mechanical keyboard. HP's Dev One marks the first laptop to run Pop!_OS without "System76" stamped on the lid—although, you can download Pop!_OS and install it on your own system.

      • OMG UbuntuHP’s New Linux Laptop is Available to Pre-Order

        HP is taking orders for the HP Dev One, its first developer-focused laptop preloaded with the Ubuntu-based Pop!_OS Linux distribution.

        Shocked? Don’t be. We learned of this device’s existence last month when System76 CEO Carl Richell dropped mention of it on his Twitter, proper casual like. Reaction from Pop fans was understandably effusive, with folks wanting to learn the salient what, why’s, how’s and where’s.

      • LinuxInsiderNew Linux Laptop Line Advances HP, System76 Open-Source Collaboration | LinuxInsider

        Collaboration between Linux computer and software firm System76 and HP is pushing for greater commercial adoption of open-source software and hardware optimized for Linux.

        System76 and HP on Thursday announced a new premium computer line designed to attract a wider audience to the developer-focused HP Dev One laptop computer.

        HP’s new Dev One, powered by System76’s popular Pop!_OS Linux distribution, empowers developers to create their ideal work experience with multiple tools to help them perform tasks at peak efficiency not available on other computing platforms.

        The Pop!_OS platform features auto-tiling, workspaces, and easy keyboard navigation. This flexibility allows software developers to create unique optimized workflows to unleash their coding potential.

        Typically, Linux users install their preferred Linux platform as a replacement for the default Microsoft Windows on computers they purchase. Relatively few OEMs build their own hardware line and tune it for specific Linux offerings.

        Denver-based System76 developed its own customized version of the GNOME desktop environment to help advance Linux as the future of computing. The company developed Pop!_OS after Canonical decided to stop the development of the Unity 8 desktop shell in 2017 and replaced its default desktop with GNOME 3.

        “By bringing together our engineering, marketing, and customer support, System76 [and] HP are introducing HP Dev One to combine powerful hardware with optimized Pop!_OS for the app dev community,” announced Carl Richell, CEO, System76.

    • Audiocasts/Shows

      • Linux in the Ham ShackLHS Episode #469: I Can Has Cheezburger

        Hello and welcome to the 469th episode of Linux in the Ham Shack. In this short topics episode, the hosts discuss attendance and other topics about the recent Hamvention 2022, memes, the Platinum Jubilee special event station, pulseaudio, Distrobox, The LInux Foundation and security, wfview and much more. Thank you for listening. We hope you have a great week.

      • VideoLinux Lite 6.0 Run Through - Invidious

        In this video, we are looking at Linux Lite 6.0.

      • Linux Made SimpleLinux Lite 6.0

        Today we are looking at Linux Lite 6.0. It comes with Linux Kernel 5.15, based on Ubuntu 22.04, XFCE 4.16, and uses about 1GB of ram when idling. Enjoy!

      • VideoXDG Desktop Portals Fix Waylands Biggest Problem - Invidious

        Wayland doesn't have working global keybindings and this is a serious problem but it's a problem with a solution in the works in the form of xdg desktop portals

      • VideoUse GitLab Groups To Organize Your Projects - Invidious

        In GitLab, you use "Groups" to help manage one or more related projects at the same time. This allows you to grant access to all projects that are a part of a Group. It also just helps keeping your projects better organized. So I've decided to use GitLab Groups and move all of my DTOS-related repos to a new DTOS Group.

    • Kernel Space

      • CollaboraKernel 5.18: Milestones for the road ahead

        Released by Linus Torvalds on May 22 after a busy two-month development cycle, Linux kernel 5.18 brings new features and lights up new hardware. As usual, for a general overview, please head to LWN.net to read more about the merge window for 5.18 (part 1 & part 2). And now, without further ado, let's take a look at the contributions made by our engineering team!

      • Linux Plumbers Conference (LPC)Microconferences at Linux Plumbers Conference: Zoned Storage Devices (SMR HDDs & ZNS SSDs)

        Linux Plumbers Conference 2022 is pleased to host the Zoned Storage Devices (SMR HDDs & ZNS SSDs).

        The Zoned Storage interface has been introduced to make more efficient use of the storage medium, improving both device raw capacity and performance. Zoned storage devices expose their storage through zone semantics with a set of read/write rules associated with each zone.

    • Instructionals/Technical

    • Games

      • LinuxiacArch Linux Topped the List as the Most Used Linux Platform for Steam

        Arch Linux surpassed Ubuntu 20.04 as the leading Linux distribution on the Steam game market in May.

        If you’re into Linux gaming, you’ve heard of Steam, Valve’s platform for distributing, updating, and running games. Steam allows you to buy a game, install it over the internet, and launch it directly from the Steam interface.

        Thanks to Proton, the tradition of PC gaming, formerly reserved mainly for Windows users, is now gaining popularity among Linux users.

        So it’s no surprise that one of the market’s major players, Valve Software, is paying more attention to Linux. What better example than the Arch Linux-powered Steam Deck gaming console?

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE e.V. is looking for a developer to help further KDE's presence on app stores

          KDE e.V., the non-profit organisation supporting the KDE community, is looking for a someone to help KDE be present in different application stores.

          We are looking for people who can start working on the projects soon, we expect this to be a part-time position. Please see the call for proposals for the App Stores project for more details about this contracting opportunity.

          Looking forward to hearing from you.

        • A GSoC – 2022 Participant

          I am Samarth Raj, a second-year undergrad at KIIT University, India, with a computer science major. My project for adding new activities to GCompris has been accepted for Google Summer of Code 2022. I’ll be working as a contributor this summer.

          Since the first year of college itself, I’ve always aspired to learn tech that would actually create an impact on people. And it was this time only when I got to know about “open source”. I feel because of open-source, college students who have no idea about what programming means (like me) can learn and contribute to industry-level projects with a little bit of hard work. In this way, we are learning about new technology by understanding its application at the same moment. Open source, in general, is a very practical way of learning. It can be slightly overwhelming at first, but with the help of people around us who are always ready to help, we start to get the hang of it.

          I participated in the Season of KDE earlier this year, in which I added a new activity, “Left Right Click”. This was my first experience as an open-source contributor, and I cannot list the number of things I got to learn with the help of my mentors during this short period because the list is enormous.

  • Distributions and Operating Systems

    • New Releases

      • DEEPIN 20.6 RELEASE!

        Deepin is the top Linux distribution from China, devoted to providing a beautiful, easy-to-use, safe, and reliable operating system for global users. (Global Ranking)

        In deepin 20.6, we have developed and integrated a great number of practical features from the functional level based on the community users' feedback, synchronized with the upstream kernel version, fixed underlying vulnerabilities, upgraded the stable kernel to V5.15.34 and further improved system compatibility and security. Welcome to try it!

    • SUSE/OpenSUSE

      • SUSE's Corporate BlogOpenCost - open source Kubernetes cost monitoring | SUSE Communities

        We are excited to share the launch of OpenCost, an open source project that provides real-time cost monitoring for teams running Kubernetes workloads.

        As container and Kubernetes adoption continues to grow, navigating the complexities around measuring and allocating cost is becoming a business-critical challenge. A recent CNCF survey showed overspend is increasingly a problem for teams scaling their Kubernetes deployments, and more than 70% of organizations do not have accurate cost monitoring in place.

      • SUSE's Corporate BlogImpressions from the openSUSE Conf 2022 - Day One: openQA and BCI | SUSE Communities

        First I have been busy saying hello and salute to all my dear SUSE colleagues coming from Czechia, Italy, Spain and of course Germany. I have not seen them all for a long time. Finally, Doug deMaio, the openSUSE Community Manager, welcomed all open source enthusiasts in the Z-Bau in Nuremberg and directed us through the options that are offered by the rich and diversified program. A lot of really good sessions were offered, many of them in parallel.

        I am a big fan of openQA and of course I listened to Oliver Kurz’ talk about the newest highlights of that open source testing framework, the heart and soul of the automated QA behind the openSUSE, SUSE Linux Enterprise and Fedora distributions.

    • Fedora Family / IBM

      • Fedora ProjectFedora Community Blog: F36 elections voting now open

        Voting in the Fedora Linux 36 elections is now open. Go to the Elections app to cast your vote. Voting closes at 23:59 UTC on Thursday 16 June. Don’t forget to claim your “I Voted” badge when you cast your ballot. Links to candidate interviews are below.

      • Fedora ProjectFedora Community Blog: Mindshare election: interview with Madeline Peck

        I’ve worked on Fedora wallpapers as a designer since Fedora 33 to varying degrees, with Fedora 36 and 37 wallpapers discussions led between me and Mo Duffy. I’ve been taking courses in html to try and increase my skills to contribute towards some of the Fedora websites.

      • Fedora ProjectFedora Community Blog: Mindshare election: interview with David Duncan

        I work on the Fedora Cloud-Sig and have a strong interest and investment in the downstream viability of the work. I enjoy learning from the Fedora community and building support for the community.

        I am very focused on the messaging that relates to how we can drive additional adoption and support for the Fedora community overall.

      • Fedora ProjectFedora Community Blog: Mindshare election: interview with Sumantro Mukherjee

        I am a part of Fedora QA team where I focus on onboarding new members and running test days (Kernel Test Week starts 5th June; participate and earn badges – Just saying). I have helped out by running events, writing docs, blogs/articles, mentorship programs and revamping the Ambassador Program. In the recent past, I am working towards building a strong digital ambassadorship program.

      • Fedora ProjectFedora Community Blog: Council election: interview with Sumantro Mukherjee

        I hail from APAC (India) and would like to focus on bringing in more non-US perspectives, which includes bringing in more contributors from diverse backgrounds. Efficient utilization of our brand new design assets which are now in multiple languages (Hindi, for example) to onboard variety of users (general and power-users) to the Fedora community as contributor either to functional sides (QA, packaging..etc) and/or outreach.

      • Fedora ProjectFedora Community Blog: Council election: interview with Eduard Lucena

        There are several things that we can measure, like number of users, number of contributors, number of reviews per release. But the most important thing is to check how people feel about the project, some stuff that can’t be measure with numbers, but are really important, like how ambassadors feel about the revamp, how members and former members of mindshare perceive the work that have been done.

      • Fedora ProjectFedora Community Blog: FESCo election: interview with Neal Gompa

        As a long-time member of the Fedora community as a user and a contributor, I have benefited from the excellent work of many FESCo members before me to ensure Fedora continues to evolve as an amazing platform for innovation. For the past year, I have had the wonderful privilege of serving as a member of FESCo for the first time, and I enjoyed my time serving to steer Fedora into the future, and I wish to continue to contribute my expertise to help analyze and make good decisions on evolving the Fedora platform.

      • Fedora ProjectFedora Community Blog: FESCo election: interview with Stephen Gallagher

        I’ve been a member of FESCo for many years now, and it’s been a great experience. It gives me the opportunity to see a much wider view of the project than just the pieces I would otherwise contribute to.

        As for steering the direction of Fedora, I think I would mostly just continue to do as I have been doing: pushing for Fedora to continue to be both the most advanced and one of the most stable open-source distributions in the world.

      • Fedora ProjectFedora Community Blog: FESCo election: interview with Benjamin Beasley

        As a Fedora Linux, CentOS, and Red Hat Enterprise Linux user for well over a decade, and as a contributor to the community for the last couple of years, I find that wise and steady technical leadership has been one of the Fedora project’s great strengths. I would like to help continue that tradition.

        I was asked to run for FESCo by a community member I respect, and I’m happy to be of service. I would listen more than I speak; respect different people’s perspectives and styles of communication; and remember that idealism and pragmatism can exist in complementary rather than adversarial opposition.

      • Fedora ProjectFedora Community Blog: FESCo election: interview with Tom Stellard

        I have a background in compilers and toolchains, and I would like to use some of the knowledge I’ve gained over the years of building and troubleshooting applications to help make Fedora better. Specifically, I’m interested in helping packagers avoid common mistakes through standardized macros and packaging practices and also by increasing the reliance on CI.

      • Fedora ProjectFedora Community Blog: FESCo election: interview with Major Hayden

        Fedora remains a core part of my Linux deployments on desktops, servers, and cloud instances since I first discovered it back in the Fedora Core 2 days. It strikes a balance between fast updates, simple management, and mature development processes.

        My service on the Fedora Board from 2012 to 2014 gave me valuable insight into how Fedora works at a community level and the best ways to make changes. Changes affect everyone differently, and thoughtful consideration and communication around those changes makes all the difference.

      • Using Composefs in OSTree

        Early on in the boot some code runs that reads this and mount this directory (called the deployment) as the root filesystem. If you look at this you can see a long hex string. This is actually a sha256 digest from the signed ostree commit, which covers all the data in the directory. At any time you can use this to verify that the deployment is correct, and ostree does so when downloading and deploying. However, once the deployment has been written to disk, it is not verified again, as doing so is expensive.

        In contrast, image-based systems using dm-verity compute the entire filesystem image on the server, checksum it with a hash-tree (that allows incremental verification) and sign the result. This allows the kernel to validate every single read operation and detect changes. However, we would like to use the filesystem to store our content, as it is more efficient and flexible.

      • Red Hat OfficialDelivering event-driven apps with Apache Kafka

        Traditionally, enterprise organizations operate using data-centric integration approaches to connect multiple systems, services and applications. This approach is ideal for maintaining and improving data consistency and integrity across all systems and applications. It also allows moving large amounts of data, connecting to disparate systems, and creating master data fabrics that accommodate multiple data management scenarios.

      • Red Hat OfficialIntroducing the Red Hat Academy Talent Network

        At Red Hat, we believe that closing the technology skills gap is vitally important to the future of enterprise software and that the opportunity to do so should be available to all. Red Hat Academy bridges the gap between education and industry by collaborating with academic institutions around the world to provide the next generation of IT talent with free access to a range of Red Hat’s training courses and discounted certification exams.

        With more than 90% of the Fortune 500 using Red Hat products and solutions, individuals with Red Hat skills and knowledge are highly desirable in the job market. Additionally, 93% of hiring managers report difficulty finding sufficient talent with open source skills, up from 87% two years ago. We’re also seeing a greater need to match students who are trained in Red Hat technologies with employers who are seeking open source talent. That’s why we created the Red Hat Academy Talent Network.

      • SDx Central7 Layers Finds Out How Kubernetes Complexity Can be Overcome

        Dan Meyer: Hello, I’m Dan Meyer, executive editor at SDxCentral, and welcome to this episode of the 7 Layers podcast. I recently had the chance to speak with Stu Miniman, director of market insights for cloud platforms at Red Hat, to discuss why Kubernetes is so complex, how enterprise IT teams should approach that challenge, and what the vendor ecosystem can do to help deal with that complexity.

      • Red Hat OfficialRed Hat Joins Forces with U.S. Department of Energy Laboratories to Bridge the Gap Between High Performance Computing and Cloud Environments

        Red Hat, Inc., the world's leading provider of open source solutions, today announced it is collaborating with multiple U.S. Department of Energy (DOE) laboratories to bolster cloud-native standards and practices in high-performance computing (HPC), including Lawrence Berkeley National Laboratory, Lawrence Livermore National Laboratory, and Sandia National Laboratories.

      • ForbesObserving Life Inside The Open Source Cloud-Native Stack

        As a key trend that has shaped the last decade of cloud in particular, cloud computing evolved to the point where organizations started to consider the possibility of skipping past that cumbersome cloud migration phase. They said, why don’t we just build cloud native then? So they did.

    • Debian Family

      • [armbian] v22.05 (2022-05-28)

        Note: If a new sub-version is released this does not necessarily mean all boards receive a new version number since most of the time these fixes are targeting a specific board or board family only.

    • Canonical/Ubuntu Family

      • LubuntuLubuntu 21.10 End of Life and Current Support Statuses

        Lubuntu 21.10 (Impish Indri) was released October 14, 2021 and will reach End of Life on Thursday, July 14, 2022. This means that after that date there will be no further security updates or bugfixes released.

        After July 14th, the only supported releases of Lubuntu will be 20.04 and 22.04. All other releases of Lubuntu will be considered unsupported, and will no longer receive any further updates from the Lubuntu team.

      • UbuntuPrivate cloud: Avoiding the high cost of operations

        Technology plays a strategic role in the success of any organisation. Whether you’re part of an enterprise with thousands of employees across the globe or running a startup from the garage of your home, the success of the business comes down to how you consume technology.

        However, it’s not that straightforward, and IT decision makers usually have to make a lot of trade-offs when investing in technology. It’s very common to hear phrases like “We would like to implement this solution… but we don’t have the budgets” or “we don’t have the knowledge and skills” or maybe “it doesn’t work well with our environment”.

    • Open Hardware/Modding

      • ArduinoUsing an old printer to create organic pottery | Arduino Blog

        Traditional pottery has been around for many thousands of years and is known for the mixing, shaping, and baking of clay in order to create artful items. Tools such as the pottery wheel and kiln are iconic, and Guillermo Perez Guillen wanted to make a pottery wheel of his own that would not only be inexpensive, but also work with organic cornstarch-based mediums instead of clay.

        Guillen started his project by finding an old printer and removing the exterior and paper tray, leaving just the horizontal rail and base. From here, he added a potentiometer on the side that enables the user to control how fast the wheel below rotates. In terms of electronics, the platter was taken from a CD player and its motor is driven by a single TB6612FNG dual-motor driver. On the back is an Arduino Mega 2560, which is responsible for reading the analog output of the potentiometer and mapping it to an 8-bit speed that can be outputted via a PWM signal to the motor driver.

    • Mobile Systems/Mobile Applications

      • FOSSLifeMurena Offers Privacy-Focused, Open Source Smartphone

        The /e/OS-based phone, which sells for US $379, aims to improve privacy by removing dependency on Google services. “For instance, Google's default search engine has been replaced with Murena's own meta-search engine. Other internet-based services, such as Domain Name Server (DNS) and Network Time Protocol (NTP), use non-Google servers,” Vaughan-Nichols says.

  • Free, Libre, and Open Source Software

    • MedevelDoctor DMS: an Open-source Markdown Document Server

      Doctor is an open-source, free documentation server for all your project docs. It is built to aid developers creating a complex documentation website just by using Markdown text.

    • MedevelGeoServer GeoServer is an Open-source Geospatial Server

      GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Designed for interoperability, it publishes data from any major spatial data source using open standards.

      Being a community-driven project, GeoServer is developed, tested, and supported by a diverse group of individuals and organizations from around the world.

      GeoServer is the reference implementation of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, as well as a high performance certified compliant Web Map Service (WMS), compliant Catalog Service for the Web (CSW) and implementing Web Processing Service (WPS). GeoServer forms a core component of the Geospatial Web.

    • 3 Advantages of Participating in Open Source Projects

      Open-source software (OSS) is more of a household name in 2022 than ever before. Consumers – i.e., those not in tech – are exposed to OSS with more regularity via content management systems, like Drupal, and car, laptop and smartwatch uses supported by Linux. But once you dive into the technology community, specifically the community of the developer, the value of OSS is undeniable. Developers and engineers love the web, want it to succeed, and have a vested interest in building technologies that serve their community’s goals.

      OSS projects span a wide list of technology development today from analytics to development and DevOps, to machine learning, website development, and more. In understanding the breadth of development, what exactly is the draw to contribute to the broad community? In other words, what are the advantages of participating in open source projects?

    • Down in the Goldman Sachs IT engine room, old school and open source rub shoulders

      In an overlooked yet insightful blog the bank recently detailed the critical OSS tool it has deployed to help tackle query latency. (Goldman Sachs has also spun up a range of its own open source tools like database deployment software Obevo, open sourced under an Apache 2.0 license in 2017 to help developers manage database schema definitions for new and existing sytems under a a standard software development lifecycle or SDLC approach.)

    • TechCrunchIterative launches MLEM, an open-source tool to simplify ML model deployment
  • Leftovers

    • Hardware

      • PC MagThe 20 Most Influential PCs of the Past 40 Years | PCMag

        Yes, we know: The first entry in this list is a cheat, as the IBM PC (released in August 1981) predates our first issue (February/March 1982). We also know the IBM PC was no more the first personal computer than ours was the first computer magazine—the MITS Altair 8800 kit reached hobbyists in 1975, with the Apple II narrowly beating the Radio Shack TRS-80 to market in 1977. PC Magazine didn't cover 8-bit platforms, which is why you also won't find the Commodore 64 in this list.

    • Linux Foundation

      • Linux Foundation's Site/BlogWhy Do Enterprises Use and Contribute to Open Source Software

        When people find out I work at the Linux Foundation they invariably ask what we do? Sometimes it is couched around the question, As in the Linux operating system? I explain open source software and try to capture the worldwide impact into 20 seconds before I lose their attention. If they happen to stick around for more, we often dig into the question, Why would enterprises want to participate in open source software projects or use open source software? The reality is – they do, whether they know it or not. And the reality is thousands of companies donate their code to open source projects and invest time and resources helping to further develop and improve open source software.

    • Security

      • USCERTCISA Releases Security Advisory on Illumina Local Run Manager

        CISA has released an Industrial Controls Systems Advisory (ICSA) detailing multiple vulnerabilities in Illumina Local Run Manager. Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. These vulnerabilities could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network.

      • Hacker NewsAttackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

        Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens."

        GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper.

      • USENIXGhostTouch: Targeted Attacks on Touchscreens without Physical Touch

        Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the GhostTouch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 x 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the GhostTouch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack.

      • Red Hat OfficialCommand Line Heroes: Season 9: All Together Now

        For InfoSec professionals, sharing information is vital for shedding light on security vulnerabilities and cyber attacks. But it wasn’t always the norm. It took SATAN, an infamous vulnerability scanning tool, to create that cultural shift.

      • CISAAtlassian Releases Security Updates for Confluence Server and Data Center, CVE-2022-26134 | CISA

        Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability.

      • USCERTCISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog [Ed: About half of the latest actively-exploited critical issues are Microsoft; CISA doesn't call out Microsoft on it]

        CISA has added one new vulnerability—CVE-2022-26134—to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.  

        There are currently no updates available. Atlassian is working to issue an update. Per BOD 22-01 Catalog of Known Exploited Vulnerabilities, federal agencies are required to immediately block all internet traffic to and from Atlassian’s Confluence Server and Data Center products until an update is available and successfully applied.

      • Bleeping ComputerMicrosoft shares mitigation for Office zero-day exploited in attacks [Ed: Even Microsoft boosters cannot deny that the worst threats come from using Microsoft]

        Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely.

        The bug, described by Redmond as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability and tracked as CVE-2022-30190, was reported by crazyman of the Shadow Chaser Group.

      • Naked SecurityFirefox 101 is out, this time with no 0-day scares (but update anyway!) – Naked Security

        The latest scheduled Firefox update is out, bringing the popular alternative browser to version 101.0.

        This follows an intriguing month of Firefox 100 releases, with Firefox 100.0 arriving, as did Chromium 100 a month or so before it, without any trouble caused by the shift from a two-digit to a three-digit version number.

    • Finance

      • ALMAnother State Appellate Court Nixes a COVID-19 Business Interruption Claim | Law.com

        The Court of Special Appeals of Maryland, the state’s intermediate appellate court, fell in line with several recent state and federal appellate court rulings, unanimously upholding a lower court’s decision that a restaurant’s losses resulting from COVID-19 shutdown orders aren’t recoverable under its business interruption insurance policy.

    • Internet Policy/Net Neutrality

      • Refugee incoming from corpweb.



        Corporations sucked all the fun out of the net without me really noticing. I vaguely remember posts on Digg, then old Reddit warning the web would be taken over, filled with banner ads, controlled by massive corporations. Then it happened, we are living it.

      • AccessNowInternet shutdown types and taxonomy: tech behind network interference

        Network interferences are impacting the lives of billions of people around the world. Different types of deliberate internet shutdowns can block the free press and access to life-saving information, undermine democratic elections and facilitate coups, and even hide war crimes and genocide, among other devastating impacts.

        What is less well understood is how perpetrators, typically governments, technically implement them. That matters because it affects our capacity to fight back. Our new paper, A taxonomy of internet shutdowns: the technologies behind network interference, scrutinizes eight internet shutdown types and helps technologists and digital help desk practitioners better understand, prepare for, circumvent, and document the shutdown of networks.

    • Monopolies

      • Canada’s Online News Act threatens information-sharing, the online ecosystem, and international trade - Disruptive Competition Project

        On April 5th, Canadian Heritage Minister Pablo Rodriguez introduced Bill C-18, “An Act respecting online communications platforms that make news content available to persons in Canada”. The bill, dubbed the Online News Act, “regulates digital news intermediaries to enhance fairness in the Canadian digital news marketplace and contribute to its sustainability” by establishing “a framework through which digital news intermediary operators and news businesses may enter into agreements respecting news content that is made available by digital news intermediaries.” In a nutshell, this law forces digital news intermediaries, defined as any online communications platform “that makes news content produced by news outlets available to persons in Canada”, into negotiation with Canadian news companies to make those intermediaries pay to carry news content or any portion thereof (including audio, video, and seemingly mere hyperlinks) onto the intermediary’s platform. In its definitions section, the bill states that news content is made available if “(a) the news content, or any portion of it, is reproduced; or (b) access to the news content, or any portion of it, is facilitated by any means, including an index, aggregation or ranking of news content”.

        This Canadian policy tracks closely with the recent Australian framework on news media. Like its Australian counterpart, which Project DisCo has extensively covered, the following will focus on four aspects of the Canadian legislation: procedural concerns, changes to the competitive landscape, trade harms, and copyright and related concerns.

        First regarding procedure, the Online News Act requires the Canadian Radio-television and Telecommunications Commission (CRTC) to maintain a list of digital news intermediaries to whom this new enactment applies, giving certain intermediaries exemptions if they already have agreements with news businesses that satisfy certain vague criteria, such as providing for fair compensation, ensuring an “appropriate” portion of the money is used to support local, regional, and national content, and not allowing “corporate influence to undermine the freedom of expression and journalistic independence” (as phrased by its section 11). As was the case with the Australian law, the Canadian bill “authorizes the Governor in Council to make regulations respecting how the Commission is to interpret those criteria and setting out additional conditions with respect to the eligibility of a digital news intermediary for an exemption” (Summary-F). In other words, the CRTC and the government are given unilateral power to determine which companies may be exempted from this bill, and those who must follow it.

      • Copyrights

        • DJ Vole's Week-End June 3, 2022

          Playlists for this show are available on Gemini protocol at n n i x dot com, that’s november november india x-ray dot com.



Recent Techrights' Posts

SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries