Links 22/09/2022: ExTiX 22.9, Rust 1.64.0, Weston 11.0.0, New Mesa, and OpenCL 3.0.12

Posted in News Roundup at 6:07 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Unix MenLinux Vs Windows 10 Key Differences That One Should Know

      Choosing the right kind of operating system is important. However, each user has their own preferences. While 76% of the overall users operate Windows, there are over 32 million Linux users around the globe too.

      However, what is the key difference between the two that make each of them stand out on their own? We’ve seen a lot of movies and references where most hackers seem to operate Kali Linux for launching hacks. It makes us wonder if it’s that good, then why isn’t it mainstream just like Windows?

      Well, that’s what we’re here to check. We’ll be focusing on some key differences between the two so that you can get a better idea. So, without further ado, let’s get started…

    • Linux LinksLinux Around The World: Romania – LinuxLinks

      We cover events and user groups that are running in Romania. This article forms part of our Linux Around The World series.

    • Server

      • NetcraftSeptember 2022 Web Server Survey [Ed: Microsoft Will Soon be Unlisted in Netcraft’s Web Survey (Due to Minuscule, Negligible Market]

        In the September 2022 survey we received responses from 1,129,251,133 sites across 271,625,260 unique domains, and 12,252,171 web-facing computers. This month all three metrics have decreased since August, with a loss of 5.82 million sites, 115,512 unique domains and 113,356 web-facing computers.

        nginx had the largest increase in web-facing computers, gaining 28,887 (+0.56%) this month. OpenResty had the second largest increase, gaining 6,008 (+3.54%) web-facing computers, along with a gain of 339,813 (+0.86%) domains and 149,893 (+2.35%) active sites. Google showed strong growth in all metrics, with an increase of 5,127 web-facing computers, 211,135 (+8.83%) domains, and 895,225 (+4.71%) active sites.

        Within the top million busiest sites, Apache lost 0.21pp of its market share. Despite this, it continues to be the most commonly used web server in the top million. nginx also continued its long-term downward trend, but lost only 0.14pp, further closing the gap between Apache and nginx. The gap now stands at 4,499 sites, a decrease of 13.8% since last month. Meanwhile, Cloudflare’s growth continues, with its market share in the top million increasing by 0.25pp.

        Apache also experienced a loss in overall market share, losing 414,684 (-0.94%) active sites and 18,156 computers (-0.49%). The only other developers to lose active sites were Microsoft and nginx, with losses of 58,443 (-1.01%) and (-0.10%) respectively.

        LiteSpeed’s market share continues to increase at a steady rate, with it gaining 92,704 (+1.14%) domains and 70,146 (+0.73%) active sites this month.

    • Audiocasts/Shows

    • Kernel Space

      • LWNThe transparent huge page shrinker [LWN.net]

        Huge pages are a mechanism implemented by the CPU that allows the management of memory in larger chunks. Use of huge pages can increase performance significantly, which is why the kernel has a “transparent huge page” mechanism to try to create them when possible. But a huge page will only be helpful if most of the memory contained within it is actually in use; otherwise it is just an expensive waste of memory. This patch set from Alexander Zhu implements a mechanism to detect underutilized huge pages and recover that wasted memory for other uses.

        The base page size on most systems running Linux is 4,096 bytes, a number which has remained unchanged for many years even as the amount of memory installed in those systems has grown. By grouping (typically) 512 physically contiguous base pages into a huge page, it is possible to reduce the overhead of managing those pages. More importantly, though, huge pages take far fewer of the processor’s scarce translation lookaside buffer (TLB) slots, which cache the results of virtual-to-physical address translations. TLB misses can be quite expensive, so expanding the amount of memory that can be covered by the TLB (as huge pages do) can improve performance significantly.

        The downside of huge pages (as with larger page sizes in general) is internal fragmentation. If only part of a huge page is actually being used, the rest is wasted memory that cannot be used for any other purpose. Since such a page contains little useful memory, the hoped-for TLB-related performance improvements will not be realized. In the worst cases, it would clearly make sense to break a poorly utilized huge page back into base pages and only keep those that are clearly in use. The kernel’s memory-management subsystem can break up huge pages to, among other things, facilitate reclaim, but it is not equipped to focus its attention specifically on underutilized huge pages.

    • Graphics Stack

      • Free Desktopweston 11.0.0
        This is the official release for Weston 11.0.0.
        Highlights for this release:
        - Continued work on color management infrastructure: 
          In Weston 11, if you enable the tentative, experimental and WIP color
          management option, Weston will not only blend in linear light, but
          you can also set up a monitor ICC profile and Weston will do some
          kind of color mapping from sRGB to that profile. Furthermore, you can
          configure a monitor into HDR mode and deliver HDR characteristics from
          weston.ini to the monitor, but Weston will *not* produce proper HDR
          content yet, meaning the display is incorrect.
        - Various RDP improvements.
        - Performance improvements in the DRM backend.
        - Support for the wp_single_pixel_buffer_v1 protocol.
        - weston_buffer refactoring.
        - Groundwork for running multiple backends at the same time (e.g. KMS + RDP)
          and for multi-GPU support in the DRM backend. This is not supported
          yet, but may be in a future release.
        Breaking changes for users:
        - The cms-static and cms-colord plugins are now deprecated.
        - A number of features have been removed from desktop-shell: multiple
          workspaces, zoom, exposay.
        - wl_shell support has been removed (superseded by xdg-shell).
        - The fbdev backend has been removed (superseded by KMS).
        - weston-launch and launcher-direct have been removed (superseded by libseat).
        - The weston-info and weston-gears clients have been removed (weston-info is
          superseded by wayland-info).
        - The KMS max-bpc property is now set by default. If you experience black
          screens with (faulty) monitors, try lowering it in weston.ini.
        - Weston will now abort when running out of memory. Weston is not suitable
          for memory constrained environments.
        Simon Ser (1):
              build: bump to version 11.0.0 for the official release
        git tag: 11.0.0
      • 9to5LinuxMesa 22.2 Graphics Stack Brings Improvements for Halo Infinite, Minecraft, and Other Games

        Major highlights of the Mesa 22.2 graphics stack series include the ARB_robust_buffer_access_behavior extension for the D3D12 Gallium driver, GL_EXT_memory_object_win32 and GL_EXT_semaphore_win32 support for the D3D12 and Zink drivers, variablePointers and vertexAttributeInstanceRateZeroDivisor support for the lavapipe software Vulkan rasterizer, and Valhall support for Collabora’s Panfrost driver for Mali GPUs.

      • VideoWithout FreeDesktop There Is No Linux Desktop! – Invidious

        FreeDesktop is one of the most important groups in the linux desktop space without them many of the crucial projects we rely on today wouldn’t have any reasonable level of development or funding.

      • Boiling SteamNvidia Racer RTX: Imagine what a Next-Gen Version of Re-Volt Would Look Like, And More on DLSS3 – Boiling Steam

        Nvidia is released its new RTX 40 series, and while they have been ridiculed for their (extreme) pricing, they are certainly betting on the current strengths of the brand with more ray-tracing, a new version of DLSS, and upgraded PhysX. There’s a bunch of games (35) that are now being adapted to demonstrate how to best exploit such effects, and there’s also this very nice technical demo, called Nvidia Racer RTX, showing a Re-Volt like game that’s extremely well made…

      • :tada: Turnip now exposes Vulkan 1.3 :tada: – Danylo’s blog

        VK_KHR_dynamic_rendering was an especially nasty extension to implement on tiling GPUs because dynamic rendering allows splitting a render pass between several command buffers.

        For desktop GPUs there are no issues with this. They could just record and execute commands in the same order they are submitted without any additional post-processing. Desktop GPUs don’t have render passes internally, they are just a sequence of commands for them.

        On the other hand, tiling GPUs have the internal concept of a render pass: they do binning of the whole render pass geometry first, load part of the framebuffer into the tile memory, execute all render pass commands, store framebuffer contents into the main memory, then repeat load_framebufer -> execute_renderpass -> store_framebuffer for all tiles. In Turnip the required glue code is created at the end of a render pass, while the whole render pass contents (when the render pass is split across several command buffers) are known only at the submit time. Therefore we have to stitch the final render pass right there.

    • Instructionals/Technical

      • HowTo ForgeGetting Started with Podman: Manage Images, Containers and Volumes

        Podman is a container runtime that provides features similar to Docker. It’s part of the libpod library and can be used to manage pods, containers, container images, and container volumes.

      • UbuntuROS orchestration with snaps | Ubuntu

        Application orchestration is the process of integrating applications together to automate and synchronise processes. In robotics, this is essential, especially on complex systems that involve a lot of different processes working together. But, ROS applications are usually launched all at once from one top-level launch file.

        With orchestration, smaller launch files could be launched and synchronised to start one after the other to make sure everything is in the right state. Orchestration can also hold processes and insert some process logic. This is what ROS orchestration should be about.

        This way, for instance, you could make your localisation node start only once your map_server made the map available.

        Snaps offer orchestration features that might come handy for your ROS orchestration.

        In this post, we will demonstrate how to start a snap automatically at boot and how to monitor it. Then, through some examples, we will explore the different orchestration features that snaps offer. We thus assume that you are familiar with snaps for ROS; if you aren’t, or need a refresher, head over to the documentation page.

      • DebugPoint4 Simple Steps to Clean Your Ubuntu System

        You can try these four simple steps right now to clean up your Ubuntu installation.

        This quick tutorial would help you to clean up old Ubuntu installations and free up some disk space.

        If you have been running an Ubuntu system for more than a year, you might feel that your system is slow and lagging despite your being up-to-date.

        Over time, there are many apps which you might have installed just to experiment or after reading a great review, but you did not remove them. These are some ways to help you find out some hidden disk spaces that you can free up.

      • Deploying Angular Apps to a Kubernetes Cluster – Container Journal

        Angular is a component-based framework for building single-page client-side applications. It is based on HTML and TypeScript. Angular is written in TypeScript and provides TypeScript libraries you can import into your applications, with functionality such as routing, form management and client/server communication.

        Web application frameworks like Angular improve development efficiency by providing a consistent structure so that developers do not have to rewrite their code from scratch. A framework also provides useful infrastructure and features that can be added to the software without extra effort. Angular also provides developer tools to support initial development, builds, file uploads, code testing and updates.

        Kubernetes is the world’s most popular container orchestration platform. It is being used to run workloads of all shapes and sizes, and web applications are no exception. Kubernetes can be an excellent option to run large-scale web apps composed of multiple services, potentially with multiple instances for each service. I’ll cover the basics of Angular and show how to use Kubernetes to deploy and scale Angular applications.

      • Make Tech EasierHow to Transcode FLAC Files With flac2all in Linux – Make Tech Easier

        flac2all is a simple utility that allows you to convert high-quality FLAC files to almost any modern audio format. Unlike ffmpeg, this utility automates the process of sorting, tagging and encoding your FLAC audio. flac2all is easy to install and use. Learn how to use this highly versatile program that can act as a front end for all your audio transcoding needs.

      • HowTo GeekHow to Fix the Linux Boots Into the BIOS Error

        GRUB updates have been known to result in Linux computers booting into the BIOS or UEFI settings. The fix for this takes advantage of a useful system recovery trick you really ought to know about.

      • ID RootHow To Install Django on Rocky Linux 9 – idroot

        In this tutorial, we will show you how to install Django on Rocky Linux 9. For those of you who didn’t know, Django is a free and open-source web application framework written in Python. It comes with a set of tools to help one build scalable web applications. Django’s primary goals are simplicity, re-usability, rapid development, and scalability.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Django on Rocky Linux. 9.

      • UNIX CopHow to run a VM headless in QEMU-KVM

        A client asked me to find a way to keep running an ancient system (from 10+ years ago) in a new server. The old binary packages didn’t work. I couldn’t even compile those packages for our linux in the new server. Then I though in create a Virtual Machine. So this is how to run a VM headless in QEMU-KVM-libvirt-etc.

      • Upgrading Homelab Kubernetes Cluster from 1.23 to 1.24

        The most time-consuming Kubernetes upgrade to date because of dockershim.

      • HowTo ForgeHow to Install Podman on Ubuntu 22.04

        Podman also called “Pod Manager” is an open-source tool used for creating and managing containers. It is part of the libpod library that doesn’t rely on the Docker daemon and is compatible with Docker. In this tutorial, I will show you how to install and use Podman on Ubuntu 22.04 server.

      • AddictiveTipsHow to backup directly to Mega on Linux

        Mega is an excellent cloud storage option. With the free tier of the service, you get 20 GB of storage. This amount of storage, while not much, is an excellent place to store your Linux backups.

        This guide will show you how to utilize Mega on Linux as the backend for backups using Duplicati. To get started, ensure you have a Mega account at Mega.nz.

      • OSTechNixAnsible Register Variable – OSTechNix

        This guide explains what is Ansible register and how to capture a task output in Ansible using the register variables in Linux.

      • H2S MediaHow to configure Unattended Upgrades in Ubuntu 20.04

        Install Unattended upgrades on Ubuntu 20.04 Focal Fossa to update and upgrade it automatically without manually running any command.

        Keep your Ubuntu 20.04 server or desktop updated with the help of a tool called Unattended-Upgrades. It allows users to easily download and install security updates and upgrades automatically after a set interval of time without any human interaction.

        However, we recommend it only to automate the security updates installation because sometimes you may not want to upgrade every package of the system.

      • H2S MediaHow to install free Qcad 2D on Ubuntu 22.04 LTS – Linux Shout

        Start creating two-dimensional technical drawings by installing open source QCAD on Ubuntu 22.04 LTS Jammy Jelly Fish using the command terminal.

        Looking for a free and open source CAD application on Linux to draw various 2D drawings for interior, machine parts, building structural plans, diagrams, and more, then try QCAD. It is available in both community and professional editions for computer-aided drafting (CAD) in two dimensions (2D).

        Apart from Linux, we can use it on Windows and macOS as well. It offers Blocks (grouping); 35 CAD fonts; DXF and DWG input and output (in professional version only); Over 40 construction and 20 modification tools; Measuring tools; Command line tools (dwg2pdf, dwg2svg, dwg2bmp, etc.) and more…

        As of Ubuntu 12.04, QCAD is no longer included in the sources. Instead, the QCAD package installs the LibreCAD program. LibreCAD uses the same code base as QCAD, but the graphical user interface is ported to Qt4.

      • TechRepublicHow to deploy a container with containerd and nerdctl | TechRepublic

        Containerd is yet another container runtime engine you can freely install on most Linux distributions and is often considered more efficient and secure than Docker.

      • TecAdminBash – How to Get Future Date and Time – TecAdmin

        The Linux date command displays the current date and time of the system. While writing the shell scripts, I realise that sometimes we are required to find future dates—for example, dates after 10 days, 2 months, or 1 year, etc.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • 9to5LinuxKdenlive Devs Need Your Help to Implement Nested Timelines, New Effects Panel

          I use Kdenlive when I edit my videos, so I know it’s powerful software, and, best of all, it’s completely free. I bet many of you out there are using it as well, but it looks like it could get better with the help of the community.

          If the fundraiser proves to be successful, and I have no doubt that it won’t, Kdenlive will get some cool new features like nested timelines, which lets you open several timeline tabs that each contain a separate timeline where you can insert (or “nest”) one timeline within another to act as a single clip.

      • GNOME Desktop/GTK

        • The Register UKGNOME 43 here at last, soon to be followed by KDE 5.26 • The Register

          Love it or loathe it? Plus: KDE 5.26 here soon, and both desktops still working on mobile support

          The third release of GNOME since the big shift of GNOME 40 is coming together – but KDE isn’t getting left behind.

        • Jakub SteinerCame Full Circle – Even a Stopped Clock

          As mentioned in the previous post I’ve been creating these short pixel art animations for twitter and mastodon to promote the lovely apps that sprung up under the umbrella of the GNOME Circle project.

  • Distributions and Operating Systems

    • New Releases

      • ExTiX 22.9 KDE Plasma together with Anbox (‘Android in a Box’ with Google Play Store pre-installed) :: Build 220922 |

        I have made a new version of ExTiX – The Ultimate Linux System. I call it ExTiX 22.9 KDE Anbox Live DVD. (The previous KDE/Anbox version was 21.10 from 211007). I have now included Anbox (Android in a Box – Anbox puts the Android operating system into a container, abstracts hardware access and integrates core system services into a GNU/Linux system. Every Android application will be integrated with your operating system like any other native application). So now you can run Android apps in ExTiX. GAPPS (Google Play Services and Google Play Store) are pre-installed in ExTiX 22.9. The second best thing with ExTiX 22.9 is that while running the system live (from DVD/USB) or from hard drive you can use Refracta Snapshot (pre-installed) to create your own live installable Ubuntu/Anbox system. So easy that a ten year child can do it!

        ExTiX 22.9 KDE Plasma DVD 64 bit is based on Debian and Ubuntu 22.04.1 LTS. The original system includes the Desktop Environment Gnome. After removing Gnome I have installed KDE Frameworks 5.92.0 with KDE Plasma 5.24.6. KDE Frameworks are 60 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms.

    • SUSE/OpenSUSE

      • YaST Development Report – Chapter 9 of 2022

        The YaST Team keeps working on the already known three fronts: improving the installation experience in the traditional (open)SUSE systems, polishing and extending the containerized version of YaST and smoothing Cockpit as the main 1:1 system management tool for the upcoming ALP (Adaptable Linux Platform).

    • Arch Family

      • Make Use OfWhat Is Crystal Linux? Everything You Need to Know

        Crystal Linux is the newest Arch-based distribution on the block, and it hopes to offer a new set of features to the end-users. But how is it different from other Arch distributions, like Xero Linux, Garuda Linux, EndeavourOS, and many others available in the market?

        Since the distribution market is already saturated, the need of the hour is to try and provide a fresh angle to the available technologies, to make the most out of the current user needs.

        Here’s everything you need to know about Crystal Linux.

    • Fedora / Red Hat / IBM

      • Red Hat OfficialRole-based access control for Red Hat Hybrid Cloud Console

        Red Hat Hybrid Cloud Console uses role-based access controls (RBAC) to restrict network access to services and resources based on user roles.

        Role permissions are either assigned or inherited through a role hierarchy and can be as broad—or granular—as needed, based on your requirements.

      • Red Hat OfficialConnecting to the RHEL web console, part 1: SSH access methods

        There are two primary methods available to remotely manage and administer a Red Hat Enterprise Linux (RHEL) system: the command line interface over an SSH connection and the RHEL web console.

        The web console provides a web-based graphical interface for managing and monitoring systems that can be used to complete a wide variety of tasks, such as managing storage, users and the firewall, monitoring performance metrics, reviewing log files, installing system updates and more. For more information about the web console, see the Managing systems using the RHEL 9 web console documentation.

        If you are using the web console in your environment, it is important that you properly configure it to meet your organization’s security requirements.

        The RHEL web console is based on the upstream Cockpit project. Within RHEL, the RPM packages and other components use the Cockpit name, so you will see the names web console and Cockpit used interchangeably.

      • Cockpit 277

        The HTML of the login page has been adjusted to be more compatible with password managers in popular browsers. Usernames and passwords are more likely to be prefilled or selectable, depending on the password manager and browser.

      • Codenotary CEO Moshe Bar Named to AlmaLinux Board of Directors
      • Red Hat Official19 AnsibleFest 2022 presentations for sysadmins | Enable Sysadmin

        AnsibleFest is back as an in-person event. Check out some of the event’s top presentations to help sysadmins automate better.

      • CentOSCentOS Community Newsletter, September 2022 – Blog.CentOS.org

        Tru Huynh has decided to step down from the Board of Directors. We thank him for his many years of hard work on the Board and across the entire CentOS project.


        The CentOS Brand v2 is the new visual identity of the CentOS Project. We encorage you to use it abundantly. It was recently approved, and is where we will be transitioning to.

      • TechRepublicAn intimate but disconnected pairing, Red Hat on edge complexity

        Edge is complex. Once we get past the shuddering enormity and shattering reality of understanding this basic statement, we can perhaps start to build frameworks, architectures and services around the task in front of us. Last year’s State Of The Edge report from The Linux Foundation said it succinctly: “The edge, with all of its complexities, has become a fast-moving, forceful and demanding industry in its own right.”

      • Red Hat OfficialHow open source can jumpstart the next wave of software-defined vehicles

        The automotive industry’s pendulum of innovation continues to swing towards open source. Historically speaking, it has been challenging to accelerate innovation within the automotive space due to lengthy development cycles, stringent safety certifications, and proprietary software. To combat this, automotive leaders are working to modernize and standardize practices in order to bring customers the latest and greatest in features and services while designing for functional safety. As a result, automakers are shifting into high gear as they engage open source communities and organizations like Red Hat to bring greater flexibility, customer engagement and increased innovation to their vehicle designs. Adopting universal open source software, such as Red Hat In-Vehicle Operating System, can help automakers integrate software defined vehicles technologies into their line up more quickly than ever before.

      • VideoIn the Clouds (E28) | Public Sector Hybrid cloud – Invidious
      • CRNDell-Red Hat Team Lifts ‘Barriers To Entry’ For Kubernetes Environments

        ‘We’ve been partners with Red Hat in a number of different areas for a long time. Really this announcement is focused on OpenShift. And how do we help our customers simplify the deployment of, the management of, the integration of an OpenShift environment on Dell infrastructure,’ says Caitlin Gordon, vice president of product management at Dell Technologies.

    • Debian Family

      • Bruce Perens & Debian: swiping the Open Source trademark

        When Bruce Perens, Ian Murdock, Tim Sailer and Eric Raymond founded the Open Source Initiative, they decided to take the Open Source trademark away from the Debian community.

        Perens initially asked Ian Jackson to transfer it privately. Jackson raised the subject with the rest of the volunteers on the debian-private mailing list.

        Thanks to the latest leaks from the Debian-Private (leaked) gossip list, you can now read the thread about how OSI snatched a trademark that was born out of and paid for by the work of the Debian community.

    • Canonical/Ubuntu Family

      • LWNLXC and LXD: a different container story [LWN.net]

        LXC was initially developed by IBM, and was part of a collaboration between several parties looking to add namespaces to the kernel. Eventually, Canonical took over stewardship of the project, and now hosts its infrastructure and employs many of its maintainers. The project includes a C library called liblxc and a collection of command-line tools built on top of it that can be used to create, interact with, and destroy containers. LXC does not provide or require a daemon to manage containers; the tools it includes act directly on container processes.

        LXC was the first container implementation to be built entirely on capabilities found in the mainline kernel; predecessors required out-of-tree patches to work. Like Docker, LXC containers are created using a combination of control groups and namespaces. Because LXC was developed in parallel with the effort to add namespaces to the kernel, it could be considered a sort of reference implementation of using namespaces for containers on Linux.

        Unlike Docker, LXC does not presume to espouse an opinion about what kinds of processes should run in a container. By default, it will try to launch an init system inside of the container, which can then launch other processes — something that is notoriously hard to do in a Docker container. With the correct configuration, though, it is even possible to run LXC containers nested within another LXC container, or to run the Docker daemon inside of an LXC container.

        LXC containers are defined using a configuration file, which offers a great deal of control over how the container is constructed. The lxc-create utility is used to create containers. LXC does not bundle container configurations and images together; instead, the container configuration specifies a directory or block device to use for the container’s root filesystem. LXC can use an existing root filesystem, or lxc-create can construct one on the fly using a template.

      • UbuntuUbuntu Blog: Public cloud for telco – Part 2: Google Cloud Platform

        This is the second blog in a series focusing on how telecom operators can leverage public clouds to meet their business demands. In a previous blog, we talked about Amazon Web Services (AWS) and how its services made it possible for telcos to shift towards public clouds. In this blog, you’ll get to know about Google Cloud Platform (GCP) and its role in enabling the telecommunications industry to leverage the cloud’s capabilities.

        Telcos are evolving each day as per the need of the era, especially with the arrival of 5G. Communication Service Providers (CSPs) rely on traditional network infrastructures and face challenges both in growth and reliability. The question is, how can telcos effectively transform and meet scalability and performance demands?

        The answer lies in the adoption of digitisation and cloud-native trends. GCP provides an on-demand platform that can scale as requirements grow. It facilitates high service availability to meet disruptions. It also ensures improved performance with enhanced platform awareness capabilities.

    • Open Hardware/Modding

      • The Next PlatformArm Is The New RISC/Unix, RISC-V Is The New Arm

        When computer architectures change in the datacenter, the attack always comes from the bottom. And after more than a decade of sustained struggle, Arm Ltd and its platoons of licensees have finally stormed the glass house – well, more of a data warehouse (literally) than a cathedral with windows to show off technological prowess as early mainframe datacenters were – and are firmly encamped on the no longer tiled, but concrete, floors.

        For modern corporate computing, Day One of the Big Data Bang comes in April 1964 with the launch of the System/360 mainframe. Yes, people were farting around with punch cards and tabulating machines for 75 years and had electro-mechanical computation, and even true electronic computation, before then. But the System/360 showed us all what a computer architecture with hardware and software co-design, with breadth and depth and binary compatibility across a wide range of distinct processors, really looks like. And by and large, excepting a change in character formatting from EBCDIC to ASCII, a modern computer (including the smartphone in your hand) conceptually looks like a System/360 designed by Gene Amdahl that had a love child with a Cray-1 designed by Seymour Cray.

      • ArduinoMokey is an affordable DIY laser engraver | Arduino Blog

        All makers love lasers and they make great shop tools. Even low-power lasers can engrave a variety of materials. Cutting material requires more power, with the most popular cutting lasers being CO2 with power between 10W-100W. But the small, affordable solid state laser modules can cut some materials, like acrylic, if you get a powerful enough model. If you want an affordable way to use one of those, then the Mokey Laser v1.0 is worth looking at.

        Lasers like these can engrave and cut material, which means they can absolutely hurt you — your eyes are especially vulnerable. If you’re going to build something like this, make sure you understand how to operate it safely. It isn’t shown in the video, but you should absolutely use some kind of shielded enclosure that can handle the wavelength and power of the laser you use. Even with such an enclosure, you should wear the appropriate safety goggles.

      • ArduinoShop fan automatically activates when airborne particulates are present | Arduino Blog

        Even if you’re one of the few people in the world who is consistent about wearing a respirator in the shop, it’s a good idea to run a filtration fan. Not only is that good for your own health and comfort, it can help keep your equipment running well — the last thing you want is something overheating and catching fire because its cooling ducts are clogged. To avoid running a fan when it isn’t needed, Brandon of the YouTube channel Honest Brothers built a system to automatically activate his filtration fan when airborne particulates are present.

        The first half of this video provides detail on building the fan itself, including an explanation of filtration fundamentals and what particulates different standards can handle. If you don’t have an interest in building a fan from scratch and would prefer to buy something off the shelf, you can skip ahead. The important thing to take away before Brandon gets to the low-voltage section is that the fan receives AC mains voltage and you’ll switch it on via a relay.

      • ArduinoArt class stinks! Learn with smell in art class using this olfactory display | Arduino Blog

        Smelling is crucial to our everyday living. But how well do we really understand the role that smells play in our day-to-day? Ask someone who temporarily lost their sense of smell because of COVID-19. They’ll probably tell you about how incredibly boring eating became all of a sudden, and how their roomies saved them from eating a foul-smelling, spoiled block of cheese that had zero mold on it.

      • CNX SoftwareT-Watch-Keyboard-C3 with ESP32 “watch”, ESP32-C3 keyboard looks like a miniature PC replica – CNX Software

        T-Watch-Keyboard-C3 is a device that looks like a miniature PC replica comprised of an ESP32-C3 powered keyboard, and the TTGO T-Watch ESP32 programmable device with a 1.54-inch touchscreen display.

      • PurismHow We Fixed Reboot Loops on the Librem Mini – Purism

        Firmware debugging is uniquely challenging, because most conventional software debugging tools aren’t available. With coreboot’s specialized tooling, support from the amazing community, and a little bit of creativity, we fixed a regression in coreboot 4.17 that caused reboot loops on the Librem Mini.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • Web Browsers and Fonts

      • Eric HameleersSlackware: Chromium 105.0.5195.125 packages available (also ungoogled) | Alien Pastures

        I was on vacation for a while, then after my return I mainly focused on getting the new Audacity packages successfully built. In the meantime, Google was not idling and released version 105.0.5195.125 of the Chromium sourcecode.
        There’s 11 vulnerability fixes in this release, some of them rated high enough that it is again recommended to upgrade your browser as soon as possible.

        I did not forget the un-googled variant of course for which the same recommendation is valid.

      • Rajeesh K Nambiar: FontForge gains ability to reuse OpenType rules for different fonts

        FontForge is the long standing libre font development tool: it can be used to design glyphs, import glyphs of many formats (svg, ps, pdf, …), write OpenType lookups or integrate Adobe feature files, and produce binary fonts (OTF, TTF, WOFF, …). It has excellent scripting abilities, especially Python library to manipulate fonts; which I extensively use in producing & testing fonts.


        The merge request has landed in FontForge master branch this morning. There’s a follow up pull request to update the Python scripting documentation as well. I want to thank Fredrick Brennan and Jeremy Tan for the code reviews and suggestions, and KH Hussain and CVR for sharing the excitement.

        This functionality added to FontForge helps immensely in reusing the definitive Malayalam OpenType shaping rules without any modification for all the fonts! 🎉

      • Daniel StenbergTaking curl documentation quality up one more notch | daniel.haxx.se

        I’m a sloppy typist. When I write several words in a row, like for example when creating complete sentences for something like a blog post, one or two of the words end up slightly misspelled.

        Sure, many editors and systems have runtime spellchecks these days and they make it easy to quickly fix typos, but not all systems are like that and there are also situations where there are many false positives due to formatting or just the range of “special” words. They also rarely yell at me when I overuse the word “very” or start sentences with “But”.

    • Productivity Software/LibreOffice/Calligra

    • Education

      • FSFInterview with Martin Dougiamas of Moodle

        We are excited to put a spotlight on Moodle for this interview. Moodle Learning Management System (LMS) is a learning platform designed to provide educators, administrators, and learners with a single robust, secure, and integrated system to create personalized learning environments. Moodle LMS is written in the PHP programming language. Licensed under the GNU GPLv3, Moodle LMS is free software.

        Moodle is being used as a platform to manage online learning by hundreds of thousands of organizations, in every education sector, across nearly every country globally, and in over 140 languages.

    • FSF

    • GNU Projects

    • Programming/Development

      • Perl / Raku

        • PerlCasting Perls before Splines | Saif [blogs.perl.org]

          As I sit pondering my peas at the dinner table, my thoughts are unnaturally drawn to the similarity between these pulses and Perl. A famous poet once said that “For a hungry man, green peas are more shiny than gleaming pearls”. From these green orbs on my plate, the mind drifts to a recent virtual conversation regarding logos, branding, rebirth and innovation in Perl. One wonders whether such heated debates are important, relevant and what it might mean for Perl in the future. The Camel (from the O’Reilly Book on Perl) has long been the image associated with the language, along with the Onion (Origin perhaps from Larry Walls’ “state of the onion” presentation). Personally it is not something that I feel passionately about. “Perl, with any other logo would be just as quirky” as Will Shakespeare is reported to have said. But The Camel is the popular, recognisable standard “logo” with some, as yet to be tested, copyright and trademark “issues”

          Any way I took it myself to analyse the situation and have finally come to the conclusion that we may be looking at the “problem” the wrong way. Perhaps we are looking at the bigger picture when we should seeing the picture bigger. Maybe, just maybe, that picture of a camel doesn’t symbolise Perl, but in fact IS Perl…Perl code, that is. I know it is possible to make pictures that aren’t valid perl code. But perhaps over the decades of use we have come to accept an illusion as a reality. When one gives such an illusion a “True” value, one also blurs the distinction between the Virtual Image and a Real Image.. You see a Virtual Image is an image that APPEARS to represent something, but only a Real Image can be projected.

      • Python

        • eSecurity PlanetUnpatched Python Library Affects More Than 300,000 Open Source Projects | eSecurityPlanet [Ed: Unless you allow dodgy people to pass you files and then process these files, without login or input being sanitised, this does not affect you and does not impact many projects. Dodgy compressed files have LONG been a problem. Like executables, you should be selective which ones you retrieve and process.]
        • The Register UKAlert: 15-year-old Python tarfile flaw lurks in ‘over 350,000′ code projects [Ed: Alarmist garbage from The Register; to exploit this you need to feed it rogue files]

          At least 350,000 open source projects are believed to be potentially vulnerable to exploitation via a Python module flaw that has remained unfixed for 15 years.

          On Tuesday, security firm Trellix said its threat researchers had encountered a vulnerability in Python’s tarfile module, which provides a way to read and write compressed bundles of files known as tar archives. Initially, the bug hunters thought they’d chanced upon a zero-day.

      • Java

        • FOSSLifeJava 19 Released

          Oracle has announced the general availability of Java 19, an incremental release that will be supported for six months, reports Sean Michael Kerner.

          The latest Java Development Kit (JDK) provides updates with seven JDK Enhancement Proposals (JEPs), Kerner explains, which mainly advance three projects…

      • Rust

        • LWNCompiling Rust with GCC: an update [LWN.net]

          While the Rust language has appeal for kernel development, many developers are concerned by the fact that there is only one compiler available; there are many reasons why a second implementation would be desirable. At the 2022 Kangrejos gathering, three developers described projects to build Rust programs with GCC in two different ways. A fully featured, GCC-based Rust implementation is still going to take some time, but rapid progress is being made.

        • LWNA pair of Rust kernel modules [LWN.net]

          The idea of being able to write kernel code in the Rust language has a certain appeal, but it is hard to judge how well that would actually work in the absence of examples to look at. Those examples, especially for modules beyond the “hello world” level of complexity, have been somewhat scarce, but that is beginning to change. At the 2022 Kangrejos gathering in Oviedo, Spain, two developers presented the modules they have developed and some lessons that have been learned from this exercise.

        • Niko Matsakis: Dyn async traits, part 9: call-site selection

          After my last post on dyn async traits, some folks pointed out that I was overlooking a seemingly obvious possibility. Why not have the choice of how to manage the future be made at the call site? It’s true, I had largely dismissed that alternative, but it’s worth consideration. This post is going to explore what it would take to get call-site-based dispatch working, and what the ergonomics might look like. I think it’s actually fairly appealing, though it has some limitations.

        • Rust BlogAnnouncing Rust 1.64.0

          The Rust team is happy to announce a new version of Rust, 1.64.0. Rust is a programming language empowering everyone to build reliable and efficient software.


          Rust 1.64 stabilizes the IntoFuture trait. IntoFuture is a trait similar to IntoIterator, but rather than supporting for … in … loops, IntoFuture changes how .await works. With IntoFuture, the .await keyword can await more than just futures; it can await anything which can be converted into a Future via IntoFuture – which can help make your APIs more user-friendly!

        • LWNRust 1.64.0 released

          Version 1.64.0 of the Rust language has been released. Changes include the stabilization of the IntoFuture trait, easier access to C-compatible types, the availability of rust-analyzer via rustup, and more.

    • Standards/Consortia

  • Leftovers

    • Science

      • IBM Old TimerIrving Wladawsky-Berger: The 2022 State of AI in the Enterprise

        “Rapidly transforming, but not fully transformed – this is our overarching conclusion on the market, based on the fourth edition of our State of AI in the Enterprise global survey,” said Becoming an AI-fueled organization, the fourth survey conducted by Deloitte since 2017 to assess the adoption of AI across enterprises. “Very few organizations can claim to be completely AI-fueled, but a significant and growing percentage are starting to display the behaviors that can get them there.”

        AI is increasingly viewed by workers as a trusted assistant. “Within just the last 18 months, AI capabilities have advanced considerably, maturing from what was often experienced as a bothersome critic – telling workers what to do or pointing out their mistakes – to more frequently serving as a copilot, independently executing on insights and trends surfaced through the power and speed of cloud- based data hosting and computation.”

        These conclusions are similar to those of Stanford’s 2022 AI Index report, which found that AI was becoming more affordable and higher performing, with lower training costs and faster training times across a number of AI tasks including recommendation engines, image classification, object detection, and language processing. This has led to the widespread commercial adoption and increased real-world impact of AI systems.

    • Health/Nutrition/Agriculture

      • Mental health’s racial gap

        Sharkisha Cummins found herself struggling simultaneously with depression and the difficulty of communicating with her white therapist.

        “There were just too many ways that I just wasn’t (being) heard or seen or validated,” says Cummins, the married Black mother of two small children. “She was a nice lady, (but) she just didn’t understand.”

    • Security

      • LWNSecurity updates for Thursday [LWN.net]

        Security updates have been issued by Debian (e17, fish, mako, and tinygltf), Fedora (mingw-poppler), Mageia (firefox, google-gson, libxslt, open-vm-tools, redis, and sofia-sip), Oracle (dbus-broker, kernel, kernel-container, mysql, and nodejs and nodejs-nodemon), Slackware (bind), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, go1.18, go1.19, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, libconfuse0, and oniguruma), and Ubuntu (bind9 and pcre2).

      • Beta NewsWolfi Linux is designed to safeguard the software supply chain

        The desire for software supply chain integrity and transparency has left many organizations struggling to build in software security measures like signatures, provenance, and SBOMs to legacy systems and existing Linux distributions.

        This has prompted Chainguard to produce Wolfi, a new Linux ‘(un)distribution’ and build toolchain, that’s been designed from the ground up to produce container images that meet the requirements of a secure software supply chain.

        It’s called an (un)distribution because it isn’t a full Linux distro designed to run on bare-metal, but a stripped-down one designed for the cloud-native era.

      • Help Net SecurityWolfi: A Linux undistro with security measures for the software supply chain – Help Net Security

        Software supply chain security is unique – you’ve got a whole lot of different types of attacks that can target a lot of different points in the software lifecycle. You can’t just take one piece of security software, turn it on, and get protected from everything.

        The ecosystem’s push for software supply chain integrity and transparency has left organizations struggling to build software security measures like signatures, provenance, and SBOMs into legacy systems and existing Linux distributions.

        Recently, the U.S.’s most prestigious security agencies (NSA, CISA, and ODNI) tried to add to the conversation and released a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers.

      • ZDNetChainguard releases Wolfi, a Linux ‘undistribution’ | ZDNET

        There are many Linux distributions designed expressly for containers. Even Microsoft has one, Common Base Linux (CBL)-Mariner. Others include Alpine Linux, Flatcar Container Linux, Red Hat Enterprise Linux CoreOS (RHCOS), and RancherOS. Now Chainguard, a cloud-native software security company, has a new take on this popular cloud-friendly kind of Linux: Wolfi, an “undistribution.”

        I asked Chainguard CEO and founder Dan Lorenc at Open Source Summit Europe in Dublin what he meant by an “undistrbution.” He explained, “We call it an undistribution because that’s technically correct. Inside of a container, you have everything but Linux, right? So, even though it’s based on Linux, it’s not really correct to call it a Linux distribution.”

      • WiredA New Linux Tool Aims to Guard Against Supply Chain Attacks | WIRED

        IN THE WAKE of alarming incidents like Russia’s massive 2017 NotPetya malware attack and the Kremlin’s 2020 SolarWinds cyberespionage campaign—both pulled off by poisoning wells for software distribution—organizations around the world have been scrambling to get a handle on software supply chain security. In general, and for open source software in particular, stronger defense rests in knowing what software you’re actually running, with a crucial focus on enumerating all the little pieces that make up the whole and validating that they are what they should be. That way, when you pack a box of software heirlooms and store it on a shelf, you know there isn’t a live microphone or a Tupperware full of deviled eggs sitting in the box for years.

        Creating a system to generate a manifest of what’s inside every box in every basement and garage is a massive effort, but a new tool from security firm Chainguard aims to do just that for the software “containers” that underly almost all digital services today.

        On Thursday, Chainguard launched a Linux distribution called Wolfi that is designed specifically for how digital systems are actually built today in the cloud. Most consumers don’t use Linux, the famed open source operating system, on their personal computers. (If they do, they don’t necessarily know it, as is the case with Android, which is built on a modified version of Linux.) But the open source operating system is widely used in servers and cloud infrastructure around the world, partly because it can be deployed in such flexible ways. Unlike operating systems from Microsoft and Apple, where your only choice is whatever ice cream flavor they release, the open nature of Linux allows developers to create all sorts of flavors—known as “distributions”—to suit specific cravings and needs. But the developers at Chainguard, who have all been working in open source software for years, including on other Linux distributions, felt that a key flavor was missing.

      • TechRepublicSoftware supply chain security gets first Linux distro, Wolfi | TechRepublic

        From software signing, to container images, to a new Linux distro, an emerging OSS stack is giving developers guardrails for managing the integrity of build systems and software artifacts.

      • Docker, Inc. to Integrate Free SBOM Generation Tool – Container Journal

        Docker, Inc. plans to embed the ability to dynamically generate a software bill of materials (SBOM) using the Docker Build command that developers use to build Docker images from a Dockerfile.

        Company CEO Scott Johnston says when it comes to building cloud-native applications, existing SBOM tools can’t keep pace with the rate at which developers are ripping and replacing containers. Docker, Inc. will address the need to provide more visibility into what components are being used to construct an application for no additional cost, he adds.

      • LWNA Python security fix breaks (some) bignums [LWN.net]

        Typically, an urgent security release of a project is not for a two-year-old CVE, but such is the case for a recent Python release of four versions of the language. The bug is a denial of service (DoS) that can be caused by converting enormous numbers to strings—or vice versa—but it was not deemed serious enough to fix when it was first reported. Evidently more recent reports, including a remote exploit of the bug, have raised its importance—causing a rushed-out fix. But the fix breaks some existing Python code, and the process of handling the incident has left something to be desired, leading the project to look at ways to improve its processes.

        Python integers can have an arbitrary size; once they are larger than can be stored in a native integer, they are stored as arbitrary-length “bignum” values. So Python can generally handle much larger integer values than some other languages. Up until recently, Python would happily output a one followed by 10,000 zeroes for print(10**10000). But as a GitHub issue describes, that behavior has been changed to address CVE-2020-10735, which can be triggered by converting large values to and from strings in bases other than those that are a power of two—the default is base 10, of course.

        The fix is to restrict the number of digits in strings that are being converted to integers (or that can result from the conversion of integers) to 4300 digits for those bases. If the limit is exceeded, a ValueError is raised. There are mechanisms that can be used to change the limit, as described in the documentation for the Python standard types. The value for the maximum allowable digits can be set with an environment variable (PYTHONINTMAXSTRDIGITS), a command-line argument (-X int_max_str_digits), or from within code using sys.set_int_max_str_digits(). It can be set to zero, meaning there is no limit, or any number greater than or equal to a lower-limit threshold value, which is set to 640.

      • USCERTCISA Has Added One Known Exploited Vulnerability to Catalog

        CISA has added one new vulnerability to it’s Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

      • USCERTCISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense

        CISA and the National Security Agency (NSA) have published a joint cybersecurity advisory about control system defense for operational technology (OT) and industrial control systems (ICSs). Control System Defense: Know the Opponent is intended to provide critical infrastructure owners and operators with an understanding of the tactics, techniques, and procedures (TTPs) used by malicious cyber actors. This advisory builds on NSA and CISA 2021 guidance provided to stop malicious ICS activity against connect OT, and 2020 guidance to reduce OT exposure.

      • USCERTISC Releases Security Advisories for Multiple Versions of BIND 9

        The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories addressing lower severity vulnerabilities, see the BIND 9 Security Vulnerability Matrix.

      • USCERTCISA Releases Three Industrial Control Systems Advisories

        CISA has released three Industrial Control Systems (ICS) advisories on September 22, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

      • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

      • Privacy/Surveillance

        • AccessNowIndia’s Draft Telecommunication Bill must be revamped to protect human rights – Access Now

          India’s Department of Telecommunications (DoT) is jeopardising two crucial aspects of a safe and open internet — encrypted communications, and unhampered access — as outlined in the Draft Telecommunication Bill published yesterday, September 21, 2022. The DoT must immediately review and amend all provisions that risk the rights of people in India.

          Through the Bill, the government seeks to consolidate and replace the existing framework governing the telecommunications sector in India, including the Indian Telegraph Act, 1885. In addition to conventional phone calls and SMS services, the Bill also seeks to regulate over-the-top (OTT) applications, including WhatsApp, Signal, and Facetime. These OTT platforms offer end-to-end encryption (E2EE) for calls and messages, and enable privacy and security.

          “India’s Draft Telecommunication Bill is yet another attack on end-to-end encryption, and people’s fundamental rights and freedoms, following the invasive IT Rules, 2021,” said Namrata Maheshwari, Asia Pacific Policy Counsel at Access Now. “E2EE is crucial not only for people’s privacy, free expression, and safety, but also to protect democratic principles. The Bill, and any framework impacting encrypted communications services, must categorically prevent measures to break, weaken, or circumvent encryption.”

        • Internet Freedom FoundationThe draft Indian Telecommunication Bill, 2022 retains its colonial roots

          The Department of Telecommunications (DoT) under the Ministry of Communications (MoC) has released for public consultation the draft of the Indian Telecommunication Bill, 2022. According to the accompanying explanatory note, the Bill aims to create a comprehensive framework for the regulation of telecommunications in India. In doing so, it repeals the Indian Telegraph Act, 1885, Indian Wireless Telegraphy Act, 1933, and The Telegraph Wire (Unlawful Protection) Act,1950. Comments on the draft from relevant stakeholders have been invited till October 20, 2022. The comments can be sent to naveen.kumar71@gov.in.

    • Censorship/Free Speech

      • AccessNowStop suppressing the population: authorities in Iran must #KeepItOn – Access Now

        Access Now is outraged by the brutal death in police custody of 22 year-old Mahsa Amini, and subsequent violent — and lethal — crackdown on protests and protesters including escalating internet shutdowns across the country. Read the #KeepItOn coalition’s joint statement.

        Citing arbitrary “national security” reasons, and following the uproar around the death of Mahsa Amini who was detained by the so-called “morality police” for allegedly breaking hijab rules, authorities have systematically disconnected people from social media platforms, and now from internet access entirely.

        “Iran’s go-to move is to block internet access,” said Felicia Anthonio, #KeepItOn Campaign Manager at Access Now. “But history has shown us over and over that cutting people off when they need a platform for expression most only causes more harm. Authorities in Iran must reinstate full internet access across the country.”

    • Freedom of Information / Freedom of the Press

      • Public KnowledgePublic Knowledge Warns Congress Against Adopting Controversial Journalism Competition and Preservation Act – Public Knowledge

        Today, the Senate Judiciary Committee marked up the “Journalism Competition and Preservation Act.” The bill proposes creating a “safe harbor” from antitrust law, allowing news companies to band together to negotiate compensation terms for their content with the largest digital platforms. The bill also allows publishers to restrict Google and Facebook from linking to their news stories, ultimately limiting the public’s access to credible information online.

        Public Knowledge, along with dozens of other organizations, warns that the JCPA will do nothing to help preserve local journalism and, in fact, will likely compound some of the biggest problems in our information landscape today: consolidation and declining quality of information. The markup follows a letter sent by 21 organizations warning Senate lawmakers against adopting the bill.

    • Monopolies

      • Trademarks

        • Public Domain ReviewThe Kumatologist: Vaughan Cornish’s Wave Studies (1910–14) – The Public Domain Review

          Walking along the Devon coast at low tide in the autumn of 1895, geographer Vaughan Cornish (1862–1948) watched two sets of waves interact on the shore. As one set rippled across the flat strand, the other rounded a shoal and broke onto the beach. After colliding, each set then continued on its separate path, which brought to his mind how waves of light can pass through each other unaffected. Cornish’s casual association, between the behavior of light and water, speaks to how immersed he and his contemporaries were in a world of invisible waves. British and continental science in the 1890s was wrangling with gravitational waves, magnetic waves, sound waves, and mysterious new emanations — cathode rays, x-rays, and uranium radiation. And yet, the common ocean wave possessed its own secrets, having undergone only the barest scientific scrutiny in the two centuries since Newton’s Opticks.

  • Gemini* and Gopher

    • Politics

      • Right wing politics on Gemini

        The right is engaging with a straw doll of what the left is.

        This is how right-wingers genuinely see the world:

        Climate change is a hoax, representation is pandering, the owner class are role models.

        I couldn’t fault anyone who bought into that worldview for going right wing. It doesn’t surprise me. It just breaks my heart.

      • Re: Right wing politics on Gemini

        It feels like this is inevitable on any open platform. Reactionaries love to be heard.

        This has inspired me to set up my own feed aggregator, and abandon non-curated content sources. Such open platforms (like Antenna) inevitably attract reactionaries and grifters. I give it a year before Antenna begins to develop its very own Nazi problem like the rest of the “Free Marketplaces of Ideas”.

      • Siddhartha by Herman Hesse

        This is a book I’ve been wanting to read for a while. It’s one that if briefly described to someone who has never heard of it, they might raise a confused eyebrow. This is a story written by a German missionary that takes place in India during the time of the Buddha with a main character named Siddhartha but he isn’t the Buddha (his name was also Siddhartha before ascending to Buddha-dom). At it’s heart, though, this is the story of a man and his search for wisdom.

      • Re: Right wing politics on Gemini

        I think ew0k killed his own idea by releasing Antenna. Antenna is great, especially since you can filter out specific feeds fairly easily, but if someday the community is willing to put collective effort into something less centralized, we could start with the above.

    • Technical

      • So when did POP and IMAP become a “legacy protocol?”

        On one level, this doesn’t bother me. I’m using the web version of Lookout (I assume that’s the Lookout 365 for The Enterprise tenant they mention, at least, I hope so). I also don’t check work email on my phone—never have, and I don’t have plans on starting that any time soon either.

        But on another level, this is concerning. Even though Microsoft announced this three years ago, it comes across as locking email down into a more centalized, proprietary system. I do have to wonder how long until Google decides that only certain clients can connect with Gmail? You know, for “enhanced security” or a “better experience.” I don’t use Gmail, but I do have concerns about my ability to run my own email server and general interoperability with the large email providers like Google and Microsoft.

      • Il solito brutto Vizio…

        I recently had to replace a 32″ Vizio SmartTV, and the only 32″ TV I found at Cosco was another Vizio. I didn’t have any expectations against these Vizio TVs, as a matter of fact I have been using other Vizio TVs so far simply because the price and the sizes we needed at the given moments.

        However something different there was and not only for the Vizio brand but, apparently, the newest Smart TVs are becoming smarter with more sophisticated, android like, interfaces; just to make your life worsen — assuming that any fellow Geminaut thinks those web-spy-interfaces atrocious nevertheless.

* Gemini (Primer) links can be opened using Gemini software. It’s like the World Wide Web but a lot lighter.

Microsoft Will Soon be Unlisted in Netcraft’s Web Survey (Due to Minuscule, Negligible Market Share)

Posted in Microsoft, Servers, Windows at 4:15 pm by Dr. Roy Schestowitz

Released this past evening:

September 2022 Web Server Survey

Summary: A few hours ago this was released by Netcraft; it seems clear that Netcraft’s tables already omit Microsoft in all except 2, where Microsoft is placed last and rapidly loses share (it'll fall out of sight soon)

Links 22/09/2022: GNOME Builder 43.0 and Hype Over Ubuntu Wallpaper

Posted in News Roundup at 10:03 am by Dr. Roy Schestowitz

  • GNU/Linux

    • NeowinGoogle and Framework launch a Chromebook with customizable ports and more – Neowin

      Today, Framework announced its partnership with Google to create a new modular Chromebook that brings together the sustainable nature of Framework’s laptops and Google’s ChromeOS. The Framework Laptop Chromebook Edition will be available for pre-order in batches and shipped out towards the end of 2022.

    • Tom’s HardwareFramework Embraces ChromeOS with Chromebook Edition Laptop | Tom’s Hardware

      Framework, which makes the ultra-customizable Framework Laptop with a completely replaceable mainboard and expansion modules for different ports, is moving to a new type of laptop: the Chromebook.

      Starting today, Framework is accepting pre-orders for the Framework Laptop Chromebook Edition, which still starts at $999 and will ship in early December.

      In a release, Framework said that the laptop will run on a 12th Gen Intel Core i5-1240P with 30 watts of sustained performance. The prebuilt version comes with 8GB of DDR4 RAM and 256GB of NVMe storage and can be upgraded to up to 64GB of RAM and 1TB of storage. The company hasn’t said what kinds of upgrades may be available in the future, but a representative said that all of the current expansion cards are cross-compatible between the Framework Laptop and the Chromebook Edition.

    • Desktop/Laptop

      • Linux MagazineSystem76 Refreshes its Thelio Desktop Computer – Linux Magazine

        System76 has given their already stellar Thelio desktop computer a redesign by way of the chassis accent panel.

        Carl Richell, CEO of System76 had an epiphany. He says, “I was waiting in line for a COVID test and I was staring at the wood trim in my car, wondering how long it would all take. I stared hard enough to the point where I started thinking about the wood-to-metal ratio, and how modern the design felt with only a little bit of wood.”

        This inspiration led Richell to cutting down on the wood veneer not only for a sleeker, more modern look, but also to make the build process of the chassis more efficient. With a slimer piece of wood veneer, the process takes much less precision to accomplish, which results in greater consistency and reduces the number of extrusions from 4 to 2. The wood (as well as other materials) is sourced within the US and for every Thelio purchased, System76 plants a tree through the National Forest Foundation.

    • Audiocasts/Shows

    • Applications

      • DebugPointONVIFViewer – Internet Camera Viewer for Linux

        ONVIF (Open Network Video Interface Forum) is a protocol established by Bosch, Sony and other partner to standardize the network cameras and its interfaces. All the software programs available today to access internet cameras, security cameras are proprietary and nothing was available for Linux systems.

        ONVIFViewer is being developed to bridge the gap with the help of the Qt5 and Kirigami UI framework. As part of this project, new C++ libraries are being developed from scratch to communicate with IP cameras. These libraries can be later converted to independent modules for re-usability.

      • 9to5LinuxFwupd 1.8.5 Adds New Plugin to Display SMU Firmware Version on AMD APU/CPUs

        Fwupd 1.8.5 comes about three weeks after fwupd 1.8.4 and introduces a new plugin to display SMU firmware version on AMD APU/CPUs, a new android-boot plugin to update specific block devices, support for platform capability descriptors to allow devices to set quirks, and a new plugin that contains the generic Intel Goshen Ridge code.

    • Instructionals/Technical

      • Bozhidar BatsovResetting CircleCI Checkout SSH Keys

        Lately I’ve been having some weird problems with CircleCI and some of my OSS projects (most recently CIDER) – the SSH checkout keys that CircleCI uses to fetch the code from GitHub started to disappear which resulted in the following obscure error messages: [...]

      • uni TorontoWhy the ZFS ZIL’s “in-place” direct writes of large data are safe

        Taken by itself, this means that ZFS does synchronous writes twice, once to the ZIL as part of making them durable and then a second time as part of a regular transaction group. As an optimization, under the right circumstances (which are complicated, especially with a separate log device) ZFS will send those synchronous writes directly to their final destination in your ZFS pool, instead of to the ZIL, and then simply record a pointer to the destination in the ZIL. This sounds dangerous, since you’re writing data directly into the filesystem (well, the pool) instead of into a separate log, and in a different filesystem it might be. What makes it safe in ZFS is that in ZFS, all writes go to unused (free) disk space because ZFS is what we generally call a copy-on-write system. Even if you’re rewriting bits of an existing file, ZFS writes the new data to free space, not over the existing file contents (and it does this whether or not you’re doing a synchronous write).

      • Linux HandbookHow to Know if You Are Using Systemd or Some Other Init in Linux

        When you start a Linux system, it starts with only one process, a program called init.

      • FOSSLinuxHow to install vnStat on Ubuntu 22.04 | FOSS Linux

        VnStat is a command line-based network traffic monitor for BSD and Linux that maintains a network traffic log for the selected interfaces(s). The monitor utilizes the network interface statistics given by the kernel as an information source. To engender logs, vnStat uses the info provided by the kernel. It also ensures light utilization of system resources regardless of network traffic rate.

        Besides the network statistics provided by this command line utility, vnStat provides summaries on various network interfaces like “eth0” for wired connections and “wlan0” for wireless connections. In most cases, network admins use vnStat to monitor hourly, daily, weekly, and monthly glimpses of network statistics in a detailed table or a terminal statistical view.

      • Linux Made SimpleHow to install Universal Pokemon Game Randomizer on a Chromebook

        Today we are looking at how to install Universal Pokemon Game Randomizer on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • Make Use OfHow to Find and Fix Broken Packages on Linux

        Package managers on Linux allow you to control the installation and removal of packages. In addition to that, package managers also help you find broken packages on your system and reinstall them to fix various issues associated with Linux packages.

      • LinuxTechiHow To Install VMware Workstation On Ubuntu 22.04 | 20.04

        In this guide, we will focus on how to install VMware Work Station Pro on Ubuntu 22.04 | 20.04.

        VMware Workstation is a type 2 hypervisor designed for Windows and Linux systems. It allows you to create and manage virtual machines in either Windows or Linux environments.

        Vmware Workstation is broadly categorized into two products: VMware Workstation Player and VMware Workstation Pro.

        VMware Workstation Player is free for personal use whereas VMware Workstation Pro requires a license. The former is a non-commercial tool and provides just basic functionalities whereas Workstation Pro is a professional and more advanced virtualization solution. Both run on Linux and Windows systems and have virtually the same installation requirements. In addition, both run on x86-based architecture with 64-bit Intel and AMD CPUs.

      • OSTechNixHow To Find Which Service Is Listening On A Particular Port – OSTechNix [Ed: Newly updated]

        This guide explains a few different ways to find which service is listening on a particular port in Linux. Most of you know the default port of popular services or processes. For example, the default port of Apache is 80, FTP default port is 21 and SSH default port is 22. You can find the port names and numbers in Linux as described in this guide. The default port numbers can also be changed to any custom ports to secure a Linux server. For instance, the following guides describes how to change the defaults port of Apache, FTP and SSH to different port.

      • IT Pro TodayHow to Configure Dovecot IMAP/POP3 Server on Ubuntu

        Find out how to install and configure Dovecot email server on Ubuntu. This tutorial also explains how to extend Dovecot with modules.

      • RoseHostingHow to Install FileRun on Ubuntu 22.04 with Apache – RoseHosting

        In this tutorial, we are going to install FileRun on Ubuntu 22.04 OS.

        FileRun is a storage platform system that allows managing, sharing, and syncing files. FileRun can be an alternative to Google Drive and NextCloud and offers many features like virtual drive support, native mobile apps, metadata support, etc. In this installation, we are going to install the LAMP stack since the tutorial is installing FileRun on Ubuntu 22.04

        Installing FileRun is a very easy process that can take up to 20 minutes. Let’s get started!

      • Linux Shell TipsHow to Install and Use WP-CLI on Linux [Beginners’ Guide]

        WordPress has created a reputation for itself as one of the world’s most sort-after open-source CMS (Content Management System) software. The growing popularity of WordPress CMS is due to the fact a non-coder can easily download, install, set up, and start running an enterprise-driven CMS platform.

        WordPress design consideration of non-coders does not exclude the need for useful developer tools and documents. One such tool is WP-CLI.

        WP-CLI tool provides a command-line interface for the WordPress CMS software, which makes it possible to install, manage, and update WordPress CMS software if need be.

        Additionally, if you are handling multiple CMS sites, this tool will help with their configuration and the update of the WordPress backend server’s cores and plugins. Also, when trying to troubleshoot and restore an irresponsive WordPress frontend, WP-CLI is the go-to tool.

      • UNIX CopHow to determine which theme is currently enabled using the terminal? (GNOME)

        This post although simple to use and explain can help us more than once. Especially in scripting and customization settings. Today, you will learn how to determine which theme is currently enabled using the terminal on Ubuntu | Linux Mint

      • H2S MediaHow to install Qcad on Debian 11 Bullseye – Linux Shout

        Learn the commands to install the open source QCAD 2D program on Debian 11 Bullseye using the command line terminal.

        QCAD is an open-source CAD program for two-dimensional drawings. It is a very powerful, free CAD program, but it cannot be compared to commercial programs. With QCAD you can create technical drawings such as plans for buildings, facilities, or mechanical parts as well as schemes and diagrams. It offers Construction and modification of points, lines, arcs, circles, ellipses, splines, polylines, texts, dimensions, hatches, fills, and raster images. However, you have to resort to additional programs for the three-dimensional viewing of your drawings.

        Newer, paid versions can be purchased from the developer’s website.

      • Trend OceansHow to Find User Account with Empty Password on Linux

        In Linux computing, system security is the highest priority. Standard users or system administrators always take certain precautions to ensure the safety of the system and its users.

      • Trend OceansFind Whether your USB Devices are Connected to Your Linux System using CLI & GUI Tools

        There are a handful of commands available in Linux to find whether your USB devices are connected to your Linux system.

    • Games

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • LinuxiacGNOME 43 Desktop Is a Step Forward but Still Far from Perfection

          The GNOME 43 “Guadalajara” desktop environment was released, improving the appearance and adding some new features.

        • LWNGNOME 43 released [LWN.net]

          Version 43 of the GNOME desktop environment has been released; see the release notes for details.

        • GNOME Builder 43.0

          This is the truly the largest release of Builder yet, with nearly every aspect of the application improved. It’s pretty neat to see all this come together after having spent the past couple years doing a lot more things outside of Builder like modernizing GTKs OpenGL renderer, writing the new macOS GDK backend, shipping a new Text Editor for GNOME, and somehow getting married during all that.

          The most noticeable change, of course, is the port to GTK 4. Builder now uses WebKit, VTE, libadwaita, libpanel, GtkSourceView, and many other libraries recently updated to support GTK 4.

  • Distributions and Operating Systems

    • Hacking anything with GNU Guix

      If you are a software developer, system administrator, or anything in between, you have probably experienced a situation where you want to patch some piece of software that you did not write. Either to fix a bug, try an idea you had in the shower, or just have fun.

      Then you discover that it needs a mountain of dependencies to build, and that the versions provided by your operating system are too old, or only available on a mixture of PyPI, CPAN, and random repositories. Even if your preferred package manager has all dependencies available, you may not want to install all that just to scratch that itch.

      Enter guix shell. If you are lucky, that project you want to hack on is one of the 21000+ packages available in Guix. Then you can simply clone the repository, navigate to the project in a terminal, and run: [...]

  • Free, Libre, and Open Source Software

    • Entitlement in Open Source

      Let’s start with a few definitions of terms I’ll use in this article so we’re all on the same page:

      open source project: a software project where the source code is freely released under an open source license (e.g. MIT, Apache, GPL). Often on GitHub, GitLab or a similar hosting platform.

      user: someone who uses open source software but has not yet been or become a contributor or maintainer

      contributor: someone who has submitted code to an open source project which was accepted and merged into this project but does not have write access to merge their own changes

      maintainer: someone with write access to an open source project who is able to merge changes from contributors, other maintainers or themselves

    • JoinupGermany’s opencode.de goes into production use

      The idea for a central repository was launched in 2020 and was worked on by Open Source Business Alliance (OSBA) together with the IT departments of local administrations. Interestingly, the stated advantages of Open Source focus on the flexibility and speed of adding new functionality. Many years ago, the focus was on cost saving, but this has changed in recent years. Also interesting is the idea of creating a community. The aim is that local administrations can see that particular pieces of software are already in use in similar administrations—a form of to peer-review or recommendation—and they also know they can turn to those colleagues if they have questions. Tasks such as licence verification and security audits can also be done just once.

    • Betterbird. Simply better.

      Betterbird is a fine-tuned version of Mozilla Thunderbird, Thunderbird on steroids, if you will.

      Betterbird is better than Thunderbird in three ways: It contains new features exclusive to Betterbird, it contains bug fixes exclusive to Betterbird and it contains fixes that Thunderbird may ship at a later stage. Please refer to this feature table for examples. This should give you an impression of where the project is headed. More information on why we’re doing the project can be found at the FAQ. Or just see our ilustrator’s impression:

      Betterbird 91.13.1 released on 13th September 2022

    • Web Browsers

      • uni TorontoTangled issues with what status we should use for our HTTP redirects

        When we set up any HTTP redirection, we have historically tended to initially make them ‘temporary’ redirections (ie, HTTP status 302). Partly this is because it’s usually the Apache default, and partly this is because we’re concerned that we may have made a mistake (either in configuration or intentions) and historically permanent redirects could be cached in browsers, although I’m not sure how much that happens today. Our most recent version of redirections for people’s old home pages were set up this way, and so they’ve stayed for four years.

      • Simon JosefssonPrivilege separation of GSS-API credentials for Apache

        The gssproxy project makes it possible to introduce privilege separation to reduce the attack surface. There is a tutorial for RPM-based distributions (Fedora, RHEL, AlmaLinux, etc), but I wanted to get this to work on a DPKG-based distribution (Debian, Ubuntu, Trisquel, PureOS, etc) and found it worthwhile to document the process. I’m using Ubuntu 22.04 below, but have tested it on Debian 11 as well. I have adopted the gssproxy package in Debian, and testing this setup is part of the scripted autopkgtest/debci regression testing.

      • Will Serving Real HTML Content Make A Website Faster? Let’s Experiment!

        Many of the most common performance problems in websites and applications today are caused by how they load and rely upon JavaScript, and the difficulty involved in solving those problems often depends on the degree of that reliance. When JS reliance is minimal, fixing poor delivery performance can be as simple as instructing the browser to load certain scripts at a lower priority and allow HTML content to render sooner. But when a site is dependent on JavaScript for generating its HTML content in the first place, those sorts of optimizations can’t help, and in those cases fixing the problem may require deep and time-consuming architectural changes.

        While it has been around longer, the pattern of using JavaScript to generate a page’s content after delivery became particularly popular within the last 5-10 years. The approach was initially intended for web applications that have highly dynamic, personalized, real-time content, but nowadays frameworks such as React have made these practices commonplace among sites that don’t share those specialized qualities as well.

      • Mozilla

        • Firefox Nightly: These Weeks In Firefox: Issue 124
        • DaemonFC (Ryan Farmer)Pale Moon scares people away from the NoScript extension to protect ‘MoonChild’s’ profits. Bonus: Corrosive people (boosted by Microsoft) in “FOSS” “Communities”. | BaronHK’s Rants

          Recently, Matthew J. Garrett, or Matt GULAG as I call him on #Techrights IRC has been petitioning Roy to cancel me over some personal beliefs that I have expressed that aren’t even that unusual. Roy hasn’t acted on that.

          Matt GULAG’s career in software development is on a jack stand provided by Microsoft and other companies that are hostile to software freedom.

          Unfortunately, when Freenode turned into The Pretender’s “Freenode Autonomous Zone”, people who are bad in other ways, like Matt GULAG and “MoonChild” (*cough* M.C. Hitler) (which MinceR refers to as “ManChild”) forked it and created Libera.Chat. Libera.Chat is awful because it’s been politicized by the cancel mob.

          Freenode, before The Pretender took it over, had almost 100,000 users and was _the_ place to discuss Free Software.

          Libera.Chat only has about 49,000 users at peak hours, and it’s because they cancel anyone who isn’t some total leftist freak-of-nature or a Microsoft toady that supports their sabotage efforts of GNU/Linux.

          Libera.Chat has banned me like 7 times (sort of like Matrix.org has), but K-Lines don’t mean much of anything to me like they did in the days of dial-up or direct connect over my real IP which only changed every several months or so.

          I change IP addresses and VPN providers every so often so good luck making any of that stick. I’m on Libera.Chat in several different ways all at once right now.

          Eventually the bans don’t happen as often because you know which rooms (such as #linux and #libera) which have asshole moderators in them.

          Microsoft has virtually succeeded in planting moles in every high profile place where “Linux” is up for discussion, and they’ve made sure that people who don’t like Microsoft and say why get banned. Even if it’s like, a one-liner and you’re not up on a soap box. Or you make a joke about something that really happened.

          (Like the time Microsoft did the BIG BOOBIES debacle with the Linux kernel in their HyperV driver and then says all the perverts are in open source.)

          The bans happened to me on Reddit and Libera, and whether the ban itself sticks or not, they know that you know that if you come back and criticize them again, the ban will just happen again.

    • SaaS/Back End/Databases

      • PostgreSQLPostgreSQL: Announcing: Citus 11.1 open source release

        New in the Citus 11.1 database, you can now distribute Postgres tables, split shards, and isolate tenants—without interruption, which means without blocking writes. Also included in 11.1 is PostgreSQL 15 beta 4 support, plus shard rebalancing in the background. Read Marco’s blog post for the full story. Or if you’re more interested in the code you can check out the Citus GitHub repo (feel free to give the project a star to show support :) ).

      • PostgreSQLPostgreSQL: Announcing the release of pg_stat_monitor 1.1.0

        Percona is happy to announce the 1.1.0 release of pg_stat_monitor. You can install it from the Percona repositories following the installation instructions.

        pg_stat_monitor is a Query Performance Monitoring tool for PostgreSQL. It attempts to provide a more holistic picture by providing much-needed query performance insights in a single view.

        pg_stat_monitor provides improved insights that allow database users to understand query origins, execution, planning statistics and details, query information, and metadata. This significantly improves observability, enabling users to debug and tune query performance. pg_stat_monitor is developed on the basis of pg_stat_statements as its more advanced replacement.

    • FSF

      • FSFFree Software Awards: Nominate those who have charted a course to freedom by November 30

        Announcement of Free Software Awards announcement. Read more about how to nominate individuals who have made an impact in free software.

        The dedication and determination of its contributors has helped the free software movement chart a course to a freer digital tomorrow. Whether you realize it or not, simply using free software makes you a part of our collective journey to freedom. On the way to our destination, there are those inspiring individuals and projects who go above and beyond in their dedication to the movement and its principles. Now, it’s time for us to show these community members and projects that we appreciate their vital work.

    • Licensing / Legal

      • Alexandru NedelcuAkka Fork FUD

        Lightbend made Akka proprietary from version 2.7.x onward. This left the community wondering about the possibility of a fork, and unfortunately, I see some FUD that needs to be addressed.

    • Programming/Development

      • Jim NielsenMy Contribution to Launching React Router 6.4

        I’m not going to cover what’s in the release (you can visit the blog post for that). Instead, I want to document a my involement in the new site design for reactrouter.com.

      • OpenSource.com5 Git configurations I make on Linux

        Setting up Git on Linux is simple, but here are the five things I do to get the perfect configuration:

        I manage my code, shell scripts, and documentation versioning using Git. This means that for each new project I start, the first step is to create a directory for its content and make it into a Git repository:

        There are certain general settings that I always want. Not many, but enough that I don’t want to have to repeat the configuration each time. I like to take advantage of the global configuration capability of Git.

      • Perl / Raku

      • Python

        • Carl SvenssonTTX – Swedish Teletext reader

          TTX is a Python script for reading the teletext pages published by SVT, Sweden’s public service television company.

      • Java

        • IT WireJava 19 arrives

          The new release includes a substantial number of bug fixes and minor improvements. More than two-thirds were contributed by Oracle. Red Hat, independent developers, Tencent, Amazon and Arm were the next most significant contributors.

          In addition to the six-monthly Java releases, Oracle provides free quarterly security updates for the current main version. Security fixes are also available to subscribers for to all applicable previous releases.

        • IT Pro TodayJava 19 Continues Evolution of Open Source Programming Language

          Java continues to move forward with features that improve performance and extend the capabilities of the open source programming language project led by Oracle.

      • Rust

  • Leftovers

    • The NationDays of Their Lives: Steve Brodner’s Living & Dying in America

      Back in 1960, A.J. Liebling reminded his fellow citizens that “freedom of the press is guaranteed only to those who own one.” As Steve Brodner knows only too well: Although he is considered by many (including me) to be the most brilliant caricaturist working today, the decline of print and the rise of editorial caution have meant fewer outlets for Brodner’s no-holds-barred graphic commentary. When, in the spring of 2020, Brodner felt compelled to chronicle the pandemic that was ravaging New York City and the world, he started publishing an illustrated newsletter, The Greater Quiet. He wasn’t the first to document the devastation brought on by a plague. In the 17th century, Samuel Pepys recorded the effects that the bubonic plague was having on London. In Pepys’s diary we learn that one of the ways Londoners protected themselves was by drinking cognac with cow urine. (Trump’s miracle cure, hydroxychloroquine, was still centuries in the future.)1

    • The NationRemembering Ying Lee

      When the pandemic started, I took a walk with Ying Lee, who died this week at the age of 90. I took some photographs of her, and she talked about her memories of her childhood in China. Then we laughed at how we defied the Berkeley School Board.

    • HackadayA 3D Printed Marble Run Features Neat Elevator Linkage

      There’s seldom anything as joyful and relaxing to watch as a simple marble run. Of course, the thing about letting marbles fall under gravity is that you eventually need to lift them back up again. The Marblevator has a mechanism that does just that.

    • HackadayWow! You Could Have A (Tiny) V8!

      If you grew up before high gas prices and strict emission control regulations, you probably had — or wanted — a car with a V8 engine. An engineering masterpiece created in France, it would define automotive power for the best part of a century. Of course, you can still get them, but the realities of our day make them a luxury. [Vlad] shows us his latest Christmas list addition: a fully-functioning but tiny V8 — the Toyan FS-V800 that has a displacement of two centiliters.

    • Education

      • HackadayKnow Audio: Stereo

        In our occasional series charting audio and Hi-Fi technology we have passed at a technical level the main components of a home audio set-up. In our last outing when we looked at cabling we left you with a promise of covering instrumentation, but now it’s time instead for a short digression into another topic: stereo. It’s a word so tied-in with Hi-Fi that “a stereo” is an alternative word for almost any music system, but what does it really mean? What makes a stereo recording, and how does it arrive at your ears?

    • MedforthParis: Teacher threatened for asking a pupil to take off her Islamic headscarf

      In detail: On Friday September 16, students of the Simone Weil High School spent the afternoon inside the historic library of the city of Paris, located in the Rue Pavée near the school. Suddenly, one of the two teachers present spotted that a female high school student had put on her headscarf as she was leaving the school building. “She asked her to take off her headscarf and explained to her that wearing it was not allowed in the school rules of the high school and especially during school trips,” a person close to the investigating authority told the newspaper.

  • Hardware

    • HackadayOld Barcode Scanner Motherboards Live Again

      Sometimes, hacking is just for the pleasure of diving into the secrets of old hardware. That was very much the case when [glitch] and a friend started hacking on some old Intel 8080 boards that had been living in the junk pile for too long.

    • HackadayCutting Metals With A Diode Laser?

      Hobbyist-grade laser cutters can be a little restrictive as to the types and thicknesses of materials that they can cut. We’re usually talking about CO2 and diode-based machines here, and if you want to cut non-plastic sheets, you’re usually going to be looking towards natural materials such as leather, fabrics, and thin wood.

    • HackadayMetric And Inch Threads Fight It Out For Ultra-Precise Positioning

      When you’re a machinist, your stock in trade is precision, with measurements in the thousandths of your preferred unit being common. But when you’re a diemaker, your precision game needs to be even finer, and being able to position tools and material with seemingly impossibly granularity becomes really important.

    • Tom’s HardwareFloppy Disk Kingpin Says Business Has About Four Years Before Hitting Eject Button

      You might be curious who still needs floppy disks in 2022. The answer is wide-ranging, with a diverse clientele still eating up these computer consumables regularly. Some of the biggest floppy disk orders come from industrial firms, as well as avionics, healthcare, and embroidery. All these customers have something in common; they use serviceable, good working order machinery that is perhaps 20+ years old and use a floppy drive to save and load data. Incidentally, the Japanese government has only just decided to phase out the required filing of certain official documents on floppies and CDs.

  • Health/Nutrition/Agriculture

    • India TimesFDA warns of cybersecurity risk with certain Medtronic insulin pumps

      The agency issued a cybersecurity risk alert for the Medtronic MiniMed 600 Series insulin pump system, which has several components including an insulin pump and a blood glucose meter that communicate wirelessly.

      The FDA said an unauthorized person could gain access to a pump while it was pairing with other system components, but so far, it was not aware of any reports related to this cybersecurity vulnerability.

    • RFAThree Tibetans reported dead from COVID as virus spreads

      Three Tibetans have recently died from COVID-19 as the virus continues to spread across China’s Tibet Autonomous Region and local netizens complain of harsh and unsanitary quarantine procedures, RFA has learned.

    • New York TimesWe’re Losing the Luxury of a Summer Spent Outdoors

      I looked down at my phone to check the air quality index: AQI 122. Above 50 is considered “acceptable.” Above 100 is considered “unhealthy for sensitive groups” like children and the elderly. But there is no amount of wildfire smoke that is safe to breathe. Smoke is made up of tiny particles that burrow deep into your lungs and pass into your bloodstream. Scientists don’t know what will happen to our children, who are growing up exposed to wildfire smoke summer after summer after summer, for weeks at a time.

    • Rolling StoneFive Years Since the Route 91 Massacre No One Knows a Damn Thing

      Yet five years since the massacre at Route 91, little else has, when it comes to mass shootings in the U.S. The suspect, a 64-year-old white man who took his own life by the time authorities entered his room, was identified, yet no motive was ever determined. A ban on bump stocks, the device the shooter used to transform his weapons from semi-automatic to automatic, was enacted via executive order by President Trump in 2018, but seemingly did little to curb future mass shootings using assault rifles. And the survivors, traumatized and struggling to heal — an estimated 22,000 people attended the festival’s third day — find it hard to agree upon anything. Even the official death toll is a point of fierce debate.

    • Rolling StoneBjörk Says ‘Violence’ in the U.S. Contributed to Move Back to Iceland: ‘Too Much for Me’

      Speaking to Pitchfork ahead of her new album Fossora, Björk revealed that — after decades split living in New York and Iceland — the singer moved back to the latter for good in part because of the Covid-19 pandemic and the rash of violence — from mass shootings to incidents of police brutality — that were a constant in the U.S.

    • ScheerpostColombian President Calls for an End to the War on Drugs in Historic UN Address

      In his speech to the UN General Assembly, the Colombian president highlighted the necessity of ending the war on drugs and saving the environment.

  • Proprietary

    • You can’t stop me. MS Teams session hijacking and bypass | Pen Test Partners

      Microsoft Teams stores unencrypted session tokens and cached conversations in users’ roaming AppData, which can be used by an attacker to gain access to the victim’s Teams account without having to authenticate or contend with potential conditional access policies.

      This is a design choice by Microsoft as the folder is located in \AppData\Roaming\, which is a folder designed to be synchronised with folder redirection and similar technologies for user convenience. Imagine the frustration IT departments would be faced with if their Citrix users had to log into Teams every single morning. You can almost hear the angry mob with torches and pitchforks.

      We leveraged this on a client engagement when I compromised a central file server, which held users’ roaming AppData.

    • GhacksMicrosoft Teams is storing authentication tokens in cleartext

      The vulnerability is present in the desktop versions of Teams for Windows, macOS and Linux. Threat actors who have local (physical) or remote access to a victim’s system, can access the credentials of users who are signed in, without requiring administrator privileges. Hackers could bypass 2-factor authentication requirements even if it was enabled in the account, and access other related apps such as Skype and Outlook. This could potentially be exploited to impersonate other users, tamper with data, or to engineer targeted phishing attacks.

    • Computing UKMicrosoft Teams stores authentication tokens in plaintext

      Microsoft’s workplace-oriented messaging app, Teams, saves authentication tokens in an unencrypted plaintext format – potentially allowing attackers to control conversations and move laterally inside a network.

      Security firm Vectra Protect claims the weakness affects the desktop app for Windows, Mac, and Linux, which was developed using the Microsoft Electron framework.

    • Scoop News GroupTwitter, Mudge and survival of the quittest

      The affair also raises suspicions of performative tokenism on the part of some tech giants, who sometimes appear to keep some of their security and ethics personnel on staff merely for window-dressing. Just recently, Meta disbanded its Responsible Innovation Team just about a year after touting them, while Patreon, which suffered a massive data breach in 2015, laid off its entire security staff.

  • Security

    • CISAMozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird | CISA

      Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

      CISA encourages users and administrators to review the Mozilla security advisories for Firefox 105, Firefox ESR 102.3, and ThunderBird 91.13.1 and apply the necessary updates.

    • USCERTMicrosoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager [Ed: Microsoft the back doors company]

      Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information.

    • Krebs On SecuritySIM Swapper Abducted, Beaten, Held for $200k Ransom

      A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen’s captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to certain online crime communities.

    • HackadayTrojans Can Lurk Inside AVR Bootloaders

      If there’s one thing we’ve learned over the years, it’s that if it’s got a silicon chip inside, it could be carrying a virus. Research by one group focused on hiding a trojan inside an AVR Arduino bootloader, proving even our little hobbyist microcontrollers aren’t safe.

    • IT WireiTWire – Optus hit by huge data breach, up to 9m customers claimed affected

      Australia’s second largest telecommunications provider Singtel Optus has revealed its customers’ data has been possibly accessed in a network attack.

      The Australian claimed the data breach affected up to nine million customers.

      Optus said in a statement that information which may have been exposed included customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers.

    • Bruce SchneierPrompt Injection/Extraction Attacks against AI Systems – Schneier on Security

      This is an interesting attack I had not previously considered.

      The variants are interesting, and I think we’re just starting to understand their implications.

    • Simon WillisonI don’t know how to solve prompt injection

      Some extended thoughts about prompt injection attacks against software built on top of AI language models such a GPT-3. This post started as a Twitter thread but I’m promoting it to a full blog entry here.

      The more I think about these prompt injection attacks against GPT-3, the more my amusement turns to genuine concern.

      I know how to beat XSS, and SQL injection, and so many other exploits.

      I have no idea how to reliably beat prompt injection!

    • Integrity/Availability/Authenticity

      • Le MondeNo more passwords? Passkeys explained in three questions

        When signing up for a service, application or site (an online store, for example) with a passkey you will have to use a device that belongs to you: a smartphone, computer or a tablet. During registration, the smartphone will create two encrypted keys, which are unique and specific for each service. There is the private key, which remains on the smartphone, and the public key, held by the site or application in question.

        Then, each time a connection is attempted, the service will pose a sort of riddle to the smartphone, a “challenge” that only the user will be able to solve thanks to its private key. Once this “challenge” is solved the user will then have to give their approval and prove that they are the owner of the smartphone, for example by putting their finger on the fingerprint reader, presenting their face, typing in a PIN or by drawing a pattern on the screen in order to finalize the connection.

      • Trolling forum Kiwi Farms admits being hacked

        Kevin Beaumont, a cyber-pundit who also goes by his Twitter handle @GossiTheDog, said the hack had probably been augmented by a remote-code execution script called Troonshine that gathered data and credentials from users of the extremist forum and sent it to a website named after coded offensive language used by Kiwi Farms.

    • Privacy/Surveillance

      • Patrick BreyerData retention ruling: Let’s free Europe from mass surveillance and general suspicion!

        In a ruling delivered today, the EU Court of Justice dismissed German legislation on general and indiscriminate retention of call data records and mobile phone location data of the entire population. It warns that bulk retention may reveal “habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them”. However, the Court did not object to the bulk retention of Internet traffic data (IP addresses), which can be used to trace online activity. The so-called quick freeze procedure has also been permitted for the prosecution of serious crimes.

      • GannettCustoms is collecting data at the border. This is what it means for Michiganders

        The U.S. government is collecting and storing data from up to 10,000 electronic devices each year from travelers at international borders, the Washington Post reported last week. The database is accessible by thousands of agents, CBP told congressional staff. That means CBP agents could theoretically see photos of your honeymoon, who you’re texting and where you’ve been.

        The data is maintained for 15 years, the Post said. Officials declined to say how long the practice has gone on.

      • The Washington PostCustoms officials have copied Americans’ phone data at massive scale

        The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant — two details not previously known about the database — have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime. CBP officials told congressional staff the data is maintained for 15 years.

        Details of the database were revealed Thursday in a letter to CBP Commissioner Chris Magnus from Sen. Ron Wyden (D-Ore.), who criticized the agency for “allowing indiscriminate rifling through Americans’ private records” and called for stronger privacy protections.

      • Stacey on IoTEverything I could find out about Amazon’s Sidewalk Network

        Since Amazon announced its Sidewalk Network in 2019, I’ve been eagerly awaiting the Low-Power Wide-Area Network (LPWAN) for the internet of things. But since Amazon turned on the network in mid-2021, an influx of Sidewalk devices and widespread use hasn’t occurred. Instead Amazon is slowly adding new customers on a case-by-case basis.

      • Internet Freedom Foundation#5Questions to ask before installing an app

        Ever worried about your data and its privacy while installing a new application (app) on your phone? As part of our new series #5Questions, here are 5 questions that will help you make an informed decision.

      • TechdirtNo, The Solution For Criminal Defendants Is Not More Clearview AI

        The problems with Clearview AI’s facial recognition system, particularly in the hands of police, are myriad and serious. That the technology exists as it does at all raises significant ethical concerns, and how it has been used to feed people into the criminal justice system raises significant due process ones as well. But an article in the New York Times the other day might seem to suggest that it perhaps also has a cuddly side, one that might actually help criminal defendants, instead of just hurting them.

  • Defence/Aggression

    • NBCCapitol Police Officer Eugene Goodman offers new Jan. 6 details at trial of QAnon believer

      Goodman testified at the jury trial of Doug Jensen, an Iowa man in a “QAnon” shirt who was one of the first 10 people who went into the Capitol through a broken window on Jan. 6, according to video and the Justice Department. Jensen is charged with numerous offenses, including felony charges of civil disorder, obstruction of an official proceeding and assaulting, resisting or impeding officers.

    • VOA NewsUS Slams Iran for ‘Brazen’ Attacks on American People, Infrastructure

      Just last week, the U.S. Justice Department indicted three Iranian nationals, charging them in a plot to attack and extort money from hundreds of victims across the U.S., including police departments, transportation companies, local governments and a children’s hospital.

      At the time, the director of the Federal Bureau of Investigation, Christopher Wray, called the activity “just the tip of the iceberg.”

    • TRT WorldOver ten farmers ‘executed’ by suspected Boko Haram militants in Niger

      The incident took place in a town in the Diffa region close to the Lake Chad basin, a strategic area where the borders of four countries converge – Cameroon, Chad, Niger and Nigeria.

    • Atlantic CouncilWeaponizing education: Russia targets schoolchildren in occupied Ukraine

      Ukraine began a new academic year on September 1 with the country still engaged in a fight for survival against Russia’s ongoing invasion. For millions of Ukrainian schoolchildren, this meant a return to the classroom with the prospect of lessons being regularly interrupted by air raid sirens. Schools without adequate air raid shelters were unable to open at all.

      For those living in Russian-occupied regions of Ukraine, the situation is far worse. Schools under Russian control are being forced to adopt a Kremlin-curated curriculum designed to demonize Ukraine while convincing kids to welcome the takeover of their country and embrace a Russian national identity. Teachers and parents who dare to object face potentially dire consequences.

    • Digital First MediaOxford’s unionized teachers, officials advised not to talk to investigators

      Educators and administrators at Oxford Community Schools were advised not to participate in interviews for a third-party investigation into the Nov. 30 school massacre at Oxford High School, according to an email obtained by The Detroit News.

    • Jacobin Magazine“Disinformation” Didn’t Bring Us Donald Trump

      We can do better than to align ourselves with this kind of reheated anti-communism. In the field of disinformation studies, it’s practically taboo to acknowledge a crisis of democracy that is structural, material, and predates QAnon clout chasers. As the critical disinfo scholars at the University of North Carolina’s Center for Information, Technology, and Public Life identify, there is a retreat into fantasies of an epistemically consistent past that allows technocrats to treat political challenges from the left as part of the attack on “our way of life.” This is manifest in the key strategic interventions of disinfo warriors in previous electoral cycles in the UK and United States. DFRLab’s Foreign Interference Attribution Tracker used anonymous intelligence reports to assert that the George Floyd protests and the Bernie Sanders campaign where the two most impactful foreign interference attempts of 2020. Similarly, Ben Nimmo, formerly of DFRLab and now head of Facebook’s influence operations intelligence, was able to reframe Jeremy Corbyn’s use in the campaign of a factually accurate, leaked draft trade deal as principally an issue of hybrid war.

    • FuturismUS Military Annoyed When Facebook And Twitter Removed Its PSYOP Bots: “‘Guys, You Got Caught. That’s A Problem.’”

      While the details about the specific content that Facebook and Twitter chose to remove from their platforms are relatively scarce, officials confirmed to WaPo that most of the take-downs occurred within the last two to three years. One particularly egregious case of disinformation was a fake story involving organ theft, apparently designed to encourage a rift between Afghans and Iranians.

      Importantly, sourced alleged to WaPo that the social platforms in question weren’t taking US military content down for the sake of, you know, truth. Rather, execs like David Agranovich, Facebook’s director for global threat disruption, were flagging the issue as a military failure, essentially warning the DoD that if they can snuff out the fake accounts, so can international rivals.

    • Frontpage MagazineIslamist at the White House

      Photos from the Eid celebration depict Subedar posing with a number of fellow Islamist leaders. They include: Emgage National Chairman and attorney for high-profile convicted terrorists, Khurrum Wahid, who reportedly spent time on a terrorist watch list, himself; former President and current board member of the Islamic Society of North America (ISNA), former Senior National Director of Islamic Relief USA, and current CEO of Muslim Aid USA Azhar Azeez; and former Secretary General of ISNA Sayyid M. Syeed. ISNA’s early relationship to the Holy Land Foundation (HLF), led the group to be named an “unindicted co-conspirator” to Hamas funding.

    • Birmingham LivePlea for peace after protest at Durga Bhawan Hindu temple in Smethwick

      At one point some in the group attempted to climb the fence into the venue, triggering intervention by police in riot gear, who then formed a protective line to hold back the crowd. Some protestors, many in balaclavas, gestured aggressively and shouted slogans, while fireworks and missiles were thrown towards officers. There was one arrest.

    • Express And StarFireworks and missiles thrown at police as hundreds protest outside Smethwick temple

      It is believed the disorder was sparked by violence in Leicester over the previous days, which has seen tension between the city’s Muslim and Hindu communities.

      West Midlands Police said: “Following a protest gathering in Smethwick last night (20 September), there was some minor disorder and one person was arrested.

      “We had a pre-planned police presence near the temple in Spon Lane where fireworks and missiles were thrown towards some of our officers. Thankfully no-one was injured.

      “We’re also looking into reports of a small number of cars being damaged.

    • India TimesProtests outside Hindu temple in UK’s Smethwick

      Sandwell police had earlier tweeted, “We’re aware of a planned protest in West Bromwich later today (20 September). We understand this is in relation to concerns around a speaker at the Temple in Spon Lane, but we’re informed the event has been cancelled and this person is not staying in the UK.”

      This incident comes after recent social media reports about Pakistani organised gangs were seen vandalising and terrorising Hindus in the UK’s Leicester City. The incident follows a spate of violence and disorder in the eastern part of the city.

      The Indian high commission in London on Monday condemned the violence perpetrated against the Indian community in Leicester and sought immediate action against those involved in the attacks.

    • Hindu PostAnti-Hindu violence spreads in UK, Durga Bhawan temple attacked in Birmingham

      On September 20, a mob of around 200 masked Islamists circled Durga Bhawan temple located on Spon Lane in Smethwick town near to Birmingham, after a call for “peaceful protests” was made on social media. The mob shouting the Islamic war cry ‘Nar-e-Takbeer, Allah-o-Akbar’ came right up to the fence of the Hindu temple, with a couple of them climbing on the fence and making obscene gestures and hurling abuses at Hindus inside. A Sky News reporter said a bottle was thrown, and one video clip shows what seems like a round being fired by the police to control the unruly mob.

    • Common DreamsRights Group Says Over 1,100 Russians Arrested for Protesting Putin’s War Escalation

      “Thousands of Russian men… will be thrown into the meat grinder of the war. What will they be dying for?”

    • Common Dreams‘Nuclear Deterrence Is Always a Bluff. Until It Isn’t’: Putin Threat Sparks Alarm

      In a televised address—a full transcript of which can be read here—Putin warned that if his nation’s “territorial integrity” is threatened as Moscow continues its assault on Ukraine and attempts to seize large swaths of the nation’s land, “we will certainly use all the means at our disposal to protect Russia.”

    • MeduzaMoscow trades 225 prisoners of war to Kyiv in exchange for 56 men, including Putin’s close friend, Viktor Medvedchuk — Meduza

      Pro-Kremlin Ukrainian opposition politician Viktor Medvedchuk (whose youngest daughter is Vladimir Putin’s goddaughter) has been freed from captivity along with 55 Russian soldiers. The men were traded to Moscow on September 21, and all it cost the Kremlin was the release of four times as many prisoners: 215 Ukrainian POWs (including members of the Azov Regiment and defenders of the Azovstal iron and steel works), plus 10 foreign combatants captured while fighting for Ukraine. Following the prisoner exchange, Ukraine’s armed forces said in a statement that Medvedchuk can still be prosecuted in absentia for treason and the attempted looting of national resources in Crimea.

    • Meduza‘A guarantee of the country’s destruction’ Russian political scientists on Putin’s mobilization announcement — Meduza

      On the morning of September 21, Russian President Vladimir Putin announced what he referred to as a “partial mobilization.” Russian Defense Minister Sergey Shoigu later reported that approximately 300,000 people will be conscripted. What exactly “partial mobilization” entails, how it will look in practice, and whether it will help Russia turn things around on the battlefield is anybody’s guess, but it’s undeniable that Russian society is in for some major changes. To get a better idea of what to expect, Meduza spoke to a number of leading Russian political scientists and sociologists.

    • Meduza‘It’s whatever the Defense Ministry says’ 300,000 to be drafted into Russia’s army. Warned not to leave the country, reservists rush to buy their tickets to escape. — Meduza

      President Vladimir Putin has announced a “partial mobilization” in Russia. In his national address on Wednesday, he assured Russians that “only people currently in the army reserve” will be subject to the draft, which begins immediately. This applies, first of all, to people with previous military and combat experience. The president promised that new troops drafted under the mobilization order will receive the same “status, pay, and all the social guarantees” that contract soldiers already have. Here’s a point-by-point breakdown of the upcoming mobilization and what it will mean for Russians.

    • MeduzaCasualty data reported by Russian defense minister contradicts ministry’s previous reports — Meduza

      Between February and 24 and September 20, Russian Defense Ministry representative Igor Konashenkov reported a total of at least 83,000 Ukrainian troop losses in his daily reports, according to the investigative outlet Agentstvo.

    • Meduza‘Anyone who’s upset can still leave — for now’: The logistics of the Kremlin’s mobilization plan — Meduza
    • MeduzaMoscow authorities threaten protesters with up to 15 years in prison — Meduza

      The Moscow Prosecutor’s Office released an official warning of responsibility after calls for people to participate in unauthorized public protests in the city, as well as to commit “otherwise unlawful acts,” as the agency put it, appeared on social media.

    • Common DreamsWatchdog Says Use 14th Amendment Against Lawmakers Who Betrayed Oaths on January 6

      “We believe there are other current and former office holders throughout the country who… should be disqualified.”

    • TruthOutPutin Has Issued His Most Explicit Nuclear Threat Yet
    • Common DreamsOpinion | Ukraine War: Still a Cuban Missile Crisis in Slow Motion

      During the first days of the Ukraine war, former  Senator Sam Nunn warned that the Ukraine War was a Cuban Missile Crisis in slow motion. That warning was recently reiterated by  senior analysts in Moscow during an off the record conversation. The war is about Ukraine and much more: power, privileges, the security disorder in Europe; the future of Putin’s rule; and Biden/Blinken efforts to reinforce U.S. hegemony in the face of pressures for a bipolar or multi-polar world disorder.

    • MeduzaNo to mobilization Russians take to the streets countrywide after Putin announces call-up — Meduza

      On September 21, Vladimir Putin announced that Russia would officially mobilize for war. He claimed the step is necessary because the Russian military is facing “not only neo-Nazi formations, but what is effectively the entire military machine of the collective West.” The authorities claim they plan to conscript 300,000 people. In the hours since the announcement, protesters have taken to the streets throughout Russia.

    • Meduza‘No to mo-kill-ization.’ Vesna movement announces protests against mobilization. — Meduza

      The Vesna (Spring) movement called for an all-Russian protest against mobilization, which was announced on September 21 by Russian president Vladimir Putin.

    • Meduza‘There will be five million draft dodgers running around the country.’ Navalny on mobilization. — Meduza

      According to Mediazona, during a court hearing in Kovrov where his lawsuit against Penal Colony No. 6 in the Vladimir region is being heard, politician Alexey Navalny commented on reports that mobilization has been announced in Russia.

    • Common DreamsOpinion | Is the US at War with Moscow in Ukraine?

      Though Washington insists that it is not interested in a direct military conflict with Moscow, the latter claims that the US is, in fact, directly involved. But who is telling the truth?

    • ScheerpostWhite House Official Says Biden’s Comments on Defending Taiwan ‘Speak for Themselves’

      Kurt Campbell, the top Asia official on the NSC, says the White House didn’t walk back Biden’s comments.

    • ScheerpostFrom NATO to AUKUS: The West Has Nukes Everywhere

      A loophole opens the door for Australia to be supplied with submarines capable of using nuclear weapons and China doesn’t like it.

    • Common DreamsOpinion | Media Offers Little Critique Over Biden’s Seizure of Afghan Funds

      More than a year after it froze $7 billion of Afghanistan’s central bank reserves in the wake of the Taliban’s military victory, the US has announced it will use half the money to establish a fund at a Swiss bank to help stabilize the cratering Afghan economy.

  • Transparency/Investigative Reporting

    • IT WireiTWire – Audit office releases scathing report on DTA’s ignoring of procurement rules

      The Australian National Audit Office has released a scathing report about the Digital Transformation Agency’s handling of nine selected procurements, saying it “did not conduct the procurements effectively and its approach fell short of ethical requirements”.

      In the review, released on Wednesday, the ANAO also said for these nine procurements the DTA failed to manage contracts effectively and, while it had a procurement framework, the implementation and oversight of it were weak. The original value of seven of these procurements was $25.4 million, but the amount blew out to $55.7 million by July 2022.

      The review said of one direct-approach procurement that the contract value had increased 40 times from $121,000 to close to $5 million over two years.

      This procurement involved a direct approach to a company known as Nous Group for myGov funding case support. Initially, Services Australia told DTA in March 2020 that some Nous contractors were available for hire.

    • The DissenterBiogen Whistleblower Lawsuit Against Massive Kickback Scheme Ends In Huge Settlement
  • Environment

    • DeSmogClimate Lawyers Take Aim at ‘Green’ Heating Scheme Fed by Incinerator

      The law firm Leigh Day has written to the government and Haringey Council seeking information on whether recently appointed Chancellor Kwasi Kwarteng may have ignored official climate-related guidance when he approved the project as business secretary.

    • CBCPatagonia founder to give apparel company to trust, direct profits toward climate crisis fight

      Instead of selling the company or taking it public, Chouinard, who became famous for alpine climbs in Yosemite National Park and has a net worth of $1.2 billion US, is transferring his family’s ownership of the company to a trust and a non-profit organization.

    • CBSScientists warn South Florida coastal cities will be affected by sea level rise

      Scientists say a few decades from now, downtown Miami will be underwater.

      The tide is coming in and eventually it’s not going to go back out,” says Dr. Harold Wanless, a Geologist and Professor of Geography and Sustainable Development at University of Miami

    • IDAQ&A with IDA Delegate Michelle Wooten

      We recently spoke with Assistant Professor of Astronomy Education at the University of Alabama at Birmingham, Dr. Michelle Wooten, about her work as an educator in Astronomy whose passion for the night sky goes beyond studying it. She wants to protect it. As the president of the new IDA Starry Skies South chapter, she works to spread awareness of the harm light pollution is doing to the Southeastern United States.

    • AxiosClimate change drives record North Atlantic marine heat wave

      By the numbers: “The North Atlantic is currently something like four degrees Celsius warmer than normal, or at least parts of it are. And you end up seeing similar numbers for the North Pacific as well, it’s for about four degrees Celsius warmer than normal,” Amaya says.

      State of play: Heat wave conditions in both the North Pacific and the North Atlantic have lasted for some three months. “For these parts of the world, these temperatures are unprecedented,” Amaya says.

    • Pro PublicaGenerator Makers Can Do More to Stop Carbon Monoxide Deaths, CPSC Says

      Johnson’s brand-new generator — equipped with a safety mechanism that manufacturers have said prevents “more than 99%” of carbon monoxide poisoning deaths — hummed into the night, inches from her family’s back door on Sept. 1, 2021, powering an air conditioner and a refrigerator.

    • Common Dreams‘Who Will Be Next?’ Denmark Becomes First UN Member to Pledge ‘Loss and Damage’ Funds

      “It is grossly unfair that the world’s poorest should suffer the most from the consequences of climate change, to which they have contributed the least.”

    • Common DreamsAl Gore Calls It ‘Ridiculous’ to Have ‘Climate Denier’ Lead the World Bank

      “Since almost 90% of the increased emissions going forward are coming from developing countries, we have to take the top layers of risk off the access to capital in these developing countries,” Gore said at a climate policy summit hosted by the New York Times.

    • Energy

      • David RosenthalWhite House Statement On Cryptocurrency Regulation

        Regulation of cryptocurrencies in the US is coming, albeit too slowly. Much of the progress reported here is worthy, especially considering the vast resources lobbying to defeat or water it down.

      • CBCEthereum network completes merge that could cut its electricity use by 99%

        With the change enacted late Wednesday, ethereum — the world’s second most valuable cryptocurrency after bitcoin — has effectively eliminated the energy-intensive task of “mining” new coins on its blockchain. Mining requires enormous computing power, which translates to huge energy consumption and, in many areas, greater greenhouse gas emissions at older power plants.

        By itself, however, the ethereum change won’t eliminate crypto’s expected environmental impact, although it’s expected to help a great deal. The backers of bitcoin have so far shown little interest in doing away with mining.

      • RTLWar fears at another Ukraine nuclear site

        A few dozen metres from the gaping hole, a building that AFP was not permitted to visit during a media visit organised by the Ukrainian nuclear energy agency Energoatom appeared to have had its doors and windows blown out.

        “That’s where the blast of the explosion went towards,” said Ivan Zhebet, security chief at the Pivdennoukrainsk plant in the southern Mykolaiv region.

      • TruthOutLiz Truss’s Overturn of Fracking Ban in the UK Is Sparking Grassroots Resistance
      • Common DreamsManchin Unveils Full Text of ‘Shameless Handout to the Fossil Fuel Industry’

        “It should come as no surprise that a corporate coal baron like Joe Manchin would push a fossil fuel bonanza under the guise of bureaucratic reform.”

    • Wildlife/Nature

    • Overpopulation

      • Democracy NowCOVID, Climate & Conflict Fueling Global Hunger as World Leaders at U.N. Urged to Take Action

        An open letter signed by over 200 humanitarian groups calls on world leaders at the United Nations General Assembly to urgently take action on world hunger, citing that one person dies of hunger every four seconds. We speak with Abby Maxman, president and CEO of Oxfam America, one of the letter’s signatories, who just returned from Somaliland, where a famine may be declared as early as next month. Climate change, COVID and conflicts such as the war in Ukraine are largely to blame for rising hunger, she says, and “those who are the least responsible are suffering its worst impacts.”

  • Finance

  • AstroTurf/Lobbying/Politics

    • The HillTikTok updating policies for political accounts after report of rampant misinformation

      TikTok will also prohibit campaign fundraising on the app and will seek to further limit the monetization of political accounts by barring them from accessing financial features such as gifting, tipping and e-commerce.

    • FuturismMark Zuckerberg Is In Big, Big Trouble: He’s Lost A Staggering Amount Of Money So Far This Year.

      It’s no secret that Meta-formerly-Facebook CEO Mark Zuckerberg’s metaverse pivot isn’t exactly paying off yet.

      The billionaire’s fortune has dropped by a whopping $71 billion — leaving him with a piddling $55.9 billion left over — this year, Bloomberg reports, rendering him only the 20th richest person in the world.

      Sure, that’s still plenty of pocket money. But it’s the lowest spot he’s occupied in eight years, in a sign of how far he’s fallen. Just two years ago, he was the third person in the world, with almost twice the net worth, according to the report.

    • Securing the Supply Chain of Nothing

      The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) recently released a document entitled, “Securing the Software Supply Chain – Recommended Practices Guide for Developers.” I hoped the document might shed light on practical, perhaps even novel, ways for the private sector to increase systems resilience to supply chain attacks. The authors are respected authorities, and the topic is salient to the public.

      Instead, the document’s guidance contains a mixture of impractical, confusing, confused, and even dangerous recommendations.

    • NigeriaNegative reactions as Mohamed Salah pays tribute to Queen Elizabeth II

      The message by Salah sparked negative reactions on social media. There was serious disagreement in the comments which rose to the top of the trends.

      Salah and Egyptians received heavy criticism from his compatriots for celebrating the life of Queen Elizabeth II.

    • The NationA Nation Within a Nation

      In a 1971 issue of Ebony magazine dedicated to exploring “The South Today,” its publisher, John H. Johnson, wrote: “Long before there was a United States of America, there was a Southland.” For many in his generation who had participated in the civil rights movement, the South was a zone of both oppression and liberation—it was the country they knew even if they lived in the North. For many Black Americans, the South was an ancestral home as well as a place of present warning and future promise. It was where the historic struggles against inequality and discrimination had taken place, but it was also a region that had cast an ominous shadow over the rest of the country.

    • ScheerpostBush and Obama Set the Stage for Donald Trump’s Document Grab

      Karen J. Greenberg argues that By the time Donald Trump entered the Oval Office, the stage had long been set for removing information from the public record in an alarmingly broad fashion, a pattern that he would take to new levels.

    • TechdirtTechdirt Podcast Episode 330: Elon Musk Takes His Chances In The Court Of Chancery

      When the Elon Musk/Twitter drama landed in the Delaware Court Of Chancery, it thrust specialist publication The Chancery Daily into the spotlight, and they began offering up excellent explainers on this important court that most people knew very little about. The people behind the publication have decided to remain anonymous amidst the influx of attention, but today one of them joins us on the podcast to discuss just what’s going on as Elon Musk takes his chances in a court that seems pretty immune to his reality distortion field.

    • TruthOutSanders to Democrats: If You Support Progressive Policies, “You Win Elections”
    • Common DreamsNY AG Sues Trump and Children Over ‘Staggering’ Criminal Fraud

      New York Attorney General Letitia James on Wednesday announced that following a three-year investigation into former President Donald Trump and his real estate empire, the state is filing a civil lawsuit against the ex-president, accusing him and his family members of “staggering” fraud.

    • Common DreamsOpinion | Fascist Fingers in the Air: Terrifying American Nightmare Unfolds at Trump Rally

      If you are a political fanatic, you’ve surely heard the old saying that when fascism comes to America, it will come wrapped in the flag and carrying a cross. That’s been proven true in this fraught year of 2022 as Christian nationalism rises to our extreme right, but no one predicted this:

    • Common DreamsOpinion | Don’t Be Fooled by Republicans. The Inflation Reduction Act Is a Big Win for Tax Fairness in America

      President Joe Biden recently signed the Inflation Reduction Act (IRA) into law, making it the Democrats’ signature healthcare, climate, and tax reform package. This historic achievement will likely be remembered as one of Biden’s most significant legislative victories. Many aspects of the IRA make it a big win for tax fairness, but by far the most notable is the 15% minimum tax that the bill levies on America’s biggest and most profitable corporations.

    • TruthOut61 Percent of Republicans Think US Should Be Declared a Christian Nation
    • Common DreamsMajority of Republican Voters Say US Should Be Declared a ‘Christian Nation’

      As Professors Stella Rouse and Shibley Telhami of the University of Maryland wrote at Politico, the school’s critical issues poll found that while a majority of Republican voters agree that such a declaration would be unconstitutional, most also believe that the U.S. should be officially known as Christian.

    • Common Dreams‘Siding With Insurrectionists,’ 203 House Republicans Vote No on Coup Prevention Bill

      “It comes as no surprise that only nine Republicans voted to ensure the integrity of the electoral vote count.”

    • TruthOutLetitia James’s Lawsuit Against Trump Says He Obtained $250 Million Fraudulently
    • Misinformation/Disinformation

  • Censorship/Free Speech

    • NetblocksInternet disrupted in Iran amid protests over death of Mahsa Amini

      Network data from NetBlocks confirm a near-total disruption disruption to internet service in parts of Kurdistan province in west Iran from the evening of Monday 19 September 2022. The regional telecommunications blackout in and around Sanandaj follows a partial disruption to internet service in Tehran and other parts of the country on Friday when protests first broke out. Access to Instagram was subsequently restricted nationally on Wednesday 21 September.

    • NBC1,300 arrested for protesting Putin’s mobilization as others scramble for flights out of Russia

      By the time Putin’s recorded announcement was done playing on TV on Wednesday, Russians were scrambling to buy the last available flights out of the country and opposition groups were calling for protests as his order bred a sense of unease at home, just as his nuclear threats sought to do abroad.

      By late evening, more than 1,300 people had been detained at protests denouncing the move, a rights group said.

    • ScheerpostCensorship: From Book Burning to Racist Babies

      For the 40th Anniversary of Banned Book Week, Jim Mamer examines the censorship imposed by banned books, and how that has grown over time.

  • Freedom of Information / Freedom of the Press

  • Civil Rights/Policing

  • Internet Policy/Net Neutrality

    • RIPEIs It Possible for Encryption to Harm Cybersecurity?

      A second notable development has been the rise of cloud-based public resolvers, with examples being those operated by companies such as Google, Cloudflare and Quad9. Traditionally DNS services have mainly been provided by ISPs to their customers, but these cloud-based resolvers have offered an alternative option, one that seems primarily to have attracted the attention of more technically knowledgeable users rather than being a mass-market option.

      Some have welcomed the emergence of these independent resolvers as it provides greater choice and enables them to overcome what they regard as the restrictive filtering policies adopted by their ISPs (NB these are often driven by the need to comply with regulatory requirements). A downside to these resolvers being used is that network operators may lose visibility of the characteristics of network traffic, affecting their ability to manage security risks and quality of service.

    • BIA NetNumber of broadband internet users in Türkiye rose by over 41 percent in six years

      With this rise, the total number of broadband internet subscribers nationwide has reached 88.2 million.

    • TechdirtThere Have Been Decades Of Broadband Policy And Subsidies And We’re Only Just Now Accurately Measuring Their Impact

      This FCC this week formally announced it had finally started gathering more accurate broadband mapping data from U.S. ISPs after more than a decade of complaints about mapping accuracy.

    • TechdirtWarner Brothers Discovery Merger Continues To Be A Shitshow For The Ages

      Remember when AT&T spent more than $200 billion to acquire Time Warner and DirecTV in the belief it would help the telecom dominate video advertising? Then remember when company leadership was so monumentally incompetent they had to run to the exits in terror? Good times.

  • Digital Restrictions (DRM)

    • The Subscription Economy Comes For Your Shoes

      The Cyclon program work like this: You sign up for the Cyclon subscription service and get a pair of shoes in the mail. You then send them back when you’ve run them into the ground and get a new pair in the mail. (Repeat ad infinitum.)

  • Monopolies

    • Copyrights

      • Torrent FreakTeen Sued By Bungie Over Cheats & Threats Comes Out Fighting

        During the summer Bungie sued a Destiny 2 cheater who allegedly evaded multiple bans and harassed Bungie’s staff. The developer’s claims include copyright infringement, but nothing in its complaint is going unchallenged. It transpires that Bungie’s target is a teenager, one that in typical fashion has an answer for everything, with help from his lawyer, of course.

      • Torrent FreakEarthlink Reaches ‘Tentative’ Settlement with Filmmakers to End Piracy Liability Lawsuit

        Internet provider Earthlink has reached a tentative settlement with several filmmakers, to end an ongoing piracy liability lawsuit. The rightsholders accused the company of turning a blind eye to piracy and demanded far-reaching measures, which included handing over the identities of alleged pirates. The terms of the settlement remain private but may include a damages component.

  • Gemini* and Gopher

    • Personal

    • Politics

      • Integration

        The far right has changed many words and phrases.

        I’m in Sweden so I’ll be using the Swedish far right as an example but I’m sure the same is going on all over Europe and MAGA-land.

        Once innocent phrases like “demographics”, “migration”, “justice system” have become their polite way to rephrase what this same group in the eighties used racial slurs to express.


        You’ve had to flee Sweden (you’d die if you had to stay) and you arrived tired and soaking wet to the shores of Frobnicia. And they’re like “Everyone must wear these special tall cone-shaped hats, that’s traditional Frobnician headwear. And you can burn those jeans, it’s illegal to wear pants here. It’s shameful to try to cover your genitals in public. If you wear jeans we’ll break up your home. Of course our traditional Frobnician food include rat-tails and lamb brains. If you’ve got any problems with eating that, you’re failing integration.” And you’re like “No, no, that’s all fine, I love Frobnicia, I want to be a Frobnician.” And they go “You absolutely need to work, here’s a bucket and a mop and an illustrated book about birds” and you’re like “yes, ma’am, I’m happy to put my hands to use” and they go “You can never become a true Frobnician. You’ll always be under surveillance, police and courts and even sentencing will be different and harsher for you” and they’re like “You need to learn Frobnician language, and need to teach your kids that language, and the grammar is VOS word order except on Wednesdays, with 49 cases and 812 prepositions, and only 10000 people worldwide speak that language, and every native Frobician speaks passable Frotz, a regional language with 750 million speakers worldwide, but you and your family need to learn Frobnician” and they put you in a neighborhood with only other Swedes but blame you for it and then every single day on the media (not from everyone, but, every day) you’ll hear “the Swedes steal our jobs” and “kick them out” and “the Swedes are criminals” and “the Swedes lie about their ages” and “the Swedes are rapists” and “the Swedes are prudes” and “the Swedes are stealing your pensions” and people spit after you on the street.

    • Technical

      • Sharing some statistics about BTRFS compression

        As I’m moving to Linux more and more, I took the opportunity to explore the BTRFS file system which was mostly unknown to me.

        Let me share some data about compression ratio with BTRFS (ZFS should give similar results).

      • Transport Tycoon Deluxe

        Many years ago I played Transport Tycoon Deluxe. The game with an isometric view, where a player can organize road, train, plane, or sea transport. I hadn’t had any idea how to play this game then. So I was playing again and again. I’ve been discovering more and more game mechanics. I’ve learned also to like jazz music, because the original TTD has jazz like playlist, with the characteristic Moanin’ by Art Blakey-like song. So TTD changed my life.

      • Just how much telemetry does The Enterprise need from my work laptop?

        I couldn’t get rid of Satan, the useless Windows Laptop [1] fast enough [2]. At the end, just turning on Satan swamped the network connection here at Chez Boca to be near useless. Good riddance.

        Today, I turn on Satan’s replacement, Belial, the annoying Mac Laptop [3]. I’m not sure what The Enterprise is doing to it, because as soon as I turned on Belial, the network connection here at Chez Boca dropped to near zero.

        At first, I thought it might have something to do with the weather, but on a hunch, I turn Belial off and the network becomes stable and usable. I turn Belial back on, and the network goes crazy again.

      • SSH Notes
      • Science

        • On scientific “arrogance”

          And… it’s just funny. Because science is just a big guessing game, really. You look at the evidence, try to come up with an explanation for what may have happened, and explore the consequences of that explanation. You don’t get mad if your explanation turns out to be false; in fact, you’re generally EXCITED because that means you now have more evidence pointing to what ACTUALLY happened!

          And on the other hand, we
          have… people who think the Earth was created in seven literal days by a being we have no evidence exists. People who think all the evidence that the universe is much older than 5000 years was planted there by the devil to deceive us, or by their god to “test our faith”. (You know what it’s called when someone who claims to love you tries to make you think something false happened? That’s GASLIGHTING, my dudes.) These people have no right to preach about “arrogance”.

        • The AI takeover is near?

          That same day, a heated debate started on Twitter (as if that weren’t the norm there). That’s because the winner of this art contest used Midjourney, a popular AI image generator, to create his entry.


          He created this because he saw _art as a relic of the artist_. Any object or even person can become an art piece if an artist puts his sign on it. But how do you become an artist? By making something that makes people discuss, something new and innovative that nobody ever thought about doing before. That’s what Mr. Allen did and that’s why I think he deserves his price.

          Before photography was invented, artists generally strove to make their painting as realistic as possible. As soon as people were able to cheaply make perfect copies of reality, artists began experimenting with new techniques, things that a camera could never do. Allen showed everyone how technology just reached a new milestone, introducing a new need for artists to innovate and create something exclusive to their abilities. Something an AI can’t reproduce. Yet.

      • Internet/Gemini

        • CDG one week later: categorical musings

          Dividing Geminispace, and hence in particular human endeavour, into disjoint categories is of course a fool’s game. But it seems I decided to play it anyway. Any categorisation will be arbitrary and unsatisfying, and there will always be cases which resist unique classification. Borges imagined a classification of animals into those “(a) Belonging to the emperor, (b) embalmed, (c) tame, … (g) stray dogs, … (l) et cetera, … (n) that from a long way off look like flies”, and I’m not sure that the classification of Geminispace I’ve arrived at so far is much better justified. But let me try to justify it.

        • Re: CDG one week later: categorical musings

          Editorial opinions, sure, but not the original sites themselves. My reaonsing is this: if I want to see Reddit, I can go to the Reddit site. I think it actually clutters up Geminispace, and I want Geminispace to have as much “signal” as possible.

* Gemini (Primer) links can be opened using Gemini software. It’s like the World Wide Web but a lot lighter.

IRC Proceedings: Wednesday, September 21, 2022

Posted in IRC Logs at 2:59 am by Needs Sunlight

Also available via the Gemini protocol at:

Over HTTP:

HTML5 logs

HTML5 logs

#techrights log as HTML5

#boycottnovell log as HTML5

HTML5 logs

HTML5 logs

#boycottnovell-social log as HTML5

#techbytes log as HTML5

text logs

text logs

#techrights log as text

#boycottnovell log as text

text logs

text logs

#boycottnovell-social log as text

#techbytes log as text

Enter the IRC channels now

IPFS Mirrors

CID Description Object type
 QmThkEF7itw1zRVM7Ec8EEapmgSLvLm6QSL6hNqWTQc6NK IRC log for #boycottnovell
(full IRC log as HTML)
HTML5 logs
 QmcEt9NhXXyXTErWAjFcjrfkLKZM7bKcSDZRpiTCrKa64x IRC log for #boycottnovell
(full IRC log as plain/ASCII text)
text logs
 QmVPjLKdDgZ8bkDzrYvmnioVHkpT6CENueFnZ9ng7fyxAt IRC log for #boycottnovell-social
(full IRC log as HTML)
HTML5 logs
 QmPLwdyhemAWFexYNzM7Exh7f6v42uPSpHuDkrGCf4WMWe IRC log for #boycottnovell-social
(full IRC log as plain/ASCII text)
text logs
 QmZwCwceHJUBUFQAszpY9jhG9dLHWSPWgg2jyHYxFHERHt IRC log for #techbytes
(full IRC log as HTML)
HTML5 logs
 Qmbji3vVy7ukZCMmZZg4Xaw61zFf8R3tnR9cpvmEbjZkrM IRC log for #techbytes
(full IRC log as plain/ASCII text)
text logs
 QmVonpCjqsv4J5ePNFvySX2iJzxc7bAs2YVwBGBwn8Zdid IRC log for #techrights
(full IRC log as HTML)
HTML5 logs
 QmRsceFGeuVF99e7CYTYF1iX8ujzQZQmu4jLYtJxszHJY1 IRC log for #techrights
(full IRC log as plain/ASCII text)
text logs

IPFS logo

Bulletin for Yesterday

Local copy | CID (IPFS): QmPRWZzVkej6AaPT8ApKxMdBRNbW94Cun6NRXmgn86A4C6

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts