09.28.22

Links 28/09/2022: Red Hat Enterprise Linux 8.7 and 9.1 Beta; SpiralLinux 11.220925

Posted in News Roundup at 6:03 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • We interviewed Linux OS through an AI bot to discover its secrets


      Millions of people use Linux every day, but we rarely stop to think about how the operating system feels about it. Wouldn’t it be nice to know what Linux really thinks about open source, Windows, Macs, and the command line? Until now, this has impossible. But thanks to a new AI chat tool, we’re able to find out.

      Below is a transcript of a conversation between Ars Technica and Linux, the operating system, as embodied by one of Character.AI’s large language model chatbots. It should go without saying, but this interview does not represent the opinions of any real individual or organization. It’s an experiment with an AI chatbot. The interview has been edited for brevity, but the answers have been preserved as delivered by the bot.

    • Desktop/Laptop

      • 9to5LinuxSystem76’s Oryx Pro Linux Laptop Gets a 4K OLED Display and DDR5 RAM

        System76’s Oryx Pro laptop was just updated this summer with a 12th Gen Intel Core “Alder Lake” i7-12700H processor, as well as NVIDIA GeForce RTX 3070 Ti and 3080 Ti dedicated graphics, but the US-based Linux hardware vendor decided to give it another cool update.

        The new Oryx Pro model comes with a 4K OLED display, and that’s a big thing! Customers can choose between the new 15.6-inch OLED UHD glossy finish display model with a 3840×2160 pixels resolution or the previous 15.6-inch or 17.3-inch Full HD (1920×1080) matte finish displays.

      • HowTo GeekSystem76′s Updated Oryx Pro Is a Beast of a Linux Laptop

        System76 has been selling laptops and desktop computers with Linux in mind for years. The Oryx Pro is the company’s most powerful laptop, and now it has been updated with even better hardware.

        The Oryx Pro has the specifications of a high-end gaming laptop, and even though you can play games on it, the laptop is primarily intended for productivity work that requires a lot of graphics power. It has a 12th-generation Intel Core i7-12700H processor that runs at up to 4.7 GHz, an NVIDIA GeForce RTX 3070 Ti or 3080 Ti graphics card, up to 64 GB RAM, Wi-Fi 6, USB Type-A and Type-C ports, Thunderbolt 4 support, Gigabit Ethernet, and a backlit keyboard.

      • Notebook CheckStar Labs unveils AMD/Intel-powered StarFighter Linux laptop

        Available with both Intel and AMD processors, the StarFighter Linux laptop from Star Labs will be up for pre-orders in less than three weeks. Sadly, with prices from US$900 to US$3,000, interesting hardware specs overall, and quite a few configurations, this laptop comes with non-upgradeable memory.

      • Digital TrendsMNT Pocket Reform is a complete Linux laptop in 7 inches


        A fully open hardware and software laptop is already intriguing but what if it could be folded to fit in your pocket? The MNT Pocket Reform does exactly that in a 7-inch clamshell that comes with Debian GNU and supports other Linux distributions. You can wow your friends with this mini computer’s mechanical keyboard, 1080p display, and modular design that invites you to adapt and expand it to meet your own needs.

        To be fair, you’ll need a somewhat roomy pocket to be able to fit the MNT Pocket Reform inside. The original plan was for a 5-inch screen but the MNT team told IEEE Spectrum this size made the keyboard too cramped for comfort so it was scaled up a bit to make typing easier.

      • FOSSLifeMNT Research Creates Pocket-Sized Open Source Computer

        MNT Research, makers of the Reform open source laptop, has released details of its newest project: the MNT Pocket Reform. The retro-style mini computer features a seven-inch screen with a clamshell design.

        According to the website, the Pocket Reform is fully featured, modular, upgradable, recyclable, and reusable, with fully open source hardware and software. “With Pocket Reform, we’re building a small, portable computer that is transparent about what it’s running and that gives control back to the user, control over operating systems, updates, and software,” the website states.

    • Audiocasts/Shows

      • VideoChoosing Arch is HARD. – Invidious

        If you’ve ever wanted to dive into Arch Linux – there are a bamboozling amount of options to choose from.

      • Jupiter BroadcastingGoing All In on [GNU/]Linux | Coder Radio 485

        Mike has spent just over a month living in Linux full-time, and Chris wants to check in and see how he’s doing. Plus we both have the new Thelio from System76 in-house, and our takeaways might surprise you.

      • VideoManjaro 21.3.7 Gnome Edition Quick overview #linux #manjaro – Invidious

        A Quick Overview of Manjaro 21.3.7 Gnome Edition

      • VideoHow to install Archcraft 2022.09.16 – Invidious

        In this video, I am going to show how to install Archcraft 2022.09.16.

      • VideoOpenStack – The BEST Way to Build Your Own Private Cloud – Invidious

        OpenStack is awesome! Using this amazing open-source project, you can build your very own private cloud. But what are some other considerations for using it? How do you get started? In this foundational video, LearnLinuxTV and OpenMetal team up to give you some valuable information on OpenStack.

      • VideoFind Your Most Used Terminal Commands (Bash, Fish, Zsh) – Invidious

        If you are the kind of Linux user that spends a lot of time in a terminal, you have probably asked yourself, “What are the commands that I run the most?” Well, using the “history” command and a few of the GNU core utilities, we can get a list of our most used commands and how many times we’ve run them.

      • mintCast Pocast395 – Buttery Smooth Experience – mintCast

        First up in the news, AWK gets Unicode, GIMP out, Firefox improves its memory, Nitrux released, Unity is a Flavour, Microsoft drops Linux, Makulu adds to the confusion, and Debian wrestles with firmware;

        In security and privacy, 8 Year Old Linux Kernel Vulnerability Uncovered, and Plex gets exposed;

        Then in our Wanderings, Moss reconfigures again, and Norbert contradicts himself.

        In our Innards section, Mint and Gnome have lots to show us;

        And finally, the feedback and a suggestion or two.

    • Kernel Space

      • LWNLinux 5.19.12
        I'm announcing the release of the 5.19.12 kernel.
        
        
        All users of the 5.19 kernel series must upgrade.
        
        
        The updated 5.19.y git tree can be found at:
                git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.19.y
        and can be browsed at the normal kernel.org git web browser:
        
        https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
        
        thanks,
        
        
        greg k-h
        
      • LWNLinux 5.15.71
      • LWNLinux 5.10.146
      • LWNLinux 5.4.215
      • LWNLinux 4.19.260
      • LWNLinux 4.14.295
      • LWNLinux 4.9.330
    • Applications

      • Linux Links11 Best Free and Open Source Tools for Novelists


        Writing is one of the essential skills in modern society. Being able to communicate effectively is paramount both at work and at home. It makes your thinking visible to others, and is the main way in which work, learning, and intellect is judged by others.

        At first glance, the trusty word processor might seem a good tool for a novelist. After all, in days gone by, budding authors would tap away using a typewriter, and a word processor is the modern day equivalent. Linux has some excellent word processing software such as LibreOffice. However, word processors are actually not the ideal tool for some forms of writing, particularly novel-writing. In fact, it could be said that using a word processor for novel-writing is a recipe for disaster, and actually a retrograde step from a typewriter. Word processors are a general application software that are perfect for constructing business documents, letters, batch mailings using templates, etc. However, many word processors are too obtrusive and distracting for writers. What is needed is software that helps concentrate on the content of the novel, sketch out the chapters and scenes, work out the best structure, import research, add locations, characters and objects, and so on.

    • Instructionals/Technical

      • Linux HandbookHow to Automatically Update Podman Containers

        It is a good practice to update software, especially when you get new features and/or added security in the new updates.

        In this article, I will show you how to enable automatic updates for the containers managed by Podman.

        For demonstration purposes, I will use the caddy image from Docker Hub.

      • XDAHow to install ADB on Windows, macOS, and Linux

        Several features of the Android platform can be accessed only through paths and methods that are hidden away from the average user. These have generally been done with the help of some command line Android Debug Bridge (ADB) commands, a tool that Google offers for developers to debug various parts of their applications or the system, but which we can use for all kinds of neat and hidden tricks. A prerequisite to these tricks is installing ADB on your computer. So, in this guide, we will show you how to install ADB on Windows, macOS, and Linux in quick and easy-to-follow steps.

      • FOSSLifeHow to Use Blocky to Quickly Filter DNS Queries

        Learn how to set up the Blocky DNS server to filter and secure DNS queries on your network.

        The Domain Name System (DNS) puts you in a position to contain the spread of malware and prevent suspicious activities within your corporate network and, with appropriate filters on your DNS server, prevent user tracking and advertising on websites. Moreover, researchers at the University of Bonn have shown that almost 20 percent of HTTP requests load advertising content and that blocking these ads reduces the power consumption of terminal devices.

        Blocky, a DNS proxy and ad blocker for local networks, has been under active development by German developer Dimitri Herzog since January 2020 and is available on GitHub. The tool lets you effectively filter domains on the basis of blacklists and whitelists or regular expressions. The filters can differ to match the groups on your local network (e.g., different filter rules can be implemented in different departments).

      • Linux HintUnderstanding the Bash shuf Command

        “The shuf command is helpful for randomly shuffling input lines to standard output. The shuf command takes input from files or the standard input, randomizes the input, and gives output. It works like how you shuffle cards and pull a random output or randomly arrange the cards depending on the options that you give it.

        The shuf works in three ways. You can use it as range, list, or file shuf. Let’s see the various ways you can use the shuf command.”

        shuf is part of the GNU Coreutils, and you can open its help page to see the various options you can use.

      • Linux HintRead SysCall in Linux

        “As the title says that the read system call must be reading something from a particular location. Linux provides us the read system call to read data from any file and display it on the console, and the kernel of the Linux system should be involved in this whole process, i.e., to open the file, read from it, write data to another file, etc. This guide will be a bonus to every Linux and C user who wants to learn to use the read system call while coding. Before having a glance at the C code snippet, we are going to create a text file and a C file. The text file will contain random text data that will be used by the read() function. Both the files are created by the same “touch” query one after another, and the “ls” query shows them in a home folder.”

      • Linux HintBash Pattern Matching

        Bash pattern matching is an indispensable concept that comes in handy when selecting different filenames from a directory and checking if a string matches a given format. Whether you are starting out with bash pattern matching or looking to brush up on your skills, this guide covers the various ways and tips for pattern matching.

      • Linux HintHow to Change Ban Time Fail2ban, Even Ban Forever if Desired

        “Fail2ban is an open-source log parsing application that prevents your system from brute force attacks. It parses log files and blocks IP addresses that have too many authentication failures. This usually happens when a user attempts to log in using the trial-and-error method. Fail2ban then takes action like updating the firewall rules to ban that IP address for a specific time period which is by default 10 minutes or 600 seconds. The banned IP address is automatically unbanned after 10 minutes to avoid locking out any legitimate users who might have mistakenly mistyped their passwords repeatedly.”

        In this article, you will learn how to change ban time in fail2ban as well as how to ban an IP address forever if desired.

      • HowTo GeekHow to Set Up Bluetooth on Linux

        Sometimes your Linux distribution doesn’t detect your laptop’s Bluetooth hardware. Or perhaps you want to add a USB Bluetooth dongle to a desktop computer. Either way, here’s how to get Bluetooth working.

      • TechRepublicManage Chroot Environments in Linux with Atoms | TechRepublic

        Jack Wallen shows you a GUI that takes the complication out of creating and using chroot environments on Linux.

      • Linux JournalSQLite for Secrecy Management – Tools and Methods | Linux Journal

        Secrets pervade enterprise systems. Access to critical corporate resources will always require credentials of some type, and this sensitive data is often inadequately protected. It is rife both for erroneous exposure and malicious exploitation. Best practices are few, and often fail.

        SQLite is a natural storage platform, approved by the Library of the U.S. Congress as a long-term archival medium. “SQLite is likely used more than all other database engines combined.” The software undergoes extensive testing as it has acquired DO-178B certification for reliability due to the needs of the avionics industry, and is currently used on the Airbus A350′s flight systems. The need for SQLite emerged from a damage control application tasked for the U.S. battleship DDG-79 Oscar Austin. An Informix database was running under HP-UX on this vessel, and during ship power losses, the database would not always restart without maintenance, presenting physical risks for the crew. SQLite is an answer to that danger; when used properly, it will transparently recover from such crashes. Despite a small number of CVEs patched in CentOS 7 (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2019-13734), few databases can match SQLite’s reliability record, and none that are commercially prevalent.

      • Linux CapableHow to Install SMPlayer on Rocky Linux 9

        SMPlayer is free, open-source software that can be used on any operating system. It has been localized in more than 30 languages, making it easy to enjoy your favorite videos no matter what language(s) are spoken around them! A front end called SMplayer offers graphics tools from Mpv (a forks version), along with its interface widgets provided by qt. This player also falls under the terms given out through GPL v2 or later versions which ensures freedom while providing access via financial means if desired so long as copyright restrictions aren’t violated during use. The best media players are also portable, so you can carry them around on a USB drive and use them without leaving traces behind. SMPlayer is worth trying for this reason alone!

        The following tutorial will teach you how to install SMPlayer Rocky Linux 9 using one of the two third-party repositories RPM Fusion Free or Flatpak package manager, with the command line terminal.

      • ID RootHow To Install InfluxDB on Ubuntu 22.04 LTS

        In this tutorial, we will show you how to install InfluxDB on Ubuntu 22.04 LTS. For those of you who didn’t know, InfluxDB is a time-series database (TSDB) that is designed to handle high write and query loads. It is written in the Go programming language for storage and retrieval of time series data in fields such as operations monitoring, application metrics, Internet of Things sensor data, and real-time analytics.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the InfluxDB on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

      • Red Hat OfficialHow to customize Grafana dashboards using Ansible | Enable Sysadmin

        Learn how to use a custom JSON data source, Mockoon, FastApi, and Prometheus to customize your Grafana dashboard.

      • AddictiveTipsUse the Nix package manager on any Linux OS

        NixOS is a declarative Linux operating system. Users create their operating system from the ground up with a configuration file and the use of an excellent package manager. But did you know it is possible to use the Nix package manager on any Linux operating system? Here’s how to get it working on your Linux PC.

      • Linux HintHow to Execute Commands from Within a Shell Script

        “Working with shell script is something any Linux user should be at home with. However, how you learn to execute commands plays a big role in your understanding and working with shell scripts. This guide explains all details about executing commands within a shell script. We will cover everything from creating a shell script to defining variables to executing the shell script. Let’s get started!”

      • Linux HintHow Do I Create a .CRT File in Linux?

        .CRT file extension represents an SSL/TLS certificate to secure communication between a web server and a browser.

        Today, we will explore how to generate a certificate using the OpenSSL tool on Ubuntu 22.04. Before getting started, ensure OpenSSL is installed on your system with good libraries and dependencies.

      • LinuxTechiHow to Install FileZilla on Fedora 36 Workstation
    • Games

      • Boiling SteamValve Interviewed with Another Japanese Outlet: SteamOS To Expand Portable Gaming Market to Other Devices – Boiling Steam

        A few days after the previous interview of Valve representatives in Japan from Nikkei that we covered, here’s another interview from the Japanese publication Automaton-Media this time with Ricky Uy, President of KOMODO, the distributor in Japan, Lawrence Yang, UX designer at Valve, and Erik Peterson, Steam business manager. If you use the below translation please link to Boiling Steam.

      • Godot EngineGodot Engine – Maintenance release: Godot 3.5.1

        We released Godot 3.5 in early August, and like any release, there are few rough edges to iron out which warrant making maintenance “patch” releases (3.5.x). Such maintenance releases focus on fixing bugs and not on integrating new features. This helps guarantee that the overall production readiness of the stable branch keeps increasing.

        So this 3.5.1 release fixes a number of regressions that users reported after the release, as well as various other fixes to pre-existing bugs and usability improvements.

        This is a safe and recommended update for all Godot 3.5.x users. It should have no major incidence on your projects, even complex ones in production, if you’re already using 3.5-stable.

      • Boiling SteamThe Excavation of Hob’s Barrow on Linux: Review – Boiling Steam

        Today I got the opportunity to review The Excavation of Hob’s Barrow, a point and click folk horror story set in Victorian England that runs well on Linux. Besides the steam description and being on some friend’s wishlist, I didn’t know much about. A web search led me to its former name Incantamentum, but I decided to postpone my investigation to not spoil the fun.

        And, oh boy, I was ready for some nostalgia. Some of the first games I played on PC were point and click adventures. In a time when I didn’t know English well and would proceed the story with guesses and trial and error. It taught me give, pick up, look at and many others just by figuring out what the character would do at each command.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDEBlue Angel Award Ceremony At EnviroInfo Conference: Okular Officially Receives Eco-Label, First Ever For Software Product – KDE Eco

          On Wednesday 28 September 2022 Okular, a Free and Open Source advanced document reader that allows you to read, sign, and annotate PDFs, ePubs, MarkDowns, and many other types of documents, was officially celebrated for becoming the first software product to receive the Blue Angel eco-label.

          As announced in March (read more here), Okular has been recognized for sustainable software design as reflected in the recent Blue Angel award criteria for software eco-certification. Introduced in 1978, the Blue Angel is the world’s earliest eco-label and the official environmental label awarded by the German government. With this award, Okular is the first and currently only eco-certified computer program within the 30 organizations of the Global Ecolabelling Network, which represents over 50 countries.

        • KdenliveA Week into Kdenlive’s Fundraiser Campaign – Kdenlive

          We launched our first Kdenlive fundraising campaign one week ago and we already collected almost two-thirds of the goal! We would like to thank everybody for their massive support. Moving forward, we will keep you posted on our progress and the development of the new exciting features/improvements we’ll be adding to Kdenlive with the funds.

  • Distributions and Operating Systems

  • Free, Libre, and Open Source Software

    • FSFE

      • FSFESoftware Freedom in Europe 2022 [Ed: FSFE: “We continuously work to promote Free Software in Europe.”. Yeah, by attacking the pioneer of it… using libel. And using his name (and illegally using the FSF’s name) to raise money.. for God knows what…]

        We continuously work to promote Free Software in Europe. In 2022 we addressed technological sustainability, advocated in the DMA and AI act on European level, and defended Router Freedom in Europe – among other activities. To reach younger people, we organised a coding competition for teenagers and published a children’s book on software freedom.

        “Software Freedom in Europe” is the yearly report of the Free Software Foundation Europe (FSFE), your charity organisation which empowers people to control technology. Every year we refine our manifold activities to address the current needs of software freedom in Europe. This yearly report covers the FSFE activities from November 2021 to August 2022.

    • GNU Projects

      • LWNAnnouncing the GNU Toolchain Infrastructure Project [Ed: Corporate coup and very bad news]

        The backers of the GNU Toolchain Infrastructure Project, which was the subject of an intense discussion at the GNU Tools Cauldron, have finally posted their plans publicly.

      • Announcing the GNU Toolchain Infrastructure Project [Ed: See the comments in LWN (above)

        Linux Foundation IT services plans for the GNU Toolchain include Git repositories, mailing lists, issue tracking, web sites, and CI/CD, implemented with strong authentication, attestation, and security posture. Utilizing the experience and infrastructure of the LF IT team that is already used by the Linux kernel community will provide the most effective solution and best experience for the GNU Toolchain developer community.

      • GNUWrapping up Ten Years of Guix in Paris — 2022 — Blog — GNU Guix [Ed: The people working overtime to overthrow the FSF's founder]

        Two weeks ago, some of us were in Paris, France, to celebrate ten years of Guix! The event included 22 talks and 12 lightning talks, covering topics ranging from reproducible research on Friday and Guix hacking on Saturday and Sunday.

        If you couldn’t make it in Paris, and if you missed the live stream, we have some good news: videos of the talks and supporting material are now available from the program page!

        If you weren’t there, there are things you definitely missed though: more than 60 participants from a diverse range of backgrounds—a rare opportunity for scientists and hackers to meet!—, impromptu discussions and encounters, and of course not one but two crazy birthday cakes (yup! on one day it was vanilla/blueberry-flavored, and on the other day it was chocolate/passion fruit, but both were equally beautiful!).

        [...]

        Organizing this event has certainly been exhausting, but seeing it come true and meeting both new faces and old-timers was a great reward for us. Despite the occasional shenanigans—delayed talks, one talk cancellation, and worst of all: running out of coffee and tea after lunch—we hope it was enjoyable for all.

        For those in Europe, our next in-person meeting is probably going to be FOSDEM. And maybe this will inspire some to organize events in other regions of the world and/or on-line meetups!

    • Programming/Development

      • C

        • Linux HintOperator Precedence in C

          When we evaluate any expression that involves the usage of different operators in it, we are obliged to solve the expression to compute its values based on operator precedence. Precedence is the term for assigning a priority or weightage to some value/term, so the operator precedence assigns the priority to operators in an expression. To understand this, assume any expression, e.g., 8*3+2, and the answer to this expression could result in two different values, “26” and “40”, respectively. However, we will choose the result of the expression as “26”, since the multiplication “*” operator has more operator precedence as compared to the addition operator “+” hence, the expression will first compute the multiplication between 8 and 3 and the result will be then added with the 2. Many operators in the programming language C have more priority over the other operators.

        • Linux HintConstants in C

          We need to declare and initialize the values, either changing or fixed in some places, to give a value or assign a weightage for the reference or the manipulation of the specific information while writing a program. For these assignments of the values, we store these values in variables and constants. Constant is the type of that variable whose value remains unchanged/fixed throughout the entire program. Primary constants represent the integers, real numbers, and character constants, whereas secondary constants represent the structures, arrays, unions, and pointers. When we initially declare a constant in a program, we cannot change its value to any other value afterward. We are obliged to use that value as it is in the entire code.

        • Linux HintMalloc Function in C

          “Within the C language, memory allocation is a very known concept, and we have many functions to allocate memories to different mutable, i.e., dynamic memory, static memory, etc. The malloc() function of C is one of those functions that not only allocates memory to a specific mutable but also returns an address pointer where that memory has been stored. This article would be helping you with the use of malloc in C while using Ubuntu 20.04 system. Make your system up to date before jumping on the implementation of C code because it will help you smoothly run your codes at the shell. Thus, we have updated it so far, and it asked us to add the password for the user that is currently working. We provided it with a password, and the process was finished in a few seconds.”

        • Linux HintPosix Signals in C

          “While driving on the roadside, what do you do when you have an encounter with a red signal? You stop driving for a while to wait for your turn until the signal turns green. Similarly, when a signal has an orange color, you continue to drive and never stop. POSIX Signals work the same as the traffic signal works. The POSIX Signal library came up with a very simple function to be utilized in the C code to generate signals, make your programs wait for their execution, and many more. This article would be demonstrating all those signal functions. We have been starting our examples with the creation and opening of a C file.”

        • Linux HintTypedef in C

          The typedef is the predefined keyword, which instructs the compiler to assign the user-defined types to the predefined types of C, i.e., int, float, decimal, double float, etc.

          Typedef can be used when it is difficult to type multiple times in a program. For example, multiple-time use of “unsigned int” increases the complexity of the program. To reduce that complexity, we can define a user-friendly name for that type. For example, if we are using it in student ID, marks, etc., then we can simply name it “student”.

          In simple words, we can say that typedef reduces the complexity of the program and also provides clarity of the code.

      • Rust

  • Leftovers

    • TediumWhy Beck’s “Old Man” NFL Ad Feels Like Selling Out When Most Ads Don’t

      The idea of selling out has kind of lost all meaning in our modern culture, but there are still moments where the cringe comes on a little strong. One of those moments hit this week when it was revealed Beck had covered Neil Young’s “Old Man” to promote an NFL game that Tom Brady is playing in. Now, Young is very famously not a fan of selling out, but then again, he kind of sold his right to not sell out earlier this year. (He wasn’t alone.) But Beck, a man who I’ve never seen play football, seems like an unusual choice to have anything to do with the NFL or Tom Brady, and I’m sure he was the one that came up with the idea of adding additional meaning to “24 and there’s so much more” that the NFL is claiming. In honor of this new, more esoteric attempt at selling out, today’s Tedium talks about the nature of sellouts.

    • Hardware

      • The Next PlatformWhere Amdahl’s Law And Gustafson’s Law Hit the Moore’s Law Wall

        After nearly six decades of getting smaller, faster, cooler, and cheaper, transistors are getting more and more expensive with each generation, and one could argue that this, more than any other factor, is going to drive system architecture choices for the foreseeable future.

        Either the reticle size of fab equipment is going to limit us, or the internetworking between components, whether they are on a single socket in 2D, 2.5D, or 3D configurations, is going to limit us. We find chiplet architectures perhaps unavoidable as well as interesting, and we admit that chiplet approaches have the potential to increase individual component yields and therefore reduce semiconductor costs, but the use of chiplets also increases package manufacturing costs and there is a price – and potentially a very large price in computational efficiency and thermals – of not having monolithic compute elements very close to their cache and main memories.

    • Pseudo-Open Source

    • Linux Foundation

    • Security

      • LWNSecurity updates for Wednesday [LWN.net]

        Security updates have been issued by Debian (gdal, maven-shared-utils, thunderbird, webkit2gtk, and wpewebkit), Fedora (firefox and libofx), SUSE (dpdk, firefox, flatpak, grafana, kernel, libcaca, and opera), and Ubuntu (ghostscript and linux-gcp-5.15).

      • IT WireiTWire – PM tells Optus it will have to pay for replacing users’ passports

        Prime Minister Anthony Albanese has told Optus that it must pay the costs for customers who want to replace their passports if their data was caught up in the breach that the telco announced last Thursday.

        Albanese said Australia’s security and privacy legislation would be updated, adding that big data breaches would result in penalties.

        He added that Optus, not taxpayers, should pay for the new identity documents because the breach was caused by the telco’s failures, and expressed surprise that the Opposition was asking the government to pick up the bill.

      • Internet Freedom FoundationDelhi HC issues notice in SnTHosting’s challenge to legality of CERT-In’s Directions

        The Delhi HC has issued notice in a petition filed by SnTHostings challenging the legality of Direction No. 20(3)/2022-CERT-In dated April 28, 2022 (‘2022 Directions’) by the The Indian Computer Emergency Response Team (‘CERT-In’). SnTHostings provides hosting, Virtual Private Network (‘VPN’) and Virtual Private Server (‘VPS’) services. The 2022 Directions presented an existential crisis to SnTHostings as they mandated it to collect a range of personal data and share it with CERT-In on demand and / or on the occurrence of a cyber-security incident. Mr. Samar Bansal appeared on behalf of SnTHosting. Justice Yashwant Verma of the Delhi HC heard detailed submissions from the counsel and directed CERT-In to provide a response to the Petition, stating that the issue requires consideration. IFF provided legal assistance.

      • CISACISA Releases Three Industrial Control Systems Advisories [Ed: Now revised]

        CISA has released three (3) Industrial Control Systems (ICS) advisories on September 27th, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

      • Hacker NewsResearchers Warn of New Go-based Malware Targeting Windows and Linux Systems [Ed: So don't install it. In Windows there are back doors, so it may be outside the user's control.]

        A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet.

      • MEMRIPro-ISIS Outlet Recommends Most Secure Linux Systems [Ed: Now they try to associate Linux with terrorism even if the vast majority of terrorists use Windows]
    • Defence/Aggression

    • Monopolies

      • Copyrights

        • Public Domain ReviewHypnerotomachia Poliphili and the Architecture of Dreams – The Public Domain Review

          With its otherworldly woodcuts and ornate descriptions of imagined architecture, Hypnerotomachia Poliphili brims with an obsessive and erotic fixation on form. Demetra Vogiatzaki accompanies the hero as he wanders the pages of this quattrocento marvel, at once a story of lost love and a fever dream of antiquity.

  • Gemini* and Gopher

    • Personal

      • Star Log 2022-09-27 23:00 AKDT (Fairbanks, AK, US)

        I received the reflector which my friend offered to loan me. It turned out to be a Celestron PowerSeeker 127 with manual German equatorial mount. This instrument has a five inch aperature. I had been wanting a six-inch system or higher, but I’m hoping it will be an improvement over my 60mm refractor, as far as light-gathering power. I really wanted to try an equatorial mount, so that is great.

      • Adventures in mid-life: Going to work

        Had to go into ‘the office’ today and due to having a new car I had to take the train. (Where I work cars have to be registered for access.)

      • Character Backstory

        Judd Karlman was talking about character backstory on the latest episode of his podcast, Daydreaming about Dragons. I decided to write up how I got my latest character’s backstory.

      • ACORSWY Wordo: UNWIT
      • Creating Against Consuming

        I want to write more. I need to write more. It’s boiling inside me.

        But each time I turn on my computer to write, something very strange happens: I do everything but writing.

        I want to check if I received some messages. I want to check some random news. I want to reply to the messages in my inbox because they are now filling my brain given that I saw them. I want to share or react to the news I’ve seen. I want to upgrade my software. I want to tweak some configuration in my setup. When I did all of this, I check again for messages and for news.

        Going offline only partially solved the problem. Instead of checking random news, I started to play some good old games thanks to Scummvm and Dosbox. I started to write more code than text (resulting in Offpunk).

      • Just Writing

        Two years ago I wrote about writing. I thought the main barrier that kept most people from writing was environmental distractions. I claimed “stress, anxiety, sleep deprivation, or other mental issues” played a role, but often the issue was “whether or not you chose the right font, whether that section should be in italics, or if that paragraph should be colored red for emphases [sic]“. Those might have been my excuses for not writing then, but its far from my main inhibition now.

        [...]

        Like with most things, the ideal spot is between those two extremes. Where? I’m still figuring that out.

        I value honesty and vulnerability, but I haven’t been able to practice them the way I’d like. Fear and anxiety stop me from doing the things I love, from caring for those whom I love, and from being honest with myself and others. It’s devastating.

        Jesus said not to worry. That’s good advice, but it first requires grabbing hold of one’s emotions. Without that control, avoiding worrying is vanity.

    • Politics

      • Keep infrastructure free

        A lot of essayists wanting to push the square peg of open source software into the round peg of quid-pro-quo market capitalism.

    • Technical

      • Avoid Linux locking up in low memory situations using earlyoom

        Within operating system kernels, at least for Linux and the BSDs, there is a mechanism called “out of memory killer” which is triggered when the system is running out of memory and some room must be made to make the system responsive again.

        However, in practice this OOM mechanism doesn’t work well. If the system is running out of memory, it will become totally unresponsive, and sometimes the OOM killer will help, but it may take like 30 minutes, but sometimes it may be stuck forever.

      • Science

        • When an AI researcher didn’t research AI

          My take is that the biggest error Lemoine did when saying that LaMDA was sentient was refusing to learn how it worked and how neural networks work generally. It seemed to me that he deliberately wanted to stick to “Turing test”-like conditions. That makes as little sense as if a doctor would want to smash up X-Ray machines. If you can look under the hood, or if your team members can, that’s a huge boon that you shouldn’t squander.

      • Internet/Gemini

        • Current Interests

          I saw a post on the Cosmos Aggregator by Remi Noulin about their terminal gemini browser Telescope. I’d been using Amfora for so long I thought I’d give Telescope a shot. I’m really digging it so far. I used the dark mode configuration and was able to easily add a few of my own colour changes. The commands take some getting used to but it’s already starting to sink in.


* Gemini (Primer) links can be opened using Gemini software. It’s like the World Wide Web but a lot lighter.

Microsoft is Coasting on What it Once Was, Using Things like Internet Explorer for Leverage and BSA Ads on Facebook

Posted in Microsoft at 4:17 pm by Guest Editorial Team

Reprinted with permission from Ryan

I was talking about Microsoft using legacy crap in Windows as a “feature” to lock people in who were stupid enough to design things based on it.

“Near the end, Trident’s rendering capabilities weren’t that bad, but Microsoft just kept adding modes that essentially froze the state of the engine and then made a new one on top that behaved differently.

If you don’t specify a doctype, then to Internet Explorer, the DOM is still where it was at in 1999.

This is because Microsoft encouraged abusing it to write Intranet sites and ActiveX crap that will never be fixed.

There are still ways to launch IE and browse with it in Windows 11 although they obscure how to get at it. But you can force it to launch.

The bulk of [Internet Explorer] is never going away though. It would break some thing that some business or government uses internally and they’d go “Well, shit. Since that’s gone, we may as well ditch Windows too because that’s literally the only reason we were paying for it.”.

Windows has a lot of attack surface that most people never think about because people pay to keep it crufty.

The way to deal with applications that old of course could be something like IEs4Linux where you just shove them into WIne, or stick an old copy of Windows 2000 into a virtual machine and only allow it on the Intranet, but if you’re a big company, Microsoft’s BSA will come audit this and find out you’re using “their software” in a way they don’t like.

Microsoft’s BSA is a bunch of lawyers that figure out who suddenly hasn’t paid up in a while and is trying to get away from them and then demands audits and exit taxes and Windows licenses for machines that don’t even run Windows. It served their purposes that you should paint yourself into a corner using the mess that they provided over the years. You know, for “free”, of course.

It’s like trying to get out of California and they figure all you’re good for is to soak one last time, so you get a tax audit.”

So you “get out of California” and life’s good until the California tax people send you a letter in the mail and say “You owe this because reasons.” and you end up paying them something even if you don’t owe them anything because otherwise they’ll take you to one of their tax courts where they always win.

Microsoft’s lawyers are like this.

-Me on a Matrix chatroom

If that’s not bad enough, if you get on Facebook, the BSA is always offering to pay people to narc out large users of their software who are violating the EULA.

Chances are one of your own employees will see that, decide that being a rat pays pretty well, and anonymously turn you in, and then use the money they got to go on vacation and pay their car note off.

People who are not already in a predicament like this should avoid getting caught in Microsoft’s tar pit.

People who are in a predicament like this need to avoid the one time expenses of freeing themselves from their Microsoft dependencies and migrating away vs. total expense of just paying and paying.

The total expense is more than just the licensing fees for Microsoft products, where you’ve already paid for Windows a million times over and here you are paying for it again.

Microsoft products are not secure and are constantly being taken over by ransomware and nation state malware, and even failing that somehow, are of poor technical quality and just have a habit of blowing up on you at the worst possible time due to inferior craftsmanship.

IBM is Outsourcing Key Parts of GNU to Microsoft Linux Foundation

Posted in Free/Libre Software, GNU/Linux, IBM, Microsoft at 4:03 pm by Dr. Roy Schestowitz

Recent: ‘Splinter Group’ SFC (Already Sued by Moglen/SFLC) is Not Really Against Microsoft GitHub, It Helps IBM/Red Hat Outsource GNU to GitHub Using the Same Excuses Microsoft Used When Lobbying for Kernel.org to Move to Proprietary GitHub

Now:

The GNU Toolchain Infrastructure Project

Summary: GNU Toolchain is being given to Microsofters at the Linux Foundation after just over 3 years of coup against the FSF

I censor IBM's critics and work with the Linux Foundation against the FSF

Of note: SFC censors IBM critics (it just swims where the money is)

The comments in LWN today are revealing. People realise exactly what’s going on.

LWN comments

MICROSOFT Still the ENEMY of Linux and FOSS, But Somebody Has Very Selective Memory and Weak Critical Skills

Posted in Deception, Free/Libre Software, GNU/Linux, Microsoft at 12:59 pm by Dr. Roy Schestowitz

Video download link | md5sum 3d6a356296d1b7b02c9ff788cdd1170a
Nick Experiments With False Narratives
Creative Commons Attribution-No Derivative Works 4.0

Summary: The latest video of "Nick" misleads on what Microsoft means to GNU/Linux users and Free software developers; I respond to some weak or false premises

THE video above was published in response to this one (embedded ads). It was entitled “MICROSOFT isn’t the ENEMY of Linux and FOSS anymore, but it’s no friend either…” (hence the title of the response)

“My own thoughts are sort of ‘superimposed’ above; it’s one step away from calling people who oppose Microsoft “enemies” or “haters”. He uses the word “hate” to trivialise the victims’ angst.”On the Web, when one woos advertising opportunities, one develops a sixth sense for corporate acceptance (or acceptance from corporate shills like those who signed the petition against Richard Stallman, including “The Linux Experiment”/Nick above, pretending to be a whole organisation!).

Last night Nick published a rather provocative video arguing that Microsoft isn’t the enemy or something to that effect (whilst insiting that RMS is the enemy, based on a big bunch of lies)

As one person put it: “How can a non-idiot become so detached from reality without being on the take? Holy shit, it’s right there in the title… What a tool || fool he is.”

“Nick’s video was disappointing but not as bad as it initially looked,” the person said after actually watching it, “however not good, just disappointing. It is clickbait but that does not stop him from expressing troubling statements and glossing over problems. Like I said, it is very disappointing.”

My own thoughts are sort of ‘superimposed’ above; it’s one step away from calling people who oppose Microsoft “enemies” or “haters”. He uses the word “hate” to trivialise the victims’ angst.

The person we spoke to last night says “he seems to soft-pedal the 1990s while glossing over the 1980s. He tries to spin the behaviors as past actions and not ongoing, continued attacks against everyone and everything. At least he almost called them out over OOXML but missed out a key point that no one — not even Microsoft — uses it. And he bullshits on WSL, overstating its capabilities. The kernel ‘contributions’ are mistaken for help rather than dumping crap Microsoft-oriented code. He observes, correctly, that Microsoft aims to control now via the “cloud”. He misses the core of the problem with GitHub. Microsoft Co-pilot, unlike his claim, is a copyright infringing service. Definitely not his best video. He’s off badly in each segment.”

A meme: YouTube! Microsoft revisionism

Get Away From Clowns (Clown Computing), They Will Only Betray and Hurt You at the End

Posted in Deception, Google, Servers at 12:20 pm by Dr. Roy Schestowitz

Video download link | md5sum 4ccea214a2936a6982bd285bad95caaf
Google is Not a Friend: Google Photos Corrupted, Highlighting Dangers of Clown Computing
Creative Commons Attribution-No Derivative Works 4.0

Summary: Corporations do not like people, they are just blindly obedient to shareholders and their personal interests; outsourcing your personal data (or business data, which impacts non-consenting subjects) to other companies is a self-harming if not outright suicidal move and we gather more and more evidence of this over time

HOW many times does Google need to burn its so-called ‘users’ (used by Google) before they learn to just avoid Google?

More generally, when will people realise that the promise or promises of Clown Computing are false? Like Rust promising “security” when Rust itself is a security liability

In the corporate world (or shareholders-first context), things are very rarely what they’re advertised as. Google spent years brainwashing or bullying or blackmailing Linus Torvalds to accept Rust, whose development was in effect funded by Google (the Sugar Daddy of Mozilla).

“With a budget like Google’s and salaries so astronomically high, shouldn’t this have been prevented?”A couple of nights ago I saw the report about Google’s user data getting corrupted. I took note to say “Google Photos Corrupted, Highlighting Dangers of Clown Computing” and later I saw more reports to the same effect. To quote the latter one: “According to those affected, the corruption persists when downloading the image. This apparently applies to both individual downloads and when using Google Takeout. The original copies of pictures do not appear to be impacted, but the edited ones are what appear in the Google Photos apps. Dozens of reports and examples show near-identical instances of this issue. The problem looks to have resided for some in the last day, but others are still affected. As such, it’s more than likely that there is a solution on Google’s end for this.”

With a budget like Google’s and salaries so astronomically high, shouldn’t this have been prevented? As I explain in the video above, some of the world’s most famous storage gurus are employed by Google.

In my video, the negligence is explained a bit further. And the lessons learned here are that even large companies cannot be relied upon with your data; in fact, they don’t value this data and won’t make a special effort to protect or restore it; previously, with Picasa, they just simply tore down people’s software tools and data, purely for business reasons.

There are reasons other than data integrity not to give Google any of your data. One important aspect is — suffice to say — privacy. See Leaking Passwords through the Spellchecker from Schneier on Security. It was published earlier this week and said: “The solution is to only use the spellchecker options that keep the data on your computer—and don’t send it into the cloud…”

Microsoft and Google are both building databases with people’s passwords. Is that even legal??? As somebody else noted this week, Google Analytics isn’t legal. To quote: “Although Google says that Google Analytics 4 solves the issue, the Austrian and Danish DPAs reject Google’s point of view.”

It’s like they’re above the law; in fact fines don’t scare them. It’s just the ‘price’ of abusing people.

“They really don’t value people’s memories.”Legality aside, there are practical reasons to avoid outsourcing. As one article put it: “It’s easy to just snap photos of all your special memories and keep them uploaded to the cloud for safekeeping, never worrying about them. But what happens when they’re not as safe as you’d assumed? This is what some Google Photos users are experiencing, posting to Google support that their older images have become corrupted.” And they didn’t even notify users. There are no backups. They really don’t value people’s memories. The Google ‘Gulag’ is so careless and incompetent, going ‘full Stalin’ on people’s photos (Stalin was notorious for deleting or sanitising photographs).

Clown computing is a huge mistake.

Keeping one’s photos in one’s own turf is both doable and encouraged. It’s affordable as well. The entry barrier is not as high as people are led to believe and there’s no service shutdown unless one chooses to shut down one’s own album/s. As for data loss, regular backups help. Don’t let some greedy, unaccountable corporations handle them. Microsoft lost customers’ valuable information many times before (e.g. Danger Sidekick). Live and learn, stop repeating mistakes.

The Internet is Under Growing Threat of Being Cut Off (at Least Partially)

Posted in Free/Libre Software at 11:19 am by Dr. Roy Schestowitz

Video download link | md5sum c79e812751929dd567f0d89d7ad2d2cd
False Assumption Internet is Persistent
Creative Commons Attribution-No Derivative Works 4.0

Summary: War and conflict being escalated means that cables which connect continents are at threat of being severed without anyone being detected as accountable for it (this is incredibly difficult when dealing with cables that long), knowing how disruptive such an action would be as we’ve come to assume that the Internet is just “always there”

THE “splinter-net” or “killswitch” for the Internet (the US has the “master key” and Microsoft puts killswitches in many products, e.g. [1, 2, 3]) is not the subject of today’s video. Sure, the root DNS system is vital, any government can take down the Net (many already do, at least temporarily), and Russia has been blocking many sites lately.

But what about technical sabotage/vandalism? How about an attack on infrastructure such as underwater cables. In Ukraine, Russia has already targeted communication facilities, but it’s almost unheard of for a nation state to cut an underwater cable to disconnect another country. The NSA cut off the Internet of Syria, but this was done by remote technical means and, according to Edward Snowden, by accident.

A very big news story today is yesterday’s “cutting of NS1 & 2″ (energy pipeline from Russia to EU). To borrow an associate’s framing of it…

We are assuming it is possible that some time in the future access to a lot of the Net, Techrights and Tux Machines included, will be cut.

“In case of major, worldwide disruptions to the Internet, IPFS is… becoming interesting.”As things escalate it becomes less far fetched or unthinkable.

We’ve been trying to “revisit bandwidth and Web page bloat” (this site too will change later this year), as “there are no small pages any more, nor much of any server-side activity, despite some countries still requiring small pages as part of defence readiness,” to quote the associate.

My own thoughts are in the video above. In case of major, worldwide disruptions to the Internet, IPFS is… becoming interesting. It’s a lot like P2P, which was in some sense the raison d’être of the Internet (during Cold War it needed to be made robust to strategic, “tactical” nuclear strikes).

Free Speech is Becoming as Scarce as Independent Journalism (Even at the FSF)

Posted in Free/Libre Software, FSF, FUD at 11:12 am by Dr. Roy Schestowitz

Video download link | md5sum 9cec78b99b8a19d43c0b0b8323b16f19
The Online Speech Police
Creative Commons Attribution-No Derivative Works 4.0

Summary: Censorious tendencies and authoritarian leanings have put speech (both online and offline) at risk; it has gotten so bad that nowadays it’s difficult to say what’s true and factual if someone’s feelings (or a clique) will be hurt

THE Free Software Foundation (FSF) has announced that it is pursuing talks, but reliable sources inside the FSF have told me that talks are closely scrutinised before they’re approved. The screening process is there to ensure that no “undesirable” views get aired. So does the first F in “FSF” also relate to Free speech? It’s complicated. Their IRC network and even their mailing lists are censored. Sometimes out of convenience, not to avoid offense.

“Their IRC network and even their mailing lists are censored.”This isn’t to ‘bash’ the FSF, just to openly and freely state what’s factual. In LibrePlanet 2023, “software patents ought to be addressed,” someone has told us, but they seem to favour lawyers as speakers, not hackers/coders who understand these issues from a technical perspective. I would have submitted a talk on this issue had I not felt the threat of being suppressed (or the talk watered down). Based on what I heard, they do both (censorship and self-censorship), so I choose to instead publish in a platform that I control. “It’s partially online so speakers could be from anywhere,” someone has reminded us, but that in no way tackles the free speech deficit, just aspects of convenience (no need to travel). My response was that if I had given a talk about the EPO or UPC, for instance, “it would have to be self-censored heavily [so] and I’d rather use my own platform…”

Notice how the FSF did not take note of GNU’s anniversary. “Today is the 39th anniversary of the launch of GNU,” we’ve been reminded by somebody. “I would say an important topic would be to get institutions onboard for a proper recognition of the 40th anniversary next year.”

Well, so far the FSF has said nothing. It just celebrated its own 35th anniversary, but that was it. The contribution to it from the FSF’s own founder was a pre-recorded and heavily sanitised ‘talk’. We mentioned that at the time. Are they embarassed of their own people and projects?

Any hypothetical scenario I can think of would prevent me from speaking openly and that’s not limited to the FSF’s LibrePlanet. Nowadays academia is pretty much the same (scholarly environments became very corporatised) and it’s hard to get anything published that contradicts phony corporate narratives. The corporate money (e.g. advertising, grants) reinforces if not cements the monopoly on narrative/s.

“I don’t think I ever saw a LibrePlanet talk (seen a lot) that focuses on corruption,” I noted. Ever since yesterday I’ve thought about it some more. I still can’t think of an example. They set boundaries and those likely include protection for FSF sponsors. The organisation being not revolutionary and not even reactionary (reacting to some of Microsoft's latest competition crimes) is a very big problem. So-called diplomatic and bureaucratic people have decided to ‘police’ the FSF’s speech, making it or shaping it like the SFC, albeit with less funding.

“The corporate money (e.g. advertising, grants) reinforces if not cements the monopoly on narrative/s.”We not only needed Richard Stallman (rms) back in the institution he had founded in 1985. We needed the real rms back. We needed someone who can bluntly spell out the issues, not some career climbers who “leave it to the profe$$ial$” (like inviting lawyers to speak about patents, talking in terms like “IP”).

This problem further extends to another important theme; see “Journalism: “Objectivity” and “Neutrality” Aren’t the Same Thing at CounterPunch (appeasing two misleading camps, sometimes both of which connected to the same companies). And a connected theme is social control media. See “Why Misinformation Spreads So Quickly On Social Media” (e.g. how rms was defamed without any corrections/retractions issued later).

That latter one “ties into the CounterPunch article too; objectivity is not parroting “both sides” but a matter of digging to find what the facts are,” as an associate explains.

We linked to the CounterPunch piece several days ago. The only thing worse than a lack of media or misleading media is social control media because it’s harmful on many levels (some aspects are explained in the video above).

“The only thing worse than a lack of media or misleading media is social control media because it’s harmful on many levels…”“Another theme,” the associate said, “setting aside who said it or maybe not, is that computers used to be about doing work for people and under the direction of people rather than as a means to far people and their attention. Note how far the proprietary company Apple has diverged from its founder since his death.”

“Most software, especially “apps”, are about farming behaviors these days.”

Worse yet, they actively misinform the user and even incite the user against innocent people, sometimes to distract from scandals that haunt the app maker/s.

Attempts to Legislate Against Free Software in Order to Elbow Such Software Aside

Posted in Free/Libre Software, FUD, Law, Microsoft, Security at 9:29 am by Dr. Roy Schestowitz

Video download link | md5sum a8f9ceff0ad97d546e30338a3c0ce610
Media FUD and Anti-FOSS Bills
Creative Commons Attribution-No Derivative Works 4.0

Summary: There’s not only a wave of attacks falsely attributing security issues to Free software (the media says “Open Source”) but also new legislation in the United States, likely crafted by lobbyists, which discriminates against Free software whilst ignoring the elephant in the room, e.g. government back doors

THE corporate media, which is being fed a set of mindless talking points from corporations that fund it (e.g. by buying advertising space), is spreading a lot of Free software-hostile misinformation. It has been particularly true this month. Not a day goes by without us providing several examples in Daily Links, usually with accompanying editorial remarks/response. Thanks to gross bias and corrupting influence of money, so-called ‘journalists’ (stenographers) try to convince us the worst thing to security is “Open Source”, using terms like “supply chain”, which became fashionable (distracting from the real culprit, e.g. MS SQL [proprietary] servers are getting hacked to deliver ransomware to orgs,” as just pointed out in Help Net Security, or never noting that this “supply chain” is controlled by proprietary frameworks, e.g. GitHub or NPM, i.e. Microsoft/NSA).

“Some of these sources (e.g. Recorded Future) are connected to spy agencies and spy on IRC networks.”One recent rebuttal to the torrent of FUD comes from a podcast of Josh Bressers. It’s entitled “Holding open source to a higher standard”, alleging that Free software is scrutinised a lot more harshly than proprietary rivals/counterparts. “Open source has always been held to a higher standard,” Bressers says. “It has always surpassed this standard.”

Sadly, this is the only link we can recommend that readers follow and read. We put it in Daily Links several days ago.

The annoying part was pointed out to us by an associate, alleging that Microsoft “is still milking the log4j vuln[erability] for political gain,” based on shallow blog posts and reports [1, 2, 3]. “The FSF, EFF, and OSI (in their old incarnations) need to be in proactive,” the associate said, and “contact with the OMB immediately.”

Some of these sources (e.g. Recorded Future) are connected to spy agencies and spy on IRC networks. It’s a sinister entity.

“CISA, a Microsoft booster, is involved in this.”The above corresponds to S.4913 – Securing Open Source Software Act of 2022, which can be found in congress.gov under the title “Securing Open Source Software Act of 2022″. It’s formalised “concern trolling” in a suit with a tie. The title is misleading.

CISA, a Microsoft booster, is involved in this. To quote from one of the links above: “The Securing Open Source Software Act — sponsored by Senators Gary Peters (D-Mich.) and Rob Portman (R-Ohio) — would require the Cybersecurity and Infrastructure Security Agency (CISA) to create a “risk framework” around the use of open source code within the government and critical infrastructure agency.”

“CISA would need to find ways to “mitigate risks in systems that use open source software” as well as hire experienced open source experts to address issues like Log4j. The bill also requires the Office of Management and Budget (OMB) to publish guidance for agencies about how to use open source software securely.”

Based on CISA’a own list of actively-exploited flaws, Microsoft is a vast part of the problem, but S.4913 was “[r]ead twice and referred to the Committee on Homeland Security and Governmental Affairs.”

“Notice how they keep mentioning “Log4j”; even about a year later! It had been patched before the public even knew about it.”As if the problem is what Microsoft keeps attacking or what’s replacing Microsoft.

“The overwhelming majority of computers in the world rely on open source code – freely available code that anyone can contribute to,” says this page. But that’s its strength, not the weakness, as I explain in the video above. Anyone can fix it, so it gets fixed very fast.

Notice how they keep mentioning “Log4j”; even about a year later! It had been patched before the public even knew about it.

Many publishers intentionally participate in a FUD campaign, e.g. Help Net Security with “Open source projects under attack, with enterprises as the ultimate targets” just a couple of days ago. That’s just another wave of anti-Free software FUD; so back doors in proprietary software are OK, but this is… the end of the world? And the sky is falling? This selective attention is a propaganda technique.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts