System76’s engineers picked Iced, a Rust-based cross-platform GUI toolkit, over GTK for their in-house developed COSMIC Desktop.
System76, a computer manufacturer specializing in the sale of notebooks, desktops, and servers, is a well-known name in the Linux community. Being a strongly Linux-oriented company, System76 utilizes free and open-source software and offers its own Ubuntu-based Linux distribution, Pop!_OS.
The distro uses COSMIC Desktop, an in-house developed desktop environment based on GNOME but extends on it with additional functionality.
If you don’t want to do any of the things above and you’d rather avoid Windows completely, you can buy the Lenovo ThinkPad X1 Extreme Gen 5 with Ubuntu Linux installed out of the box. Or at least, you should be able to. While this option is mentioned on Lenovo’s official spec sheet, you can’t actually configure the ThinkPad X1 Extreme Gen 5 with Ubuntu right now. Still, the option should show up at some point in the coming weeks or months, so it’s worth it to keep checking back.
Whether you want to get it with Ubuntu Linux or Windows 11, you can buy the Lenovo ThinkPad X1 Extreme Gen 5 using the link below. Lenovo’s configurator offers a ton of options, not just for the software, but for the hardware of the laptop, and there are also some preset configurations you can buy outright, which typically ship a bit faster than custom configurations. If you want something else, there are many other fantastic Lenovo laptops out there which you can check out. Or, if you’re not committed to Lenovo, take a look at the best laptops overall.
AMD Ryzen 7000 processors are now on sale, and those running the silicon in Linux PCs will apparently find the CPUs are faster with security mitigations turned on, which is counterintuitive for sure.
[...]
Of course, turning on such defenses comes with the expectation that you may have a slight performance hit – or a heftier one, or perhaps at best your system might be pretty much unaffected. But what you definitely wouldn’t expect is that it’d run faster with the mitigations applied.
So, with the security mitigations turned off, a route some folks might take to chase better performance, the Linux system is actually being slowed down – while leaving it more vulnerable to exploitation at the same time. A lose-lose situation if ever there was one.
Whether on-premises or in the cloud, clusters face real constraints for resource usage, quota, and cost management reasons. Regardless of the autoscalling capabilities, clusters have finite capacity. As a result, users want an easy way to fairly and efficiently share resources.
In this article, we introduce Kueue, an open source job queueing controller designed to manage batch jobs as a single unit. Kueue leaves pod-level orchestration to existing stable components of Kubernetes. Kueue natively supports the Kubernetes Job API and offers hooks for integrating other custom-built APIs for batch jobs.
I've wanted to take a look at some Slackware based distros for a while now, and now that Summer has ended it's time to do just that, starting with Salix. Salix is an interesting distro that offers all the power and stability of Slackware, but its footprint is much smaller than a full Slackware install and, here's the thing, it adds dependency management into the mix. This is what sets Salix apart. Package management is as simple as it is on the likes of ubuntu, especially when using the gslapt gui. Add the ability to use flatpaks and slackbuilds into the mix and you soon start to see what a great little system this really is.
In this video, I am going to show how to install TUXEDO OS 1
A new Linux kernel has been released, even though its a major version bump the changes are not so major, mostly performance improvements for high core CPU's, a new scheduler system, and support for newer hardware. I also talk about future 6.x releases which will start including kernel drivers written in Rust.
Wes and Frederic discuss the origin story of Polar Signals, eBPF (the enabling technology used by Polar Signals), Parca (the open-source system they built to collect continuous profiling data), and more, including things like FrostDB and why profiling data complements what we already have with our currenct observability stacks.
A question that I often get asked online and in real life is "What would you choose between Windows and Mac?" Well, thankfully I have never had to make such a choice, but it's certainly possible that one day I might have to do so (maybe for a job). Which proprietary operating system would I choose to run?
Linus Torvalds has released the 6.0 kernel as expected, noting that the major version number upgrade is more a matter of practicality than any fundamental changes.
I'm announcing the release of the 5.19.13 kernel.
This release is to resolve a regression on some Intel graphics systems that had problems with 5.19.12. If you do not have this problem with 5.19.12, there is no need to upgrade.
The updated 5.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
thanks,
greg k-h
The 5.19.13 stable kernel update is out. "This release is to resolve a regression on some Intel graphics systems that had problems with 5.19.12. If you do not have this problem with 5.19.12, there is no need to upgrade."
It looks like one of the recent Linux kernel updates is causing issues with Intel laptops. Apparently the 5.19.12 update is not playing nice with Intel's graphics i915 driver and this is leading to all sorts of issues. For example, below is an example of a user who said that they were almost constantly encountering weird flashing problems. The user added they had the issue on a Lenovo laptop powered by i7-1065G7 running Fedora 35.
[...]
Over on the Framework community forum, affected users have been raising this issue for close to a week now, and it looks like an Intel Linux kernel engineer, Ville Syrjäl, had picked it up. Syrjäl says that the panel power sequencing (PPS) delay is bugged which could potentially even damage the LCD panels. He wrote:
We all know that NVIDIA GPUs don’t receive enough support from the Linux and Open Source community, at least not until NVIDIA finally decided to open source their graphics drivers. The open-source Nouveau driver lacks new hardware support and features, at least compared to the open-source drivers available for AMD and Intel GPUs.
This is where NVK comes into play, written almost entirely from scratch by Collabora’s Jason Ekstrand, as well as Red Hat’s Karol Herbst and Dave Airlie, using the new official headers from NVIDIA. NVK aims to be the new reference Vulkan driver for NVIDIA hardware and will ship with an upcoming Mesa graphics stack release.
For the past several months, I've been working on writing a brand new open-source Vulkan driver for NVIDIA hardware in Mesa called NVK. This new driver has primarily been written by myself (Jason Ekstrand), along with Karol Herbst and Dave Airlie at Red Hat. In the last month or two, we've started picking up a few commits here and there from community folks and I'm hopeful that community involvement will only increase going forward.
[...]
Support for NVIDIA hardware in open-source drivers has always been somewhat lacking. The nouveau drivers exist but they're often missing features, buggy, or just don't support certain cards. This is due to a combination of factors. Unlike the Intel and AMD drivers, nouveau driver stack has been developed with little to no official documentation or help from NVIDIA. They occasionally provide little bits of support here. Historically, it's been mostly focused on enabling nouveau just enough that you can install your Linux distro, get to a web browser, and download their proprietary driver stack.
Most of the hardware knowledge we (the open-source graphics community) have is learned by reverse-engineering, digging through CUDA documentation (it's amazingly low-level sometimes), and picking through the few bits NVIDIA drops us here and there. This slows down development in the best of times and makes solving certain problems nearly impossible.
Jason Ekstrand announces a new Vulkan driver for NVIDIA hardware on the Collabora blog. It seems to be off to a good start, but there is some work yet to do:
While most torrent clients are prepackaged with a GUI, there are some exceptions reserved for Linux users who spend most of their productive time on the command-line environment.
[...]
While Transmission is a free, fast, and easy-to-use torrent client with a beautiful user interface, this torrent-based software is versioned with transmission-cli to enable the download of torrent files from the Linux terminal environment.
After more than 20 years of development, the popular planetarium ‘Stellarium’ finally reached 1.0 release.
The Stellarium team did it. Stellarium 1.0 is here!
When writing about digital technology, or any topic, is something you do, it takes time to accumulate credibility. Even if you put in the study time up front to know your stuff, building trust takes time.
I’ve been fortunate that, after years expanding my portfolio and the knowledge base under it, people come to me for advice on related subject matter. I’m still not totally comfortable in this position, but I roll with it.
As more professionals put stock in my technical background, I have been exposed to more specialized technical environments and use cases. Friends asking for consumer electronics troubleshooting is worlds apart from professionals looking to overcome a technical hurdle.
This new class of advice I’m prompted to provide has elucidated the challenges that professionals confront. Moreover, when I field the same question multiple times, it hints at a potential gap in computer science training. Naturally, I want to do my part to close it.
To be clear, I’m not putting anyone down. There are plenty of things I don’t know and probably should. I simply want to draw attention to concepts that I’m surprised that competent individuals struggle with. Specifically, what I regard as key Unix principles I’ve found notably missing.
I’m not totally surprised, as a lot of “tech sector” professionals work in levels of abstraction above the OS. But it pays to know these Unix basics considering there is often a Unix/Unix-like OS somewhere in the abstraction hierarchy. If that layer is unsound, the whole edifice risks collapse.
To that end, I want to highlight questions I’ve been asked about Unixy (my substitute for “Unix and Unix-like”) systems, and the fundamentals to grasp to become self-sufficient.
Docker is a prominent container technology widely used by system administrators and IT engineers. It's a great tool for quickly setting up complex IT environments and deploying software systems securely.
Docker comes with a robust CLI tool to get the job done, but sometimes you might think of having a graphical view of Docker containers and their related services, which the Docker CLI does not provide. That's where Portainer comes in.
[...]
Portainer is itself deployed as a Docker image and is very lightweight. It's made up of two core elements: the Portainer server and the Portainer agent. The agent communicates with the server to provide access to the node's resources.
You can install Portainer on Linux or Windows, and it even supports installation on Windows Subsystem for Linux (WSL). Under the hood, Portainer utilizes the Docker CLI to offer you a good level of abstraction.
Since 2016 Raspberry Pi OS has had its SSH server disabled by default. This change was done to help the security of recently set up devices, preventing bad actors from abusing open devices.
While you can easily enable SSH through the terminal or the desktop interface, this process changes when you don’t have a spare monitor and keyboard.
Over the following few sections, we will show you a couple of different ways to enable SSH on the Raspberry Pi without a monitor.
These methods are all relatively straightforward as long as you have a computer capable of reading a micro-sd card.
A simple guide on how you can install and configure IceWM (Ice Window Manager) in Arch Linux and related distros.
I recommend that you backup all your data or take a snapshot of the current install before following along and performing the upgrade.
To kill a Linux process you need its ID or its name. If all you know is the port it’s using, can you still kill it? Yes, in several different ways.
Slackware has been one of my favorite GNU/Linux distributions for a very long time, especially since Version 8.0 came out, many moons back. The reason is that it embodies the "KISS" method of designing a distribution. "KISS" means, "Keep It Simple, Stupid!", and that's what the Slackware team has done since the distribution's inception. When Slackware 15.0 came out in February 2022, I celebrated like other "Slackers", and I'd been running the beta and release candidates (the then-"Slackware-current") since early 2021.
I've even used Slackware at work in a "Microsoft shop". Yes, it can be done, and it can be done well. To do so, I needed something compatible with Microsoft Office file formats. OpenOffice.org was the ticket back then even in its Beta Build 638c days (yes, I've been using it for a long time!), and the tradition continues today, 21 years later with today's LibreOffice. It is this office productivity suite that really makes using Free Software platforms (e. g. GNU/Linux, the BSD's) on general-purpose business computers possible.
Sadly, Slackware didn't include OpenOffice.org back then, and it doesn't include LibreOffice now. This is speculation on my part, but several years ago, Patrick Volkerding stopped including GNOME because it was too much of a pain to package and distribute for a project that doesn't have the resources of Red Hat, Debian, or Ubuntu. I suspect this may also be true for LibreOffice. Also, the binary packages from LibreOffice come in RPM and DEB format. This choice by the LibreOffice developers is quite understandable, as Red Hat- and Debian-based distros are by far the dominant presence on personal computers. That still leaves us "Slackers" out in the cold, though.
Network Manager is a piece of software that handles network functionality for your system. It is a powerful suite that makes many more complicated tasks very simple.
For example, using Network Manager on your Raspberry Pi makes setting up your device as a wireless access point very simple.
By default, the Raspberry Pi uses an older software called dhcpcd for its network handling. It is a bit more complicated to configure and has been superseded by Network Manager.
Linux is the most flexible operating system on the market; there’s very little you cannot do with this platform. One only needs to look at shell scripting to realize just how powerful and customizable Linux is. Although shell scripting is certainly not a feature used by those new to the operating system, any admin fully understands their necessity.
At some point, you might run into a situation where you need to create a shell script that requires a password. If you don’t want to save that password in the script, what can you do?
When it comes to PC gaming, Linux is sadly neglected by many developers. Linux gamers need to rely on Wine and other compatibility layers in order to play some of their favorite Windows-based games on Linux. Rather than figuring out all the necessary tweaks yourself in order to make a game run, Lutris makes the job easy by doing it for you. In this tutorial, you will learn how to install Lutris on Ubuntu 22.04 and use the application to install games. Lutris supports many independent titles, as well as games from networks like GOG, Epic Games, Ubisoft, and Origin.
Learn the steps to install CodeBlocks IDE in Ubuntu 22.04 LTS Jammy JellyFish Linux or 20.04 Focal fossa to code in a flexibly extensible environment for C, C++, or Fortran.
What is Code::Blocks?
With “Code::Blocks”, programmers will have an open source development environment for the programming languages C and C++.
The tool is highly extensible due to its Plug-ins system, but also brings a lot with it: Predefined projects, a class browser, and syntax highlighting are included, but by far not everything. For example, “Code::Blocks” supports several compilers and also provides numerous debugging options.
As an open source IDE, Code::Blocks first appeals to software developers who are looking for a powerful, but also flexibly extensible environment for C, C++, or Fortran. Written in C++, C and C++ developers are part of the core group that uses this development environment that is freely available under GPLv3. Code::Blocks also gives the software developer great freedom with regard to operating systems and compilers. Implemented with wxWidgets, the environment runs under Linux and macOS as under Windows. In addition to GCC and Visual C++, Clang and Borland C++ are also among the compilers that can be used.
In this post, simple and for beginners, you will learn how to change the timezone in Ubuntu 22.04 | Linux Mint 21
The timezone is one of the issues that during the installation of an operating system is configured to improve the integration of the whole system. However, for any reason, we can change it to adjust it to a new location.
Think of it is that you move and need to change it manually or because you need to know it for configuration scripts. In any case, it is important to know this entire process.
This absolute beginner’s guide explains the steps required to install deb (*.deb) files in Ubuntu. This applies to all Ubuntu-based Linux distributions such as Linux Mint, elementary OS, etc.
This tutorial will explain how you can install Netbeans, the one of the most popular free software Java IDEs, completely with GUI designer. The graphical user interface (GUI) designer, also called rapid application development (RAD) tool, is a visual way to create applications by drag and drop alongside with writing lines of code. Now let's do it.
NVM, also called Node Version Manager used for installing and managing multiple Node.js versions in Linux.
Environment variables are specific to certain environments. A generic answer, right?
But really, those are the variables that are just specific to your current system environment such as the currently logged-in user will be stored inside the "USER" variable.
Still confused? no worries. I will walk you through a brief understanding of environment variables and then jump to various ways to print them.
The Linux Kernel 6.0 is here, packed with many features, including support for the newest generation of processors from Intel, AMD, and ARM! In addition, the kernel includes updates to improve security and performance and support various new hardware devices. For users, the most significant change in this release will likely be the new capabilities and improved stability. As always, users are advised to upgrade to the latest kernel version if they require only to do so or understand the risks of using mainline kernels.
In this tutorial, we will show you how to install vTiger CRM on Debian 11. For those of you who didn’t know, Vtiger CRM is a popular Customer Relationship Management web application which can help enterprises grow sales, deliver customer service, and increase profits. The vTiger CRM provides two different solutions, the vTiger CRM cloud solution that you can pay for all management and additional features, and the vTiger CRM open-source version that you can self-hosted on your server.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of vTiger CRM on a Debian 11 (Bullseye).
AnyDesk is one of the best remote desktop solutions thanks to its superb operating system and device support. It works on a wide variety of devices, including the Raspberry Pi.
By using AnyDesk on Ubuntu, you can remotely access your device securely from anywhere that has an internet connection.
The AnyDesk team maintains support for the vast majority of Ubuntu releases, including Ubuntu 22.04, 18.04, and 18.04.
It is the perfect alternative for those wanting to try something different from TeamViewer. For personal usage, AnyDesk offers a great solution, and for those requiring it for work it offers affordable plans.
Stellarium is a free and open-source planetarium software package. It is licensed under the GNU General Public License, version 2. It is available for Linux, Windows, and macOS. A port of Stellarium called Stellarium Mobile is available for Android, iOS, and Symbian as a paid version. It was originally developed by Fabien Chéreau and is now maintained by the Stellarium team. The software renders the night sky in 3D, allowing users to see stars, constellations, planets, nebulae, and other astronomical objects in their correct positions relative to each other. Users can also set the time and date to see how the night sky changes. In addition to being a useful tool for astronomers and amateur stargazers alike, Stellarium is also used in educational settings, such as planetariums and science museums.
In the following tutorial, you will learn how to install Stellarium on Ubuntu 22.04 LTS Jammy Jellyfish using two methods with APT Stable or Daily LaunchPAD PPA.
PowerShell is a powerful command-line shell built to help with task automation by utilizing its scripting language.
While initially developed for Windows, PowerShell has now been ported to multiple operating systems and architectures.
This means that you can even install PowerShell to the Raspberry Pi since it now has support for the ARM architecture. Installing this shell is helpful if you are used to dealing with the PowerShell language.
pip (Package Installer for Python) is the package manager for Python that allows you to very easily install extra libraries and modules for you to use within your Python scripts.
We often use pip within our Raspberry Pi projects as it greatly simplifies the process for the end user. For example, instead of downloading a file and moving it to a correct location, pip handles this entire process.
You can think of pip much like the apt package manager but purely for dealing with Python.
When your internet feels like it isn’t working as fast as it should be, one of the best ways to check this is by using an internet speed test provider.
If you had access to your Ubuntu devices desktop, you could do this speed test from within a web browser. However, if you only had access to the terminal, you would need a different method.
Over the following steps, we will show you how to download and install the Ookla Speedtest CLI to Ubuntu.
When you have a website or application up and running Nginx, it is desirable to allow visitors to access the domain using www and non-www versions of your domain name. However, in today’s age of Search Engine Optimization and users wanting a fast and easy browsing experience, having two URL links can negatively affect the overall experience of your website. However, this doesn’t mean you should abandon one of your visitors’ ways to access the site. Instead, a simple redirection can improve your website’s visitor experience, increase backlink recognition more quickly, and improve your SEO rating.
In the below guide, you will learn using how to redirect a www URL to non-www, e.g. (www.example.com) to (example.com) and vice versa with a redirect is called a Permanent Redirect, or “301 redirects”, This can be done on any operating system using Nginx, the examples are for the server blocks only. They do not explain how to set these up or install Nginx.
PureOS is a Linux distro that powers all Purism laptops and smartphones. So is PureOS the right operating system for your device? Let's find out.
When you purchase a Librem laptop or phone from Purism, you will come to find that the device ships with an operating system known as PureOS.
Chances are, unless you're already a Linux user, you've probably never heard of PureOS. Even those of us familiar with Linux may not know what sets this version apart from the others. So, what exactly is PureOS?
Today we are looking at Ubuntu 22.10 Beta. It comes with Gnome 43, Linux kernel 5.19, and uses about 900MB of ram when idling. Enjoy!
In this video, we are looking at Ubuntu 22.10 Beta.
Today we are looking at Ubuntu MATE 22.10 Beta. It comes with MATE 1.26, Linux kernel 5.19, and uses about 900 MB of ram when idling. Enjoy!
In this video, we are looking at Ubuntu MATE 22.10 Beta.
OpenSSH 9.1 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: https://www.openssh.com/donations.html
Changes since OpenSSH 9.0 =========================
This release is focused on bug fixing.
Security ========
This release contains fixes for three minor memory safety problems. None are believed to be exploitable, but we report most memory safety problems as potential security vulnerabilities out of caution.
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing. Reported by Qualys
* ssh-keygen(1): double free() in error path of file hashing step in signing/verify code; GHPR333
* ssh-keysign(8): double-free in error path introduced in openssh-8.9
Potentially-incompatible changes --------------------------------
* The portable OpenSSH project now signs commits and release tags using git's recent SSH signature support. The list of developer signing keys is included in the repository as .git_allowed_signers and is cross-signed using the PGP key that is still used to sign release artifacts: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
* ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438
* ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years.
New features ------------
* ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8).
ssh(1) will terminate a connection if the server offers an RSA key that falls below this limit, as the SSH protocol does not include the ability to retry a failed key exchange.
* sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids.
* sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings.
* sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it.
* ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character.
Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468
* sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3"
* ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429
Bugfixes --------
* ssh-keygen(1): implement the "verify-required" certificate option. This was already documented when support for user-verified FIDO keys was added, but the ssh-keygen(1) code was missing.
* ssh-agent(1): hook up the restrict_websafe command-line flag; previously the flag was accepted but never actually used.
* sftp(1): improve filename tab completions: never try to complete names to non-existent commands, and better match the completion type (local or remote filename) against the argument position being completed.
* ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key handling, especially relating to keys that request user-verification. These should reduce the number of unnecessary PIN prompts for keys that support intrinsic user verification. GHPR302, GHPR329
* ssh-keygen(1): when enrolling a FIDO resident key, check if a credential with matching application and user ID strings already exists and, if so, prompt the user for confirmation before overwriting the credential. GHPR329
* sshd(8): improve logging of errors when opening authorized_keys files. bz2042
* ssh(1): avoid multiplexing operations that could cause SIGPIPE from causing the client to exit early. bz3454
* ssh_config(5), sshd_config(5): clarify that the RekeyLimit directive applies to both transmitted and received data. GHPR328
* ssh-keygen(1): avoid double fclose() in error path.
* sshd(8): log an error if pipe() fails while accepting a connection. bz3447
* ssh(1), ssh-keygen(1): fix possible NULL deref when built without FIDO support. bz3443
* ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage. GHPR294.
* sshd(8): ensure that authentication passwords are cleared from memory in error paths. GHPR286
* ssh(1), ssh-agent(1): avoid possibility of notifier code executing kill(-1). GHPR286
* ssh_config(5): note that the ProxyJump directive also accepts the same tokens as ProxyCommand. GHPR305.
* scp(1): do not not ftruncate(3) files early when in sftp mode. The previous behaviour of unconditionally truncating the destination file would cause "scp ~/foo localhost:foo" and the reverse "scp localhost:foo ~/foo" to delete all the contents of their destination. bz3431
* ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is unable to load a private key; bz3429
* sftp(1), scp(1): when performing operations that glob(3) a remote path, ensure that the implicit working directory used to construct that path escapes glob(3) characters. This prevents glob characters from being processed in places they shouldn't, e.g. "cd /tmp/a*/", "get *.txt" should have the get operation treat the path "/tmp/a*" literally and not attempt to expand it.
* ssh(1), sshd(8): be stricter in which characters will be accepted in specifying a mask length; allow only 0-9. GHPR278
* ssh-keygen(1): avoid printing hash algorithm twice when dumping a KRL
* ssh(1), sshd(8): continue running local I/O for open channels during SSH transport rekeying. This should make ~-escapes work in the client (e.g. to exit) if the connection happened to have stalled during a rekey event.
* ssh(1), sshd(8): avoid potential poll() spin during rekeying
* Further hardening for sshbuf internals: disallow "reparenting" a hierarchical sshbuf and zero the entire buffer if reallocation fails. GHPR287
Portability -----------
* ssh(1), ssh-keygen(1), sshd(8): automatically enable the built-in FIDO security key support if libfido2 is found and usable, unless --without-security-key-builtin was requested.
* ssh(1), ssh-keygen(1), sshd(8): many fixes to make the WinHello FIDO device usable on Cygwin. The windows://hello FIDO device will be automatically used by default on this platform unless requested otherwise, or when probing resident FIDO credentials (an operation not currently supported by WinHello).
* Portable OpenSSH: remove workarounds for obsolete and unsupported versions of OpenSSL libcrypto. In particular, this release removes fallback support for OpenSSL that lacks AES-CTR or AES-GCM.
Those AES cipher modes were added to OpenSSL prior to the minimum version currently supported by OpenSSH, so this is not expected to impact any currently supported configurations.
* sshd(8): fix SANDBOX_SECCOMP_FILTER_DEBUG on current Linux/glibc
* All: resync and clean up internal CSPRNG code.
* scp(1), sftp(1), sftp-server(8): avoid linking these programs with unnecessary libraries. They are no longer linked against libz and libcrypto. This may be of benefit to space constrained systems using any of those components in isolation.
* sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox architectures.
* configure: remove special casing of crypt(). configure will no longer search for crypt() in libcrypto, as it was removed from there years ago. configure will now only search libc and libcrypt.
* configure: refuse to use OpenSSL 3.0.4 due to potential RCE in its RSA implementation (CVE-2022-2274) on x86_64.
* All: request 1.1x API compatibility for OpenSSL >=3.x; GHPR#322
* ssh(1), ssh-keygen(1), sshd(8): fix a number of missing includes required by the XMSS code on some platforms.
* sshd(8): cache timezone data in capsicum sandbox.
Checksums: ==========
- SHA1 (openssh-9.1.tar.gz) = 3ae2d6a3a695d92778c4c4567dcd6ad481092f6c - SHA256 (openssh-9.1.tar.gz) = QKfVArlcItV+e8V1Th85TL5//5d/AvOUhYOeHMDEGuE=
- SHA1 (openssh-9.1p1.tar.gz) = 15545440268967511d3194ebf20bcd0c7ff3fcc9 - SHA256 (openssh-9.1p1.tar.gz) = GfhQCcfj4jeH8CNvuxV4OSq01L+fjsX+a8HNfov90og=
Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available from the mirror sites: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
Reporting Bugs: ===============
- Please read https://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com
 The first prototype of The Adaptable Linux Platform, the next generation of Linux, is already live!, the introduction of the Adaptable Linux Platform to the SUSE communities started an endeavour to build and design a new application-centric, secure and flexible platform. You can read more about this here.
The idea behind ALP is to allow users to focus on their workloads while abstracting from the hardware and the application layer. With the usage of virtual machines and container technologies, the Adaptable Linux Platform allows workloads to be independent of the code stream.
The Community Platform Engineering group, or CPE for short, is the Red Hat team combining IT and release engineering for Fedora and CentOS. We currently have a position open for a software engineer in India.
With skills gaps across many sectors and flexible work models becoming standard, there’s never been a better time to be an IT professional. Systems analyst, functional consultant, and cloud engineer are among the top roles tech leaders are looking to fill.
If you have the technical knowledge (and even if you don’t!) along with skills like analytical thinking, clear communication, and the ability to understand and respond to feedback, you are likely a strong candidate. But first, you need to go through the interview process.
Based on my experience, here are three questions CIOs might ask during an interview – and tips on how to respond.
Here’s how a layperson – me – explains what manufacturing is: It means taking raw materials and turning them into finished products.
If you want a more formal definition, here’s one from the U.S. Bureau of Labor Statistics: “The manufacturing sector comprises establishments engaged in the mechanical, physical, or chemical transformation of materials, substances, or components into new products.”
It sounds old-school and highly physical – and perhaps not exactly fertile terrain for computing innovation. Yet manufacturing, just like the overall industrial sector, is a natural fit for edge computing and related trends like IoT, AI, and machine learning.
There was a time in ancient computer history when a computer only had one CPU. Today, your computer may still only have a single physical CPU, but that one CPU has multiple cores for data processing. When you run a command, you owe it to the brave sysadmins of the past to put all those cores to good use. One way to honor those who suffered on single-core machines is to use GNU Parallel, the seemingly magical command parser that can execute a task on several files simultaneously.
Today, IBM announced that the Red Hat and IBM Storage businesses are coming together as a single group within IBM. By combining our mission, teams and technologies, we will be able to more fully harness our strengths to grow this business further and faster, accelerate innovation in cloud-native software-defined storage, drive new capabilities for IBM and Red Hat customers, and position IBM to compete as a leader in the Enterprise Storage System & Hybrid Cloud Storage Software market.
Red Hat OpenShift is the platform of choice for many companies that have decided to modernize application development by adopting a cloud-native approach that makes the most of microservice and serverless patterns.
Personas are often used by teams when making decisions that will impact their users. While personas are not "real" people, they should reflect reality. But what about when reality isn't ideal? What happens when you discover that the range of current users, based on the people occupying high-ranking positions in IT, does not reflect the diversity we would hope to see? Do you faithfully and accurately portray reality, or paint an aspirational picture of how it should be in an inclusive world?
The Open Systems Interconnection (OSI) model is a standard for how computers, servers, and people communicate within a system. It was the first standard model for network communications and was adopted in the early 1980s by all major computer and telecommunications companies.
The OSI model provides a universal language for describing networks and thinking about them in discrete chunks, or layers.
At Red Hat, making sure our customers’ and partners' voices are heard is our top priority. Collecting and listening to feedback helps us to improve the experience our users have with Red Hat’s products, services and people.
Check out Enable Sysadmin's top 10 articles from September 2022.
In Debian Linux's 29-year history, there was one constant: Debian would be made entirely of free software. Debian also defined exactly what free software was in its Open Source Definition. Until now. Starting with the next version, Debian 12, aka Bookworm, Debian Linux will include proprietary firmware.
Debian has always offered a choice of installation images that included proprietary software, but these were also labeled as experimental. This decision makes proprietary software officially part of Debian.
The Debian community knows exactly what it's doing. In September, the group voted on incorporating non-free firmware in Debian. This vote, like all Debian community decisions, was done with the Condorcet method. The winning option, Proposal E, Choice 5, clearly stated it superseded the Debian Social Contract.
The Community Council is still looking for nominees for the upcoming election.
We will be filling all seven seats this term, with terms lasting two years. To be eligible, a nominee must be an Ubuntu Member. Ideally, they should have a vast understanding of the Ubuntu community, be well-organized, and be a natural leader.
The work of the Community Council, as it stands, is to uphold the Code of Conduct throughout the community, ensure that all the other leadership boards and council are running smoothly, and to ensure the general health of the community, including not only supporting contributors but also stepping in for dispute resolution, as needed.
Historically, there would be two meetings per month, so the nominee should be willing to commit, at minimum, to that particular time requirement. Additionally, as needs arise, other communication, most often by email, will happen. The input of the entire Council is essential for swift and appropriate actions to get enacted, so participation in these conversations should be expected.
AWS recently introduced a new addition to Amazon Workspaces with a fully-managed, infrastructure-only Virtual Desktop Infrastructure (VDI) offering called Amazon Workspaces Core. In addition, customers can provision Ubuntu desktops on Amazon Workspaces for their developers, engineers, or data scientists.
We â¤︠open source and are so grateful to see so many projects taking the decision to work in the open.
Kubeflow is an open-source MLOps platform that runs on top of Kubernetes. Kubeflow 1.6 was released September 7 2022 with Canonical’s official distribution, Charmed Kubeflow, following shortly after. It came with support for Kubernetes 1.22.
However, the MLOps landscape evolves quickly and so does Charmed Kubeflow. As of today, Canonical supports the deployment of Charmed Kubeflow 1.6 on Charmed Kubernetes 1.23 and 1.24. This is essential as Kubernetes 1.22 is not maintained anymore, following the latest release of Kubernetes 1.25.
 The ROMA RISC-V laptop was announced this summer with an unnamed RISC-V processor with GPU and NPU. We now know it will be the Alibaba T-Head TH1520 quad-core Xuantie C910 processor clocked at up to 2.5GHz with a 4 TOPS NPU, and support for 64-bit DDR at up 4266 MT.
The TH1520 is born out of the Wujian 600 platform unveiled by Alibaba in August 2022, and is capable of running desktop-level applications such as Firefox browser and LibreOffice office suite on OpenAnolis open-source Linux-based operating system launched by Alibaba in 2020.
Apple already demostrated that it is even possible to run x86 workloads on ARM with a little tweak in the memory system.
Especially important: how fast does existing x86 software (as virtualmachine or docker container) can be run on very energy efficient ARM SoC?
“Apple isn’t doing it purely in software – they have Total Store Ordering support in their hardware!”
We can see the Android 11 image from the list we saw last month is gone for good, and a new Android 12 image dated September 20, 2022 is available. I selected that one, and OOWOW downloaded the files and flashed it to the board. Within five minutes, Android 12 was up and running on the board.
Smart homes have many benefits, and it’s not all about convenience, security, and chores. Entertainment is a big part of what we do at home, and smart technology can help us maximize our enjoyment of our home entertainment systems and manage them more easily.
In this article, we’ll look at some of the ways smart home technology leads to better entertainment, and we’ll share a few examples of home entertainment projects from the Arduino Project Hub that you can try.
Art may be subjective, but all of our readers can appreciate the technology that goes into kinetic art. That term encompasses any piece of art that incorporates movement, which means it can be as simple as a sculpture that turns in the wind. But by integrating electronics, artists can achieve impressive effects. That was the case for Nicholas Stedman and his Devicist Design Works team, who built the Flux kinetic art installation for Shopify’s Toronto offices.
Flux is a massive 40-foot-long kinetic art piece that hangs suspended from the ceiling in the Shopify offices. That length is divided into 20 individual planks, each of which contains two reflective prisms. The prisms rotate in different patterns, resulting in mesmerizing visuals as light reflects around the art piece and the surrounding office. It is striking in its industrial minimalism, but subtle enough that it blends into the space instead of overpowering it.
Many medical conditions can affect urine flow, either as the primary effect or as a secondary symptom. That’s especially true for men, because prostate problems often affect urination. Benign prostate hyperplasia (BPH), for example, is a non-cancerous enlargement of the prostate that results in a weak urine stream. BPH is usually treatable with medication, but doctors need a way to measure a treatment’s efficacy. Jerry Smith developed Uroflow to monitor urine streams and track the progress of BPH treatment.
When one’s prostate enlarges, it can both put pressure on the bladder and restrict the urethra. That results in a frequent feeling that one needs to urinate, but also a weak stream. When the enlargement isn’t related to cancer, it falls under the BPH umbrella. A key to diagnosing BPH is a urinary flow test, which detects stream strength and urine volume. Follow-up urinary flow tests help doctors monitor treatment. But typical equipment for urinary flow testing is expensive and requires that the patient visit their doctor. Uroflow is inexpensive to build, which would let patients perform urinary flow tests at home.
VideoLAN’s URL from which users download the VLC Media Player (which is still open-source and ad-free!) appears to have been banned by the Department of Telecommunications (‘DoT’) in India since March 2021. This was done without any prior notice, or affording VideoLAN an opportunity of hearing, which is contrary to the 2009 Blocking Rules and the law laid down by the Supreme Court in Shreya Singhal v Union of India. IFF assisted in the drafting and dispatch of this legal notice.
[...]
VideoLAN is a not-for-profit organisation that developed VLC - a free and open source, media player software that was released for public use in 2001. We all use VLC for running various kinds of media files and streaming. Over the years, VLC has grown in scale and has become compatible for use in various devices and platforms. It can be downloaded on desktop operating systems, Android, iOS and iPadOS through various distribution platforms such as Apple's App Store, Google Play, and Microsoft Store, in addition to its website.
VLC is currently being used by 80 million Indians, and has consistently seen an average of 25 million downloads per year in India since its release. For millions of Indians VLC is the primary choice for running all kinds of media formats for free. In March 2022, VideoLAN’s home page was banned in India without any prior notice to VideoLAN.
At the heart of the computer industry are some very big lies, and some of them are especially iniquitous. One is about commercial software.
Free and open source software (FOSS) is at the root of a very big lie. FOSS itself isn't a lie. FOSS is real and it matters. The problem is that the most significant attribute of FOSS is a negative. It's all about what it is not. It's quite hard to explain things in terms of what they are not. People aren't used to it, and it can cause more confusion than it clears up.
So, instead, FOSS advocates talk about aspects which are easier to explain. Stuff like "source code," which is where the term "open source" came from. The problem is that in real life, the parts that are relatively easy to convey are most often completely irrelevant, at best unimportant, and at worst, not true at all.
So first, I want to talk about something equally important, but which may seem like a digression. Let's talk about convenience.
Anyone who chooses to use free and open source software on their desktop regularly gets asked why. Why bother? Isn't it more work? Isn't the pro-grade gear commercial? Isn't it worth buying the good stuff? Windows is the industry standard, isn't it simply less work to go with the flow?
PostgreSQL, the popular open source relational database, is getting support for MERGE statements, a move which is intended to make migration from SQL Server and Oracle-based systems easier.
With the release candidate for PostgreSQL 15 published on Friday and general availability expected on 13 October, the upgrade promises a slew of new features for developers.
But for those eyeing migration from Oracle to PostgreSQL, the new MERGE implementation that might be the focus of attention.
MERGE allows the developer and DBAs to either insert, update or delete a row in the table according to certain conditions.
Apache ShardingSphere, a powerful distributed database, recently released a major update to optimize and enhance its features, performance, testing, documentation, and examples. In short, the project continues to work hard at development to make it easier for you to manage your organization's data.
1. SQL audit for data sharding
The problem: When a user executes an SQL query without the sharding feature in large-scale data sharding scenarios, the SQL query is routed to the underlying database for execution. As a result, many database connections are occupied, and businesses are severely affected by a timeout or other issues. Worse still, should the user perform an UPDATE/DELETE operation, a large amount of data may be incorrectly updated or deleted.
ShardingSphere's solution: As of version 5.2.0, ShardingSphere provides the SQL audit for data sharding feature and allows users to configure audit strategies. The strategy specifies multiple audit algorithms, and users can decide whether audit rules should be disabled. SQL execution is strictly prohibited if any audit algorithm fails to pass.
LinuxLinks, like most modern websites, is dynamic in that content is stored in a database and converted into presentation-ready HTML when readers access the site.
While we employ built-in server caching which creates static versions of the site, we don’t generate a full, static HTML website based on raw data and a set of templates. However, sometimes a full, static HTML website is desirable. Because HTML pages are all prebuilt, they load extremely quickly in web browsers.
WordPress 6.1 Beta 3 is now available for download and testing.
This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended that you test Beta 3 on a test server and site.
In this issue, we discuss the rising awareness for Free Software in France. We share our plans for monitoring the implementation of Device Neutrality principles. A hackerspace in Albania shares the ‘Public Money! Public Code’ demand. We are looking for a working student to be our next system administrator assistant.
After a year of coding and evaluation the Youth Hacking 4 Freedom competition comes to an end, giving us amazing projects. Who won? The six winning programs offer sign language transcription, a smart table robot, a personal assistant, a music tutorial, file sharing, and a homework manager. All Free Software.
Back in October the FSFE started the Youth Hacking 4 Freedom competition to inspire the younger generation into software freedom. We had the pleasure to receive many interesting and inspired projects from all around Europe. Over a hundred people coming from 25 countries registered for the competition, making it a truly pan-European event. Now it is the exciting time of the results! The winners receive a cash prize intended to help them further develop their programs, or to support their studies. After careful consideration and interviews, here are the six winners...
The FSFE started the Youth Hacking 4 Freedom (YH4F) competition in October of 2021 to inspire the younger generation about software freedom. We received many interesting and inspired projects from all around Europe, and more than a hundred people from 25 countries registered for the competition, making it a truly pan-European event.
Open source software and open standards have many similarities but the legal frameworks under which each are created have real and important differences. Nonetheless there is an increasing desire to combine the benefits of both open source and standards in the development of new interoperable software-based technologies. The good news is that the differences in legal frameworks can be reconciled by giving care to the rules under which standards are developed. One key area of attention to achieve this end involves the copyright rules under which open source elements of standards are made available.
[...]
The mere development and use of software by SSOs in these ways has for the most part not given rise to conflicts with traditional SSO patent policies that permit participants to license their essential patent claims (i.e., those patent claims that would be infringed by implementing the standard), on fair, reasonable and non-discriminatory (FRAND) terms. The intellectual property rights (IPR) policies of most (but not all) SSOs provide that FRAND terms may include reasonable royalties or other reasonable license fees. SSOs with such patent policies are referred to in this article as FRAND SSOs.
Many popular apps, such as Adobe Photoshop, Microsoft Office, and WhatsApp, don’t have Linux desktop counterparts. However, thanks to cross-platform application development platforms like Electron, Flutter and Tauri, the number of Linux apps is on the rise.
If you’re interested in trying your hand at development, this tutorial shows you how to make a very simple app using Flutter and could prove helpful for those who want to figure out how to create apps for Linux and get some programming experience.
The biggest single new feature in this release is the interactive graphical tool for examining dense stereo results: accessed via mrcal-stereo --viz stereo.
The next pressing thing is improved documentation. The tour of mrcal is still a good overview of some of the functionality that makes mrcal unique and far better than traditional calibration tools. But it doesn't do a good job of demonstrating how you would actually use mrcal to diagnose and handle common calibration issues. I need to gather some releasable representative data, and write docs around that.
Meta is open sourcing its AITemplate technology that enables AI inference to run across multiple hardware vendors, with the claim of better performance
Next.js is a fashionable React framework for building web application. Some may argue that it is not suitable for building desktop apps, but they are wrong. It can be used to a powerful desktop apps using Nextron which is a starter for Electron + Next.js.
Electron is a free and open-source software framework for building desktop apps. It is based on the open source Chromium browser engine as a layer to run desktop apps using Node.js runtime environment.
There are many situations where you will want to know precisely how long your array is within PHP.
Luckily, getting an array’s length is a simple process thanks to one of PHP’s built-in functions.
Over the following few sections, you will see how you can use PHP’s count() function to get the length of an array.
If you haven’t yet been introduced to arrays, we recommend you check out our guide to arrays in PHP.
Git is one of those tools that I have been using for the past 4-5 years on a daily basis, very very good tool. Below I share some git commands and aliases ...etc, that I've collected over the years.
We list the five best Python code editors for Ubuntu/Linux and Windows in 2022.
Python is everywhere today, and it is arguably the C programming language of the modern era. You can find Python everywhere, from websites, apps, data science projects, and AI to IoT devices. So being a popular programming language of this decade, it is essential to know the development environment of Python, where developers create applications, especially if you are starting afresh.
Many Python development environments are available with features and utilities catering to your need. Some of them are useful for beginners learning Python by setting up the environment and other users for heavy Python development and complex setups. Here, in this post, I will touch upon the five best of them that would help you to pick one for your own need and use case.
Java is a high-level, object-oriented, and general-purpose programming language that is widely used to build robust and secure web and desktop applications. Most developers prefer working on an IDE that simplifies writing code and maximizes productivity.
So, what is an IDE?
An IDE (Integrated Development Environment) is a software application that combines a comprehensive set of development tools and plugins into a graphical UI that makes writing code easier and more efficient.
This week's Java roundup for September 26th, 2022 features news from OpenJDK, JDK 20, Alpaquita Linux, Native in Spring Boot 3.0-M5, GlassFish 7.0-M9, Open Liberty 22.0.0.10 and 22.0.0.11-beta, WildFly 27 Beta1, Micronaut 3.7.1, Quarkus 2.13, Hibernate ORM 5.6.12, Hibernate Reactive 1.1.8, Kotlin 1.7.20, TornadoVM 0.14.1, Apache Lucene 9.4, Camel Quarkus 2.13, Apache Tomcat updates and jConf.dev.
The European Parliament has approved the move to make USB-C a common port for charging on portable digital devices, a move which was proposed back in September last year.
The Parliament voted on Tuesday to adopt USB-C by a vote of 602 votes to 13, with eight abstentions.
The move will have to be formally approved by the European Council before it is published in the EU Official Journal. It will become law after 20 days with member states given 12 months to transpose the rules and 12 months after the transposition period ends to apply them. The new rules will not apply to products placed on the market before the date of application.
In a statement, the Parliament said by the end of 2024 all mobile phones, tablets and cameras sold in the EU would need a USB-C charging port. The obligation will extend to laptops from spring 2026.
If the semiconductor business teaches us anything, it is that volumes matter more than architecture. A great design doesn’t mean all that much if the intellectual property in that design can’t be spread across a wide number of customers addressing an even wider array of workloads.
How many interesting and elegant compute engines have died on the vine because they could not get volume economics and therefore volume distribution behind them, driving down costs and driving the creation of software ecosystems? Well, the truth is, damned near all of them.
While Intel is no stranger at all to the GPU business. In fact, it would be hard to find a stranger GPU business than the one that Intel put together several times over the decades – yes, decades – as GPU guru Jon Peddie, writing for the IEEE Computer Society, has documented.
Well-known independent telecommunications consultant Paul Budde says while Optus has bear a lion's share of the blame for the recent massive data breach, the government was not totally off the hook.
"As with so many policies there has been a serious lack of vision from the government and therefore also no clear strategy attached to it," he told iTWire on Tuesday. "There are a dozen or so initiatives that are not aligned and sometimes conflicting with each other."
Optus announced the breach on 22 September. However, only last evening did the company specify the numbers affected, with a total of 2.1 million taking a hit.
An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent).
It’s a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent.
Telstra has reported a data breach, with the names and addresses of 30,000 current and former staff being posted online.
Australia's biggest telco was in a rush to play down the leak, saying on LinkedIn that this was not due to a breach of any Telstra system.
It appears the data was filched from workforce management software company, Pegasus, which was providing a rewards program for Telstra staff.
Security updates have been issued by Debian (barbican), Fedora (libdxfrw, librecad, and python-oauthlib), Oracle (bind), Red Hat (bind and rh-python38-python), SUSE (bind, chromium, colord, libcroco, libgit2, lighttpd, nodejs12, python, python3, slurm, slurm_20_02, and webkit2gtk3), and Ubuntu (linux-azure, python-django, strongswan, and wayland).
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s enterprise network. ATP actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.
Microsoft team published a detailed schema that explains how the ZINC group compromised targeted engineers in 2022...
CISA has released five (5) Industrial Control Systems (ICS) advisories on October 04, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Successful exploitation of this vulnerability could allow an Active Directory user to execute validated actions without providing a valid password.
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.
The affected product is vulnerable to an Out-of-Bounds Write in CX-P.exe, which may allow an attacker to execute arbitrary code.
Brazil's election is going into a second round in which left-winger Luiz Inácio Lula da Silva will face far-right incumbent Jair Bolsonaro.
With almost all the votes counted, Lula had won 48% against Bolsonaro's 43% - a much closer result than opinion polls had suggested.
But Lula fell short of the more than 50% of valid votes needed to prevent a run-off.
Voters now have four weeks to decide which of the two should lead Brazil.
Winning outright in the first round was always going to be a tall order for any candidate - the last time it happened was 24 years ago.
The Kremlin is “tightening the screws” on how media inside Russia can report on its war in Ukraine, media analysts say.
Moscow issued new directives to the media in late September, following Russia’s announcement of a partial military mobilization to try to bolster its troops.
Under the new regulations, media organizations must use only data and information from federal and regional executive bodies when reporting on mobilization efforts.
Failure to comply could result in news outlets being blocked or fined up to 5 million rubles (US $82,000), according to the Russian media regulator Roskomnadzor.
Russia has imposed a series of regulations on the media since it invaded Ukraine in February, including directives to call the war a “special operation,” and a new law penalizing spreading “false news” about the army. A violation of the latter carries a 15-year prison sentence.
The White House wants Americans to know: The age of AI accountability is coming.
President Joe Biden has today unveiled a new AI Bill of Rights, which outlines five protections Americans should have in the AI age.
Biden has previously called for stronger privacy protections and for tech companies to stop collecting data. But the US—home to some of the world’s biggest tech and AI companies—has so far been one of the only Western nations without clear guidance on how to protect its citizens against AI harms.
Today’s announcement is the White House’s vision of how the US government, technology companies, and citizens should work together to hold AI accountable. However, critics say the plan lacks teeth and the US needs even tougher regulation around AI.
The undersigned international human rights and civil society organisations demand an end to the deliberate violence, arrest, threats, and charges against Iranian human rights defenders, journalists, student activists and civil rights actors, especially amongst minority ethnic groups.
Since 18 September 2022, over fifty human rights defenders, in addition to journalists and student activists, have been arrested and arbitrarily detained, some already charged with “acting against national security”. The death toll around the country is estimated to have gone beyond one hundred according to some human rights organisations and media outlets. According to the Baloch Activists Campaign on 1 October 2022, at least sixty seven protesters have been killed only in Zahedan, Balouchestan province. The arrests and attacks appear to be aimed at punishing and silencing those protesting for human rights, especially women’s rights, and accountability for the death in Morality Police custody of a 22-year-old young woman, Mahsa (Jina) Amini, while enforcing the country’s discriminatory forced veiling laws. In response to this, several human rights groups have called for the Iranian police and authorities to be held accountable.
There is no need to explain what robocalls are. We ALL know what they are and have been at least bothered, if not enraged, by them. The Federal Communications Commission has had enough too. Seven voice service providers not playing by the rules will be removed from the FCC database for robocallsif they don’t comply in 14 days.
Governments shouldn't shut down the internet to quell protests, the newly elected head of the United Nations' telecoms agency suggested on Friday.
Asked about countries, including Iran, where governments restrict web access to limit political dissent and communications, the secretary-general of the International Telecommunication Union (ITU), the United States' Doreen Bogdan-Martin, stressed the internet's importance.
“I believe that all people should have access to connectivity: It's empowering; it can be life-saving,” she said in an interview with POLITICO.
Among the loveliest illuminations of Bartholomaeus Anglicus' encyclopedia, Evrard d'Espinque's illuminations use a T-O pattern to trace the Great Chain of Being.
I know I don't post very often and I don't really participate in the gemini community. I'm not a very extroverted person and I became really depressed since the russian invasion of Ukraine, although my life hasn't changed that much. I wasn't hit by inflation that hard (yet) and I can still pay my bills. But every day there are more shocking news and escalation. I'm haunted by old fears which I thought were long gone.
But here is a little update - I don't want my gemini presence to vanish completely. It won't be read by many people anyway and I don't consider my content as 'high quality'. Sorry for that, but I'm not much of a writer.
This is intended to be more of a small blog rather than anything I actually write super long on. Short diary for my day. Tried to use gemlog blue or whatever, but this seems nicer. Dunno.
With all my “farewell anarchy” talk lately, I need to become super careful to avoid fascism.
Fascism is a rich-gets-richer project that was created to divert energy from the class vs class struggle and instead getting the classes to cooperate vs some nebulous “other”.
The jews, the muslims, the gays, the terrorists, the drug-dealers, the genderqueer, the women, the Mexicans, the immigrants, the fake news, the abusers, the traffickers...
Sometimes I **do** feel that being sessile like our omnipresent *friend* Shambal Brambel'd be the best course of action. And, as Robert Calvert said: *There's only one course of action.* One wouldn't have to bustle thither and then hither unmaking, reassembling and poorly ascertaining the multitudinous building blocks of life. The sessile state is one of contemplation. The sessile state is one of concentration. The sessile state is one free of distraction. Well, unless you are stationed in the sessile state beside a cacophony of Spanish (or otherwise) "humans" clamouring for attention between each other and pretending that anything outside of their bubble does not exist. Tribal heathens. May they experience the flame death - and soon. The moral is, whilst packing for your journey to the *sessle state*, to include your best noise-cancelling headphones in case the general location of your sessile state is invaded by clamouring Spanish (or otherwise) tribalists.
[...]
As for my own involvement, I've been to blame for being a music snob for many epochs. Back in the *good ol' days*, I'd certainly condemn those who listened to *lesser* music (read - simply what was fed to them by the radio) as opposed to actively exploring "higher" forms. I evolved, finally, and through many epochs. When it comes to interest-related cliques, one must simply understand that people's foci differ. Simply, if one is into avant-garde music doesn't mean one is into avant-garde film and vice-versa, though of course it doesn't exclude the possibility, either. As always, borders are fuzzy. The membranes of such bubbles are broad and permeable. The catholic tribe of believers in a stark black and white universe will die in the multi-timbrel conflagration of colour.
I recently got interested into what's possible with machine learning programs, and this has been an exciting journey. Let me share about a few programs I added to my toolbox.
They all work well on NixOS, but they might require specific instructions to work except for upscayl and whisper that are in nixpkgs. However, it's not that hard, but may not be accessible to everyone.
Interesting FOSS program time! ActivityWatch[1] is a time monitoring FOSS program. Compared to alternatives, it's fully FOSS, privacy-friendly and stores data locally. I thought it'd help me see how I spend my computer time, thus would prove helpful in organizing it. If you're on Android it'll auto import your statistics from the OS.
On the Small Web we tend to be mindful of our computer usage and try to not get caught in the whirlwind of the WWW, so a helpful utility like ActivityWatch fits right in. I find it useful for keeping myself informed in regards to my screen time, not only that you can see what specific programs you use and you can group them based on various categories.
My mother and I were staying at someone's home. Whoever it was had a computer that could access the internet. My mother told me that soon we would be speaking to my father through this person's computer. I was a bit incredulous but nevertheless excited when I shouted "How!?" at the top of my lungs. She explained, "Your father is on the other side of the computer and he's going to send us messages over the internet." Internet? The other side of the computer? Images of my father shrunken down, small enough to fit in the palm of my hand, and living inside the computer screen flashed in my mind. I was scared.
OpenWeather forecasted clear skies in the early morning hours, so I decided to get up about 2am AKDT and do some star gazing. When I got outside about 2:30am, there was some mild green Aurora swirls. I was told by others that there were some spectacular displays a few hours earlier, so it looks like I saw the tail end of that.
At Lumina[1] (the statup I work), we switched our UI stack from Electron to Qt. Both are extremely popular and mature technologies, both had their pros and cons. But we ended up migrating by the end of 2021. I think the story is interesting and worth sharing. Hence this post.
For some context, Lumina sells webcams and provides a software for post-processing and image tuning. Early PoC software was MacOS only and written in Electron[2] and bridged to C++ for low level accss. This works quite well as we are able to leverage experiences from our web team. The native software team just have to deal with image processing and camera control. Crossing the JS <-> C++ bridge is easy-ish but prone to error. We had wrapper issues from time to time.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.