Bonum Certa Men Certa

Links 14/12/2022: Ardour 7.2 and xorg-server 21.1.5



  • GNU/Linux

    • Desktop/Laptop

      • Linux HintBest Linux Distros for Every User 2023

        Linux operating system has become so popular that we have a Linux distribution for every type of computer user. We have a Linux distro for a powerful advanced computing machine as well as for old machines having low-end hardware. We have a Linux distro weighing just 100 MB that can be installed on an old school disc as well as a Linux distro sizing 4GB which can be installed on modern and superfast SSDs.

        We also have Linux distros especially tailored for individual users like normal day to day users, professionals, programmers, hardcore gamers and developers, and multinational organizations.

        Increased career opportunities in the field of data science, analytics, and machine learning eventually increasing the userbase of Linux and its distros rapidly.

        So, in this article I am going to give you an in-depth look at best 50 Linux distros that you can consider using in 2023. If you’re thinking of switching from Windows to Linux and having confusion which Linux distro to choose, then don’t worry because you will have your Linux distro by the end of this article.

    • Audiocasts/Shows

    • Applications

      • DebugPointBest Screen Recorders for Wayland in Linux [Compared & Tested]

        Modern Wayland protocol is used by default in most frontrunner Linux distributions, such as Ubuntu and Fedora. However, this X.Org successor comes with work for the app developers to re-platform their app for Wayland because Wayland is more secure and follows modern standards.

        Screen recorder apps fall into that category. There are many popular screen recorders which were developed for X.Org - doesn't work anymore in Wayland.

        However, few of them work. In this list, I will walk you through a few that I tested in the Wayland session. And they work well.

      • OpenSource.comExperience Linux desktop nostalgia with Rox | Opensource.com

        Rox-Filer is an open source file manager for Linux, once intended for the defunct Rox desktop but now a streamlined application for any window manager or desktop. There hasn't been much activity on the Rox project since 2014, and even then it is mostly in maintenance mode. And that's part of Rox-Filer's charm. In a way, Rox-Filer is a snapshot of an old desktop style that was progressive for its time but has given way to a more or less standardized, or at least conventional, interface.

      • 9to5LinuxArdour 7.2 Open-Source DAW Brings Support for Compressed Ogg/Opus Audio, New MIDI Input Port

        One and a half months after Ardour 7.1, Paul Davis and the team behind this open-source, free, and cross-platform digital audio workstation (DAW) released Ardour 7.2 as a modest update to the software that brings various new features and improvements.

        Some exciting new features in this release include support for compressed Ogg/OPUS audio files as Ardour can now decode and encode Ogg/Opus files without relying on the command-line for post-processing. This change requires the libsndfile 1.0.29 or later library to be installed on your GNU/Linux system.

      • RationalPlan 6 - Baselines, Improved Scheduling, MS Project Integration

        Stand By Soft launches RationalPlan 6 a new major version that comes with lots of new features and improvements especially for the web based interface. To be noted the possibility to work with baselines and Earn Value Management technique, generating reports, clients management, improved projects scheduling with timescales up to seconds, custom columns and new filters, data export etc. Compatibility with Microsoft Project files was also enhanced, while integration with Google Drive was updated to the latest V3 version.

    • Instructionals/Technical

      • Listing All the Available Shells in Your Linux System

        Bash is the most popular shell implementation program that most modern Linux systems like Debian and Ubuntu ship out of the box, unlike ZSH and Fish.

        However, operating systems like Kali Linux and macOS took a step forward by providing ZSH as the default login shell for their systems because of its features and functionality.

        Most of the time, Bash and its derivative shells like ZSH and Fish share common syntax and functionality, except for a few things that do not affect regular interactive users.

      • 3 Ways to Change User’s Login Shell in Linux

        As an informed Linux user, you already know that, in addition to Bash, there are ZSH, KSH, Fish, and other lesser known shells that bring extra features and functionality to the table.

        Still, many Linux distributions ship Bash as the default login shell, but they can’t stop you from playing with another shell.

      • Red HatHow we addressed an unforeseen use case in pthread_atfork() | Red Hat Developer

        While the POSIX standards specified by IEEE form the basis of compatibility between various operating systems and the portability of application code, sometimes unforeseen use cases can exercise an implementation in surprising ways and make us think about whether the interface itself could benefit from a more thorough specification.

        As a member of Red Hat's Platform Tools team, I recently had the chance to witness and participate in the glibc developer community's encounter with one such situation. As we worked on triaging and fixing what at first glance seemed to be a regression in the implementation of pthread_atfork(), it soon became apparent that the interface might benefit from a more thorough treatment in its specification than it does already.

      • H2S MediaHow to remove PPA using Ubuntu GUI Software Updater

        Here are the steps to follow to delete the PPA repository from Ubuntu using the GUI of the Software & Updates app.

        All the packages to install various software are not available on Ubuntu using the official repo. Hence, other third-party users can use the PPA (Personal Package Archives (PPAs) to distribute their packages easily. However, it is often used to distribute pre-release software so that they can be tested.

        Although the package publishers can use the regular way to avail their APT repo, yet, PPA is easy to install for users.

        Nevertheless, we can use the terminal to delete the added PPA repository, however, if you are using the GUI desktop of Ubuntu then it is much easy. Here we show you how?

      • Red Hat OfficialHow to troubleshoot IPsec VPN misconfigurations | Enable Sysadmin

        Debugging IPsec VPN tunnels can be problematic, and this article offers tips to make it easier.

      • LinuxConfigHow to partition a drive on Linux

        Every hard disk, in order to be accessible under Linux, must have at least one partition on it. A partition is a way to logically separate different sections of a disk. For example, a 4 TB hard drive could have four different 1 TB partitions, and all would appear as separate storage systems under the operating system. Alternatively, a hard disk could simply contain a single partition that spans the entire volume. The configuration is entirely up to the user.

        Whatever configuration you decide for your hard disk, setting up partitions is one of the most essential and dangerous task to perform when working with operating systems. It is possible to create new partitions, delete partitions, and to shrink or expand existing partitions. In the sections below, we will assume that you need to add a new partition to a hard disk that is either currently unpartitioned or already contains some partitions.

        In this tutorial, we will cover the step by step instructions to partition a hard drive or solid state drive on an existing Linux system. We will show the necessary steps for both a brand new disk and one that already has one or more partitions on the disk. You will see the steps for both command line and GUI methods, so you can follow along with set of instructions you are most comfortable with. Let’s get started.

      • LinuxConfigHow to format disk in Linux

        Formatting a disk will get it ready for use as a storage device on your Linux system. The process involves partitioning the disk, adding a file system to the partition (this is the “formatting” part), and then mounting the partition to some path where you plan to access it from. This might sound complex or like a lot of steps, but it really only takes a few minutes.

        This process will wipe all the data from your hard disk and get it ready for use under Linux or another system. In this tutorial, we will cover the step by step instructions to format a hard drive or solid state drive on a Linux system. We will show the steps for both command line and GUI methods, so you can follow along with set of instructions you are most comfortable with. Let’s get started.

      • LinuxConfigHow to check memory size in Linux

        If you want to know the memory size of your Linux system, you will be relieved to know that it is not necessary to crack open the PC or boot into the BIOS screen to get your information. Linux allows us to check our memory size, and other relevant information such as spare slots and RAM speed, etc, all from within the operating system. We will go over some of these hardware checking methods below.

        In this tutorial, you will learn how to check the physical memory (RAM) size that is installed on your computer. We will go over several command line and GUI methods below, which should work for any Linux distro that you may be using.

      • Linux CapableHow to Upgrade to Ubuntu 23.04

        The much-anticipated Ubuntu 23.04 code-named “Lunar Lobster” development branch is here. This is an upcoming short-term release available to download or for existing users to upgrade their existing Ubuntu distro for those with test machines and environments that like to work with what’s in store with Ubuntu. For now, while Ubuntu 23.04 is in development, not much can be officially clarified; some features that will most likely be present are Linux Kernel 6.2 and GNOME 44. I will update this closer to the release day, which is scheduled for April 20th, 2023.

      • ID RootHow To Install OBS Studio on Fedora 37 - idroot

        In this tutorial, we will show you how to install OBS Studio on Fedora 37. For those of you who didn’t know, OBS Studio is a free and open-source software for video recording and live streaming. OBS Studio also makes it easier for those new to the world of live streaming as it is designed to be simple to use, and comes with plugins. It is available for Windows, macOS, Linux distributions, and BSD.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the OBS Studio streaming app on a Fedora 37.

      • UNIX CopHow to delete a range of lines from a text file using the terminal

        The more we know how to use the terminal, the more we can benefit from it. That’s why today you will learn how to delete a range of lines from a text file using the terminal.

        Although it seems like a solution that may not be useful, the reality is that in scripts and configuration files, learning how to manage files can be a great help to you.

        For this, you can use two simple commands to make the desired range of lines disappear. As I said, this is important to further outline the text files.

      • Linux CapableHow to Install PHP 8.2 on Ubuntu 22.04/20.04 - LinuxCapable

        PHP 8.2 is now available to install. This is an easy installation for Ubuntu users, given the operating system’s popularity and its many installation options; most users use the OndÅ™ej Surý third-party repository when needing to install and maintain PHP in your web stack or as a developer.

        PHP version 8.2 introduced some exciting new features and improvements, including readonly classes, allow true, false, and null as standalone types, fetch enum properties in const expressions, new mysqli_execute_query function and mysqli::execute_query method and much more.

        As explained in the introduction, you will learn how to install or upgrade PHP 8.2 on Ubuntu 22.04 Jammy Jellyfish or 20.04 Focal Fossa using the command line terminal using the PHP repository by Ondřej Surý, a renowned Debian maintainer along with how to install popular extensions for Apache, Nginx or modules like PHP 8.2 Redis, Memcached support.

      • Linux CapableHow to Install Chromium Browser on Ubuntu 22.10/22.04/20.04 - LinuxCapable

        Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. The Chromium codebase is widely used, and Microsoft Edge, Opera, and many other browsers are based on the code. Chromium is well-liked amongst advanced users who prefer not to have all the bloat of tracking in Chrome and other proprietary software.

        The following tutorial will teach you how to install Chromium Web Browser on Ubuntu 22.10 Kinetic Kuduo, Ubuntu 22.04 Jammy Jellyfish, and Ubuntu 20.04 Focal Fossa using two methods: APT or Flatpak installation using the command line terminal.

      • Linux HintHow to Install and Configure Hamachi on Linux

        Looking for an easy-to-use virtual private network over the LAN connection then certainly Hamachi is one of best options one can get. Though officially this VPN does not come with GUI for Linux, users use the command line interface to configure and operate the application. So, if you’re interested in installing the Hamachi on your Linux system then this guide is for you.

      • Linux HintPush Button with ESP32 - Arduino IDE

        ESP32 is an IoT board that can be interfaced with different external peripherals to generate outputs. ESP32 takes input from devices like push buttons and generates responses according to the received input. Push buttons can be used to control multiple sensors and devices like controlling a LED or maintaining speed of motors. Here in this lesson, we will discuss push button interfacing with ESP32.

      • Linux HintMonitor Raspberry Pi Through Monit

        Monit is an open-source Linux monitoring tool used to monitor processes running on your system, such as Apache, SSHD, MySQL, and so on. This tool can also monitor Raspberry Pi resources, including CPU, swap space, memory usage, and so on. It uses the web interface to display the system and process information, and you can set it up on your Raspberry Pi system through this article’s guidelines.

      • Linux HintHow to Install Strimio on Linux Mint 21
      • Linux HintHow to Install Adminer on Linux Mint 21
      • Linux HintHow to Install 7Zip Compression Tool on Linux Mint 21
      • Linux HintHow to Create and Use Symbolic Links in Linux Mint 21
      • Linux HintCreate GIF – Install Peek on Linux Mint 21
      • Linux HintHow to Install Flask on Linux Mint 21
      • Linux HintHow to Install GVim on Linux Mint 21
      • Linux HintHow to Install My Weather Indicator on Linux Mint 21
      • Linux HintHow to Install Jami on Linux Mint 21
      • Linux HintHow to Install Ghidra on Linux Mint 21
      • Linux HintHow to Install Transmission BitTorrent Client in Linux Mint 21
      • Linux HintHow to Install g++ on Linux Mint 21
      • Linux HintHow to Install and Use vnStat on Linux Mint 21
      • What does it take to be Linux Database Administrator?

        A Linux Database Administrator is a technical expert responsible for the installation, configuration, maintenance, and security of database systems on Linux-based operating systems. They must have a strong knowledge of Linux operating systems and the database software they are managing.

        The Linux Database Administrator is responsible for creating, maintaining, and troubleshooting the databases, as well as creating and managing user accounts and granting access to the database system.The Linux Database Administrator must have an in-depth understanding of database architecture, including data storage and retrieval, as well as an understanding of database security. They are responsible for ensuring the database systems are running efficiently and securely.

      • TechTargetWhat are the differences between su and sudo commands? | TechTarget

        Linux administrators have choices when deciding how to delegate privileges. Learn about the options they can take while ensuring their operations remain secure.

      • LinuxStansdu Command in Linux - Tutorial and Examples

        In Linux, du stands for “disk usage” and it’s a command most often used to check the size (and other space/disk usage) of the files and directories.

        The du command can be used on any Linux distro, including Ubuntu, Debian, Fedora, Linux Mint, and more. It can even be used on macOS.

      • Linux Made SimpleHow to install Solitaire on a Chromebook

        Today we are looking at how to install Aisleriot Solitaire on a Chromebook.

        If you have any questions, please contact us via a Rumble comment and we would be happy to assist you!

        Please use the video as a visual guide, and the commands and links below to install it on your Chromebook.

      • ID RootHow To Install BalenaEtcher on Rocky Linux 9 - idroot

        In this tutorial, we will show you how to install BalenaEtcher on Rocky Linux 9. For those of you who didn’t know, BalenaEtcher is a free and open-source tool that is used to burn operating system images to a USB drive or SD card. It is available for Linux, Windows, and macOS, and is designed to be easy to use even for people who are not familiar with using command-line tools. BalenaEtcher works by flashing a disk image onto a USB drive or SD card, making it bootable and ready to be used to install an operating system on a computer. It is commonly used to install Linux distributions, but can also be used to install other operating systems, such as Windows or macOS. BalenaEtcher is known for its simplicity and reliability and is a popular choice among people looking to create bootable USB drives or SD cards.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the BalenaEtcher on Rocky Linux. 9.

      • dwaves.de- WordPress how to htaccess disable xmlrpc.php | dwaves.de

        xmlrpc.php is only in use, if the user uses the wordpress app.

        if the app is not used, it would be wise to disable this file, because it is frequent target of brute force (trying out a billion passwords) attacks, also causing unecessary traffic and energy usage in datacenters.

      • VirtualizationIntroduction to Docker, Part 1: Getting Started -- Virtualization Review
      • SUSE's Corporate BlogCPU Isolation – Nohz_full troubleshooting: broken TSC/clocksource – by SUSE Labs (part 6)
    • Games

      • Boiling SteamNew Steam Games with Native Linux Clients - 2022-12-14 Edition - Boiling Steam

        Between 2022-12-07 and 2022-12-14 there were 23 New Steam games released with Native Linux clients. For reference, during the same time, there were 256 games released for Windows on Steam, so the Linux versions represent about 9 % of total released titles.

      • CubicleNateC1541x | The Commodore 1541 Impostor - CubicleNate’s Techpad

        My most favorite computer build to date has been my Commodore 64 Impostor. It has truly been the best computer I have ever owned. Not because it is he fastest and most capable but because it hit all the right nostalgia buttons while at the same time meeting my computing requirements. The only real problem I had with it is that because of its small size, I needed some sort of external media bay and extra storage to accompany this glorious C64x. I needed to build a Commodore 1541 Impostor to fit right along side of it.

        [...]

        I have been very happily using this 1541 Impostor as a media module with my C64x. It acts largely as a USB Hub where I plug in my microphone and webcam, then as a convenient place to plug in USB drives, SD Cards and Compact Flash cards. I have only used the SATA port a few times but most of the time it seems that I plug in my 2.5″ SATA adapter into the USB3 port. I haven’t used the 2 TB internal storage much so far but I do intend on making better usage of it in time.

  • Distributions and Operating Systems

  • Free, Libre, and Open Source Software

    • Events

      • LWNEverything Open call for proposals [LWN.net]

        Everything Open is, seemingly, the future form of the conference once known as linux.conf.au; see this page for a discussion of the reasoning behind the change. The inaugural event will be held March 14 to 16 in Melbourne, Australia, and the call for proposals has gone out now, with a deadline of January 15. "Our aim is to create a deeply technical conference where we bring together industry leaders and experts on a wide range of subjects."

      • PostgreSQLPostgreSQL: FOSDEM PGDay registration announcement

        We are excited to announce that registration is now open for the FOSDEM PGDay 2023 conference, which will be held on February 3rd, 2023, at the Renaissance Brussels Hotel in Brussels.

    • Web Browsers/Web Servers

      • Daniel StenbergIDN is crazy | daniel.haxx.se

        IDN, International Domain Names, is the concept that lets us register and use international characters in domain names, and by international we of course mean characters outside of the ASCII range.

        Recently I have fought some battles against IDN and IDN decoding so I felt this urge to write a lot of words about it to help me in my healing process and maybe mend my scars a little. I am not sure it worked but at least I feel a little better now.

        (If WordPress had a more sensible Unicode handling, this post would have nicer looking examples. I can enter Unicode fine, but if I save the post as a draft and come back to it later, most of the Unicodes are replaced by question marks! Because of this, the examples below are not all using the exact Unicode symbols the text speaks of.)

      • Mozilla

        • LWNFirefox 108 released [LWN.net]

          Version 108 of the Firefox browser has been released. The headline feature this time around appears to be the enabling of import maps by default, along with support for the Web MIDI API and the usual set of security fixes.

        • The Register UKFirefox 108 brings improved Web MIDI support ● The Register

          The last new version of Firefox for 2022 is out on Mozilla's FTP server, with a more widespread release to follow soon.

          Mozilla has released Firefox version 108. Amusingly, for the first time since Mozilla sped up its release cycle in 2015 (and presumably for the last time, too) the current version numbers for Firefox and Google Chrome line up: the current stable version of Chrome is also version 108.

          Truth be told, the 108th fox is not an especially big specimen. We rather like the task manager: it's been present for a while, but it's easier than ever to get to – just press Shift+Esc and a new "Process Manager" tab will open. Prepare to be aghast at how much RAM it takes to render a single web page nowawadays.

          A new feature that may please musicians is the improved support for the Web MIDI API. The MIDI standard is very close to a remarkable 40 years old, and Web MIDI does just what the name implies: it allows web apps to send and receive MIDI signals to and from musical instruments. In principle this will allow sequencer apps to be implemented in Javascript.

    • Content Management Systems (CMS)

      • OpenSource.comSimplify the installation of Drupal modules with Project Browser

        Drupal's modular structure lets you extend your website with an endless array of features. Then again, discovering the right module and installing it on your website can be a challenging task for beginners or non-developers.

        That's where the Project Browser initiative comes into play!

        Project Browser is one of the most exciting initiatives for Drupal. It is intended to make the platform genuinely easy for everyone. Read on to discover what the project goals are, why we're excited about it, how Project Browser works, and when you might see it in Drupal core.

    • Programming/Development

      • Dirk EddelbuettelDirk Eddelbuettel: RcppSpdlog 0.0.11 on CRAN: Small Enhancement



        Version 0.0.11 of RcppSpdlog is now on CRAN and in Debian. RcppSpdlog bundles spdlog, a wonderful header-only C++ logging library with all the bells and whistles you would want that was written by Gabi Melman, and also includes fmt by Victor Zverovich.

        This release adds support for a basic file logger as a alternative to the console logger. This can be helpful with code which suppresses or hides console output – as for example unit test code does. We also expose the formatting helper function for direct use at the C level from other packages, and mention the handy wrapper spdl in the README.

      • Dirk EddelbuettelDirk Eddelbuettel: digest 0.6.31 on CRAN: snprintf Update

        Release 0.6.31 of the digest package arrived at CRAN this weekend, and is being uploaded to Debian as well.

        digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64, murmur32, spookyhash, and blake3 algorithms) permitting easy comparison of R language objects. It is a mature and widely-used as many tasks may involve caching of objects for which it provides convenient general-purpose hash key generation to quickly identify the various objects.

      • Dirk EddelbuettelDirk Eddelbuettel: AsioHeaders 1.22.1-2 on CRAN: Small Update

        An new minor revision of the AsioHeaders package arrived at CRAN earlier today. Asio provides a cross-platform C++ library for network and low-level I/O programming. It is also included in Boost – but requires linking when used as part of Boost. This standalone version of Asio is a header-only C++ library which can be used without linking (just like our BH package with parts of Boost).

        This minor update avoid use of (v)sprintf which CRAN now flags in r-devel (for all R builds), following the decision by Apple to deprecated it for macOS. Winston had notified me about email he had gotten for for his websocket package – also highlighting the issue for both iptools and ipaddress. As the issue ticket dialog shows I was initially a little hamfisted about replicating, falsely thinking I would need an updated compiler. But this really is ‘just’ a change in r-devel once again scanning shared libraries for symbols now warned about. Upstream has newer minor releases but they did not yet cover this; however I found a commit mentioning Xcode and snprint from three days ago which I essentially ported. We needed one more change, and that addressed the issue in websocket. But as it is good to increase the number of random acts of kindness, I also looked into iptools and ipaddress as CRAN has its eyes on them too for this. Turned out they needed simple and limited changes from sprint to snprintf so made those and sent them PRs: iptools PR #42 and ipaddress PR #79.

      • Dirk EddelbuettelDirk Eddelbuettel: spdl 0.0.2 on CRAN: First Update

        A first update to the recently-released package spdl is now om CRAN. The key focus of spdl is a offering the same interface from both R and C++ for logging by relying on spdlog via my RcppSpdlog package.

        This release exposes simple helpers fmt() (to format text according to the included fmt library) and cat() which formats and prints.

      • Perl / Raku

        • RakulangDay 14: Trove – yet another TAP harness - Raku Advent Calendar

          Since the early Pheix versions, I have paid a lot of attention to testing system. Initially it was a set of unit tests – I tried to cover a huge range of units like classes, methods, subroutines and conditions. In some cases I have combined unit and functional testing within one .t file, like it’s done to verify Ethereum or API related functionality.

          Tests became a bit complicated and environment dependent. For example off chain testing like trivial prove6 -Ilib ./t should skip any Ethereum tests including some API units, but not API template engine or cross module API communications. So I had to create environment dependent configurations and since that point I started yet another Pheix friendly test system.

          It was written in pure bash and was included in Pheix repository for a few years.

          In a middle of June 2022, I introduced Coveralls support and got a few requests to publish this test tool separately from Pheix. Consider that moment as a Trove module birth baby

  • Leftovers

    • Entrapment (Microsoft GitHub)

      • It's FOSSMicrosoft Soundscape to Go Open Source Marking the End of the Project [Ed: Sourav Rudra is killing "It's FOSS". He habitually promotes proprietary software (NOT FOSS) and even Microsoft.]

        The Soundscape project was a fascinating experimental research effort undertaken by Microsoft to use sound-based technology to help visually impaired people navigate their surroundings.

        Launched back in 2017, it used 3D audio cues and augmented reality to enhance a user's awareness by guiding them through places.

        Soon after, they also launched an iOS app to showcase their progress.

    • Security

      • CISAApple Releases Security Updates for Multiple Products | CISA

        Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

      • CISAMicrosoft Releases December 2022 Security Updates | CISA

        An attacker can exploit some of these vulnerabilities to take control of an affected system.

      • CISAVMware Releases Security Updates for Multiple products | CISA

        A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

      • CISACISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA [Ed: "Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file"]

        CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose a significant risk to the federal enterprise. Note: To view newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

      • CISANSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing | CISA [Ed: NSA has been attacking entire networks; why is it posing as a guardian of network security?]

        Today, the National Security Agency (NSA), CISA, and the Office of the Director of National Intelligence (ODNI), published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents both the benefits and risks associated with 5G network slicing. It also provides mitigation strategies that address potential threats to 5G network slicing. The guidance builds upon ESF’s Potential Threat Vectors to 5G Infrastructure, published in 2021.

      • TechTargetMicrosoft addresses two zero days in December Patch Tuesday [Ed: Microsoft failing to patch known holes until after they're widely exploited]

        December's Patch Tuesday features fixes for 48 new bugs, including several critical vulnerabilities and two zero days, one of which is currently being exploited in the wild.

      • Bleeping ComputerMicrosoft-signed malicious Windows drivers used in ransomware attacks [Ed: Microsoft cannot do security and even sworn Microsoft boosters like Lawrence Abrams seem to be fed up; ransomware is mostly a Windows problem]

        Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.

      • LWNA security release for xorg-server [LWN.net]

        X.org users running in potentially hostile environments will want to look into the xorg-server 21.1.5 release, which fixes several potentially serious security vulnerabilities. "All theses issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions".

      • LWNX.Org Security Advisory: multiple security issues in X server extensions
      • LWN[ANNOUNCE] xorg-server 21.1.5
        This release fixes 6 recently reported security vulnerabilities in
        various extensions. The CVE numbers are:
        CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343,
        CVE-2022-46344, and CVE-2022-4283
        
        

        For details on the these issues please see the security advisory here: https://lists.x.org/archives/xorg-announce/2022-December/...

        Jeremy Huddleston Sequoia (3): xquartz: Remove unused macro (X11LIBDIR) xquartz: Move default applications list outside of the main executable meson: Don't build COMPOSITE for XQuartz

        Peter Hutterer (8): Xtest: disallow GenericEvents in XTestSwapFakeInput Xi: disallow passive grabs with a detail > 255 Xext: free the XvRTVideoNotify when turning off from the same client Xext: free the screen saver resource when replacing it Xi: return an error from XI property changes if verification failed Xi: avoid integer truncation in length check of ProcXIChangeProperty xkb: reset the radio_groups pointer to NULL after freeing it xserver 21.1.5

        git tag: xorg-server-21.1.5
      • LWNSecurity updates for Wednesday [LWN.net]

        Security updates have been issued by Debian (pngcheck), Fedora (qemu), Mageia (admesh, busybox, emacs, libarchive, netkit-telnet, ruby, rxvt-unicode, and shadowutils), Oracle (bcel and kernel), Red Hat (389-ds-base, bcel, dbus, firefox, grub2, kernel, kernel-rt, kpatch-patch, thunderbird, and usbguard), Scientific Linux (bcel), SUSE (containerd, firefox, grafana, java-1_8_0-openjdk, libtpms, net-snmp, and wireshark), and Ubuntu (pillow).

      • Privacy/Surveillance

        • AccessNowStop SIM data-syphoning: Safaricom must protect privacy in Kenya - Access Now

          People in Kenya have both the right to mobile telecommunications and to privacy — prominent telecommunications provider Safaricom must delete all biometric data collected via its dangerous, manipulative data-harvesting SIM registration process. Read Access Now’s open letter to the company.

          “Safaricom demanding excessive personal information — including private biometric data — for people to use its services is nothing less than unconscionable,” said Jaimee Kokonya, Africa Campaigner at Access Now. “As one of the nation’s leading internet providers, the company wields the power to control the communication of millions of people, and must put human rights above all. Safaricom should be setting the privacy gold standard, not dragging the industry through the mud.”

          In November 2021, Safaricom began sending messages to people subscribed to mobile services informing them they were required to update their SIM card registration details by bringing their identification documents to outlets. Under the threat of disconnecting those who did not comply, this directive included a demand for invasive facial biometrics. The company alleged this requirement was in line with new regulations from the Communications Authority of Kenya (CA) — it was not, and the collection of this data is illegal.

          “When we see private companies manipulate laws and regulations with unclear motives, governments must intervene,” said Bridget Andere, Africa Policy Analyst at Access Now. “Safaricom must be held responsible for its illegal acquisition of private information — information it now controls, and is ripe for exploitation and manipulation.”

        • AccessNowOpen letter: Safaricom must delete all biometric data collected unlawfully during Kenya’s SIM card registration exercise - Access Now

          In November 2021, Safaricom began sending your mobile service subscribers messages notifying them of a requirement to update their SIM card registration details. However, the messages did not specify what information was required, nor the law mandating that this information must be provided; the only instructions included were for people who subscribe to your services to visit Safaricom outlets with their identification documents to update their details. Eventually, your company informed people via direct social media messages that they were required to provide facial biometrics as part of this exercise. Your company alleged the basis for this request were new regulations from the Communications Authority of Kenya (CA) — the CA, however, clarified that facial biometrics were not required.

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

      • AccessNowThailand: 24-hour content takedown regulation will undermine rule of law and freedom of expression online - Access Now

        The Thai authorities must repeal a new regulation allowing the Thai government to force online service providers and social media platforms to take down certain content without a court order, said Access Now, ARTICLE 19, and the International Commission of Jurists (ICJ) in a joint statement today.

        Our organizations express serious concern that the provisions of this regulation, which will come into force on 25 December 2022 and issued by the Ministry of Digital Economy and Society (MDES), are aimed at unjustifiably expanding the powers of the Thai government to arbitrarily restrict online expression without sufficient judicial oversight. The new deadlines for compliance with content takedown orders from the MDES – which may be as short as 24 hours – are unreasonable and not compliant with international law and standards.

      • AccessNowIn Central Asia, internet shutdowns are harming all kinds of rights - Access Now

        Internet shutdowns are a favorite tool of authoritarian governments looking to suppress dissent, censor information, and control citizens, both online and off. In recent years, we’ve seen digital dictators, and those who emulate them, deploy these and other authoritarian tactics in countries such as Kazakhstan, Kyrgyzstan, Turkmenistan, Tajikistan, and Uzbekistan.

        Deliberately interfering with or disrupting access to the internet doesn’t just infringe on political and civil liberties, such as the right to protest, speak freely, vote, or unionize. When governments in Central Asia flick the kill switch, they endanger people’s lives, disrupt education, and trample on a broad range of economic, social, and cultural rights. The overall effect can be both far-reaching and enduring.

  • Gemini* and Gopher

    • Personal

      • I think this toilet is going to be the death of us

        It started yesterday when, after flushing the toilet, I noticed water seeping all around the toilet bowl. “This is not good,” said Bunny, as she inspected the growing puddle of water. “Let's cut off the water to this thing, and deal with it tomrrow. Looks like we're going to have to replace the wax ring.”

        Cut to—today. Water disconnected, I pull the toilet off the floor revealing the horrible remains of a wax ring. Bunny then scrapped the remains up, and we replaced the wax ring with a non-wax ring that should last longer. We get the toilet back in place, secured it down, hooked the water up and hey! Looks like no more water.

      • Notes on an overheard conversation in the bathroom
    • Technical

      • sleep or code …

        I failed to sleep in this morning, so I started reading some of the posts I had opened on Gemini from the previous day. This was a terrible idea because it’s fairly stimulating just to look at a screen, and it can be a bit frustrating to find all the keys on this laptop in the dark, but anyway, the awkwardness of browsing in the dark and exploring a new capsule made me realize that there was kind of an isolated feeling to the experience of browsing a foreign capsule.

      • Programming

        • Duplicate Environment Variables

          A common problem is to actually convince programmers that duplicate environment variables are possible on unix; most programmers interact with the environment through a hash or function calls that give the impression that environment variables are unique and Platonic.

        • not much progress today

          Yesterday after updating my monolothic python script for generating page content I neglected to check the links created in my atom.xml. This led to a very panicked few moments when I was browsing Antenna later in the day. None of the published links worked. So the first thing I did was symbolic link the published names to the real names. That almost solved the problem. At least content was reachable.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

More Information About Public Talks That Richard Stallman Gave This Week in Europe
Two talks in Switzerland
SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Links 29/03/2024: Fentanylware (TikTok) Fines and UK High Court Makes It Seem OK to Assassinate People Wrongly (Falsely) Associated With "Russia"
Links for the day
Garden Season Starts Today
Outdoor time, officially...
Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
Engadget writes for bots now, not for humans
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries