Links 24/12/2022: Manjaro 22.0 and Serpent OS Released

Posted in News Roundup at 3:05 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Applications

      • HackadayCoreFreq Gives Peek At CPU Performance Info On Linux | Hackaday

        The CPU is the part of the computer that makes everything else tick. While GPUs have increasingly become a key part of overall system performance, we still find ourselves wanting to know how our CPU is doing. CoreFreq is a new tool that aims to tell you everything you want to know about your modern 64-bit CPU.

    • Instructionals/Technical

      • DebugPointLibreOffice Workbook Worksheet and Cell Processing using Macro

        In this tutorial, you will learn how to access the workbook, worksheet and Cell contents using LibreOffice Calc basic macros.

        Spreadsheet applications like Calc consist of workbooks, worksheets and individual Cells. It is often required to process those using Macro to automate various tasks.

        This tutorial will demonstrate the basic processing of worksheets and cells, which is the foundation of many complex macros.

        Note: This tutorial assumes you have the initial set up on creating a basic Macro in LibreOffice Calc.

      • The Linux killall Command – buildVirtual

        The killall command is a powerful tool in the Linux command line that allows you to terminate processes by their name. It is a convenient way to stop multiple processes at once, saving you the time and effort of manually killing each process individually.

        The basic syntax of the killall command is killall process_name, where process_name is the name of the process you want to terminate. For example, to kill all instances of the firefox process, you would use the command killall firefox.

        One useful feature of the killall command is the ability to specify a signal to be sent to the processes being terminated. The default signal is SIGTERM, which asks the process to terminate gracefully. However, you can also use other signals such as SIGKILL to force the process to terminate immediately. To specify a signal, you can use the -s option followed by the signal number or name. For example, to force all instances of the firefox process to terminate immediately, you would use the command killall -s SIGKILL firefox.

      • How to Backup and Restore Linux Command History

        The Linux shell (specifically, “Bash“) takes each executed command as an event and saves the command in the “.bash_history” file located in the user’s home directory.

        Now, there are two ways to view the history record of a user’s executed command: one using the history command, and the other by reading the “.bash_history” file using the cat command.

      • ID RootHow To Install Wireguard VPN on Ubuntu 22.04 LTS – idroot

        In this tutorial, we will show you how to install Wireguard VPN on Ubuntu 22.04 LTS. For those of you who didn’t know, WireGuard is a free and open-source virtual private network (VPN) software that uses state-of-the-art cryptography to secure and encrypt internet connections. It is designed to be simple, fast, and easy to use, and it has a small codebase that is easy to review and audit.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Wireguard on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

      • TecAdminHow to Install OpenCV in Python – TecAdmin

        OpenCV (Open Source Computer Vision) is a free and open-source library of computer vision and machine learning algorithms that can be used to process and analyze images and video. It is widely used in a variety of applications, including object detection, image, and video processing, and augmented reality.

        In this article, we will cover two different methods for installing OpenCV in Python: using “PIP” (the Python Package Manager) and using “Anaconda” (a free and open-source distribution of Python and R for data science and machine learning).

      • Linux HintHow to Use the WC Command in Bash

        To count the overall number of lines, syllables, and letters in a text document, use the “wc” Bash function, which means “word count”. It is presented with four columns in the output. The first of which displays the number of lines. The second column lists the words in the file. The third column lists the characters. And the final column lists the file name. This “wc” command gives us access to several flags including “-c”, “-w”, and others which we will cover in this article.

      • Linux HintHow to Check If a Command Succeeded in Bash

        When writing a script or executing a command, it makes sense to know if it succeeded. In Linux, when a command is run, we get an exit code which confirms whether the executed command was successful. When running a command that relies on the output of the other command, you must fetch the exit code of the first command to determine whether the other command will run. This guide focuses on two ways of checking whether a command succeeded in Bash.

      • Linux HintHow to Create Bash Alias with Arguments and Parameters

        In a BASH environment, we construct an alias for a set of files. Alias can be made more programmatic and versatile by using BASH functions, variables, etc. Bash Alias is a method for creating a few shortcut commands for numerous and repetitive operations. Here, we will discuss a way to create the bash alias with the arguments and parameters. Unfortunately, there are some cases when the alias does not accept parameters or arguments. However, we can utilize functions to accept parameters and arguments while executing alias commands. We use the bash aliases and functions to use the command line more efficiently.

      • The New StackKubernetes 101: Deploy Your First Application with MicroK8s – The New Stack

        Kubernetes is challenging. Of that, there is no debate. Not only are there a lot of moving parts that go into deploying a container to a Kubernetes cluster, but so much can go wrong along the way. To complicate matters even further, deploying the Kubernetes cluster can be a hair-pulling affair.

        That’s why tools like Canonical’s MicroK8s have been developed. With such software, the process of deploying a Kubernetes cluster is significantly less challenging, so you can focus more on getting up to speed with deploying applications and services to the cluster.

      • H2S MediaHow to install Google Chrome in RHEL 9 / 8 Linux – Linux Shout

        Want to install the popular Mozilla Firefox alternative Google Chrome browser in Redhat 9 or RHEL 8? Then there here are the steps to follow, given in the tutorial.

        Chromium-based Chrome browser is the most preferred choice for home or regular desktop users. It is available free of cost to install not only on Mac and Windows but also on most of Linux systems. Although Chromium is open source, Google’s Chrome is a proprietary browser.

    • Desktop Environments/WMs

      • FOSS PostGet Jaw-dropping Window Effects on Linux with this Extension

        “Burn My Windows” is a GNOME and KDE extension that allows you to play many different window effects when you close or open any window on your system.

        It’s quite fantastic, and brings back the memories of the good old Compiz and gnome 2.X, allowing you once again to play window effects on Linux.

      • K Desktop Environment/KDE SC/Qt

        • Looking Back at 2022 – Kai Uwe’s Blog

          Depending on your calendar system, another year is coming to a close very soon. While this year was a lot more enjoyable for many of us than the last two, we surely didn’t expect things to go downhill even more for others. As I am looking forward to some days off with my family, let me take a step back and reflect on some of the things I did in KDE in the last twelve months.


          One of my personal goals is for every file type imaginable to have a thumbnailer, metadata extractor, or at least a lovely Breeze icon and file type registration in shared-mime-info to go with it. This year I spent a lot of time in our KFileMetaData Framework, which is what extracts metadata from files for the file manager sidebar, file properties dialog, and our Baloo desktop search. For starters, today we’re able to index OpenDocument files of the “Flat XML” variant, where all data is in a single XML file, rather than bundled as a ZIP archive. Open Document Graphics vector images are also supported now. Additionally, for Office 2007 files line and word count is recorded.

  • Distributions and Operating Systems

    • New Releases

      • Lift Off – Serpent OS

        Enough of this “2 years” nonsense. We’re finally ready for lift off. It is with immense pleasure we can finally announce that Serpent OS has transitioned from a promise to a deliverable. Bye bye, phantomware!

        We exist

        As mentioned, we spent 2 years working on tooling and process. That’s .. well. Kinda dull, honestly. You’re not here for the tooling, you’re here for the OS. To that end I made a decision to accelerate development of the actual Linux distro – and shift development of tooling into a parallel effort.

        Infrastructure .. intelligently deferred

        I deferred final enabling of the infrastructure until January to rectify the chicken/egg scenario whilst allowing us to grow a base of contributors and an actual distro to work with. We’re in a good position with minimal blockers so no concern there.

        A real software collection

        This is our term for the classical “package repository”. We’re using a temporary collection right now to store all of the builds we produce. In keeping with the Avalanche requirements, this is the volatile software collection. Changes a lot, hasn’t got a release policy.

        A community.

        It goes without saying, really, that our project isn’t remotely possible without a community. I want to take the time to personally thank everyone that stepped up to the plate lately and contributed to Serpent OS. Without the work of the team, in which I include the contributors to our venom recipe repository, an ISO was never possible. Additionally contributions to tooling has helped us make significant strides.

        It should be noted we’ve practically folded our old “team” concept and ensured we operate across the board as a singular community, with some members having additional responsibilites. Our belief is all in the community have equal share and say. With that said, to the original “team”, members both past and present, I thank for their (long) support and contributions to the project.

      • Manjaro 22.0 Sikaris released – Releases – Manjaro Linux Forum

        Since we released Ruah in June all our developer teams worked hard to get the next release of Manjaro out there. We call it Sikaris.

      • LinuxiacManjaro 22.0 Sikaris: A Christmas Present for All Linux Users

        Manjaro 22.0 “Sikaris” is in all its glory, with the most recent versions of KDE Plasma 5.26, GNOME 43, and Xfce 4.18.

        Manjaro is an Arch-based Linux distribution that aims to provide a simple and easy-to-use desktop environment. Thanks to its user-friendly design, great support, and powerful features in the last few years, Manjaro has gained a huge user base among Linux users.

        And just in time for Christmas, the good news has arrived! Today, the brand-new release of Manjaro 22.0, “Sikaris,” has been announced as a beautiful Christmas present not only for Manjaro users but for all Linux lovers. So, let’s see what’s new.

      • Beta NewsCelebrate the birth of Jesus Christ by installing Manjaro Linux 22.0 ’Sikaris’

        Tomorrow is one of the most important days of the year — Jesus Christ’s birthday! Also known as “Christmas,” many people celebrate the holiday by giving gifts to friends and family. And of course, Santa Claus will be delivering many great presents to all the non-naughty children of the world too.

        As an early Christmas gift, the Linux community is getting something very special today — Manjaro 22.0! Code-named “Sikaris,” this operating system is based on the excellent Arch Linux. If you love using a modern kernel, you will be happy to know Manjaro 22.0 comes with version 6.1. There are three desktop environments from which to choose — GNOME (43), KDE Plasma (5.26), and Xfce (4.18).

    • Debian Family

      • Debian uploads, Core22 KDE snap content pack and more! – Scarlett Gately Moore

        I have been quite busy! I have been working on several projects so my cover image is a lovely sunset where I live.


        I have reworked the CI to now do Core22 snaps! They will publish to the beta channel until we get them tested. First snap completed is the ever important KDE Frameworks / QT content snap + SDK! Applications will start after I tackle the kde-neon extention in snapcraft.

      • Monthly report about Debian Long Term Support, November 2022 | Freexian

        Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

      • Petter ReinholdtsenPetter Reinholdtsen: ONVIF IP camera management tool finally in Debian

        Merry Christmas to you all. Here is a small gift to all those with IP cameras following the ONVIF specification. There is finally a nice command line and GUI tool in Debian to manage ONVIF IP cameras. After working with upstream for a few months and sponsoring the upload, I am very happy to report that the libonvif package entered Debian Sid last night.

        The package provide a C library to communicate with such cameras, a command line tool to locate and update settings of (like password) the cameras and a GUI tool to configure and control the units as well as preview the video from the camera. Libonvif is available on Both Linux and Windows and the GUI tool uses the Qt library.

    • Devices/Embedded

      • CNX SoftwareM5Stack T-Lite Wi-Fi thermal camera integrates 1.14-inch color display – CNX Software

        M5Stack T-Lite is a Wi-Fi thermal imager with the same MLX90640 IR array thermal camera found in the M5Stack Thermal Camera 2 Unit plus a 1.14-inch color display to visualize the results on the device itself.

        Based on the ESP32-PICO-D4 system-in-package with WiFi and Bluetooth, the solution allows the user to access the 32×24 pixels thermal image either on the built-in display, or streamed to the local network or the cloud.

    • Open Hardware/Modding

      • ArduinoThis flip-dot display acts like an Etch A Sketch

        Every year, several of the biggest names in the maker world on YouTube get together for an international Secret Santa exchange. Each participate gets to decide on a gift for the assigned recipient and the only rule is that they must make the gift themselves. Sam Battle, of the LOOK MUM NO COMPUTER YouTube channel, made this awesome flip-dot display Etch A Sketch for Ruth and Shawn of KidsInventStuff.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • F-DroidUnifiedPush: a decentralized, open-source push notification protocol | F-Droid – Free and Open Source Android App Repository

      A modern Android smartphone relies on a lot of services, from app stores and calendars to messaging and push notifications. Most of them have open alternatives, but until now, the only option for push notifications was Google’s proprietary service, Firebase Cloud Messaging (FCM). UnifiedPush is a new alternative that allows you to get push notifications without being tied to a single company.

      Push notifications are essential to the modern mobile experience because they allow apps to communicate with users in real-time, even when not actively in use. Relying on Google-provided push notifications is a concern for both privacy and independence. The proprietary FCM library cannot be included in F-Droid apps and relies on having Google services. As a result, it is common to see FOSS applications adopt a persistent direct connection between the application and the server as an alternative.

    • The Register UKOpenAI gets to the Point•E with open source text-to-3D model • The Register

      OpenAI has extended the capabilities of its text-to-image software from two dimensions into three with the release of Point•E, an open source project that produces 3D images from text prompts.

      The AI research firm has attracted considerable attention for its DALL•E software, which like rival projects Stable Diffusion and Midjourney can generate realistic or fantastical images from descriptive text.

      While Point•E shares the bullet point symbol used in OpenAI’s DALL•E branding, it relies on a different machine learning model called GLIDE. And presently, it’s not nearly as capable. Given a text directive like “a traffic cone,” Point•E produces a low-resolution point cloud – a set of points in space – that resembles a traffic cone.

    • Programming/Development

      • InfoQAn Ode to Unit Tests: In Defense of the Testing Pyramid

        It was 2014 when David Heinemeier Hansson set the Software Development world on fire. He was on a RailsConf stage when he proclaimed that “TDD is Death”.

        It was a bold move. But he was the leader that many unhappy with testing were looking for. Many followed along, splitting developers into two camps.

      • Taming Names in Software Development – Simple Thread

        What is a name? A name is a label, a handle, a pointer in your brain’s memory. A complex idea neatly encapsulated. A name lets you refer to “the economy” , or “dogfooding” mid-sentence without needing a three-paragraph essay to explain the term.

        If you think of software development as just carving up data into boxes and labeling them, it becomes clear why Naming Things is one of the two hard problems in computer science. Your brain has only so much space in working memory, and a good name makes the most of it. A good name is succinct, evocative, fitting. It reduces cognitive load and stand outs in your mind. Bad names are obscure, misleading, fuzzy or outright lies.

        In software, really good names are meaningful, descriptive, short, consistent, and distinct. You will notice that ‘descriptive’ and ‘short’ are diametrically opposed. As are ‘consistent’ and ‘distinct’. There is no solution, only tradeoffs.

        Descriptive names are safe, legible, clear. They tell you what exactly you’re dealing with, bring you up to speed, don’t require you to be an expert in the codebase or a mind reader. I understand exactly what BasicReviewableFlaggedPostSerializer is on my first time seeing it. But they can also be bulky and unwieldy.

      • The Story of A – by Kent Beck

        A was a new student when they started complaining about their teammates. “Don’t they see that we need this & that & this & that? They need to let me make these changes.”

        The business domain A & their team worked in was incredibly complex. The current system had been built emphasizing the behavior of the system & not the structure. As always, this led to a structure not well suited for further change.

        A had been working in the system long enough to have ideas for how things could be better. There needed to be a hierarchy of these things & a factory for those things & a factory for the factory because eventually we wanted to do this & that. The diagram of the system as A imagined it was full of boxes & arrows.

        The team was having none of it. They had features to ship. A’s pull requests were piling up, unreviewed. Stale PRs led to bigger PRs, further slowing the pace of structure change. A was, reasonably, frustrated.

      • A not so unfortunate sharp edge in Pipenv :: dade

        I’ve been a proponent of pipenv for several years now, particularly for application development (rather than library development). While the features around virtual environment management and the integration with pyenv to automatically install the version of python necessary for an application are nice, the features that I’ve really advocated for are the separation of direct dependencies and transient dependencies, via Pipfile and Pipfile.lock, and the hash validation provided by Pipfile.lock. I find it helpful in improving the deterministic nature of builds (not solving, mind you, but improving), making sure everyone in the engineering organization is using the same versions of packages as everyone else. It’s also a minor reassurance against supply chain attacks, which is sort of what I want to write about today.

      • Linux HintC++ Using std::cin

        In C++, we need a mechanism to interact with users, or to get information from the users. For this purpose, C++ provides a standard library to entertain the input-output statement. The ‘iostream’, here ‘io’ means input and output, this stream deals with the input and output statements. This library contains all the methods that we need to input data from the user or output data on the console. First, we import this library and to input data we use ‘cin>>’.

        The ‘iostream’ library has predefined variables ‘std::cin’ is one of them. The ‘std’ stands for standard and ‘cin’ means character input. The ‘iostream’ supports many built-in functions that we can use in our code by just importing the library.

      • Simon JosefssonOpenPGP key on FST-01SZ – Simon Josefsson’s blog

        I use GnuPG to compute cryptographic signatures for my emails, git commits/tags, and software release artifacts (tarballs). Part of GnuPG is gpg-agent which talks to OpenSSH, which I login to remote servers and to clone git repositories. I dislike storing cryptographic keys on general-purpose machines, and have used hardware-backed OpenPGP keys since around 2006 when I got a FSFE Fellowship Card. GnuPG via gpg-agent handles this well, and the private key never leaves the hardware. These ZeitControl cards were (to my knowledge) proprietary hardware running some non-free operating system and OpenPGP implementation. By late 2012 the YubiKey NEO supported OpenPGP, and while the hardware and operating system on it was not free, at least it ran a free software OpenPGP implementation and eventually I setup my primary RSA key on it. This worked well for a couple of years, and when I in 2019 wished to migrate to a new key, the FST-01G device with open hardware running free software that supported Ed25519 had become available. I created a key and have been using the FST-01G on my main laptop since then. This little device has been working, the signature counter on it is around 14501 which means around 10 signatures/day since then!

      • Perl / Raku

        • On Sigils – Physics::Journey

          This post was inspired by @codesections recent posts on sigils, particularly the notion of coding as a trialog between the writer, the reader and the machine.


          We are dealing with coding languages. As with natural languages, syntax is a key marker that triggers cognitive mechanisms learned since childhood. While the base cultural setting for most of this is English, most human languages carry the notions of noun, verb, adjective and so on.

  • Leftovers

    • TecAdminWhat is Localhost? – TecAdmin

      In computer networking, the term “localhost” refers to the current device used to access it. It is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses any local network interface hardware.

      The term “localhost” is derived from the combination of the words “local” and “host”. The word “local” refers to the device itself, while the word “host” refers to the device hosting a service or application. Therefore, “localhost” literally means “the local host.”

    • TediumWhy Santa Claus Evolves With the Times

      In so many ways, Santa Claus, a cultural touchstone that evolved from folklore into perhaps the most mainstream entity the world has ever seen, has transcended religion and evolved into a pop-culture discussion point with few, if any, equivalents. Like green bean casserole and pecan pie, the modern form of Santa Claus was heavily shaped by commercial entities, yet never came to be completely defined by them. Over at Tedium, we have written a lot related to Santa Claus over the years, but never have we actually written straight-up Santa Claus content. That changes today. Today’s Tedium talks about Santa Claus as a visual and cultural icon who has had more changes in style than Madonna, a figure that seemingly every single celebrity has dressed up as at some point in their careers. Ho, ho, ho.

    • Hardware

    • Proprietary

      • Bleeping ComputerOkta’s source code stolen after GitHub repositories hacked [Ed: Microsoft is a terrible code host]

        Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month.

        According to a ‘confidential’ email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta’s source code

    • Pseudo-Open Source

      • Openwashing

        • InfoQAWS Releases Open-Source Tool for Command-Line Container Management [Ed: Openwashing. AWS is deeply proprietary and monopolised, centralised, spyware. This is openwashing.]

          AWS has released Finch, an open-source, cloud-agnostic, command-line client for building, running, and publishing Linux containers. Finch bundles together a number of open-source components such as Lima, nerdctl, containerd, and BuildKit. At the time of release, Finch is a native macOS client with support for all Mac CPU architectures.

          According to Phil Estes, Principle Engineer at AWS, and Chris Short, Senior Developer Advocate at AWS, “Finch is our response to the complexity of curating and assembling an open source container development tool for macOS initially, followed by Windows and Linux in the future”. They note that the core Finch client will always be comprised of curated open-source, vendor-neutral projects.

    • Linux Foundation

      • Linux Foundation’s ‘AgStack Project’ Plans First Dataset of the World’s Agricultural Field Boundaries – Slashdot

        The nonprofit Linux Foundation not only pays the salary of Linus Torvalds and Greg Kroah-Hartman. It also runs the AgStack Foundation, which seeks more efficient agriculture through “free, re-usable, open and specialized digital infrastructure for data and applications.”

        And this week that Foundation announced a new open source code base for creating and maintaining a global dataset that’s a kind of registry for the boundaries of agricultural fields to enable field-level analytics like carbon tracking, food traceability, and crop production.

    • Security

      • The Register UKLinux admins have a CVSS 10 kernel bug to address • The Register

        Merry Christmas, Linux systems administrators: Here’s a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution.

        Yes, this sounds bad, and a score of 10 isn’t reassuring at all. Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn’t appear to be that widespread.

        Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15. Disclosure was responsibly held until a patch was issued.


        Lots of ready-made kit for would-be hackers can be found on the dark web; one trend recently noticed by the team at Cybersixgill has been gift card generators not only guess card numbers, but also check their validity by the thousands.

        Like brute force password crackers, the tools being sold online randomly guess the digits of gift cards issued by companies like Amazon, Microsoft, Sony, Apple and others, with varying degrees of speed and accuracy based on how predictable a card’s number sequence is.

      • Privacy/Surveillance

        • Ars TechnicaMSG defends using facial recognition to kick lawyer out of Rockettes show | Ars Technica

          When Kelly Conlon joined her daughter’s Girl Scout troop for a fun outing to see the Rockettes perform their Christmas Spectacular show at Radio City Music Hall in New York, she had no idea she would end up booted from the show once she entered the building.

          Security stopped Conlon, NBC New York reported, because she is a New Jersey lawyer. It seems that Madison Square Garden Entertainment has begun using facial recognition technology to identify any visitor to any of its venues—including Radio City Music Hall—who is involved with any law firm that is actively involved in litigation against MSG Entertainment.

          Conlon has never practiced law in New York nor personally been involved in litigation against MSG Entertainment. Instead, she is guilty by association, as an associate for Davis, Saperstein and Solomon, which has spent years tangled up in litigation against a restaurant that NBC reported is “now under the umbrella of MSG Entertainment.”

          According to Conlon, she became aware of this supposed conflict of interest when security guards approached her in the Radio City Music Hall lobby just as she passed through the metal detector. Over the speakers, Conlon heard a warning about a woman in a gray scarf, then security confirmed the warning was about her, telling her, “Our recognition picked you up.”

    • Internet Policy/Net Neutrality

      • Internet Freedom FoundationWinter Session 2022: Parliament in Review

        The Winter session of Parliament was held from December 07, 2022 to December 23, 2022. Parliament adjourned sine die four working days ahead of schedule, having sat for 13 working days. In the ongoing 17th Lok Sabha, this is the eighth consecutive session that has been cut short. The session was in itself a delayed one to begin with, because of ongoing assembly elections in many states. This Parliamentary session was disrupted frequently from the second week onwards, due to the Opposition’s objections on several issues, including alleged misuse of probe agencies by the government, the Bihar Hooch tragedy, the recent Indo-China conflict, etc. The Rajya Sabha lost a session runtime of 1 hour and 46 minutes owing to such disruptions. With respect to digital rights in particular, no significant developments took place in both Houses. In a belated but welcome move, the second-last day of the session saw the introduction of the Jan Vishwas (Amendment of Provisions) Act, 2022 which omits the contentious Section 66A of the Information Technology Act, 2000. (More on our work on this here)

      • Internet Freedom FoundationWrapped 2022, Unwrapped 2023

        Anandita, Farkhanda, Krishnesh, Rohin, and Shivani transitioned out of their roles at IFF after completing an average of two years or more. We wish them the best and will continue to support them in their future endeavors. Meanwhile, our tiny team has grown with the addition of Gayatri, Gautam, Prateek, Ramya, Tejasi, and Shilpa. We encourage you to reach out to any of us with any advice or offers to volunteer your time. You can find us on email, the IFF Forum, and “IFF Chats” (click here) – your tech policy telegram group. Continuing our journey to be a truly public centered organization IFF’s board formalized by-laws, increased governance disclosures, and will commence a public process to induct two trustees next year.

        As you may know, last year fundraising results at IFF showed a lag. It is concerning that we have a monthly burn rate of 40-50% (individual donations in 2022 averaged INR 4,00,998, while our costs totaled INR 888,383 per month) that is primarily covered by organizational donations. This is not sustainable in the long run, which is why we’re turning to you, our valued members, for help. By setting up a monthly mandate, you can help us continue our important work independently and effectively. Your support is crucial to our success, and every donation counts. So please, consider donating today and help us make a difference. And if you’re feeling extra generous, don’t hesitate to spread the word about IFF and encourage others to support us as well. We need your help to keep moving forward next year. Donate today (click here), set up a mandate and commit for next year!

  • Gemini* and Gopher

    • Personal

      • 🔤SpellBinding: HIKSNOM Wordo: BIDDY
      • music notation puzzle

        December is, for some, a month of puzzles. Over on the web many, many people are working in parallel on puzzling problems, one per day and all just for fun. For those who like mathematics and also make music, I have not a calendar’s worth but just one puzzle to add to the pile.
        The task is to decipher a somewhat arcane system of music notation. You are given sheet music of one work but it is not given which work. You should deduce how the notation works: a correct answer is an explanation of how to interpret a score that uses this system. In the process, you’ll likely discover which piece of music is depicted (or quite possibly you will not), but that is not part of the objective.
        Good luck!

    • Technical

      • Cleaning Up an Old Kernel in Manjaro

        Previously, I installed the Linux 5.15 kernel to troubleshoot an unrelated issue. And I uninstalled 5.15 using the “Kernel” applet within the Manjaro Settings Manager. It seems like one of the uninstallation scripts did work correctly because I’ve had two issues since then. One, I still had the option to boot 5.15 from GRUB. So the boot menu was not updated. Two, I noticed the error above while updating Manjaro.

      • Trek

        trek is a rather old computer game, 1971, ported to BSD at some point and thus included in OpenBSD by way of /usr/games. A notable design choice for the original was that only a Teletype Model 33 ASR was available, therefore no fancy graphics, nor even the fancy interactive terminal that rogue (1980) eventually used.

      • Internet/Gemini

      • Programming

        • Christmas update: GNUnet++

          Two weeks ago I announced GNUnet++, my C++ wrapper for common GNUnet functions. It’s christmas time and I’m happy to share that I’ve made progress.

* Gemini (Primer) links can be opened using Gemini software. It’s like the World Wide Web but a lot lighter.

Links 24/12/2022: Mabox Linux 22.12 and MIT/GNU Scheme 12.0.90

Posted in News Roundup at 7:22 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Audiocasts/Shows

      • VideoThis REAL Facial Recognition Case is Terrifying – Invidious

        This week in the Privacy News, Eufy responds to their critics, Google wants you to feed it your prescriptions, and ID theft of Driver’s Licenses is not considered serious. Also, Epic has an Epic fine, Roomba AI photos leak, and a creepy case of Facial recognition software.

      • VideoBad Advice Linux Users Give New Users – Invidious

        The amount of bad advice I see people giving either new to or people interested in switching over to a Linux based OS from existing or experienced Linux users is mindbogglingly bad.

      • HackadayHackaday Podcast 198: Major Tom On The ISS, 3DP Ovals And Overhangs, Inside A Mini Cheetah Clone

        As we slide into the Christmas break, Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney look at the best and brightest of this week’s hacks. It wasn’t an easy task — so much good stuff to choose from! But they figured it out, and talked about everything from impossible (and semi-fractal) 3D printing overhangs and the unfortunate fishies of Berlin’s ex-aquarium, to rolling your own FM radio station and how a spinning Dorito of doom is a confusing way to make an electric vehicle better.

    • Kernel Space

      • SlashdotAMD Improving Linux Experience When Running New GPUs Without Proper Driver Support – Slashdot

        While AMD provided upstream open-source driver support for the Radeon RX 7900 series launch, the initial user experience can be less than desirable if running a new Radeon GPU but initially running an out-of-date kernel or lacking the necessary firmware support. With a new patch series posted AMD is looking to improve the experience by being able to more easily fallback to the firmware frame-buffer when their AMDGPU kernel graphics driver fails to properly load.

    • Instructionals/Technical

      • Linux CapableHow to Install MySQL 8.0 Community Server on Ubuntu 22.04/20.04

        MySQL is a free, open-source database management system based on SQL or Structured Query Language with the current release is MySQL 8. The following tutorial will teach you how to install MySQL 8.0 Community Edition release on Ubuntu 22.04 LTS Jammy Jellyfish or Ubuntu 20.04 LTS Focal Fossa using the MySQL official APT repository, which will give you the latest version available on your system using the command line terminal instead of relying on Ubuntu to push updates to MySQL.


        MySQL Community Edition is a free, open-source database software package offered by Oracle. It is often seen in web-based applications, given its easy-to-use interface and comprehensive library of functions available. The MySQL Community Edition has no limitations on the number of databases or customers you can have, so it’s great for businesses that need to store large amounts of customer data without having to fork out extensive money. The software can be part of a distributed system with secure connectors, allowing users to access and manage multiple databases from different systems in different locations.

      • OpenSource.comHow to use your Linux terminal as a file manager

        A terminal is an application that provides access to the user shell of an operating system (OS). Traditionally, the shell is the place where the user and the OS could interface directly with one another. And historically, a terminal was a physical access point, consisting of a keyboard and a readout (a printer, long ago, and later a cathode ray tube), that provided convenient access to a mainframe. Don’t be fooled by this “ancient” history. The terminal is as relevant today as it was half a century ago, and in this article, I provide five common file management tasks you can do with nothing but the shell.

    • Games

      • UNIX CopTop 10 Ubuntu games

        A few years ago, playing on Ubuntu was a mission impossible. Now that’s a thing of the past. Now there are many titles and with different quality, so we have prepared this post for you to know what is the Top 10 Games for Ubuntu.

        The idea is not to categorize these games because in the end everyone has their tastes and preferences. However, we want to present you some games with a high-quality standard and that can entertain you.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Nate GrahamThis week in KDE: Holiday features

          This is a light week as KDE contributors have been taking well-deserved breaks during this holiday season. Nevertheless, all was not quiet and many nice improvements and bugfixes were merged!

          In the Plasma Wayland session, you can now zoom in and out on images in Gwenview using pinch gestures on your touchpad!

  • Distributions and Operating Systems

    • HowTo GeekBeOS Isn’t Dead: Haiku OS Just Got a Big Update

      Be Inc created BeOS in the mid-1990s as a super-modern operating system, but it failed to catch on. Over 20 years later, the open-source Haiku OS project is picking up where it left off, and there’s a new beta release available.

      The Haiku project has been developing an open-source continuation of BeOS for years, based partially on some BeOS code, but much of it has been built from scratch. Haiku R1 Beta 4 is now available, as the first major release in a year and a half. It might be the most significant upgrade yet, as it makes Haiku much more viable as a typical desktop operating system.

  • Free, Libre, and Open Source Software

    • OpenSource.com9 resources about open source for educators and students

      Open source provides fertile ground for innovation, not only in the cloud but in the classroom. Whether you are homeschooled, in a traditional K-12, university, someone looking to learn new skills, open source provides rich opportunities for personal and professional development. This year, Opensource.com writers provided readers with a considerable list of opportunities for continuing education regardless of where you are on the continuum.


      Did you know that only 51% of the high schools in the United States offer courses in computer science? Only 4.7% of students are enrolled in the courses available. This statistic is telling at a time when the US News and World Report recently ranked software development as one of the best jobs in America in 2022. Candace Sheremeta provided us with a list of three open source efforts to reverse that trend in her article about open source tools to introduce students to computer science.

    • GNU Projects

    • Programming/Development

      • Perl / Raku

        • RakulangRaku Advent Calendar: Day 24: He’s making a list… (part 2)

          In our last edition, we learned about some of the work that Santa’s elves put into automating how they make their lists. What you probably didn’t know is that the elves stay on top of the latest and greatest technology. Being well-known avid Raku programmers, the elves were excited to hear about RakuAST and decided to see how they might be able to use it. One of the elves decided to rework the list formatting code to use RakuAST. What follows is the story of how she upgraded their current technology to use RakuAST.

  • Leftovers

    • HackadayYour Next Airport Meal May Be Delivered By Robot

      Robot delivery has long been touted as a game-changing technology of the future. However, it still hasn’t cracked the big time. Drones still aren’t airdropping packages into our gutters by accident, nor are our pizzas brought to us via self-driving cars.

    • ScheerpostSize Matters
    • Science

      • HackadayHarmonic Vs Cycloidal Show Down

        What’s better? Harmonic or cycloidal drive? We aren’t sure, but we know who to ask. [How To Mechatronics] 3D printed both kinds of gearboxes and ran them through several tests. You can see the video of the testing below.

      • HackadayLaser Scanning Microscope Built With Blu-ray Parts

        Laser scanning microscopes are useful for all kinds of tiny investigations. As it turns out, you can build one using parts salvaged from a Blu-ray player, as demonstrated by [Doctor Volt].

    • Hardware

      • HackadayThis WiFi Signal Strength Meter Ain’t Afraid Of No Ghosts

        The original Ghostbusters movie is a classic that’s still delivering nearly 40 years after its release — just let that sink in for a minute. Almost every aspect of the film, from hand props to quotes, is instantly recognizable, even to people who haven’t based their lives on the teachings of [Venkman], [Stantz], and [Spengler]. To wit, we present this PKE meter-style WiFi scanner.

      • HackadayAn (Almost) Single-Chip Apple IIe

        The Apple II is one of the most iconic microcomputers, and [James Lewis] decided to use the Mega-II “Apple IIe on a chip” from an Apple IIgs to build a tiny Apple IIe.

    • Health/Nutrition/Agriculture

      • The NationAnother Very Covid Christmas

        Nearly every day during the almost three years that have passed since the start of the Covid-19 pandemic, I have continued my work as a documentary photographer of urban areas, recording the outward signs of how people and government agencies are dealing with the virus. I wondered how the pandemic might be changing our public spaces. how people of limited income were adapting, and how the pandemic might be influencing race relations.

      • Common DreamsHouse GOP Using Omnibus Fight as ‘Trial Run’ for Ploy to Cut Social Security and Medicare, Critics Warn
      • Counter PunchMonsanto and the Merchants of Poison

        This report exposes not only the malfeasance at the hands of Bayer/Monsanto for its “promotion” of its glyphosate-based herbicide products, including the infamous Roundup, but it also sheds light on the broader landscape of corporate efforts to white- or green-wash products that companies know are harmful to people and the environment while paying off experts to give third-party testimony. If this strategy sounds familiar to you, it should. These are the very same landscape of disinformation tactics employed decades earlier by the tobacco industry.

        The authors note that their report comes at a moment of wider industry consolidation between the agrichemical and seed sectors, noting how the focus of this report is to provide “a deep dive” into Monsanto. This report reveals Monsanto’s intense defense campaign to promote glyphosate-based herbicides sold under the brand name Roundup and how this company labored and lobbied to keep these products from threat of regulation. Building from an earlier 2015 white paper written by Friends of the Earth’s Kari Hamerschlag along with Stacy Malkan and Anna Lappé, this report evidences the interconnected lobbies Monsanto has employed to promote and defend of genetically engineered crops (GMOs) first commercialized in the mid-1990s.

      • ABCThe EPA Is Finally Addressing 4 Dangerous ‘Forever Chemicals’ — Out Of Over 4,000

        First, there’s four … That’s the number of harmful per- and polyfluorinated chemicals, or PFAS, that the Environmental Protection Agency released new concentration guidelines for this year. This is the good news.

        Then, there’s four thousand seven hundred … That’s roughly the number of different PFAS chemicals out there, globally. They’re present in thousands of products you buy and use. They’re even in your drinking water. And this entire category of chemicals, including the ones developed to be “safer” replacements, have increasingly been shown to be dangerous to human health.

    • Linux Foundation

      • SpaceRefThe Linux Foundation’s AgStack Project to Build World’s First Global Dataset of Agricultural Field Boundaries – SpaceRef

        The Linux Foundation, a global nonprofit organization enabling innovation through open source, today announced that its AgStack project will host a new open source code base, alongside a fully automated, continuous computation engine, to create, maintain and host a global dataset of boundaries’ “registry” for agricultural fields to aid in such things as food traceability, carbon tracking, crop production, and other field-level analytics.

        AgStack will utilize machine learning and artificial intelligence to manage global field boundaries data for public use.

    • Security

      • ForbesLastPass Password Vaults Stolen By Hackers—Change Your Master Password Now

        LastPass CEO, Karim Toubba, has confirmed that a threat actor has stolen customer password vaults. This follows a disclosure in August that an unauthorized party had successfully hacked development servers and stolen source code and some LastPass technical information. At that time, Toubba said there was no evidence of customer data or password vaults being accessed. Fast forward to the end of November, and LastPass stated information obtained during that earlier compromise had enabled a threat actor to access “certain elements” of customer data within a third-party cloud storage service. Again, it was stressed that customer passwords remained “safely encrypted.” In a Forbes report published December 1, a security expert explained it was unclear what information had been obtained by the attacker. Now, it would appear we know. And it doesn’t make for very reassuring reading.

      • Ars TechnicaLastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica

        LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.

        The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager’s development environment and “took portions of source code and some proprietary LastPass technical information.” The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren’t affected.

      • The VergeHackers stole encrypted LastPass password vaults, and we’re just now hearing about it – The Verge

        Last month, the company announced that threat actors had accessed “certain elements” of customer info. Just as many US workers are leaving for a holiday break, the company reveals that meant their encrypted passwords.

      • Privacy/Surveillance

        • NBCGirl Scout mom kicked out of Radio City and barred from seeing Rockettes after facial recognition tech identified her

          About two weeks before Conlon was barred, her firm filed a complaint against the company’s policy with the New York State Liquor Authority, alleging that MSG Entertainment’s liquor license requires it to admit members of the public to its venues, other than people who may be disruptive and cause security threats, they told NBC New York.

        • Computer WorldAs China pushes its digital currency plans, the US falls behind

          To date, the People’s Bank of China has distributed the digital yuan, called e-CNY, to 15 of China’s 23 provinces, and it has been used in more than 360 million transactions totaling north of 100 billion yuan, or $13.9 billion. The country has literally given away millions of dollars worth of digital yuan through lotteries, and its central bank has also participated in cross-border exchanges with several nations.

          If e-CNY continues to be adopted and becomes the de facto standard for international commercial and retail payments, the privacy of those using digital currency, as well as the US dollar’s days as the world’s reserve currency, could be at risk.

        • NBCRare footage of moose losing its antlers goes viral

          Bogert lives in a town called Houston, about an hour and a half north of Anchorage. She says she and her husband moved to their home in 2020 and got the Ring camera in 2021 for “security purposes,” but have mostly ended up capturing footage of the local wildlife.

        • EFFFighting Tech-Enabled Abuse: 2022 in Review

          In February, EFF called for the FTC to investigate a class of stalkerware apps uncovered by TechCrunch journalist and security researcher Zack Whittaker. The network of consumer-grade spyware apps wasn’t just pernicious, it was insecure. Whittaker discovered that the apps shared a security flaw that exposed the private data of approximately 400,000 people. TechCrunch identified the compromised apps, which are practically identical in look and operation, as Copy9, MxSpy, TheTruthSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, FoneTracker, and GuestSpy. Not only did TechCrunch provide instructions for how to identify and remove the Android spyware from a device, but they also launched a tool to help Android users know if their device was compromised.

          In April, Maryland’s legislature unanimously passed SB 134, a bill that requires law enforcement agencies to learn, as part of their standard training, to recognize the common tactics of electronic surveillance and the laws around such activities. This bill, which was inspired by conversations between Senator Barbara Lee’s Office and EFF, aims to mitigate the frustration and gaslighting so many survivors of tech-enabled abuse have felt when trying to report their experiences to law enforcement.

          In July, Australian police arrested Jacob Wayne John Keen, the creator of Imminent Monitor stalkerware. Keen allegedly sold the app, designed to spy on Windows computers, to 14,500 people in 128 countries over a period of seven years before the website was shut down. The website specifically advertised features designed to keep the presence of the app secret from the user. 85 warrants were executed in Australia and Belgium, 434 devices seized, including the app-maker’s custom-built computer, and 13 of the app’s most prolific users were arrested. The investigation involved actions in Colombia, Czechia, the Netherlands, Poland, Spain, Sweden, and the United Kingdom. EFF hopes to see more such actions in the future.

    • Defence/Aggression

      • VOA NewsTerror Attacks, Border Clashes Test Pakistan’s Ties with Afghan Taliban

        In a recent visit to Washington, Pakistani Foreign Minister Bilawal Bhutto Zardari said he would like the Afghan Taliban to demonstrate the will and capacity to curb terror groups operating from its territory, signaling that Pakistan would not hesitate to act against terrorists inside Afghanistan.

        Since the Taliban took control of Afghanistan in August 2021, attacks by Tehreek-e-Taliban Pakistan, also known as the Pakistani Taliban or TTP, an offshoot and ally of the Afghan Taliban, have killed more than 500 people, mostly security personnel.

      • Site36German Armed Forces expand presence in Niger

        After failure of EU missions in Mali, troops move to its neighbouring country

      • The NationCalls Grow for a Christmas Truce in Ukraine

        Fifty-three years ago this month, as US troops were fighting in Vietnam, John Lennon and Yoko Ono paid for billboards in cities across the United States that declared, “WAR IS OVER! If You Want It—Happy Christmas from John & Yoko.” The pair would continue their anti-war activism in the years that followed, eventually releasing the 1971 single “Happy Xmas (War Is Over),” which has since become something of a holiday standard with its enduring message that peace is always more possible than the presidents and the prime ministers, the media moguls and the war profiteers, would have us believe.

      • TruthOutDemocrats Are Making a Devil’s Bargain on Pentagon Funding. It’s Not Paying Off.
    • Environment

      • NBCA coal mine is on fire in Utah, leaving a small town at risk

        Now, the once-bustling mine called Lila Canyon faces permanent shuttering, which would leave its over 230 workers idled and result in gaps in raw materials for statewide energy production. The coal mine is one of the busiest in the state and produces about 28% of Utah’s coal.

      • Democracy Now“The Quest to Defuse Guyana’s Carbon Bomb”: Meet the Environmental Lawyer Taking On ExxonMobil

        We speak with Guyanese environmental lawyer Melinda Janki about how she’s taking on the oil giant ExxonMobil to stop the company from developing an offshore oil field that would turn Guyana into a “carbon bomb.” Guyana is currently a carbon sink, but Exxon plans to produce more than 1 million barrels of oil a day, which could transform the South American country into one of the world’s top oil producers by 2030. Janki is suing the Guyanese government and Exxon under the constitution’s guarantee of a healthy environment to both current and future citizens. Her legal battle is profiled in a new article in Wired, “The Quest to Defuse Guyana’s Carbon Bomb,” written by independent journalist Antonia Juhasz, who also joins us.

      • DeSmogEditor’s Pick: Top DeSmog UK Stories of 2022

        From rogue Tory backbenchers to North Sea profits for Putin, in the past year the DeSmog UK team has kept tabs on the people, money and PR machines that work to slow meaningful action on climate change. 

        In 2022 this has led us to stories that have unmasked all manner of trickery: from the minutiae of misleading stickers marketing “hydrogen-ready” boilers to the sinister presence of sanctioned coal barons at this year’s COP27 climate summit.

      • The NationProfits of Destruction
      • Energy

        • MeduzaNavalny: strikes on Ukraine’s energy system ‘make no military sense’ — Meduza

          In a post published on his social media channels, politician Alexey Navalny condemned Russian shelling of Ukrainian energy infrastructure.

        • NBCSam Bankman-Fried and FTX execs received billions in hidden loans, ex-Alameda CEO says

          Caroline Ellison, former chief executive of Alameda Research, said she agreed with Bankman-Fried to hide from FTX’s investors, lenders and customers that the hedge fund could borrow unlimited sums from the exchange, according a transcript of her Dec. 19 plea hearing that was unsealed on Friday.

          “We prepared certain quarterly balance sheets that concealed the extent of Alameda’s borrowing and the billions of dollars in loans that Alameda had made to FTX executives and to related parties,” Ellison told U.S. District Judge Ronnie Abrams in Manhattan federal court, according to the transcript.

        • [Old] CSISBlame It on the Bitcoin: How Cryptocurrency Affects Libya’s Electricity Grid

          The popularity of Bitcoin mining—officially illegal in Libya—has skyrocketed in recent years. In 2021, Libyans reportedly mined about 0.6 percent of all of the Bitcoin in the world. That put Libya ahead of every country in the Arab world and Africa, and ahead of every European country but Norway. The reason is Libya’s low cost of electricity.

          Bitcoin mining uses high-power computers to solve complex math problems in exchange for payment in newly minted coins. The requisite computational power sucks up a lot of energy. Mining a single Bitcoin can use electricity equivalent to what a typical U.S. household uses in nine years. Libya prices a kilowatt hour (KWh) of electricity as low as $0.004—1/40 the U.S. average of $0.16 per kWh and about 1/16 the price in China, the world’s largest producer of Bitcoin. And many Libyans don’t even pay their electrical bills amidst lax enforcement.

        • ReutersEVs and [cryptocurrency] mining seen as emerging risks for U.S. power reliability

          “These new electric uses can significantly alter the nature of how the system is going to be operated and what it needs to be able to provide,” Mark Olson, manager for reliability assessments at NERC, which is responsible for the reliability of U.S. power grids, said on a webcast.

          Citing estimates from the California Energy Commission, NERC said electrical load from plug-in EVs by 2030 could lead to an increase of 5,500 megawatts of demand at midnight and 4,600 megawatts of demand at 10 a.m. on a typical weekday, a jump of 25% and 20%, respectively, compared with current levels.

        • MeduzaRussia will not supply oil with a price cap and will reduce production — Meduza

          Deputy Prime Minister of Russia Alexander Novak confirmed, in an interview on television network Russia 24, that Russia will prohibit supplying oil to countries that support an oil price cap. A presidential decree is forthcoming in the near future.

        • Common DreamsBattery Recycling Is Essential to Clean Energy
        • HackadayChainless “Digital Drive” Bikes Use Electric Power Transmission Instead

          We’re all familiar with how regular bikes work, with the pedals connected to the rear wheel via a simple chain drive. This setup is lightweight, cheap, and highly efficient. It’s not the only way to drive a bike though, and there’s plenty of buzz around the concept of “digital drive” bikes.

    • Finance

    • AstroTurf/Lobbying/Politics

      • NBCFacebook parent Meta agrees to pay $725 million to settle Cambridge Analytica suit

        The class action lawsuit was prompted in 2018 after Facebook disclosed that the information of 87 million users was improperly shared with Cambridge Analytica, a consultancy firm linked to former President Donald Trump’s 2016 election campaign.

        The case was broadened to focus on Facebook’s overall data-sharing practices. Plaintiffs alleged that Facebook “granted numerous third parties access to their Facebook content and information without their consent, and that Facebook failed to adequately monitor the third parties’ access to, and use of, that information,” according to the law firm behind the lawsuit.

      • FAIRLisa Gilbert on the January 6 Report
      • Common DreamsBoric Says Chile Will Open Embassy in Occupied Palestine
      • TruthOutTexas Tribe Sues Elon Musk to Protect Sacred Sites From SpaceX
      • TruthOutProtests Continue in Peru as Newly Installed Government Cracks Down After Coup
      • Common DreamsThe Real Lessons From the Railway Labor Dispute
      • Counter PunchWhat Happened in Donetsk & Luhansk?

        This time Eric provides an analysis by way of update on the fate of the early leaders of the so-called Donetsk and Luhansk “People’s Republics.” Eric explains the context of 2014, the role of the pro-Russian political parties and Alexander Dugin’s Eurasianist movement, how Russia took control in the DPR and LPR, and much more.

      • Counter PunchThe Man Who Exposed the Truth About the Tiger Cages: Donald Sanders Luce (1934-2022)

        While I am a suburban boy from Wilmington, Delaware and Don a farm boy from Vermont, he was in Vietnam during a time of war and I am here during a time of peace and relative prosperity, separated by a generation, I feel a connection to him engendered by our mutual love of and respect for Vietnam, our commitment to justice, and our penchant for speaking truth to power when need be.

        In death as in life, Don is an inspiration to me and countless others. Evidence of the global outpouring of grief, condolences, and memories from so many in the US, Vietnam, and elsewhere who knew, or knew of, him. Below are edited versions of a few of them. Many were written for Dr. Mark Bonacci, Don’s husband and companion of 43 years.

      • FAIRThe Podcast Conglomerate the Media Won’t Name

        News consumers hear about the titans of podcasting regularly these days: Spotify, iHeartMedia, Amazon Music. But there is one name that’s curiously absent: Liberty Media.

      • The NationIt’s a Wonderful Week
      • TruthOutFinal Jan. 6 Report Urges Congress to Consider Barring Trump From Officeholding
      • Democracy Now“This Is a Racial Backlash”: Stanford Prof. Hakeem Jefferson on Role of White Supremacy in Capitol Attack

        The House select committee on the January 6 attack released its final 845-page report Thursday, and the word “racism” appears only once throughout the entire document — despite the central role white supremacist groups played in the insurrection. “Those who stormed the Capitol … didn’t merely come in defense of Donald Trump,” says Stanford professor Hakeem Jefferson, an expert on issues of race and identity in American politics. “They came in defense of white supremacy and white Americans’ hold on power.”

      • Democracy Now“The Central Cause of January 6th Was One Man”: House Panel Urges Trump Be Banned from Public Office

        The House Select Committee to Investigate the January 6th Attack on the U.S. Capitol released its final 845-page report on the insurrection at the Capitol and Donald Trump’s attempt to overturn the 2020 election. The report names former President Trump as the central cause of the insurrection and calls for expanded efforts by the government to combat far-right and white supremacist groups. We’re joined by John Nichols, The Nation’s national affairs correspondent, to discuss the full report.

      • The Gray ZoneProsecution in Saab case threatens to undermine the principle of diplomatic immunity
      • Misinformation/Disinformation/Propaganda

        • Projection and methodolatry over COVID-19

          You might have noticed that my posting has been a bit…light…this week. That’s because I had been thinking of (mostly) taking the last two weeks of the year off from the blog to refresh, recharge, and chill a bit. However, as has frequently happened before, I found myself not entirely able to do that, particularly when yesterday I saw a post by Dr. Vinay Prasad on his well-monetized Substack entitled The Tragedy of COVID-19. Dr. Prasad, regular readers will remember, is the UCSF oncologist with a large Twitter following who is a self-fancied meta-critic of the science supporting medical interventions. Before the pandemic, he actually did some halfway decent work discussing “medical reversals,” basically the abandonment of previously accepted medical interventions and practices based on better, more rigorous clinical studies, and how the accelerated approval pathway for new drugs is not serving patients well. When the pandemic arrived, however, he pivoted fairly quickly to COVID-19 misinformation, even once likening public health nonpharmaceutical interventions to incipient fascism. Seeing Dr. Prasad whine about all the “ad hominem” supposedly directed against him and his fellow COVID contrarians led me to do a quick pre-Christmas response, particularly in light of his previous history and another post with his entirely take based on methodolatry about bivalent COVID-19 boosters, Latest MMWR analysis of bivalent booster is irredeemably flawed.

        • Common DreamsAn Epidemic of Loneliness and the Dark World of Far-Right Conspiracy Theorists
    • Censorship/Free Speech

      • VOA NewsPerson Calling Media Outlets With Censorship Orders Was Not Government Official, Somalia Says

        Somali officials are denying that a member of the presidential office made calls to several media outlets ordering them to submit content for review.

        VOA this week spoke with members of at least four news outlets who all said they had received such calls from a person who identified himself as Abdikadir Hussein Wehliye. The caller claimed to be from Villa Somalia, the presidential office.

      • France24China’s propaganda machine sputters in zero-Covid reversal

        Some outlets have hinted that not all is well, with state news agency Xinhua and state broadcaster CCTV this week running reports urging people to use Covid medicines “rationally” and highlighting government efforts to guarantee supply.

        But government-run publications have refrained from reporting the grimmer side of the exit wave, instead seeking to calm fears of the pathogen’s potency and depicting the policy shift as a logical, controlled and triumphant withdrawal.

      • NDTVChina Quickly Censors Official’s Rare Remark Highlighting Covid Horror

        China’s government keeps a tight leash on the country’s media, with legions of online censors on hand to scrub out content deemed politically sensitive.

      • Irish TimesNorthern Ireland, the BBC, and Censorship in Thatcher’s Britain: New insights into a bad decision

        The book examines the confrontations between Margaret Thatcher’s government and British broadcasters that culminated in the 1988 ban, offering new insights into episodes such as the attempt to prevent the screening of a Real Lives documentary about Sinn Féin’s Martin McGuinness and the DUP’s Gregory Campbell.

    • Freedom of Information / Freedom of the Press

      • India TimesTikTok’s parent ByteDance aaccessed’ data of US journalists

        China-based ByteDance, the parent company of short-form video making app TikTok, allegedly accessed data of at least two US journalists and a “small number” of other people connected to them.

      • The HillJournalists locked out of Twitter accounts after refusing to delete Musk tweets

        However, the Post reported on Friday that the journalists were required to delete the tweets at issue in order to regain access to their accounts — a precondition that was not noted in Musk’s public poll.

        The journalists who have refused to delete the tweets — maintaining that they represent legitimate reporting — remain locked out of their accounts.

      • The NationHow Young People Shaped 2022

        From abortion rights activism to climate strikes to unionization to calls for debt relief to record turnout in the midterm elections, students continued to organize with exceptional clarity and focus in 2022. Throughout the year, StudentNation worked tirelessly to give voice to the emerging generation. We remain proud, as well as astonished, to be virtually alone among national news outlets in regularly publishing student perspectives. StudentNation published more than 100 original articles this year; we’ve selected 15 to highlight the extraordinary writing and reporting of this generation of student journalists. We’re deeply grateful to the Puffin Foundation whose great generosity to The Nation Fund for Independent Journalism made this work possible. —The Editors

      • MeduzaThe Moscow Times: Kremlin bans media under its control from reporting on mobilization — Meduza

        The Kremlin has banned government-controlled media from publishing any statements concerning mobilization, reports The Moscow Times, citing their own source in Russian media.

    • Civil Rights/Policing

    • Digital Restrictions (DRM)

      • VarietyThe State of European FAST

        Far from it. We took notice of the trend, observed and went for it, too. As of October 2022, FAST platforms like LG, Samsung, Pluto TV or Rakuten TV were offering between 45 and 140 FAST channels each in EU5 markets (France, U.K., Germany, Italy and Spain).

    • Monopolies

      • Copyrights

        • Torrent FreakRapid Pirate IPTV Blocking Proposal Put to Public Consultation in Italy

          Italy’s sustained ISP blocking campaign against IPTV services, web-streaming portals and other pirate sites, is stepping up to the next level. Rightsholders and government want to implement a rapid blocking system that will block live streams, football matches in particular, within minutes. A public consultation announced this week seeks additional input.

  • Gemini* and Gopher

    • Personal

      • Notes on an overheard conversation as the radio was playing “Winter Wonderland”
      • “Outdoors is currently not heated “

        From my friend Tom , who posted this on Me­Linked­My­Insta­Face­Space­Book­We­Gram­In, a TV sports caster forced to report on the weather [1]. He makes his opinion on the weather (in a live report) loud and clear. I can only hope he keeps his job.

      • Extreme tiny house, Asheville edition

        “That is *not* a tiny house,” said Bunny.

        “But it is, it’s only 480 square feet.” [45 square meters —Editor]

        “It feels big.”

        “It does, and the design is wonderful.”

        We were talking about this $80,000 home [1] in the Ashville, North Carolina [2] area. While it’s technically a tiny house, it manages to feel big (living room, kitchen, bathroom, bedroom and recording studio), while being one of the more beautiful examples of a home I’ve seen (although we were not fans of the alternating tread stair cases, we do understand why they were used). You would never guess it was made from mostly recycled and unused materials. It’s just gorgeous.

    • Technical

      • ISPs are not content moderators

        I don’t know why this is still going on, but it needs to be reiterated. Internet Service Providers are not content moderators. Essential Internet infrastructure should not become a mechanism for editorialization beyond the scope of the law. Abuses of power like this will cause the Internet to fracture into smaller ‘internets’ and harm the least powerful people who use it to communicate.

      • progress continues

        i’ve gotten the hdd bays and the ethernet switches setup on the rack, working on building the 1u rails for the top of rack switches i’m wiring using dac cables, 10g sfp, 40g qsfp, 100g qsfp28. because i want to densely pack them i had to unrack and redo the screws so that the rails don’t need a buffer 1u wasting that space. should be fine. i’m going slow with the hardware because i still need a bunch of cpu, gpu, storage. once the basement rack is set and wired i’ll finish the 12u secondary rack then it’s back to managing xcp-ng and working on a deploy infra. probably terraform nomad vault consul, might play with some k8s, would like to automate xcp with tf but we’ll see.

      • Some alternative do-it-yourself keyboards

        I’m always fascinated by alternative keyboards, especially when they’re hand made. Matthew Dockrey [1] has made two of them. The first is based on old print technology, the two-thirds keyboard [2], which involved creating his own keycaps. And then there is his pocket typewriter [3], which is exactly what it is—a manual typewriter that fits in your pocket. It’s mad stuff, but it’s fantastic at the same time.

      • Internet/Gemini

        • Newsgroups on Usenet

          Later the ISPs stopped providing newsgroups server, so I stopped using usenet. I didn’t know where to find a good newsgroups server until now.

* Gemini (Primer) links can be opened using Gemini software. It’s like the World Wide Web but a lot lighter.

LastPassing the Liability During Holidays

Posted in Deception, Security at 5:21 am by Dr. Roy Schestowitz

Video download link | md5sum 6f9d4e69047e26d649a3053f33c4e035
Paying the Cost of Bad Management
Creative Commons Attribution-No Derivative Works 4.0

Summary: The Sirius ‘Open Source’ status quo is shaken further by admissions from LastPass itself that it had suffered a major security breach, vindicating me after disputes with deeply misguided management, mesmerised by buzzwords and fashionable hype waves

UNDER the guise of “cost-savings” (which was a lie, no money was saved in the long run) Sirius was outsourcing almost everything, in effect replacing Free/libre software with proprietary software. The surveillance and security aspects are rearing their ugly head again and nobody wants to accept responsibility for it. Instead it’s all cover-up.

The video above covers about half a dozen blog posts — the very latest writings on the matter. We weren’t planning to do this on Christmas Eve, but LastPass intentionally waited until the holidays before delivering the bombshell. It hoped not many people would cover this and, in turn, not many people would become aware.

IRC Proceedings: Friday, December 23, 2022

Posted in IRC Logs at 2:03 am by Needs Sunlight

Also available via the Gemini protocol at:

Over HTTP:

HTML5 logs

HTML5 logs

#techrights log as HTML5

#boycottnovell log as HTML5

HTML5 logs

HTML5 logs

#boycottnovell-social log as HTML5

#techbytes log as HTML5

text logs

text logs

#techrights log as text

#boycottnovell log as text

text logs

text logs

#boycottnovell-social log as text

#techbytes log as text

Enter the IRC channels now

IPFS Mirrors

CID Description Object type
 QmeyBXsmJZWsnebZ76SiLuw9Jn6nAdZ1vy6PAqHsEFWd3A IRC log for #boycottnovell
(full IRC log as HTML)
HTML5 logs
 QmeVKWsLC8QqfRnaXEGWr2zY12idbYj3nAGfejua23YQWP IRC log for #boycottnovell
(full IRC log as plain/ASCII text)
text logs
 QmWYHVbQeJPdGSxdtdMi869QocB8z9XdJYCHuZRJD55Fp4 IRC log for #boycottnovell-social
(full IRC log as HTML)
HTML5 logs
 QmSi4Pvjf6PQi7r3UWzvquS6KGsghBZ5u1DTQdKRyt2LSj IRC log for #boycottnovell-social
(full IRC log as plain/ASCII text)
text logs
 QmToDUwzMhATjgi8zNowT5kFpENvtfg4iBGqVnuDfRVHy9 IRC log for #techbytes
(full IRC log as HTML)
HTML5 logs
 QmRVzUwVS598AFUyyBmTSJXtsTRpF6uzDJMUDFrLkL6rRP IRC log for #techbytes
(full IRC log as plain/ASCII text)
text logs
 QmeXJVK9J6XSydZYogdU39TivXwjqiHGyWaSQbph3FdHGa IRC log for #techrights
(full IRC log as HTML)
HTML5 logs
 Qmed3zaBMSq8X3ygM9c7YKuBvdA5KhpY4Gk1hzQrmDqU4t IRC log for #techrights
(full IRC log as plain/ASCII text)
text logs

IPFS logo

Bulletin for Yesterday

Local copy | CID (IPFS): QmYTdvgUUtSuvEKMNdZJRgJFYocLqB3fhxmt8qv13qfA9k

[Meme] Sirius CEO: LastPass is Safe, According to LastPass Itself

Posted in Security at 12:33 am by Dr. Roy Schestowitz

Real message:

Sirius CEO on LastPass

Summary: Sirius ‘Open Source’ isn’t interested in people who actually investigate facts (they put them down and threaten them instead); as a result, clients of Sirius are impacted by a mega-breach at LastPass

Bonus: in defiance of ISO guidelines, Sirius was sharing passwords and accounts among colleagues to ‘save money’.

LastPass Breach and More Collaterals, Beyond LastPass: How Sirius ‘Open Source’ Causes Security Headaches/Breaches for Clients (Without Even Telling Them!)

Posted in Deception, Security at 12:02 am by Dr. Roy Schestowitz

Date: Tue, 30 Aug 2022 09:00:50 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; 
rv:1.7.6) Gecko/20050317 Thunderbird/1.0.2 Mnenhy/
From: Roy Schestowitz
Subject: Handover to Shift 2 (30/08/22)
To: [whole team]



users need to change all the passwords they have 
there and not keep them there if they value real 
security not paper mills.

Summary: Sirius ‘Open Source’ failed to protect its clients. While in Sirius I’ve been warning management about this for 4 years; all I received for these warnings was a bunch of threats against me (for raising and politely bringing up the subject).

TODAY is a holiday here, but the subject cannot be left aside. The saga cannot be paused because the holidays are being exploited by truly nefarious companies for cover-up.

Those who are following Daily Links may have noticed already that there are further admissions of a breach at LastPass; mind the timing… just before the most major holiday, probably by intention (it’s a well-known Public Relations or “disaster mitigation” strategy).

“Suffice to say, in the case of security breaches, people must be informed as soon as possible so that they can take action.”We’ve decided that it would be better not to surrender to such “strategic timing” tricks. The revelations were scheduled to be accompanied by PR, complete with “waffle” and face-saving lies (postponed for months… to be explained much later). Suffice to say, in the case of security breaches, people must be informed as soon as possible so that they can take action. But not so with LastPass! It would not be the first company to do so. They just wish to say they said something (without anyone truly noticing), at least in retrospect. It’s in-hindsight optics.

But this post isn’t primarily about LastPass itself; it is a bigger blunder that a company which calls itself “Open Source” actively outsourced away from Open Source to this highly untrustworthy company. The CEO of “Sirius Open Source” [sic] was even trying to defend all the LastPass lies, just as he doubles down on his own lies routinely. He is a pathological liar, so he can probably relate to those who do the same at LastPass.

What we’re seeing at LastPass is just face-saving admissions to clean their hands and claim they were “transparent” and complied with the law (to avoid fines/penalties). But we might not see much press coverage about this; journalists (what’s left of them) are already on holiday. The editors won’t pick any stories from them, no matter how important or urgent those stories may be. Heck, not many people will read the news, either!

“What we’re seeing at LastPass is just face-saving admissions to clean their hands and claim they were “transparent” and complied with the law (to avoid fines/penalties).”As we shall show, in light of more incidents and few reports (far too few), the time to cover this is tonight, not next month as expected/scheduled.

LastPass has certainly failed, but so did Sirius. Sirius cannot claim to be a passive victim here!!

Sirius was picking on the people who reported that LastPass had suffered a security breach and wanted to do the right thing about it. That’s me. In this particular case it’s not the fault of another company but the fault of Sirius for putting all the passwords “in the cloud” in spite of repeated warnings from its long-serving and loyal staff. Honest staff.

LastPass users: Your info and password vault data are now in hackers’ hands - Ars Technica

Having cautioned about LastPass, which had already suffered breaches, I was repeatedly threatened in video calls for doing what’s right. Of course those video calls were done using proprietary software — that’s what Sirius was becoming. Of course they said I’d receive a copy of the recording but never received any! At Sirius, the lying and deceit had become routine, they ultimately became the norm. In a company where about half the staff goes by the name “manager” the only way to progress was to participate in the lying.

So what happens now? Well, Sirius could get sued by the clients, not just asked for a refund, for misinforming and neglecting systems, even abusing people who cautioned about this internally. I don’t intend to contact clients personally, but maybe they will realise this regardless (by serendipity). What about ISO? Will it revoke certifications? We’ll cover this in a separate part next month.

Do not expect much press coverage about LastPass, owing partly to timing. From the latest Daily Links:

  • LastPass has been breached: What now? | Almost Secure

    If you have a LastPass account you should have received an email updating you on the state of affairs concerning a recent LastPass breach. While this email and the corresponding blog post try to appear transparent, they don’t give you a full picture. In particular, they are rather misleading concerning a very important question: should you change all your passwords now?

  • The Problem With Password Managers

    During the recent LastPass breach, it was finally revealed that the password vaults were leaked. The company is still downplaying this, but the time to take action is NOW.

I cautioned about this internally about half a dozen times (the LastPass breaches alone), but nothing was done by any of the managers. So they’re all culpable. They all failed to act. One of them, who lies routinely, said that according to LastPass, LastPass is OK and things are safe. They’re just lying to everyone, like he habitually does. Cover-up basically.

“My latest warning about LastPass came about 1-2 days before I left the company.”Sirius is a disaster, it is a catastrophe, and it’ll never admit it. So someone needs to say this out loud. They’re probably still covering up for Sirius and its misguided use of LastPass, strictly hiding it from most of the clients (as usual).

My latest warning about LastPass came about 1-2 days before I left the company. I reproduce my full message below, but bear in mind that some of the pertinent details will be shown next month when we’re done with the report and move on to bigger issues:


I’ve been receiving some relatively solid and professional legal advice for several weeks already. To put it quite bluntly, the impression legal professionals get is that the company cannot afford lawyers and thus makes wild guesses, based on a gut feeling at best.

In Rianne’s case, the allegations are shockingly weak. This, in turn, makes the trail of correspondence work very strongly in our favour. We’re not impulsive, we just follow the law. We’ve both followed the law all along. We know our rights and we have people to assess the law.

The latest invitation is legally problematic for several distinct reasons. It would not constitute a fair ‘trial’, on a number of different grounds. What you’re trying to apply here is the controversial Reid method, which isn’t just notorious but also unlawful in some jurisdictions. No proper protocols and procedures were followed until (probably due to a lack of legal advice) more recently. In fact, “Investigation Meeting” suddenly and disingenuously became “Disciplinary Hearing”. The process embarked upon did not respect the employee’s right to privacy (setting out the importance of confidentiality) and it seems to be more of a personal vendetta than a real, justifiable case.

Regarding any such hearing, where possible the employer should get somebody who’s not involved in the case to carry out the investigation, for example another manager or someone from HR. HR does not exist in Sirius per se, so the company needs to contract outwards, just like several years ago where HR sided with us, not with the harasser in chief. We never received an apology after that incident. And moreover, I wish to make it known that I am referring to a single example of many such incidents. I can elaborate later.

The sudden and very much unprovoked-for suspension is problematic on a number of legal grounds. There’s consensus among legal professionals (visited or spoke to several) that it was inappropriate and over the top. Perhaps the purpose of it was to obstruct the accused from accessing defensive/supportive evidence. There’s no reason for a suspension of someone who for 12 years never ever did something “dodgy” to company or client assets; quite the contrary. Unless the employer thinks there is a risk that the employee might tamper with evidence or influence witnesses, a suspension is entirely unnecessary. I have no history of tampering with evidence or influencing witnesses. In fact, the “evidence” presented (only a fortnight later!) is actually controlled by me rather than the company. The IRC logs are very informal and have nothing to do with Sirius.

There is also consensus that what’s proposed constitutes a kangaroo court and the reason you don’t want an independent HR agency to handle this (like before) is that the case will be thrown out with prejudice and the company may be held accountable for a lot more than just frivolous accusations and moral damages (twofold).

On deciding whether to suspend an employee, there are also clear legal guidelines. If there’s a serious issue or situation, an employer might consider suspending someone while they investigate. But in this case, the nature of the accusations makes it abundantly frivolous. An employer should consider each situation carefully. Suspension will only be needed in some rather rare situations. This is why, right from the very beginning, the letters and demands sent were legally invalid. If an employer feels they need to suspend someone, it’s important to consider alternative options to suspension and the wellbeing of the person they’re thinking of suspending (unless the intention is to shock and seek reprisal). The employer should think about who will handle matters if further action is needed, but in this case it seems like one or two person control the process from beginning to end. Where possible, a different person should handle each step of the disciplinary procedures: the investigation, the disciplinary hearing and outcome, and the appeal hearing (if an appeal is raised).

It might moreover be useful to document (e.g. write in great length) and to show a clear, systematic pattern; I can prove and neatly present a pattern of evidence which points to the actions by the CEO being vindictive. It would not be unprecedented either. Expect a 50-page report quite soon. A legal team is looking into it.

The process has in general been a travesty and a potential source of disgrace to the company. In this particular case, someone acting as a judge for oneself is not looking good. In principle, recusing oneself is one option, but the process is already tarnished by irregularities that hamper any perception of objectivity and fairness.

This is not a good way to end a relationship with the company. It didn’t have to end like this.

A good company values its workers, listens to workers, instead of treating them like enemies to be deceived and marginalised. Apropos, only minutes ago:
If only someone kept warning that LastPass was trouble…

That “someone” was only ever me, raising the alarm like half a dozen times. I still have copies of messages warning against this. Or reporting the incidents spotted in LastPass (at the time LastPass was gaslighting the reporters).

Remember that LastPass wasn’t just adopted to store Sirius account credentials; clients’ credentials (for full access to machines) were outsourced to LastPass, likely without their knowledge. In other words, if LastPass breaches resulted in breaches of customers’ systems, they might not even know it was the fault of Sirius. They might not know passwords of theirs ended up in LastPass.

Here are more recent reports (around the time I left) about the breach:

  • Major password manager LastPass suffered a breach — again

    LastPass, a major password manager, says it has suffered its second breach in three months by the same unauthorized party.

  • LastPass claims no data was compromised despite cybersecurity attack

    Was the security breach of LastPass limited? In its official statement, the company said that the breach was limited to the development environment and couldn’t reach the customers’ data and encrypted passwords. The company didn’t specify what information was accessed as the investigation is currently ongoing. It further stated that the production environment lies in a different physical environment than the development environment.

  • LastPass Password Manager | HACKED!..Again – Invidious

    In this video, we check an article on how the world-leading password manager, LastPass, became the victim of a security breach again. LastPass is owned by GoTo and boasts over 25 million users, and serves around 80,000 businesses worldwide.

LastPass Password Vaults Stolen By Hackers—Change Your Master Password Now - Forbes

The denials from LastPass were basically lies. It doesn’t matter how many facts one presents to Sirius management, it’ll still never admit mistakes and move to something safe, self-hosted, and “Open Source” (like the company’s name). Passwords used to be stored in a wiki (Foswiki) behind a VPN and it was initially self-hosted. Better solutions exist now, e.g. Bitwarden. As this weeks-only coverage from “It’s FOSS” put it, “Bitwarden gets better every day, making things more convenient.”

“It’s not about a lack of features; it’s about a lack of real leadership in Sirius.”Sirius could use Bitwarden or many other things.

It’s not about a lack of features; it’s about a lack of real leadership in Sirius. Bitwarden has a lot of good features. To quote the above: “Bitwarden is easily the most popular open-source password manager right now. It is simple to use, cost-effective, conveniently available on mobile/desktop, and secure enough for most common use cases. While it already supported passwordless authentication techniques like fingerprint sign-in, Face ID, PIN, on mobile/desktop, it now has a new addition.”

Sirius also rejected FOSS for communications, despite several members of staff pushing for FOSS and volunteering to install FOSS. Lip service isn’t enough.

To quote the CEO would be worthless (no point pasting E-mail) because he responded with no substance, only a link that parrots lies from LastPass itself.

Hackers stole encrypted LastPass password vaults, and we’re just now hearing about it - The Verge

In spite of this apathy, the subject was again mentioned in handovers and various other means, not just E-mails, only to be dismissed or ignored. If clients lost or lose (or will lose) control of their systems, Sirius is likely to blame. Some crackers out there probably have a list of all the passwords of all the important machines of clients, sometimes even private keys!

This is what happens when companies implement “Mickey Mouse” security and clients trust such “Mickey Mouse” companies to manage their critical systems.

Sirius is of course still not interested in facts or actual news. Expect Sirius management to dismiss the latest revelations as not important and resort to defamatory ad hominem against the messengers, i.e. the usual.

“Some time next month we’ll cover “Communication Tools” at Sirius and how much further the privacy/security failure goes.”It’s worth noting that, from a purely legal point of view, we didn’t even inform the clients about: 1) the breach; 2) the passwords being there, possibly without their knowledge or consent.

The issues go far further than password management, but LastPass is what’s in the news right now. It’s worth adding that Sirius uses LastPass in ways it ought not be used, e.g. if they are setting up a new client in OTRS they send the password to LastPass (via LastPass to client). “Mickey Mouse” all over this thing!

Some time next month we’ll cover “Communication Tools” at Sirius and how much further the privacy/security failure goes.

Screenshot credits: LastPass Password Vaults Stolen By Hackers—Change Your Master Password Now – Forbes, LastPass users: Your info and password vault data are now in hackers’ hands – Ars Technica, Hackers stole encrypted LastPass password vaults, and we’re just now hearing about it – The Verge

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts