Bonum Certa Men Certa

Links 17/12/2020: Mesa 20.3.1, Ubuntu Touch OTA-15 and More



  • GNU/Linux

    • Desktop/Laptop

      • Chrome OS Developers highlight the Linux terminal in new promo video

        Google rolled out the new Terminal 2.0 for Crostini Linux back in late July and with it came some much-needed UI improvements to make the Chrome OS developer environment a little more user-friendly. With the update, users can now customize the terminal as well as open multiple terminal instances in a single window. Most of it is simply for show and has little to do with the functionality of the Terminal app but you can access and customize keyboard shortcuts to curate your personal workflow.

    • Server

      • Third Party Device Metrics Reaches GA

        With Kubernetes 1.20, infrastructure teams who manage large scale Kubernetes clusters, are seeing the graduation of two exciting and long awaited features...

        [...]

        Many of the features related to fundamental device support (device discovery, plugin, and monitoring) are reaching a strong level of stability. Kubernetes users should see these features as stepping stones to enable more complex use cases (networking, scheduling, storage, etc.)!

        One such example is Non Uniform Memory Access (NUMA) placement where, when selecting a device, an application typically wants to ensure that data transfer between CPU Memory and Device Memory is as fast as possible. In some cases, incorrect NUMA placement can nullify the benefit of offloading compute to an external device.

        If these are topics of interest to you, consider joining the Kubernetes Node Special Insterest Group (SIG) for all topics related to the Kubernetes node, the COD (container orchestrated device) workgroup for topics related to runtimes, or the resource management forum for topics related to resource management!

      • Inexpensive highly available LXD cluster: Redundancy

        In the previous post I went over the reasons for switching to my own hardware and what hardware I ended up selecting for the job.

        Now it’s time to look at how I intend to achieve the high availability goals of this setup. Effectively limiting the number of single point of failure as much as possible.

        [...]

        On the compute side, I’m obviously going to be using LXD with the majority of services running in containers and with a few more running in virtual machines.

        Stateless services that I want to always be running no matter what happens will be using anycast as shown above. This also applies to critical internal services as is the case above with my internal DNS resolvers (unbound).

        Other services may still run two or more instances and be placed behind a load balancing proxy (HAProxy) to spread the load as needed and handle failures.

        Lastly even services that will only be run by a single instance will still benefit from the highly available environment. All their data will be stored on Ceph, meaning that in the event of a server maintenance or failure, it’s a simple matter of running lxc move to relocate them to any of the others and bring them back online. When planned ahead of time, this is service downtime of less than 5s or so.

      • Raspberry Pi Hosting Firm miniNodes Grows Up, Gets Proper Data Center | Data Center Knowledge

        The pioneer of selling tiny bare-metal computers as a service expects more growth, fueled by the rise of Arm servers.

    • Audiocasts/Shows

      • Linux Mint 20.1 Beta XFCE

        Today we are looking at LinuxMint 20.1 Beta, the XFCE Edtion It comes with Linux Kernel 5.8 (upgradeable to 5.8), XFCE 4.14, and uses about 600MB of ram when idling. Enjoy!

      • Linux Mint 20.1 Beta XFCE Run Through

        In this video, we are looking at Linux Mint 20.1 Beta XFCE Edition.

      • FLOSS Weekly 609: Open Source Security - Trusting Open Source in Government and Business

        David A. Wheeler, Ph.D., a frequent guest of the show, is now the Director of Open Source Supply Chain Security at the Linux Foundation. Doc Searls and Simon Phipps talk to David about that and many related efforts he's involved with at the Linux Foundation, including the Open Source Security Foundation (OpenSSF), LF Energy, LF Public Health, and the CII Best Practices badge project. That's in addition to his work teaching development of secure open-source software, a study he co-authored with Harvard on OSS contributors, and both enduring and rapidly changing approaches to software development education in a time twisted by a global pandemic.

      • Installation And First Look Of NuTyX

        I'm taking a quick first look at a Linux distribution that I haven't tried before. That distribution is NuTyX. It's country of origin is Switzerland, and the distro is based on Linux From Scratch. It has its own package manager called "cards". It also uses BusyBox.

      • Desktop Linux Will Never Matter To The Linux Foundation

        I don't know why this keeps being news, the Linux Foundation doesn't care about desktop linux this should be evident from who funds the organisation and who is on the board of directors but every year it comes out that the Linux Foundation has made their report on Mac OS surprising more people than it should

      • Why you should patch CVE-2020-1971 (and how KernelCare+ can help)

        On December 8th, OpenSSL revealed vulnerability CVE-2020-1971, which can cause a denial of service attack on unpatched web servers. Although not a data-leakage bug, this vulnerability could bring down an application via a malicious certificate, so it's important to understand the basics of it and why patching it is important.

      • Open Source Security Podcast (Josh Bressers): Episode 242 – Door 17: Vulnerability response

        Josh and Kurt talk about vulnerability response. What is it, what does it mean, how does it work

      • The Linux Link Tech Show Episode 885

        selling stuff, linux phones, service now, network improvements, ps5

      • mintCast 350 – Rocky Road Ahead

        First up, in our Wanderings, Joe preps for 3D work and does some Audio editing, Tony gets older and has a new toy to play with, Bo has been educating himself, Moss destroys his wife’s computer by accident, and Josh was a little late.

        Then in the news, We have the latest Mint newsletter, Cinnamon 4.8 arrives, Elementary OS goes Pi, and much more

        In security, we shed some light on Oblivious DNS over HTTPS

      • Seduced by The Snake | Coder Radio 392

        Mike recalls how he accidentally converted his development shop into a Python house, and Chris experiments with his Minium Viable Robe.

    • Kernel Space

      • Linux 5.11 HID + Input Changes Bring Inhibiting Support, AMD Sensor Fusion Hub - Phoronix

        The input subsystem changes for the Linux 5.11 kernel have now been submitted and merged. Along related lines, the HID subsystem changes were also submitted with notable updates as well.

        On the input side with Linux 5.11 a new feature is the "inhibited" feature to temporarily disregard input from select devices. The use-case for this inhibited input device support is for devices like 2-in-1 laptops where the laptop may be folded underneath the device at times and during that period no input events should reach user-space as it would amount to accidental input. With today's devices there are also other similar setups where at times you may want to avoid any input events from a given device or to prevent it from potentially waking the system. This inhibited input support was spearheaded by Google's Chrome OS engineers.

      • AMD Frequency Invariance Support Comes With Linux 5.11 - Phoronix

        The previously reported on work for frequency invariance calculations for AMD CPUs with a focus on the AMD EPYC 7002 series has been merged for Linux 5.11 as part of the "sched/core" material.

        Following all of the Intel Linux kernel work in recent months around frequency invariance handling for more accurate load tracking and making more accurate frequency scaling decisions, the initial AMD implementation is here with Linux 5.11 as part of the core scheduler updates. In basic terms, the frequency invariance calculation is for addressing the issue of tasks appearing larger if the CPU is running slower so the frequency invariance takes into account the current frequency relative to the maximum possible frequency.

      • XFS, stable kernels, and -rc releases

        Ever since the stable-update process was created, there have been questions about which patches are suitable for inclusion in those updates; usually, these discussions are driven by people who think that the criteria should be more restrictive. A regression in the XFS filesystem that found its way into the 5.9.9 stable update briefly rekindled this discussion. In one sense, there was little new ground covered in this iteration, but there was an interesting point raised about the relationship between stable updates and the mainline kernel -rc releases. In the beginning, stable updates were restricted to critical fixes only, but the rules were relaxed over time. The patches merged for stable updates now are often automatically selected using a machine-learning system; others are picked because they look like they fix something somewhere. The result has been a massive increase in the number of patches going into the stable updates; the 5.9.x series has had over 1,900 patches applied through 5.9.11, while the delta between 4.9 and 4.9.246 is well over 18,000 patches.

        Incorporating all those patches undoubtedly has the effect of increasing the number of useful fixes in the stable releases, which is a good thing. But it also increases the chances of merging bad patches that provide users with something other than the problem-free experience they were looking for.

        For example, this XFS "fix" was posted to the linux-xfs list on November 9; it was reviewed, applied, and eventually pushed to the mainline four days later, where it appeared in the 5.10-rc4 release. On the 17th, Greg Kroah-Hartman included this patch in the 5.9.9 review cycle, along with 254 other fixes. No objections were raised, and the patch was part of the 5.9.9 release on the 19th, ten days after it was originally posted.

      • Sidestepping kernel memory management with DMEMFS

        One of the kernel's primary jobs is to manage the memory installed in the system. Over the years, though, there have been various reasons for removing a portion of the system's memory from the kernel's view. One of the latest can be seen in a mechanism called DMEMFS, which is being proposed as a way to get around some inefficiency in how the kernel keeps track of RAM. In the early years, the motivation for hiding memory from the kernel was to avoid the problems caused by fragmentation. Allocating large contiguous areas tended to be nearly impossible after a system had been running for some time, creating problems for hardware that absolutely could not function without such areas. Once upon a time, an out-of-tree patch called "bigphysarea" was often used to reserve a range of memory for such allocations; since the kernel did not get its hands on this memory directly, it could not fragment it. LWN first captured a bigphysarea announcement in 1999, but the patch had been around for some time by then.

        In the relatively recent past (2010), the contiguous memory allocator (CMA) patches provided a similar functionality using the same technique. Since then, though, the problem of allocating large contiguous areas has gotten much smaller. The kernel's own defragmentation mechanisms have improved considerably, and simply having more memory around also helps. CMA now relies on compaction and no longer uses a carved-out memory region.

        DMEMFS has a different motivation. The kernel tracks memory via a data structure called the "memory map", which is essentially an array of page structures. A great deal of information is packed into this structure to tell the kernel how each page is used, track its position on various lists, connect it to its backing store, and more. Much effort has been expended over the years to keep struct page as small as possible, but it still occupies 64 bytes on 64-bit systems.

      • The future of 32-bit Linux

        The news for processors and system-on-chip (SoC) products these days is all about 64-bit cores powering the latest computers and smartphones, so it's easy to be misled into thinking that all 32-bit technology is obsolete. That quickly leads to the idea of removing support for 32-bit hardware, which would clearly make life easier for kernel developers in a number of ways. At the same time, a majority of embedded systems shipped today do use 32-bit processors, so a valid question is if this will ever change, or if 32-bit will continue to be the best choice for devices that do not require significant resources.

        To find an answer, it is worth taking a look at different types of systems supported in Linux today, how they have evolved over time with the introduction of 64-bit processors, why they remain popular, and what challenges these face today and in the future.

      • Understanding 52-bit virtual address support in the Arm64 kernel

        The introduction of 64-bit hardware increased the need to handle larger address spaces.

      • Graphics Stack

        • [Mesa-dev] [ANNOUNCE] mesa 20.3.1
          Hi list,
          
          

          I'd like to announce mesa 20.3.1, which is now available for download. We've got lots of good stuff here; iris, panfrost, aco, radeonsi, nir, softpipe, zink, core gallium, st/mesa, turnip, android, meson, and plenty of radv fixes.

          Cheers, Dylan
        • Mesa 20.3.1 Released With Several RADV Fixes, Other Driver Updates

          Mesa 20.3 shipped earlier this month while those waiting for the first point release to upgrade to this quarterly series can now safely make the shift as Mesa 20.3.1 was released today.

          Mesa 20.3.1 was released today with a wide assortment of fixes throughout this collection of predominantly OpenGL and Vulkan drivers. The RADV Radeon Vulkan driver stands out with having a number of fixes -- there are some Next-Gen Geometry (NGG) fixes as well as for now marking GFX10.3 / RDNA2 as a non-conformant Vulkan implementation since it hasn't officially passed the Vulkan CTS yet. Plus there are other RADV fixes as well as for the ACO compiler back-end.

        • Mike Blumenkrantz: Pointers

          This is the journey of how zink-wip went from 0 fps in RPCS3 to a bit more than that. Quite a bit more, in fact, if you’re using RADV.

          As all new app tests begin, this one started with firing up the app. Since there’s no homebrew games available (that I could find), I decided to pick something that I owned and was familiar with. Namely a demo of Bioshock.

        • NVIDIA CUDA 11.2 Released For Further Enhancing Its Proprietary Compute Stack - Phoronix

          In addition to the NVIDIA 460 series Linux beta driver being released this week, CUDA 11.2 has also made its debut for Windows and Linux.

    • Instructionals/Technical

      • How To Install Spotify on Linux Mint 20 - idroot

        In this tutorial, we will show you how to install Spotify on Linux Mint 20. For those of you who didn’t know, Spotify is a digital music streaming service that gives you instant access to millions of songs, from old classics to the latest hits. You can stream everything, upgrade and sync tracks and playlists offline, or purchase individual tracks to keep forever.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of Spotify music streaming on a Linux Mint 20 (Ulyana).

      • Boost Up Productivity in Bash - Tips and Tricks | Linux Journal

        When spending most of your day around bash shell, it is not uncommon to waste time typing the same commands over and over again. This is pretty close to the definition of insanity.

        Luckily, bash gives us several ways to avoid repetition and increase productivity.

        Today, we will explore the tools we can leverage to optimize what I love to call “shell time”.

      • How to Disable IPv6 on RHEL/CentOS 8

        IPv6 (Internet Protocol Version 6) is an internet protocol that routes traffic and provides an identification and location system for computers on networks. It has long been touted that IPv6 will replace IPv4, but we are not there yet. Disabling IPv6 on your system is actually quite straightforward.

      • How to Use the nmap Command | Linuxize

        Nmap is a powerful network scanning tool for security audits and penetration testing. It is one of the essential tools used by network administrators to troubleshooting network connectivity issues and port scanning .

        Nmap can also detect the Mac address, OS type , service version, and much more. This article explains the basics of how to use the nmap command to perform various network tasks.

      • How to install Audacity 2.4.2 on a Chromebook

        Today we are looking at how to install Audacity 2.4.2 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • How to install Linux Kernel 5.10 on Ubuntu 20.04 LTS - Linux Shout

        Recently, Linus Torvalds has released the long term supported version of Linux Kernel i.e 5.10. In this version, the set_fs () mechanism is set to be removed, however, not for all but at least on some CPU architectures will. The current Linux kernel 5.10 supports the ARM Memory Tagging Extensions (MTE).

        The kernel also supports the start of RISC-V systems with EFI for the first time. AMD’s encryption for virtualization (SEV) now also supports the encryption of processor registers of guest systems.

      • Autofs instead of fstab - blog'o'less

        There is an inefficient way to mount external storage (local or remote). An hard to die habit: fstab. Let’s try autofs.



      • How to install Libreoffice in kali linux using terminal - Linux Shout

        Kali Linux which is one of the popular distros for hacking and penetration testing doesn’t come with office software out of the box. Thus, we can install LibreOffice on Kali using just one command on the terminal, if you want.

        LibreOffice is another widely used free and open-source office after Apache OpenOffice. It is one of the best alternatives to the Microsoft office program in the free category. It comes with all modules we need to perform document-related tasks. From word processing to spreadsheets and the development of presentations, all areas are covered.

      • Moving things around in OpenStack | Adam Young’s Web Log

        While reviewing the comments on the Ironic spec, for Secure RBAC. I had to ask myself if the “project” construct makes sense for Ironic. I still think it does, but I’ll write this down to see if I can clarify it for me, and maybe for you, too.

        Baremetal servers change. The whole point of Ironic is to control the change of Baremetal servers from inanimate pieces of metal to “really useful engines.” This needs to happen in a controlled and unsurprising way.

        Ironic the server does what it is told. If a new piece of metal starts sending out DHCP requests, Ironic is going to PXE boot it. This is the start of this new piece of metals journey of self discovery. At least as far as Ironic is concerned.

        But really, someone had to rack and wire said piece of metal. Likely the person that did this is not the person that is going to run workloads on it in the end. They might not even work for the same company; they might be a delivery person from Dell or Supermicro. So, once they are done with it, they don’t own it any more.

      • Getting SweetHome3D To Run on Fedora 33

        When I tried running SweetHome3D, I got two different problems depending on which of the scripts I tried. I eventually was able to get ./SweetHome3D-Java3D-1_5_2 to run.

    • Games

      • Great nonogram puzzler Pixross from Kenney is now on Steam and upgraded | GamingOnLinux

        After releasing for itch.io first Pixross, the nonogram puzzle game from Kenney, has now hopped on over to Steam and it also had a sweet upgrade for both stores.

        "Pixross is a picture logic puzzle game featuring 150+ unique puzzles, customization and extra challenges for each puzzle. Unlock new puzzle packs or customization options by completing puzzles!"

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • GTK 4.0 Released, One Month After GIMP Finally Switched to GTK 3.X

          The GTK development team has just announced GTK 4.0; The latest stable version of the popular graphical user interfaces development toolkit. After 4 years of continuous work, the GTK 4.0 series brings tremendous changes over the GTK 3.X branch.

          You can read more about these changes in details from the official GTK blog post, which we’ll not copy here since you’d need to see the detailed videos and screenshots by yourself.

          However, there are some interesting remarks about GTK 4.0

        • Who Wrote GTK4

          GTK 4 has been a colossal, multi-year development endeavor that started in October 2016 and ended in December 2020. Now that the 4.0 release is finally out, it’s time to look back to the incredible amount of work done by hundreds of contributors over these four years.

          Back in 2016 we were definitely a bit optimistic on the time table, and thought we would be able to release 4.0 in three years, by the end of 2019. The plan was to start by changing the rendering pipeline of GTK, by moving it to a retained graph of operations that could be submitted to the GPU, as opposed to the immediate mode rendering that we had since the very beginning of the toolkit, and which survived two major API cycles—first by abstracting Xlib drawing commands, and then by moving to Cairo operations. Of course, we also knew we wanted to improve other sub-systems, like input and the windowing system API, to move away from X11-isms and towards a design more in line with the requirements of Wayland (and other windowing systems). What we got, after all was said and done, is a deep redesign of the internals of the toolkit, as well as a different programming model that favors more delegation through ancillary objects, and fewer leaky abstractions and deep type hierarchies; additionally, we pared down the exposed internals, to ensure that the toolkit, and the applications using it, will be more maintainable in the future. The downside is that GTK is less of a “meta toolkit”, whose internal state can be poked at from the outside while expecting to work across multiple releases; that approach was, in the long term, unsustainable given the available resources, and left us unable to optimise or improve the internals of GTK, to the detriment of every user.

    • Distributions

      • IBM/Red Hat/Fedora

        • Fedora and its editions

          Fedora has long had Workstation and Server editions and, back in August, added an edition for Internet of Things (IoT) devices. Those editions target different use cases for the distribution, as does the CoreOS "spin" (or "emerging edition"), which targets cloud and Kubernetes deployments. A proposal to elevate Fedora CoreOS to a full edition as part of Fedora 34 was recently discussed on the Fedora devel mailing list. As part of that, what it means for a distribution to be part of Fedora was discussed as well.

        • Kubernetes predictions for 2021, scientists are joining GitHub, and more industry trends [Ed: Red Hat is boosting Microsoft's proprietary software monopoly (citing marketing material from Microsoft)]
        • Remi Collet: New server for 2021

          I just moved all my web sites to a new server.

          If you read this entry, this means DNS have done their work, and you are connected to this new server.

        • Fedora 33 : Sigil software.

          Sigil is a ePub editor for Linux and omes with powerful features like UTF-16, EPUB 2 spec, and limited EPUB 3 support. The complete control over directly editing EPUB syntax in Code View and Table of Contents generator with multi-level heading support and metadata editor.

        • Should I offload my networking to hardware? A look at hardware offloading

          In this post we'll look at why you should care about network hardware offloading. It is more than networking speeds and bottlenecks.

        • Red Hat Builds a Common Kubernetes Foundation for Windows and Linux Container Workloads with Windows Containers Support for Red Hat OpenShift [Ed: Red Hat helping Microsoft]
        • Scaling cloud-native messaging applications with KEDA – IBM Developer

          Great news: you’ve just written your first messaging application with IBM MQ. Your messaging application is well encapsulated, you’ve followed reactive principles, and you’re ready to deploy it to your cloud service. Your code is elegant – it takes a message from a queue, performs a task, and then moves on to the next one. Your application will doubtlessly be efficient and consume tiny amounts of compute resource in CPU and memory.

          As your app runs natively in the cloud, you can expect container orchestration to provide a basic autoscaling mechanism for free. If the container starts to get busy, then Kubernetes will step in to provision more instances of the app. However, in this scenario, we have a different problem: While the system is busy and the app is working as hard as it can, the CPU and memory consumption is low so the autoscaler won’t detect that messages are backing up on a queue. In turn, this can result in a noticeable delay in response times as the increased load is not recognized or in the worst case a full queue that is no longer capable of receiving new messages.

      • Debian Family

        • UCS 5.0 Beta: Preview of the new generation

          We published the last UCS major release (UCS 4.0) in 2016. With UCS 5.0, we have now decided to go for an extensive update of the technical base and design of UCS. The first beta version of UCS 5.0, which has now been released, provides an initial preview of these updates. While testers are invited to try it, app vendors are offered a possibility to port and adapt their software. The beta version gives a glimpse of the new UI design and already provides some of the planned functions. However, this preview is not intended for productive use.

      • Canonical/Ubuntu Family

        • Ubuntu Touch OTA-15 brings bug fixes and support for more phones - Linux Smartphones

          The latest release of Ubuntu Touch for smartphones and tablets is starting to roll out and for the most part this release focuses on stability, bug fixes, and adding support for more devices. But Ubuntu Touch OTA-15 also paves the way for the next few releases, which will bring much bigger changes.

          Probably the most interesting things about Ubuntu Touch OTA-15 are that it brings improved support for the Volla Phone and other devices designed to ship with Android 9, and adds support for a few new devices including the Google Pixel 3a and F(x)tec Pro 1 and Pro 1 X.

          [...]

          According to the OTA-15 release notes, the latest stable channel build of Ubuntu Touch now supports smooth audio playback on the Volla Phone, allows pictures taken with the phone’s camera to be rotated correctly, and there are some cellular improvements as well. These changes should hopefully apply to other Android 9 devices as well.

        • Linux Mint 20.1 'Ulyssa' beta launches with new programs

          The Linux Mint project has just released the beta for Linux Mint 20.1. The new beta is available in the Cinnamon, MATE, and Xfce flavours of Linux Mint and aside from desktop improvements, share the same set of new features.

          Neowin has covered some of Linux Mint’s development updates in recent months and the work that went in then has landed in a more mature form in this beta. Highlights include a new Web Apps tool that lets you turn your favourite sites into web apps accessible from the app menu and IPTV program called Hypnotix has been created and items can be marked as favourites in the file manager on Cinnamon.

          Another change in Linux Mint 20.1, which has been known for quite a while now, is the inclusion of Chromium in the repositories. Chromium had previously been removed from the Linux Mint repositories because the maintainers didn’t like that it had Snap dependencies. The Chromium that is now included is compiled directly by the Mint team and updates will be released in a timely manner.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Firefox 85 Will Let You Remove All Saved Logins with One Click, Drops Adobe Flash Support

            Firefox 84 arrived on Tuesday with the WebRender feature enabled by default for some Linux systems using X11 and the GNOME desktop environment, as well as the ability to allocate shared memory on Linux systems for improved performance and increased compatibility with Docker.

            Firefox 84 is also the last version of the popular web browser to support the Adobe Flash Player plugin, which will no longer be supported by Adobe after January 12th, 2021. Therefore, Firefox 85 will be the first release of Mozilla’s web browser to no longer support Adobe Flash Player, which will improve performance and security.

          • 2020 MDN Web Developer Needs Assessment now available

            The 2020 MDN Web Developer Needs Assessment (DNA) report is now available! This post takes you through what we’ve accomplished in 2020 based on the findings in the inaugural report, key takeaways of the 2020 survey, and what our next steps are as a result.

            [...]

            We are aiming to follow up on key findings with further research in the next few months. This will involve picking some key areas to focus on, and then performing user interviews and further analysis to allow us to drill down into key areas of frustration to see what the way forward is to mitigating them.

      • FSFE

        • CWA without Google +++ International development cooperation +++ KDE interview

          Christian Grigis, Fynn Godau, Marcus Hoffmann and Marvin Wißfeld achieved what official bodies have been missing for months: They have made available the German "Corona Warn App" (CWA) for tracing Covid-19 risk contacts in a version that is completely free of dependencies on Google and is available in F-Droid, the Free Software app store.

          Initial release of the CWA was in June and the FSFE's demand that any Corona tracking app must be used voluntarily and be Free Software has been followed. However, the implemented exchange of device keys via Bluetooth, on the basis of which the risk is calculated, is handled by an underlying interface called Exposure Notifications API, which was, significantly, developed by Apple and Google and was largely proprietary. One also had to use proprietary Google Play Services or the iTunes store to install it.

      • FSF

        • IDAD 2020 sent Netflix and DRM a message

          December 4th was the Free Software Foundation (FSF) and its Defective by Design (DBD) campaign's fourteenth International Day Against DRM (IDAD), and we couldn't have done it without your help. Given that we were unable to organize in person this year, the international response of people who digitally stood up against Digital Restrictions Management has been nothing short of inspiring. We were able to come together for a common goal and voice our opposition against DRM.

          Being the International Day Against DRM, it wouldn't be complete without a bit of action. Thanks to the help of our supporters, we were able to send Netflix a strong message about its use of DRM. Given its tremendous resources and influence, Netflix has the opportunity to pave the way and be the first major and globally used DRM-free streaming service. As it currently stands, however, it falls into the trap of restricting what users can and cannot do with their media under the guise of "copyright infringement," something DRM does nothing to combat (and even if it did, would only do so at an unacceptable cost to your freedom). As December 4th also marked the start of Netflix's "StreamFest" promotion in some countries, we wanted to be there to tell it that no use of DRM is acceptable. Together, we were able to make our voices heard. And we're pretty sure they heard us, based on reports of them taking the main phone number we pointed the DRM Elimination crew to offline.

        • John Goerzen: Non-Creepy Technology Purchasing & Gifting Guides

          This time of year, a lot of people are thinking of buying gadgets and phones as gifts. But there are a lot of tech companies that have unethical practices, from terrible working conditions in their factories to spying on their users. Here are some buying guides to help you find gadgets that are fun – and not creepy.

          The Free Software Foundation’s Ethical Tech Giving Guide is a fantastic resource from what’s probably the pickiest organization out there when it comes to tech. Not only do they highlight good devices, they also explain why and why you should, for instance, avoid the iPhone (their history of silencing political activists and spying on users).

          The FSF also has a Guide to DRM-Free Living talks about books, video, audio, and software that respects your freedom by letting you make your own backups, move it to other devices, and continue to use your purchases even if you have no Internet or the company you bought them from goes bankrupt. This is a fantastic and HUGE resource; there are hundreds of organizations out there that provide content in a way that respects your rights — and many of them do it for free, legally, as well.

        • GNU Projects

          • Gnulib can help your C++ programs

            Typically you test your programs on glibc systems. Gnulib helps you to have the same program compile and work fine on other platforms, such as musl libc systems, macOS, FreeBSD, NetBSD, OpenBSD, AIX, Solaris, Cygwin, mingw, MSVC, Haiku, and even Minix and Android.

            To do so, Gnulib implements many functions specified by POSIX or found in glibc if the platforms lacks them, and adds workarounds for bugs in the platform implementations. These substitutes are now (since 2019, actually) available also to C++ programs, if your program accesses these functions directly.

          • GNUHealthCon 2020. Social Medicine in a time of pandemic

            It was not easy… we’re so used to celebrate the GNU Health Conference (GHCon) and the International Workshop on eHealth in Emerging Economies (IWEEE) in a physical location, that changing to a virtual conference was challenging. At the end of the day, we are about Social Medicine, and social interaction is a key part of it.

            The pandemic has changed many things, including the way we interact. So we decided to work on a Big Blue Button instance, and switch to virtual hugs for this year. Surprisingly, it work out very well. We had colleagues from Gabon, Brazil, Japan, Austria, United States, Argentina, Spain, Germany, Chile, Belgium, Jamaica, England, Greece and Switzerland. We didn’t have any serious issues with the connectivity, and all the live presentations went fine. Time zone difference among countries was a bit challenging, specially to our friends from Asia, but they made it!

          • GNU Health pioneers the adoption of WHO ICD-11 and ICHI standards

            The GNU Health project believes in coding standards, specially in those that can be widely used. In 2011, the United Nations University (UNU) adopted the GNU Health Hospital Management Information System (HMIS) component, in part because of its strong focus in social medicine and environmental health, but also because it complied with most of the World Health Organization standards.

            Using WHO standards is key for global health. The GNU Health federation provides timely and accurate health information to citizens and health professionals globally. We are able to generate this large, distributed networks of information thanks to protocols and standards, that permit the aggregation of data from thousands and even millions of nodes.

      • Programming/Development

        • State as Observables, State as Ngrx.

          Observables and Ngrx are complex. As with any technology, it is very very easy to forget what you are trying to accomplish as you wade through the details.

          Start and end by thinking "What do I want to accomplish".

          These tools are capable of taking a very complex problem and simplifying it. That has been my experience.

          But they are also capable of taking a simple situation and making it very complicated.

          Start with defining the State. It is the data the view needs to render over time. How would you think about this problem.

          Where is the data coming from? Usually an api.

          What does the data look like from the api? Usually not what you need for the view, so the observable chain or the reducer functions would take this maybe complex tree and transform it into what your view needs.

        • Perl/Raku

          • A Note On Raku Performance

            Just another day before Christmas and one more great Raku Advent Calendar article: Day 14: Writing Faster Raku code, Part I.

          • Raku Advent Calendar: Day 17: Becoming a Time Lord in Raku

            I’ve lived within a few minutes of a time zone border for most of my life. The way we distinguished time wasn’t with the official monickers of “Eastern” and “Central” time. No, we used the much more folksy (and yet, also much cooler) terms “fast time” and “slow time”. Knowing which zone you were talking about was extremely important as many people like my mother lived in one zone and worked in the other.

            When I started looking at implementing internationalized DateTime formatters in Raku using data from the Common Linguistic Data Repository (or CLDR), I came to a fairly surprisingly realization: Raku doesn’t understand timezones! Sure, DateTime objects have the .timezone method, but it’s just an alias for .offset to figure out the offset from GMT.

            Having lived in countries that did daylight savings time at different times of the year, having family in places in my own zone that don’t observe daylight savings time, and knowing that there are weird places with thirty- and even forty-five-minute offsets from GMT, I knew time zones could be complicated.

          • Perl dying? Well now I don't care

            It is a bit of a long story how I got burned by bad perl internal politics.

            For many years I wanted images in Pod. And many others wanted too. And of course, each time I raised this in lists and on facebook, an answer was, if you want it, go and write it yourself. I would tell that myself, the classic "patches are welcome". Until one day I said, well, now, why actually not, right? Especially that I do have experience in creating and actively using images in pod using various hacks, such as direct inclusion of html with images, and even writing a standalone POD viewer capable of showing said images.

            However as I'm in software development in so many years, I know that just writing whatever image extension I feel like won't get accepted: people won't necessarily agree on the new sytnax, on the way it is implemented, or even on the very fact that the extenision is needed, at all. So I started by carefully asking around these questions everyone on all perl groups I could reach, and even opened a ticket on github to discuss whether image extension for pod is a good and desired thing to do, and what syntax it should have.

            [...]

            However the next step came to be not quite what I expected. Or even worse, it _was_ what I expected, but worked some months in advance to prevent just that. Namely, there started to appear feedbacks that said that they don't want YAML. Well, after having come that far, some would consider it a bit too late probably. But okay, let's find out what the problem is, and let's fix it, and let's move on. But... no. I asked several times what seems to be the problem, and the gist of it seems to be that they just don't want it, without explanation. Just that. Worse, as I understand, this is core people. And so it has halted.

            Boy, this was a disappointment. Did I not ask everyone, everyone I could reach, do you have any objection? Do you mind this? Do you mind that? What is, in your optinion the syntax should be? And only after lots of efforts, it ended like this. I'm angry, I'm frustrated, I don't have any stamina left to ask around again, especially the other side doesn't seem to be interested in dialogue. And why should I, really? When I started with perl in 1997, and went on YAPC conferences, there were so many possibilities to expand the language, and Larry Wall was blessing all kinds of crazy extensions (remember rewrite of perl on C++? that was blessed too). It's a pity that a culture once blossoming turned into this. Probably it needs to die so everyone would understand what was lost. I don't know. And I don't care now.

          • Drawing a blank with XS

            I spent quite a lot of time trying to work out what this error message meant:

            Error: Unterminated '#if/#ifdef/#ifndef' in Libpng.xs, line 1328 The first problem here is that line 1328 is the end of the file, so that wasn't a big help.

            After spending a lot of time counting #if and #endif statements in the file over and over again, in the end I had the bright idea of looking at the actual XS output, and managed to find the problem.

        • Rust

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Security

          • Beyond The Far Side: Thoughts on secure and private machines behind IPFire

            Following a certain unethical logic, it makes sense for an attacker to hit the weakest the hardest. Why bother with a reasonably secure firewall if the system behind it is missing important patches? Why try targeting the skilled IT staff - which will ignore the attempt at best, if not blocking your infrastructure for the entire network - if their stressful HR colleagues click on every link and open every document they see? As important as an IPFire's configuration is, this post focuses on the systems behind such a firewall, considering important aspects in terms of both security and privacy.

            [...]

            It may sound like an eternal mantra, but running closed-source software is a bad thing. While this does not necessarily make open-source software intrinsically secure or better in any terms whatsoever, examining, auditing or customising is easier by an order of magnitude.

            In case the vendor does not ship a security update or does not provide you with an easy solution to turn off unwanted features such as telemetry, then, at least in theory, you have the opportunity to fix that on your own. On the other hand, the vendor's conflict of interest is obvious: People do not pay for security fixes, and in order to make revenue, discontinuing support for older products and making users buy the new ones is a common strategy.

            The privacy side does not look better: German Federal Office for Information Security has been conducting a study on important aspects of Windows 10 in terms of security and digital sovereignty for years - it's abbreviation SiSyPHuS ("Studie zu Systemintegrität, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10", en: "Study on System Integrity, Logging, Hardening and Security relevant Functionality in Windows 10") speaks for itself. Recently having issues with their OCSP server, Apple was found to transmit information of executed applications in clear text every time they are executed, effectively leaking the user's activities and identity (i.e. IP address) to themselves, their CDN (Akamai), and everyone in between.

            In terms of privacy, running those operating systems is not just bad, it's not an option anymore.

            However, running an open-source operating system does not solve the cross-contamination discussed earlier. Running and maintaining a set of VMs just for doing different things is a lot of work both for using and configuring or patching them.

            In the authors opinion, Qubes OS aims to provide a useful and holistic solution to this problem. Trying to separate its users digital life according to his or her analogue one, it makes running and switching between multiple electronic lifes suitable for everyday use.

            Needless to say, this does not come for free - Qubes OS more demanding hardware requirements than common operating systems - and requires some time and effort for setup or customisation, and splitting up data into different VMs. Ultimately, the author believes it is worth the effort for both security and privacy.

          • The future for general-purpose computing

            There can be no doubt that general-purpose computing has been a boon to the world. The ability to run different kinds of programs, from various sources, including bought from companies, written from scratch, and, well, built from source, is something that we take for granted on many—most—of the computing devices that we own. But that model seems to be increasingly disappearing in many kinds of devices, including personal computers, as a recent kerfluffle in the Apple world helps to demonstrate.

            In mid-November, macOS users suddenly started having difficulty launching applications on their systems. It was taking minutes to launch applications and the timing seemed suspiciously aligned with the release of macOS "Big Sur" on the same day. It turned out that Apple's Online Certificate Status Protocol (OCSP) servers were overwhelmed or otherwise non-functional, which led to the problems.

            OCSP is used as part of the process of verifying notarized applications on macOS; those applications are signed by the developer's key. Apple signs the developer's public key, which is contained in a certificate similar to those used by TLS, but the system needs to check to ensure that the key has not been revoked. This check is performed at installation time and then each time the application is run.

            Normally, if the OCSP servers are not available, because they are down or the system is not connected to the internet, the connection will fail, which is treated as a "soft failure" so the certificate is considered valid. That way, the applications open immediately. During the outage, though, the servers were up but not responding correctly, so the applications would not launch until the connection timed out. That raised the visibility of the OCSP checking, which had already been going on in macOS for some time.

            The failure led to a rather over-the-top blog post by Jeffrey Paul that pointed out some major privacy flaws with OCSP, especially in relation to the checking that macOS Gatekeeper does to ensure that applications have valid signatures before running them. Every time an internet-connected macOS system starts an application, an OCSP query with a whole treasure trove of private information is sent to Apple. Obviously, the servers know what date and time the request was made and the IP address from which it was made; the latter greatly narrows down the geographic location of the system in question. There is also a hash sent for the certificate being queried, which Paul inaccurately called the "application hash". All of that gives Apple a bunch of data that folks may not really want to provide to the company, but the OCSP queries are made over unencrypted HTTP. So anyone able to see the traffic (e.g. ISPs, government spy agencies, WiFi hotspot providers) also gets a look at which applications the user is running, when they are running them, and where.

    • Monopolies

      • Patents

        • An Analytic Approach to Patent Eligibility [Ed: When Kevin E. Noonan says "maddeningly difficult to define not what patent eligibility is" he is merely bemoaning the policies not being good for his pockets, rather than matters of "clarity" (the old spin)]

          Part of the problem is that it has been maddeningly difficult to define not what patent eligibility is (you cannot go wrong with "anything under the sun made by man") but rather what it is not. In the high technology class of inventions, this has come down to deciding without defining what an abstract idea is and when its abstractness prevents patent eligibility; see, e.g., "Stupid ۤ101 Tricks"). (The other, related type of ineligible subject matter are business method patents, the exclusion of which is almost categorical (see "Bilski v. Kappos, Alice Corp. Pty. Ltd. v. CLS Bank Int'l"; "CyberSource Corp. v. Retail Decisions, Inc."); this has the benefit is requiring little interpretation and hence maximal certainty regarding what is ineligible.)

          But the ineligibility of the latest iGadget, while sometimes tragic, is not as existentially problematic as the havoc that these precedents have wreaked on life sciences patenting. For both diagnostic methods and to a slightly lesser extent natural products, the philosophically lost proscriptions by the Court, bolstered by plain illogic in district court (see "Ariosa Diagnostics, Inc. v. Sequenom, Inc.") and Federal Circuit (see "Federal Circuit Denies Rehearing en banc in Ariosa v. Sequenom") decisions, has rendered pursuit of patent protection for these inventions to be relegated to the ranks of the foolhardy. The effect on investment and hence progress and innovation has been as expected; perhaps the only silver lining from the SARS-Cov-2 epidemic has been that in the frantic and desperate struggle for both diagnostics and vaccines the usual market forces have been collapsed by government investment (which is not usually a recipe for economic success).



Recent Techrights' Posts

Links 11/10/2024: Discord Still Blocked in Turkey, Google Might be Split
Links for the day
LinuxSecurity (Guardian Digital, Inc) Sloppy With Its 'Linux' Slop
This kind of stuff is killing the World Wide Web and ruins human knowledge
 
Links 11/10/2024: Lots More Censorship and Growing Concerns About Health Impact of Social Control Media
Links for the day
Going Almost 4.5 Decades Back to Find 'Dirt' on a Person
That incident was 42.5 years ago. Is that how far some people would go in an effort to discredit a person?
XBox is Dead. This is Just the Beginning.
the main reason Microsoft bought Activision/Blizzard was to hide the growing losses and failure of XBox
The Risk to the "Linux" Brand
Brands that are not guarded from misuse/abuse will inevitably lose their original meaning and their value
Gemini Links 11/10/2024: Deploying Common Lisp Programs and Examining FreeBSD
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 10, 2024
IRC logs for Thursday, October 10, 2024
[Meme] Chin-dropping and Jaw-dropping (Considerable Drop in Patent Validity and Quality)
This drop is very much intentional
Gemini Links 10/10/2024: Untruth, SSH, Gopher, and More
Links for the day
Geminispace Beyond 4,100 Capsules
4,000 was less than 8 weeks ago
Links 10/10/2024: TikTok's Legal Problems, WeblogPoMo Challenges
Links for the day
[Meme] European Patent Convention and Vienna Convention Became Only Fictions (Laws and Constitutions Are Now Works of Fiction in Europe)
A political crisis and blunder
Almost a Thousand EPO Staff Protesting to EPO Member States That the Office Illegally Grants Software Patents and Other Invalid European Patents
"The outcome confirms that the concerns about the EPO’s ability to grant legally sound patents remain"
Loss of Technical Merit(ocracy)
"buzzword diplomas"
Junk Science
science is being compromised for business purposes
[Meme] Dismantling .io (Stick a Fork, the Hype is Done)
NVIDIA is an excellent new example of hype driving up fictional "value"
UNIX is 55 This Year, It is 6 Years Older Than Microsoft
It should be noted that the surviving co-creator of UNIX, Ken Thompson, 'moved' to GNU/Linux (Debian) in recent years
This Year, for the First Time Since August 2019 (Bill Gates MIT Scandal, Jeffrey Epstein Bribes), libreplanet-discuss Was Inactive an Entire Month
The MIT injustice remains and recent "libreplanet" events were held in a venue that's not MIT and far less prestigious than MIT (the "Wentworth" imitation)
[Meme] Different Ending for Jurassic Park
UNIX in old movies
Evolution of Hype
Passing fads and rebranding
Groklaw Will Hopefully Come Back
Sites should be able to run for decades with hardly any human role/interaction, but that's not where we are...
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 09, 2024
IRC logs for Wednesday, October 09, 2024
World Wide Web: Only Criminals Would Want Real Security and Vouch for Themselves When They Use Encryption
In "modern" browsers, the podlock icon probably does not mean what users might think it means
[Meme] OSI Digging Its Very Own Grave (With Microsoft)
The very latest blog post from OSI is a hoot
Gemini Links 09/10/2024: YouTube Woes, Post-Truth Slop
Links for the day
Geminispace is More Trustworthy (and Private) Than the World Wide Web
Unlike the Web, Geminispace does not route the lion's share of traffic through a collective of spying companies
Nothing Will Be Secure and Robust to Failure Until Microsoft Windows is Eradicated and/or Disconnected From the Internet
Every system has limited capacity, Windows botnets push things to their limits
GNU/Linux Took Off at the BSDs' Expense (Amid Telecom Lawsuit) and the Rivalry Persists Because Microsoft is Negligible in the Server Space
UNIX or POSIX is the future
Links 09/10/2024: Samsung's Fall, Tensions Growing Near China
Links for the day
Gemini Links 09/10/2024: Retroware and gmlgcd 2.0
Links for the day
Links 09/10/2024: Microsoft's Surface Duo 2 Officially Dead, X/Twitter Shutdown in Brazil, and "OpenAI Is A Bad Business"
Links for the day
Technology: rights or responsibilities? - Part III
By Dr. Andy Farnell
[Meme] Bill Gates With a Side of "Linux"
Linux Foundation is trolling us with Bill Gates
Once Again Linux Foundation Makes It Clear It's Being 'Absorbed' by Bill Gates
Linux Foundation devotes about 2% of its budget to Linux
Links 08/10/2024: Australian Fines for Twitter (X), Fake Patent Courts Still Not Scuttled
Links for the day
World Wide Slop
If it quacks like a duck...
IBM is a Boys' Club
If IBM collapsed, the Red Hat engineers who work on GNU and Linux would simply work elsewhere (on the same projects)
The Miserable State of GAFAM
Looking for government handouts
Microsoft is Acting Like a Company That's Running Out of Money (But Still Pretends to be Wealthy in Order to Attract or Retain Shareholders)
Azure has had mass layoffs every year since 2020, yet Microsoft keeps telling shareholders that "clown computing" is growing
Dr. Andy Farnell's Article on Societal Disorganised Attachment and the Role of Social Control Media
The article is quite long and typos were still being fixed as recently as last night
Smear Alert: Linus Torvalds Asking for Better Commit Messages Makes Linus a (Grammar) Nazi
Maybe the "mainstream media" is looking for clickbait or maybe it's actively looking to make a scandal - a phony controversy with which to make the job of coordinating Linux unpleasant
Gemini Links 09/10/2024: Climate Doom and Clagrange
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 08, 2024
IRC logs for Tuesday, October 08, 2024