Bonum Certa Men Certa

Links 6/2/2022: Inkscape 1.1.2 and GNU Guile-SDL 0.6.0



  • GNU/Linux

    • Desktop/Laptop

      • IDC: tablet and Chromebook shipments grew in 2021, but things are slowing down - GSMArena.com news [Ed: IDC is Microsoft mouthpiece]

        2020 was a banner year for tablets with record shipments in the fourth quarter. This was driven by the surge of people who work or study at home due to the pandemic. Now with the pandemic easing off, shipments are slowing down as well, according to data from the IDC.

        2021 was still positive for manufacturers as total shipments went up 3.2% for the full year, reaching a total of 168.8 million. That’s the most slates shipped since 2016. However, the final quarter of the year made it clear that the demand is past its peak.

        In Q4 2021 tablet shipments were down to 46 million units, the first decline since the pandemic began. Also, almost all manufacturers in the Top 5 posted negative year-over-year growth (all but Amazon, which is essentially level with a 1.3% rise).

    • Applications

    • Instructionals/Technical

      • How to Install Slack on Linux: An Easy-to-Follow Guide

        This guide will show you how to easily install the Slack application on both Ubuntu and Debian, as well as RedHat-based distributions such as AlmaLinux, Rocky Linux, and Fedora.

      • How to Create a Network Proxy Using Stream Processor Pipy
      • How to Install ZoneMinder on Ubuntu 22.04 | 20.04 LTS

        Zoneminder is a free and open-source surveillance camera management software available for Linux only. Here we will learn the steps to install ZoneMinder on Ubuntu 20.04 Focal Fossa or Ubuntu 22.04 Jammy JellyFish.

      • How to install Lightworks Video Editor on your Chromebook

        As crazy as it may sound, it has been more than four years since we unearthed the container project that would eventually be responsible for bringing Linux to Chromebooks. It has also given us new tools such as Windows on Chrome OS thanks to the efforts of Parallels. When Google first announced Linux on Chromebooks and the ability to leverage the integrated GPUs on Chrome OS devices, my thoughts immediately went to video editing.

      • How to install GNOME Desktop Environment on Debian 11 | FOSS Linux

        Debian 11 comes with loads of great features for casual and advanced users. Some of these great features that make Debian 11 so attractive are its stability, security, support for many architectures, a great deal of support from the community, and support for multiple Desktop Environments like GNOME, Cinnamon, Xfce, etcetera. It is ideal for servers as well.

        With that said, there is no denying that GNOME is one of the most versatile desktop environments that Debian supports. It is very stable and has tons of customizability options so that you can tweak it to your liking. But still, if you are over the fence about whether you should try the GNOME desktop environment (DE) or not, you can check out this great article that explains in detail ten reasons why the GNOME DE rocks.

    • Games

      • Steam Deck already has more than 100 verified and playable games [Ed: Thousands of games would work OK, but just haven't been officially verified yet]

        Valve officially announced its first portable gaming console, the Steam Deck in July, 2021. The company promised that the console would be able to run AAA titles, mainly games that are already available to be played on PC. The company also recently confirmed that devices would start shipping out to customers by the end of February.

        Valve also launched a Steam Deck Verified program that aimed at testing already existing and future games on the Steam Deck, to ensure that they are playable. Each individually tested game receives a score at the end, which will help gamers know whether their favorite games are supported by default, or if they’re unspotted for various reasons.

      • Valve has over 100 playable games for the Steam Deck

        Valve has tested over 100 games that will work with the upcoming Steam Deck. From the 106 total games that will work, 60 are verified to the highest compatibility - meaning the controller configuration and glyphs will match, the interface is legible and that performance is good.

        There are further 41 games that are playable, which means that depending on the game, some tweaking will be needed to make the game work as intended.

        5 games were deemed unsupported, but 4 of those are VR games, which naturally won't work on the Steam Deck.

      • Valve Just Made Steam Deck’s Secret Weapon Even Better

        Valve's Steam Deck begins shipping out to early adopters at the end of February. And some of you lucky Deck owners might feel tempted to switch over to Windows for 100% game compatibility. But Valve has an awesome (and proven) secret weapon to keep you on Deck's default OS. The Arch Linux-based SteamOS 3.0 now has AMD FSR built in. Here's why that's a big deal.

      • New York Times outlays seven-figure sum for 1,900 lines of JavaScript – yes, we mean Wordle

        Viral online puzzle game Wordle has been acquired by The New York Times Company (NYTCo), publisher of The New York Times.

        The game requires players to guess a five-letter word within six turns – a task made easier by Wordle offering clues that players have chosen letters used in the word, and whether or not they are in the right position. Gameplay is similar to codebreaking pegboard game Mastermind, but with 26 different "pegs" – and of course the answer has to be an English word. A single puzzle is offered daily.

    • Distributions

      • New Releases

        • What’s New in elementary OS 6.1 and Should You Switch?

          The new elementary OS 6.1, codenamed "Jólnir" comes packed with a bunch of new features and updates. Here's everything you need to know.

          elementary OS is a modern-day Linux distro with a slew of innovative features and a gorgeous user interface. It targets users who are coming from either macOS or Windows background. But users of traditional Linux systems will also find elementary OS appealing, thanks to its redefined desktop environment and sleek design language.

          The developers have recently released elementary OS 6.1, dubbed Jólnir. It's the first point release in the 6 series and succeeds elementary OS 6, Odin.

      • IBM/Red Hat/Fedora

      • Debian Family

        • Raspberry Pi OS Is Now Available In Glorious 64-bit – Review Geek

          After a year of beta testing, a stable version of the 64-bit version of Raspberry Pi OS is finally available. This long-awaited operating system increases software compatibility for closed-sourced applications, which are often exclusive to ARM64. Additionally, 64-bit Pi OS should improve benchmark performance (not necessarily real-world performance) thanks to its improved instruction set.

        • Raspberry Pi OS now available in 64-bit, improving app compatibility

          The Raspberry Pi series of single-board computers has been a runaway success over the years, thanks to its fantastic versatility and low cost. From powering DIY electronics projects to functioning as cheap PCs for learning programming, the Raspberry Pi series can do it all, and now another significant upgrade has arrived: a 64-bit version of the default operating system.

          There are a few different operating systems available for Pi boards, including a few attempts at Android, but the default operating system that most people go with is Raspberry Pi OS. Previously known as Raspbian, it’s a Debian-based Linux desktop specifically built for the Pi family. Even though some newer Pi computers have 64-bit ARM CPUs, Raspberry Pi OS has remained only 32-bit, except for beta builds.

          Raspberry Pi said in a blog post (via Ars Technica), “we have continued to build our Raspberry Pi OS releases on the 32-bit Raspbian platform, aiming to maximise compatibility between devices and to avoid customer confusion. […] But we’ve come to realise that there are reasons to choose a 64-bit operating system over a 32-bit one. Compatibility is a key concern: many closed-source applications are only available for arm64, and open-source ones aren’t fully optimised for the armhf port. Beyond that there are some performance benefits intrinsic to the A64 instruction set: today, these are most visible in benchmarks, but the assumption is that these will feed through into real-world application performance in the future.”

        • Raspberry Pi: New 'glorious' 64-bit operating system is available to install | ZDNet

          "Over the past year, we've been trialling a beta of Raspberry Pi OS in glorious 64-bit. Now it's time to open it up to a wider audience," said Raspberry Pi's Gordon Hollingworth.

          He said application compatibility is a "key concern" behind the decision to choose a 64-bit OS over a 32-bit one.

          "Many closed-source applications are only available for arm64, and open-source ones aren't fully optimised for the armhf port," explains Hollingworth, referring to the Debian/Raspbian armfh ports.

          He adds that there are some performance benefits "intrinsic" to the A64 Armv8 instruction set. Today, these gains can mostly be seen in benchmarks, but Hollingworth believes they will become real-world application performance enhancements in the future.

          Another "theoretical concern" was that 32-bit pointers only allow users to address 4GB of memory, which wasn't optimal given developers could use up to 8GB of RAM on the Pi 4. However, as Hollingworth notes, few use cases today require all 8GB of addressable memory from a single process.

    • Devices/Embedded

      • Open Hardware/Modding

        • Raspberry Pi vs. Arduino: Which is best for you? | Android Central

          So you've decided to buy a small single-board computer to use in your great idea. There are plenty to choose from, but the two most popular platforms are Raspberry Pi and Arduino. There are plenty of reasons why they are popular, but the two biggest are price and ease of use. Both are cheap and have a small learning curve, so you can spend time designing the rest of your project instead of learning how to use an SBC (single-board computer). Each has a huge community of helpful users if you get stuck, too.

          You might be thinking that the two are interchangeable and you can buy whichever you want from Amazon, but that's not the case at all. While you can do some of the same things with either board, they're unique and have plenty of differences. The one you need really depends on what you want to do with it.

      • Mobile Systems/Mobile Applications

        • Test 15 different PinePhone operating systems with Megi's latest multi-distro demo image - Liliputing

          Trying out different operating systems on the PinePhone is as simple as flashing a bootable disk image to a microSD card, inserting it in the phone, and powering it on and the instructions for installing an OS to built-in storage are almost as simple.

          Not sure which operating system you want to install though? That’s where a tool like Megi’s multi-distro demo image can come in handy. Instead of flashing a single operating system to a microSD card, this image lets you flash a whole bunch and then choose which one you want to run when you boot your phone. The latest version was released a few days ago, and it contains 15 different operating systems including Arch, Fedora, Mobian, Sailfish, Ubuntu Touch and several different versions of postmarketOS and Manjaro with different user interfaces.

    • Free, Libre, and Open Source Software

      • TriggerMesh, Case Study in Open Sourcing Enterprise Software [Ed: "TriggerMesh is a sponsor of The New Stack." Read as: this is a paid-for puff piece disguised as "journalism"...]
      • Snowflake, AWS Warm Up to Apache Iceberg

        Apache Iceberg emerged as an open source project in 2018 to address longstanding concerns in Apache Hive tables surrounding the correctness and consistency of the data. Hive was originally built as a distributed SQL store for Hadoop, but in many cases, companies continue to use Hive as a metastore, even though they have stopped using it as a data warehouse.

      • Web Browsers

        • The inside story of the browser wars, told by a veteran | TechRadar

          The story of Brendan Eich is in many ways the story of the evolution of the internet and the technologies we use to access it. It is also a story of battles won, lost and soon to play out.

          Eich is best known as the creator of programming language JavaScript, which he developed over a sleepless period of ten days in 1995. At the time, he was working for Netscape, whose web browser dominated the market before Internet Explorer spoiled the party.

          Recognizing that Netscape had lost its way, Eich spun out another project he had been working on, leading to the formation of the Mozilla Foundation. The organization went on to pioneer the concept of browser extensions with Firefox, which quickly became a household name, before it was crushed under the weight of Google Chrome.

      • FSF

        • GNU Projects

          • GNU Guile-SDL 0.6.0 available
            release notes:
            
            

            Lots of love this time. Shout out to all technical writers!

            Please see also the (currently wip, it may have finished by the time you read this) "Hooray!" series: <https://www.gnuvola.org/uc/hooray/>.

            README excerpt:

            Guile-SDL is a set of modules that provide bindings for various Simple DirectMedia Layer (http://www.libsdl.org) libraries.

            Most of the SDL functions are wrapped, with the exception of a few functions that are too C-centric. The SDL threads, audio and network functions are not included. However, there are (optionally configured) bindings for SDL_mixer and SDL_ttf.

            Also included is SDL_gfx 2.0.26 (by Andreas Schiffler) source code (ZLIB license) and bindings for it.

            This is alpha code (pre 1.0 release), tested with various, but not all, versions of Guile and SDL. It may have bugs, and the interfaces may change from version to version.

            NEWS for 0.6.0 (2022-02-05):

            - bugfix: avoid range error in image filter procedures

            Procedures ‘imfi-add-c’ and ‘imfi-sub-c’ used to convert 3rd arg ‘c’ (constant) from Scheme to C using a signed integer function that would signal range error for large values. This is now fixed to use an unsigned integer function to do the job.

            - intermittent crash fix reverted

            The fix in Guile-SDL 0.5.3 (2021-12-11) was not The Right Thing. It has been reverted and a better solution put in place. We now initialize the ‘event-thread’ subsystem in test/cursor.scm. AHA moment: <https://www.gnuvola.org/u/2022/01/08h13.html>.

            - embedded SDL_gfx upgraded to version 2.0.26

            This brings bugfixes and MMX support for x86_64 (amd64), primarily. Now, "cd test && make check TESTS=gfx.scm" really flies!

            NB: The license for SDL_gfx is now the zlib license. See src/SDL_gfx/LICENSE in the distribution for the new text.

            - ‘(sdl gfx) fps-manager-delay!’ can have meaningful rv

            The embedded SDL_gfx is currently at version 2.0.26, but the previous version was 2.0.22, and its function that underlies ‘fps-manager-delay!’ did not have a meaningful return value. Previously, if you configured w/ ‘--disable-embedded-gfx’ and built w/ SDL_gfx 2.0.24 or later (that DOES have a meaningful rv), such ignorance was foisted upon you. Now, you are free to fully enjoy that sweet rv. :-D

            - changes to to ‘(sdl gfx) blit-rgba’

            - accepts ‘#f’ for 2nd, 4th arg

            The 2nd and 4th args to ‘blit-rgba’ indicate the source and destination rectangles, respectively. Previously, they were required to be fully specified. Now, you can use ‘#f’ there to indicate the entire (source/destination) surface.

            - return value more informative

            Previously, ‘blit-rgba’ returned ‘#f’ if there were problems and ‘#t’ if not. However, "no problem" was narrowly interpreted and missed a certain common case -- upshot is that it incorrectly returned ‘#f’ even in that case.

            Now, if there were no problems, it returns an integer: 1 if a blit was performed, 0 otherwise. (If there were problems, it returns ‘#f’ as before -- use ‘get-error’ to get more info.)

            - new proc: ‘(sdl misc-utils) exact-floor’

            Actually, this is an old proc that was misguidedly deleted in 2011 to make room for ‘exact-truncate’. Both are useful in their own right, it is now evident. Live and learn.

            - new proc: ‘(sdl sdl) must-lock?’

            This wraps the convenience C macro ‘SDL_MUSTLOCK’. Useful (in conjunction w/ ‘lock-surface’ and ‘unlock-surface’) for avoiding segfaults when examining pixel data from RLE-enabled surfaces.

            - new proc: ‘(sdl gfx) multiply-pixel-alpha!’

            This multiples the alpha channel in a 32-bit surface by FACTOR (actually, FACTOR/256). The underlying function has been available in SDL_gfx since version 2.0.21, so this is a bit of a late bloomer. Still, more alpha blending for everyone!

            - new proc: ‘(sdl gfx) fps-manager-count’

            This returns the frame count (i.e., how many times ‘fps-manager-delay!’ was called) for an FPS manager. Another late bloomer (again, since SDL_gfx 2.0.21).

            - documentation improvements

            - external representations described

            The manual now includes a description of the external representation of these object types:

            Pixel Format Rectangle Color Surface Joystick CDROM Drive FPS Manager

            Types with a standard (non-custom, Guile-generated) external representation are not documented.

            By the way, the Surface external representation now also includes "L" to indicate that the surface is locked.

            - image filtering procedures general behavior documented

            The manual now sports three paragraphs describing commonalities of the ‘imfi-*’ procedures, as well as the special processing done by ‘imfi-add-c’, ‘imfi-sub-c’, ‘imfi-lshr’, ‘imfi-lshl’.

            - say "byte", not "nybble"

            The documentation for ‘surface-pixels’ was simply wrong (but it sounded groovy for a while to Some Fool, probably).

            - bootstrap/maintenance tools

            upgraded:

            Guile-BAUX 20211208.0839.a5245e7 GNU gnulib 2022-01-27 07:00:41

            as before:

            GNU Libtool 2.4.6 GNU Autoconf 2.71 GNU Automake 1.16.5 GNU Texinfo 6.8

            tarballs and detached signatures:

            https://ftpmirror.gnu.org/guile-sdl/guile-sdl-0.6.0.tar.lz https://ftpmirror.gnu.org/guile-sdl/guile-sdl-0.6.0.tar.lz.sig

            source code:

            https://git.savannah.gnu.org/cgit/guile-sdl.git/?h=p

            homepage:

            https://www.gnu.org/software/guile-sdl/

  • Leftovers

    • China reveals draft deepfake regulations that restrict use ● The Register

      The Chinese government has unveiled a draft law clamping down on deepfakes – the practice of using AI to adapt existing digital content into realistic simulations of humans.

      The draft emerged last Friday from the Cyberspace Administration of China and frames the need for regulation in the context of the government's desire to ensure the internet is a tool for good and not the wretched hive of scum and villainy it has often become.

      The explanatory memorandum for the policy suggests criminals and fraudsters will be attracted to using digitally created voice, video, chatbots, or manipulation of faces or gestures. The draft therefore rules out the use of such fakes for any application that could disrupt social order, infringe individuals' rights, deliver fake news, or depict sexual activity. It also proposes requiring a grant of permission for use of what China calls "deep synthesis" before it can be employed for legitimate uses.

    • Science

    • Hardware

      • Chip shortage has NXP in driver's seat ● The Register

        Chip shortages are so bad that customers are willing to sign multiyear non-cancellable, non-returnable (NCNR) contracts to secure supplies, according to semiconductor supplier NXP.

        Buyers want to have clear visibility on their component orders, and "want to have it longer," said NXP CEO Kurt Sievers during an earnings call this week, adding customers "would love to have NCNRs for two years out."

        This is a symptom of the across-the-board electronics shortages in sectors including industrial and automotive, which have "very sticky products, very long life cycles, so it fits the nature of those industries," Sievers said.

        NXP isn't alone in this. Analyst house IC Insights reported NCNR policies are increasingly becoming popular for chip manufacturers for those worried about losing supplies.

    • Health/Nutrition/Agriculture

      • Academic performance and attitudes of dental students impacted by COVID-19

        Previous studies only focused on attitudes and behaviors of US dental students without examining direct effects of the COVID-19 pandemic on academic performance. This study examined effects of COVID-19 pandemic on dental students’ academic performance, self-reported attitudes, behavior, and service utilization. We hypothesized that the pandemic provided more beneficial learning environments.

      • Top strategies and tools to prevent employee isolation

        Feelings of isolation and loneliness are growing as employees continue to work from home.

        [...]

        Loneliness directly impacts physical health and can lead to issues such as high blood pressure and obesity, which can in turn increase an organization's overall healthcare costs, said Darcy Gruttadaro, director of the American Psychiatric Association Foundation's Center for Workplace Mental Health, located in Washington, D.C. The organization educates employers about how to support their workers' well-being.

      • Work From Home Or Anywhere: Top 30 Companies For Remote Jobs In 2022

        Even before the pandemic uprooted everything in 2020, more and more people had been ditching the 9-5 to work remotely and travel the world. But in 2020, only 5% of remote jobs could be done from anywhere. Fast forward to 2022 and it’s a whole new world, where remote working is not only a dream, it’s a reality.

      • HDD Centrifuge Puts COVID-19 Testing Lab In A Backpack | Hackaday

        Throughout this two-year global COVID-19 nightmare, one thing that has been sorely lacking is access to testing. “Flu-like symptoms” covers a lot of ground, and knowing if a sore throat is just a sore throat or something more is important enough that we’ve collectively plowed billions into testing. Unfortunately, the testing infrastructure remains unevenly distributed, which is a problem this backpack SARS-CoV-2 testing lab aims to address.

        The portable lab, developed by [E. Emily Lin] and colleagues at the Queen Mary University of London, uses a technique called LAMP, for loop-mediated isothermal amplification. LAMP probably deserves an article of its own to explain the process, but suffice it to say that like PCR, LAMP amplifies nucleic acid sequences, but does so without the need for expensive thermal cycling equipment. The kit contains a microcentrifuge that’s fashioned from an e-waste hard drive, a 3D printed rotor, and an Arduino to drive the motor and control the speed. The centrifuge is designed to run on any 12 VDC source, meaning the lab can be powered by a car battery or solar panel if necessary. Readout relies on the trusty Mark I eyeball and a pH-indicating buffer that changes color depending on how much SARS-CoV-2 virus was in the sample.

    • Integrity/Availability

      • Proprietary

        • Security

          • Open-source Kubernetes tool Argo CD has high-severity flaw ● The Register

            A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart.

            Charts are the actual packaging format of ubiquitous tool-for-managing-Kubernetes applications Helm.

            The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes. Patched versions available from the project's maintainers are 2.19, 2.2.4 and 2.3.0.

            "It is possible to craft special Helm chart packages containing value files that are actually symbolic links, pointing to arbitrary files outside the repository's root directory," said a member of the Argo project in a security advisory about the flaw.

          • 12 CISO resolutions for 2022

            It’s still early days, but if this year is anything like years past, it’s safe to say CISOs will have a lot to contend with, from a continuing labor shortage to the increasing sophistication of cyberattacks to an ongoing threat from nation-state actors.

          • Critical Samba Remote Code Execution Flaw Fixed

            Samba has patched a vulnerability that could enable remote, unauthenticated attackers to execute arbitrary code as root on impacted installations. Samba is an interoperability software suite that implements the Server Message Block (SMB) networking protocol, which provides file and print services. It allows network administrators to configure and set up equipment as a domain controller (DC) or domain member, and to communicate with Windows-based clients. Samba runs on many Unix or Unix-like systems like Linux, as well as macOS and other operating systems that use the SMB protocol.

          • EU launches bug bounty programs for five open source solutions

            This time around, the list of software that should be probed for weaknesses includes:

            LibreOffice – a free office suite Mastodon – free and open-source software for running self-hosted social networking services Odoo – a suite of business management software Cryptpad – a browser-based encrypted open-source collaboration platform that allows people to work together online on documents, spreadsheets, and other types of documents LEOS is a software tool for drafting and editing legislation, which is used by European Commission, Parliament, Council and several member states

          • Crypto outfit Qubit appeals to the honour of thieves who lifted $80M of its digi-dollars

            Another week, another crypto upstart admitting its lax security has been exploited and parties unknown have made off with millions. But this time there's a twist: the crypto upstart has appealed for the return of its assets by appealing to the thieves' consciences.

            The crypto concern is Qubit Finance – an outfit that offers decentralized lending and borrowing and operates under the motto "Lend to ascend – Borrow for tomorrow."

          • Targeted ransomware takes aim at QNAP NAS drives, warns vendor: Get your updates done pronto

            QNAP has urged NAS users to act "immediately" to install its latest updates and enable security protections after warning that product-specific ransomware called Deadbolt is targeting users' boxen.

            "DeadBolt has been widely targeting all NAS exposed to the internet without any protection and encrypting users' data for Bitcoin ransom," warned the Taiwanese company in a statement late yesterday.

          • Alpha-Omega Project takes a human-centered approach to open-source software security | CSO Online

            The Log4j vulnerability crisis that erupted in late-2021 heightened the security world’s awareness of supply chain risks in free and universally deployed open-source software. Following an intense holiday season push by admins and cybersecurity professionals to track and remediate the Log4j flaw, the White House held a meeting of industry leaders to discuss improving open source software security.

          • SnapFuzz: New fuzzing tool speeds up testing of network applications | The Daily Swig

            An open source fuzzing tool developed by researchers at the Software Reliability Group of Imperial College London aims to solve some of the thorny problems of testing network applications. SnapFuzz uses a series of techniques to speed up the testing of network protocols and overcome the timin constraints and other limitations that make it difficult to fuzz networking applications. While SnapFuzz is still in its early stages, it shows promising results and its developers hope it will soon become a mainstay in the toolbox for testing networking applications.

          • The Apache Log4j team talks about the Log4Shell patching process - The Record by Recorded Future

            On December 9, 2021, the internet learned of a major security bug in a little-known Java library named Apache Log4j. This little bug—codenamed Log4Shell—had one of the most significant impacts on the software landscape and triggered one of the most massive and well-coordinated patching drives in the recent history of the internet.

            For the past month, government agencies, security firms, and IT experts alike have all worked together to audit Java-based applications, find which were vulnerable to Log4Shell attacks, worked with vendors to deliver patches, and then encouraged their customers to apply them as soon as possible.

          • Whistleblower claims NSO offered 'bags of cash' for access to US phone networks

            A whistleblower's allegations about spyware maker NSO Group should be investigated by American prosecutors, US House Rep Ted Lieu (D-CA) has said.

            The informant claimed senior NSO executives offered "bags of cash" to California-based telecoms security and monitoring outfit Mobileum to assist in its surveillance work, according to the Washington Post on Tuesday.

            Specifically, it's alleged NSO wanted to gain, with Mobileum's help, Signaling System 7-level access to US cellular networks, a position that can be abused to determine a cellphone's location, redirect and read its incoming text messages, snoop on calls, and more. SS7 is the glue between telecommunications providers, and subverting it opens up a wealth of opportunities for spies and miscreants.

            Gerry Miller, who spent over six years at Mobileum and rose to veep of network security and client solutions, claimed that in August 2017, when asked how Mobileum would get paid, NSO co-founder Omri Lavie said: “We drop bags of cash at your office.”

          • A tale of command line booby traps and bored engineers ● The Register

            Take a trip back to when mainframes and terminals were all the rage and The Cloud was the smoke produced by the mainframe when a washing-machine-sized disk was about to let go. Welcome to another Who, Me? confession.

            Today's plea for forgiveness comes from a reader Regomised as "Doug" and is a warning to careless administrators.

            "Back in the days when terminals were still fairly common," said Doug, "the company I worked for provided 'local' data based on the result of a search run on the client's main dataset held on their server."

            "We could telnet from these terminals to our box – and frequently had to in the early days," he recalled. The client itself was nationally known in back then and had spanked millions getting this remote site up and running.

            Things were going swimmingly. Right up until a month after go-live when Doug and a pal were stuck at the client site on a Friday evening. The client's own engineer had long gone, and Doug was finishing up the last checks to allow a weekly backup to kick off.

            He ambled up to a darkened terminal near the server room and tapped the return key to bring it to life. The prompt was odd, something he'd not seen before. Tappity tap: whoami

          • Privacy/Surveillance

            • How Covid stole our privacy - UnHerd

              As soon as I turn on my phone, it becomes a node in a network, giving me access to the entire world. But it also gives Apple access to information about me and my behaviour; I become another source in their vast banks of data.

              So, as Stephanie Hare rightly points out in Technology Is Not Neutral, it’s never just an object. Technology is as much social as scientific, as much economics as engineering. There’s little point in Silicon Valley companies hiring an ethicist to decide a product’s value — its effects go far beyond the shiny thing that comes out of the box.

            • Utopia P2P: Internet with Privacy Upgrade - TheGWW.com

              Privacy is the modern internet’s foundational issue.

            • Doubts over Facebook's ability to innovate as it sees first-ever fall in user numbers
            • UK's new Brexit Freedom Bill promises already-slated GDPR reform, easier gene editing rules

              The UK government is having a second pass at flogging the benefits of Brexit, as much as they exist, in a new bill that promises to accelerate work on AI and gene editing.

              The so-called Brexit Freedoms Bill — its actual title will be decided by Parliamentary clerks — will also offer a "more agile way to regulate new digital markets and AI and [create] a more proportionate and less burdensome data rights regime compared to the EU's General Data Protection Directive."

              The bill promises to make it easier to amend or remove "retained EU law" which was left in place following the UK's departure from the political and trading bloc.

    • Defence/Aggression

      • Opinion: UCLA must investigate holdings for ties to Uyghur genocide - Daily Bruin

        As the Uyghur genocide continues to unfold, our institutions don’t deserve the benefit of the doubt.

        The Uyghurs are a predominantly Muslim ethnic minority that live in the autonomous region of Xinjiang. The Chinese government, under the semblance of counterterrorism, seeks to deprive Uyghurs of their religious and cultural identities.

        Many human rights organizations have documented the mass internment, torture and religious persecution of Uyghurs at the hands of the Chinese government. Other allegations include forced labor, sterilization and reeducation – all amounting to the official label of genocide according to the U.S. Department of State.

      • UK to splash another €£1.4bn on protecting non-existent 'national interests in space'

        The UK government is to spend an extra €£1.4bn on space defence on top of the €£5bn allocated to upgrade the Skynet satellite communication system.

        The Defence Space Strategy, intended to "bolster our national interests in space," according to the UK's Ministry of Defence, was accompanied by a speech from Chief of the Air Staff Sir Mike Wigston in which the usual bogeymen were trotted out.

        "Russia and China have tested anti-satellite weapons creating debris fields that will linger for decades," warned Wigston, adding: "Russian satellites continually make close approaches to other satellites, what we call rendezvous and proximity operations, possibly an indication of espionage activity, or possibly rehearsing something much more sinister."

    • Environment

      • Energy

        • UK government told to tighten purse strings or public will have to foot the bill for nuclear decommissioning

          The UK government is being warned that taxpayers will have to make up a multibillion-pound shortfall to decommission nuclear power stations unless a history of overspending is reversed.

          French firm EDF Energy runs seven Advanced Gas-cooled Reactor (AGR) stations in the UK, part of eight second-generation reactors set to be decommissioned which provide 16 per cent of the nation's electricity. The AGR stations are scheduled to stop producing electricity by 2028.

          Last year the government injected €£5.1bn into the Nuclear Liabilities Fund – now valued a €£14.8bn – which it set up in 1996 to meet the costs of decommissioning AGR and Pressurised Water Reactor stations.

    • Finance

      • No, Linus Torvalds is not Bitcoin Creator Satoshi Nakamoto [Ed: Feeding clickbait with more clickbait]
      • India to adopt digital rupee and slap a 30 per cent tax on cryptocurrency income

        India's government has ordered its Reserve Bank to have a digital rupee into circulation by next year, and outlined plans to raise revenue with a 30 per cent income tax on cryptocurrency and non-fungible tokens.

        The two plans were announced yesterday by finance minister Nirmala Sitharaman as she revealed the nation's budget for 2022.

        The crypto tax is the first item listed in a section of the budget memo headed "Revenue Mobilization". The document [PDF] explains that India wants to tax income from crypto-assets at a 30 per cent flat rate.

        By comparison, India currently taxes short-term capital gains made by selling shares at 15 per cent. The budget memo also calls for a one per cent tax on sales of cryptographic assets, payable by parties to the transaction, to widen India's tax base.

    • AstroTurf/Lobbying/Politics

      • Gaming Twitter’s Trending Algorithm To Make A Point | Hackaday

        If you have ever taken to Twitter to gauge the zeitgeist, you’ll have noticed that among the trending hashtags related to major events of the day there are sometimes outliers of minority interest associated with single-issue causes. When a cause with a distasteful pedigree was cited one as proof of widespread public support in a debate in the UK’s House of Lords there were concerns raised that a flaw in the ranking algorithm might be responsible, and it was left to [Mallory Moore] to prove the hypothesis by getting a #ThisIsAnExploit hashtag trending without a groundswell of popular support.

    • Censorship/Free Speech

      • The EARN IT Act is back to attack Section 230 protections ● The Register

        The EARN IT Act, a legislative bill intended "to encourage the tech industry to take online child sexual exploitation seriously" has been revived in the US Senate after it died in committee back in 2020.

        And advocacy groups have once again decried the bill for threatening free speech and access to encryption, and for imperiling the liability protection that allows online service providers to host third-party content. In other words, the bill's reception has been much the same as it was two years ago.

        US Senators Lindsey Graham (R-SC) and Richard Blumenthal (D-CT) on Tuesday reintroduced the bill [PDF] claiming that online service providers are disinterested in keeping child sexual abuse material (CSAM) off their platforms.

    • Internet Policy/Net Neutrality

    • Digital Restrictions (DRM)

      • US right to repair bills aim to make ownership great again ● The Register

        American farmers may soon be able to repair their agricultural equipment without paying the maker of their machinery for the privilege. And owners of other products may also see fewer repair barriers, depending upon how two new pieces of federal legislation are received.

        The Agriculture Right to Repair Act [PDF], a US Senate bill introduced on Tuesday by Senator Jon Tester (D-MT), aims to force farm equipment makers to provide parts, documentation, software, and tools for repairs to third parties on reasonable terms.

        The Freedom to Repair Act, introduced to the House of Representatives on Wednesday by US Representatives Mondaire Jones (D-NY) and Victoria Spartz (R-IN), promises to "legalize repairing what you own or taking it to the repair shop of your choice" by revising copyright law.

      • Remote code execution vulnerability in Samba due to macOS interop module

        An exploit in Samba 4 allowed remote code as root due to a bug in its support for Mac clients. It's fixed in 4.13.17, 4.14.12 and 4.15.5, and in case you can't update, there are patches.

        The vuln is being tracked as CVE-2021-44142 and received a CVSS rating of 9.9.

        [...]

        Early versions of what was then called OS X used Samba to do this, but after Samba switched to GPL3, Apple dropped Samba in OS X 10.7, and switched to its own implementation.

    • Monopolies

      • Patents

        • Purdue University lawsuit says Google copied smartphone technology [Ed: Google is no good, but universities funded by the public turning into parasites isn't good either]

          Purdue University's Purdue Research Foundation has sued Google LLC in Texas federal court, alleging that Android software for eliminating programming errors in smartphones copies parts of its professors' invention.

          The foundation asked the U.S. District Court for the Western District of Texas for royalties and an undisclosed amount of money damages on Tuesday based on Google's alleged willful patent infringement.

          The complaint said two professors and two students at the West Lafayette, Indiana university invented the patented technology, which detects software programming errors that could affect a mobile device's power management.

          Purdue said that after a Google engineer posted an article about one of the professors in an Android forum in 2012, another Google engineer found and incorporated code disclosed by the inventors into Android software.

        • BlackBerry offloads its 'legacy' patents – some of the stuff that made its phones hum
      • Copyrights

        • U2 Share Acoustic 'Sunday Bloody Sunday' With New Lyrics

          Bono and the Edge have released an acoustic version of U2's "Sunday Bloody Sunday," complete with updated lyrics in the final verse, to coincide with the 50th anniversary of the titular Bloody Sunday massacre. You can watch the performance below.

          The opening track on the band's landmark 1983 album War was inspired by the Bogside Massacre, which took place on Jan. 30, 1972, when British soldiers shot 26 unarmed civilians during a protest march in Derry, Northern Ireland, ultimately killing 14 people. The black-and-white performance video is intercut with footage from the massacre.

        • Sound Library, opens use of Pokémon Diamond and Pearl soundtrack

          While some game companies have been busy purging their music libraries from content creation platforms like YouTube, The Pokémon Company has officially made some of the iconic music from its franchise available for anyone to use globally.

          Starting today, if you weren’t part of the system’s original launch in Japan in late 2021, anyone can access the new Pokémon DP Sound Library, a digital resource where you can listen to or download music from the official Pokémon Diamond and Pearl soundtrack for use in content creation and even some performances.

        • Attack on Titan: Japanese Manga publishers sue Cloudflare ● The Register

          Four major Manga publishers are set to sue internet-grooming firm Cloudflare, on grounds its content delivery network facilitates piracy of their wares.

          The four companies – Kodansha, Shueisha, Shogakukan and Kadokawa – together dominate the market for Japanese comics and own many iconic properties.

          The publishers also believe they're victims of widespread piracy.

          Japanese media report the companies are therefore going to file a suit against Cloudflare, which they feel facilitates piracy by providing its services to sites that share unlicensed Manga.

          Cloudflare has seen this movie before: in 2017 Japanese publishers asked it to help take down a pirate Manga site called Mangamura. Cloudflare helped, and Mangamura collapsed. Cloudflare later promised to stop mirroring Japanese sites if it was satisfied the content they host was pirated.



Recent Techrights' Posts

Why We're Revealing the Ugly Story of What Happened at Libre-SOC
Aside from the fact that some details are public already
Why Virtually All the Wikileaks Copycats, Forks, and Rivals Basically Perished
Cryptome is like the "grandpa" of them all
 
Gemini Now 70 Capsules Short of 4,000 and Let's Encrypt Sinks Below 100 (Capsules) as Self-Signed Leaps to 91%
The "gopher with encryption" protocol is getting more widely used and more independent from GAFAM
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 24, 2024
IRC logs for Wednesday, July 24, 2024
Techrights Statement on YouTube
YouTube is a dying platform
[Video] Julian Assange on the Right to Know
Publishing facts is spun as "espionage" by the US government and "treason" by the Russian government, to give two notable examples
Links 25/07/2024: Tesla's 45% Profit Drop, Humble Games Employees All Laid Off
Links for the day
Gemini Links 25/07/2024: Losing Grip and collapseOS
Links for the day
LWN (Earlier This Week) is GAFAM Openwashing Amplified
Such propaganda and openwashing make one wonder...
Open Source Initiative (OSI) Blog: Microsoft Operatives Promoting Proprietary Software for Microsoft
This is corruption
Libre-SOC Insiders Explain How Libre-SOC and Funding for Libre-SOC (From NLNet) Got 'Hijacked' or Seized
One worked alongside my colleagues and I in 2011
Removing the Lid Off of 'Cancel Culture' (in Tech) and Shutting It Down by Illuminating the Tactics and Key Perpetrators
Corporate militants disguised as "good manners"
FSF, Which Pioneered GNU/Linux Development, Needs 32 More New Members in 2.5 Days
To meet the goal of a roughly month-long campaign
Lupa Statistics, Based on Crawling Geminispace, Will Soon Exceed Scope of 4,000 Capsules
Capsules or unique capsules or online capsules are in the thousands and growing
Links 24/07/2024: Many New Attacks on Journalists, "Private Companies Own The Law"
Links for the day
Gemini Links 24/07/2024: Face à Gaïa, Emacs Timers for Weekly Event, Chromebook Survives Water Torture
Links for the day
A Total Lack of Transparency: Open and Free Technology Community (OFTC) Fails to Explain Why Over 60% of Users Are Gone (Since a Week Ago)
IRC giants have fallen
In the United Kingdom Google Search Rises to All-Time High, Microsoft Fell Nearly 1.5% Since the LLM Hype Began
Microsoft is going to need actual products or it will gradually vanish from the market
Trying to Put Out the Fire at Microsoft
Microsoft is drowning in debt while laying off loads of staff, hoping it can turn things around
GNU/Linux Growing at Vista 11's Expense
it's tempting to deduce many people who got PCs with Vista 11 preinstalled are deleting it, only to replace it with GNU/Linux
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 23, 2024
IRC logs for Tuesday, July 23, 2024
[Meme] Was He So Productive He Had to be Expelled Somehow? (After He Was Elected and Had Given Many Years of Work to Earn a Board Seat)
Things like these seem to lessen the incentive to devote one's life to Free software projects
GNOME Foundation is Causing Itself More Embarrassment With Secrecy Than With Full Transparency
It also arouses suspicion and hostility towards Codes of Conduct, which gave rise to 'secret courts' governed by large corporations
Links 23/07/2024: NetherRealm Layoffs and Illegitimate Patent 'Courts' (Illegal)
Links for the day
Gemini Links 23/07/2024: AM Radio, ngIRCd, and Munin
Links for the day
A Lot of GNU/Linux Growth on the Client Side is Owing to India (Where GNU/Linux Has Reached 16%)
A lot of this happened in recent years
Insulting Free Software Users in Social Control Media (Proprietary, Bloated With Opaque JavaScript) is Like Insulting Amish on TV
Why bother? Don't take the bait.
When Wikileaks Sources Were Actually Murdered and Wikileaks Was Still a Wiki
when Wikileaks was a young site and still an actual wiki
statCounter: Dutch GNU/Linux Usage Surged 1% in Summer
Microsoft is running out of things to actually sell
Microsoft's "Results" Next Week Will be Ugly (But It'll Lie About Them, as Usual)
Where can Microsoft find income rather than losses as its debt continues to grow and layoffs accelerate?
Julian Assange is Still Being Dehumanised in Media Whose Owners Wikileaks Berated (With Underlying Facts or Leaks)
Wikileaks and Free software aren't the same thing. Nevertheless, the tactics used to infiltrate or discredit both ought to be understood.
A Month Later
We're optimistic on many fronts
Links 23/07/2024: Downsizing and Microsoft and Still Damage Control
Links for the day
Gemini Links 23/07/2024: Friends and Solitaire
Links for the day
Why the Media is Dying (It Sucks, No Mentally Healthy People Will Tolerate This for Long)
linking to actual news articles helps fuel the spam, too
Censorship in Eklektix's Linux Weekly News (LWN)
Medieval system of speech, where the monarchs (Linux Foundation) dictate what's permissible to say
10 Years of In-Depth EPO Coverage at Techrights (Many Others Have Abandoned the Topic)
Listen to staff
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 22, 2024
IRC logs for Monday, July 22, 2024