UK-based Linux laptop maker Star Labs is refreshing its StarBook models with Alder Lake-P and AMD Ryzen 5000U processors, even though the previous version was launched at the beginning of this year.
For the new StarBook Mk VI laptops, Star Labs is replacing the 11th gen Intel Core-U processors with the 28 W Alder Lake Core i3-1220P with UHD Graphics G4 iGPU and Core i7-1260P with Iris Xe 96 EU iGPU. AMD fans have not been forgotten, as the laptops now feature a Ryzen 7 5800U APU option with Vega 8 iGPU and 25 W TDP.
Ultralight laptops are great for slipping into a bag and traveling with, and they look pretty stylish. However, a trim build often comes with trade-offs. Battery capacity is a common one, as companies struggle to fit larger batteries into machines that are under an inch thick. German PC-maker Tuxedo Computers' latest ultralight InfinityBook Pro 14 seeks to address that challenge with a massive battery.
The InfinityBook Pro 14 - Gen7 announced today comes with either big storage or a big battery. The company is selling it with the option for a 99 watt-hour (Wh) battery, which is about as big as a lithium battery can be while being allowed on an airplane (100 Wh).
Sometimes the world of smart technology innovations collides with the planet of dumb customer service provisions. That collision usually does not bode well for the customer.
In my case, that scenario is particularly true. I bought Lenovo’s Chromebook Duet 5 for an attractive price from a major national electronics store. In hindsight, that was a purchase I wish I could undo.
The Duet 5 is regarded in numerous reliable reviews as the best overall ChromeOS tablet/detachable computer available this year. Its larger screen and detachable full-size keyboard make a usable and fun tablet experience not available with pure Android devices.
For me, that accolade falls far short of reaching that mark. In fact, if your primary need for a Chromebook is to run Linux apps, think again about not buying Lenovo’s Duet 5. You might get a unit like mine that does not do Linux even though it is supposed to work. That failure is not considered a valid claim under Lenovo’s warranty.
I have become quite fond of Chromebooks. ChromeOS devices supplement my home office cadre of Linux computers. They link to my Android phone and its apps. I can run the same productivity apps and access their data directly on the Chromebook.
What fed my attraction to the Duet 5 is its logical follow-up to the very popular 10.1ââ¬Â³ original Duet I bought a few years ago. The Duet line has a detachable keyboard and is a stand-alone ChromeOS tablet.
Putting want versus need aside, I debated the prospect of more productivity and convenience with a bigger screen at 400 nits, larger keyboard, and 8GB of RAM. I knew the manufacturer and the retail store as well as the product line. Or so I thought.
What could go wrong? Three things: a failed product, no support, and a warranty that also did not work!
TDengine today made available an update to its namesake open source time-series database so that it can now run on Kubernetes clusters.
TDengine CEO Jeff Tao says TDengine 3.0 is differentiated from other time-series databases in that it includes caching and streaming processing capabilities along with support for SQL and an ability to subscribe to data in a way that simplifies operations.
TDengine is also integrated with a range of analytics and observability tools including Grafana, Google Data Studio and Prometheus, Tao says. Features such as super tables, storage and compute separation, data partitioning by time interval and pre-computation make it easy to access data in a highly efficient manner, says Tao.
In this video, we are looking at how to install ONLYOFFICE on Pop!_OS 22.04.
In this video, I am going to show how to install SparkyLinux "LXQt" 6.4.
Fish is a smart and user-friendly command line shell for Linux and other Unix-like operating systems. Fish has a lot of modern features that make it a superior interactive shell than more traditional shells like Bash. In this video, I will discuss a few of the "builtin" commands for Fish as well as some of the unique Fish keybindings.
Please just read the licence, I don't know how many times this needs to be said but it comes being relevant. Today we have an issue with a Go module that nobody clued into for 3 years until finally being discovered
SELinux (short for Security Enhanced Linux) is a Linux kernel security module that is used to increase security in Linux distributions by hardening access to files and processes. Another similar Linux kernel security module that is used for this purpose is AppArmor. There is a lot of interest in these two modules because of their overlapping roles in access control for Linux operating systems. As such, this article covers the differences between SELinux and AppArmor. Users can then determine which of these modules is best for their needs through a comparison of features and ease of use.
[...]
Securing servers with SELinux does away with dependency on DAC style access based on actual system users and roles. Instead, it introduces a three-string context system for each process or system user. The three strings, namely username, role, and domain, allow for more flexibility and control over system access.
Tutorial to learn the steps and commands to install the RabbitMQ Server on Ubuntu 20.04 LTS Focal Fossa Linux to create your own, message broker.
RabbitMQ is a freely available message broker software under Mozilla Public License. It is an implementation of the Advanced Messaging Queue Protocol (AMQP) and manages the exchange of messages between sender and receiver as an intermediary service. The software is written in the programming language Erlang and is available for all common operating systems. It supports all major operating systems such as Windows, macOS, and Linux.
Sometimes you need to use the ls command on your Linux or Unix machine and match the pattern, interpreting upper- and lowercase letters as the same. In other words, I tell ls to find and list files regardless of their case insensitive. For instance, I am going to tell ls command command to ignore the case so that it can match files such as:
ls *service*.pdf SERVICE.pdf DELL-Service-M6700.pdf hp-printer-Service-Manual.pdf
In this quick tip, I explain how to match case insensitive patterns with the ls command on your Linux, macOS, *BSD and Unix-like system.
Cron jobs (or cron jobs) are schedules that tell the computer to run a program or execute a command automatically at a specified time. This is called a cron job, a daemon that runs in the background and performs tasks on a schedule. Cron is a process that runs in the background and periodically executes programs or tasks. By design, cron is extremely flexible, allowing users to run tasks as often as once a minute or as infrequently as once every 99 weeks. Cron jobs are a common way to automate daily tasks, like sending out marketing emails, running reports, or backing up files.
In this tutorial, we will learn how to operate CRUD functionalities in Django. CRUD functionalities are Create, Read, Update and Delete. These are the main building blocks of any project. At some point you need to perform read operations from the database, you want to do an update or you wish to delete an item from the database. All these are possible thanks to CRUD operations.
In this tutorial, we are building on top of these lectures on How to set up a Python Django Application using Django 4.0 and How to create Django Templates. So make sure to check out first.
If you want to follow along make sure you have the project setup complete, the templates are working fine, the database is up and running and lastly have some data on the database.
Gitea is a free, open-source, and self-hosted Git service. It is written in GO language and provides an easier way to host your own version control system on the internet. It is simple, lightweight, and can be installed on low-powered systems. It is very similar to GitHub and GitLab and offers a rich set of features such as a repository file editor, project issue tracking, user management, notifications, a built-in wiki, and much more. It is cross-platform and can be installed on all major operating systems, including Linux, macOS, Windows, ARM, and PowerPC architectures.
In this tutorial, we will show you how to install the Gitea Git service with Nginx and Let's Encrypt SSL on Ubuntu 22.04.
FileRun is an open-source and web-based file-sharing application for Linux based operating system. It is very similar to Google Drive, iCloud, and DrobBox and allows users to share and sync files over the internet. It can be accessed via mobile app, WebDAV, and web browser. It allows you to host your own file sharing solution on the cloud and access all your files anywhere via secure cloud storage.
This post will show how to install FileRun with Apache and Let's Encrypt SSL on Ubuntu 22.04.
Got some ePub and/or MOBI books in your PC? Debian / Ubuntu has recently includes a package in their repository for generating thumbnails for these files.
As you may know, Linux Mint 21 was released recently with a thumbnail generators for AppImage, ePub, MP3 and RAW files. Debian/Ubuntu now has similar tool called gnome-epub-thumbnailer, though it’s only for ePub and MOBI books.
With the package installed, the default file manager will no longer display the universal “e” image with green background for all ePub files. Instead, it shows thumbnail book covers.
In this tutorial, we will show you how to install Anaconda on Ubuntu 22.04 LTS. For those of you who didn’t know, Anaconda is a free and open-source distribution of Python and R programming languages used to perform scientific computations and process large amounts of data. It provides everything you need to solve data processing and analysis problems (with Python applicability).
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Anaconda Python on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Learn the commands to install Erlang programming language on Ubuntu 20.04 LTS Focal fossa Linux and also an example to create Hello World program.
Erlang is an open-source programming language that is nowadays often used for (massively) parallel programming and distributed systems. However, the origins lie in applications in the field of telecommunications, the language was developed for and at Ericsson.
Their strength is the parallel processing of program logic, a very efficient and lightweight notification system for interprocess communication as well as pronounced fault tolerance. Furthermore, erlang makes it possible to replace or update modules at the runtime of the program without rebooting, whereby a high availability of the system is achieved.
The sudo command gives a user superuser or root powers. No doubt you gave them the “with great power comes great responsibility” speech. Here’s how to check if they listened or not.
Hi folks, I’m thrilled to announce CodeWeavers has released CrossOver 22 for macOS, Linux and ChromeOS!
The hallmark of this release is a complete redesign of the CrossOver user interface for macOS, Linux and ChromeOS. These changes were designed with two goals in mind: both to make CrossOver more intuitive to use and to offer a more modern look and feel. We are grateful to our BetterTesters who responded to our survey and participated in our usability studies: your feedback was invaluable!
CrossOver 22 includes an update to Wine 7.7, bringing with it over 10,000 changes that offer improvements to a variety of applications. This release also includes an update to Wine Mono 7.2.0 and vkd3d 1.4.
On the macOS side, we have been continuing to make gaming performance improvements. Between including the wined3d changes available with Wine 7.7, updating to MoltenVK version 1.1.10 and adding a few other tweaks, we’ve made quite a bit of progress. One particularly exciting example is Rocket League: the performance using wined3d is much better than CrossOver 21.2, and the nameplates are visible in-game (unlike using DXVK). Our initial tests show that CrossOver 22 runs pretty well on the macOS Ventura beta. Please note that we cannot offer official support for Ventura until it is released due to the possibility of changes during beta causing problems for CrossOver support. After Ventura is released, we will post an update on our website, so make sure you are subscribed to our blog to get the latest updates on Ventura compatibility.
It’s not every day that we get to play a game made in Italy! It’s true that most of the video games development is typically the business of further North in Europe (France, the UK, Germany, and Poland all have a huge industry), but there’s more and more development happening as well in the South. Mercury Steam in Spain has been pushing AAA games one after the other after their original hit Jericho and their collaboration with Konami (on the Castlevania reboot) and Nintendo (Metroid Dread). Now the studio behind Martha is Dead, LKA might as well kick off the same trend in Italy.
Martha is Dead is an adventure game where you play in first person the role of Giulia, an Italian teenager, during WW2. As the war is raging in Europe, Giula’s family has decided to retreat in the countryside of Italy to stay safe. Your (Italian) mom is married to a German officer which makes for an interesting dynamic in these times of trouble. Giulia also has a twin sister called Martha. She looks just like you, but your personalities were never really the same.
Visual Scripting was introduced in Godot 3.0, almost five years ago. Despite our continuous effort, it never gained traction and the path to improve it was never clear. Because of this, for Godot 4.0, we decided to accept that the approach we took from the start was simply not the right one and decided to remove it from the engine. If enough volunteer interest exists, it may be moved to an extension.
Kdenlive 22.08 arrives with the most requested features in this release.
Kdenlive is one of the full-featured free and open-source video editors. It’s a KDE app that you can use for your hobby and professional work alongside videos for YouTube, Vimeo and other popular streaming platforms.
The Kdenlive 22.08 point release brings some of the most anticipated features with performance improvements and bug fixes.
I've used nearly every possible desktop operating system known. I've experienced nearly every incarnation of Windows and MacOS, I've used just about all the various Linux distributions over the years, and I've even test-driven some rather obscure OSes that looked promising but never really came to fruition.
[...]
Let's dive in and find out why Zorin OS is a master class in desktop operating systems.
The Linux Schools Server and client are now available for download from:
https://sourceforge.net/projects/karoshi/files
Both the server and client are both built using automated scripts that will create a customised distribution as an iso image.
We all know there is a series of good practices that must be observed when installing and administering any computer system in order to minimize the security hazards. In some cases, those good practices are formalized into a so-called security policy that defines the guidelines that must be observed in order for a given system to be accepted in a secure environment. In that regard, the DISA (Defense Information Systems Agency) and SUSE have authored a STIG (Secure Technical Implementation Guide) that describes how to harden a SUSE Linux Enterprise system.
The STIG is a long list of rules, each containing description, detection of problems and how to remediate problems on a per rule basis. There are even some tools to automate the detection and remediation of many of the problems in an already installed systems. But some aspects are very hard to correct if they are not properly set during the installation process of the operating system, like the need of encrypting all the relevant filesystems or honoring certain restrictions in how the devices are formatted and the mount points are defined.
So we are actively working on adding the concept of security policies to both the interactive installation and AutoYaST. It is still a work in progress and we will offer a more detailed review of the feature when it’s ready to hit the repositories.
Modern enterprises are data-driven and cloud-centric. The latter is a mentality, not a place. The core concepts of the cloud: containerization, orchestration, APIs and automation are the defining characteristics of success for companies in the modern world.
Central to this mentality, indeed, perhaps the defining characteristic, is Kubernetes. Kubernetes initially gained popularity as the go-to platform for deploying and orchestrating containerized workloads on distributed systems, but the platform is proving to deliver much more than orchestration. Kubernetes is rapidly becoming a primary control and management point for enterprises because of its ability to treat infrastructure as code.
Kubernetes was developed to manage containerized workloads and automate application deployment, scaling and provide a software-controlled infrastructure that abstracts away the intricacies of underlying hardware, operating systems and underlying deployment models.
For more than 20 years, Red Hat has worked to improve the IT experience. We do this through our technology, which adds hardening against wave after wave of software vulnerabilities and potential zero-day exploits, while also helping to make open source innovation more stable. The primary way we actually make IT better, however, is via a Red Hat subscription.
A Red Hat subscription is much more than just a way to buy software. It's how we provide open, innovative technology to IT teams, and how we help our customers support, maintain, manage and better secure their environments. A subscription also provides our customers with a clear way of holding Red Hat accountable to their business goals because we need to earn their business every single year, unlike traditional licenses.
Open source projects produce software, but they’re run by people, says Ben Cotton. Moreover, he notes, “people are dynamic and sometimes unpredictable. The more people are involved, the more unpredictable the project becomes.”
And, that’s where program managers can help. “As a program manager, you bring order to the chaos. You don’t do this by imposing order from the top down—that’s not how open source projects work. Instead, you give structure to the agreements of the community,” says Cotton, the Fedora Program Manager at Red Hat.
As expected, StarFive has officially unveiled the JH7110 quad-core RISC-V processor with 3D GPU and the VisionFive 2 SBC. I just did not expect the company to also launch a Kickstarter campaign for the board, and the version with 2GB RAM can be had for just about $46 for “early birds”.
The VisionFive 2 ships with up to 8GB RAM, HDMI 2.0 and MIPI DSI display interfaces, dual Gigabit Ethernet, four USB 3.0/2.0 ports, a QSPI flash for the bootloader, as well as support for eMMC flash module, M.2 NVMe SSD, and microSD card storage.
A computer science student with a passion for electronics and photography has created a 3D printed 12-megapixel camera powered by Linux and a Raspberry Pi computer system named the PiCam.
Mukesh Sankhla built the PiCam around a low-cost Raspberry Pi 4 computer with 8GB of RAM that uses a Linux Desktop operating system.
The Pi HQ Camera module houses a Sony IMX477R stacked backside-illuminated image sensor capable of capturing 12-megapixel images and even 4K video.
Sankhla also added a 16mm C-mount telephoto lens, though he says that it can work with a lens as wide as 6mm. The camera can also support CS-mount lenses, as well.
[...]
The 3D parts he created not only hold together the Raspberry Pi 4 computer board, but also the Pi camera module. Secured in place with several M2.5 and M5 screws, the entire array is then sandwiched inside the main plastic camera case.
There’s no shortage of cheap, Linux-friendly single-board computers on the market with ARM processors these days. But you know what there may be even more of? Cheap Android TV boxes with similar hardware.
So developer Michael Burmeister-Brown decided to repurpose one to create an incredibly cheap Linux computer. Meet the Inovato Quadra, a compact computer with an Allwinner H6 quad-core ARM Cortex-A53 processor, Armbian Linux software, and a starting price of just $29.
It started about six months ago when we changed the theme that gives our site its look and feel, which happened because the developer of the theme we’d been using since our start in 2010 quit supporting it, meaning it was time to move on for security reasons.
Version 104 of the Firefox browser has been released. The most interesting new feature, perhaps, is the ability to analyze a web site's power usage — but that feature is not available on Linux.
When we recently announced the full public roll-out of Firefox Total Cookie Protection — a new default browser feature that automatically confines cookies to the websites that created them, thus eliminating the most common method that sites use to track you around the web — it raised a question: Do container extensions like Mozilla’s Facebook Container and Multi-Account Containers still serve a purpose, since they similarly perform anti-tracking functions by suppressing cookie trails?
[...]
But with a container extension, you can isolate cookies even within parts or pages of the same domain. You could have Gmail open in one container tab and Google Shopping and News in other containers (for instance, under different accounts) and Google will be oblivious to their relation.
Beyond this added privacy protection, container extensions are most useful as an easy means of separating different parts of your online life (e.g. personal, work) within the same browser.
The whole thing is indicative of an unintentional "nationalistic" trend whereby software tries to present data in a location-detected language rather than your chosen one.
The WebAssembly garbage collection proposal is coming soonish (really!) and will extend WebAssembly with the the capability to create and access arrays whose memory is automatically managed by the host. As long as some system component has a reference to an array, it will be kept alive, and as soon as nobody references it any more, it becomes "garbage" and is thus eligible for collection.
(In a way it's funny to define the proposal this way, in terms of what happens to garbage objects that by definition aren't part of the program's future any more; really the interesting thing is the new things you can do with live data, defining new data types and representing them outside of linear memory and passing them between components without copying. But "extensible-arrays-structs-and-other-data-types" just isn't as catchy as "GC". Anyway, I digress!)
One potential use case for garbage-collected arrays is for passing large buffers between parts of a WebAssembly system. For example, a webcam driver could produce a stream of frames as reference-typed arrays of bytes, and then pass them by reference to a sandboxed WebAssembly instance to, I don't know, identify cats in the images or something. You get the idea. Reference-typed arrays let you avoid copying large video frames.
The Squish GUI Test Automation Tool makes it easy to test applications across a range of platforms. Its support for Qt is excellent.
That first attempt, did compile 'nim' and 'koch', but did not succeed with 'nimble', 'nimgrep' and 'nimsuggest'. However, today have succeeded with those last three. Compiling on a x86_64 host OS, for a i686 32-bit target, which is good, as issues are likely to surface when cross-compiling to a very different architecture, in this case from a 64-bit to a 32-bit CPU.
Get into coding, the fun way! We take you by the hand and guide you through your first space invaders project, explaining the coding principles, what editor to use, how Git can help and taking your first steps writing your own code and controlling physical Pi projects.
The Bourne Again Shell is the default shell on virtually every Linux distribution. While it’s not as fleshed out as most programming languages, it is considered a programming language by many.
Software engineers are accustomed to using the Linux command line to navigate several aspects of development. Linux administrators rely on it fully to complete their tasks.
However, Bash arrays tend to remain one of the more obscure features of the CLI. Besides, the questionable syntax results in many developers turning away from using the arrays.
Bash arrays are primarily utilized to store data in an indexed manner. You can compare it to storing data in variables, with the difference being that Bash arrays allow you to call back the data using predictable indexed numbers. Furthermore, Bash arrays also allow you to create associations.
Bash arrays are an often-overlooked aspect of Bash scripting, mastering which can enable you to customize administrative tasks, run several tasks simultaneously, and even automate tasks. They are an invaluable tool to any Linux power user since using the arrays is necessary when working with scripts that store a large volume of information.
This tutorial walks you through all the fundamental operations of Bash arrays.
This article is another one that contains some very important information. Arrays are useful in any programming language and Bash is no exception.
Arrays are like variable because it holds a value. Let’s look at arrays a little more.
For many years now, Tesla has referred to its various driver assistance tools as “full self-driving” and then acted shocked and surprised when people point out that it’s nowhere near what any normal human being would consider “full self-driving.” That, of course, hasn’t stopped Tesla boss Elon Musk from repeatedly promoting Full Self-Driving and insisting that it was going to truly be an autonomous driving setup in the somewhat near future. Lots of experts and officials have vocally complained that the “Full Self-Driving” name is dangerously misleading — and recently, the California DMV has actually filed a complaint against the company, alleging that “Full Self-Driving” is a deceptive practice as it is “untrue or misleading.”
Resin printing is a fantastic way to create parts, but multi-material printing isn’t really a possibility with resin. That is, unless you use [Cameron Coward]’s method for creating multi-material resin prints.
There are adults out there driving who were born after Google Earth came out. Potentially distressing facts aside, those who were around to remember the magic of scrolling in and out with infinite levels of detail was an experience that burned into our brains. Perhaps still curious 21 years later, [Craig Kochis] dove into how vector maps work by implementing one himself.
Drywall is common and ubiquitous in commercial and residential buildings today. Many of us barely think about it until we have to repair a hole smashed in it.
There are a variety of possible motor configurations to choose from when building a fixed-wing VTOL drone, but few take the twin-motor tilt-rotor approach used by the V-22 Osprey. However, it remains a popular DIY drone for fans of the military aircraft, like [Tom Stanton]. He recently built his 5th tilt-rotor VTOL and gave an excellent look at the development process. Video after the break.
People have been talking about CXL memory expansion for so long that it seems that it should be here already, but with the dearth of CPUs that can support PCI-Express 5.0 peripherals we have to be patient a little bit longer.
To whet the appetite of system architects who will without a doubt want to extend the memory capacity and bandwidth of their systems by harvesting PCI-Express slots for main memory, Samsung Electronics, which would be thrilled to sell a lot more DRAM chips into the datacenter, was showing off its CXL Memory Expander card at the Hot Chips 34 conference this week. Sung Joo Park, principal engineer at Samsung, gave an overview of why we want to do bandwidth and capacity expansion in systems – something we have talked about at length here, there, and everywhere.
The United States has a population of about 329 million people, is protected by two oceans, and grows food that feeds hundreds of millions around the world. We have a powerful military, peaceful borders with our neighbors, and a network of alliances. We would seem well-positioned to defend ourselves from the dangers of foreign war. Our fate surely thus rests in our own hands; the only question is whether we will be wise enough and lucky enough to chart a safe national course.
A landmark ruling orders pharmacy chains Walmart, CVS and Walgreens to pay a combined $650 million for their role in fueling the opioid crisis, as other cases have focused on opioid makers and wholesalers that distribute the addictive painkillers. A federal judge in Ohio found the pharmacy chains accountable for filling prescriptions even after suspecting doctors were operating pill mills. “It’s high time that all the players in this terrible chain of manufacture, prescribing, dispensing, are held responsible for their actions,” says Barry Meier, author of “Pain Killer: An Empire of Deceit and the Origin of America’s Opioid Epidemic.” The Pulitzer Prize-winning reporter covered the opioid crisis for decades at The New York Times. He also discusses similar rulings against Walgreens and others in San Francisco and Florida.
Building the project required that we develop a thorough understanding of a complex statistical model, ground-truth the sometimes unreliable data that had been self-reported by polluters, solve technical challenges associated with massive data sets and interview people who lived and worked near dangerous pollution.
Through the LFX Individual Dashboard, participants can register the identity they are using to contribute their code to GitHub and Gerrit (Since the Hyperledger project uses both).
Security updates have been issued by Oracle (kernel and kernel-container), SUSE (bluez, gimp, rubygem-rails-html-sanitizer, systemd-presets-common-SUSE, and u-boot), and Ubuntu (libxslt).
There are two main types of malware analysis: static and dynamic.
Performing static analysis of a malicious binary means concentrating on analyizing its code without executing it. This type of analysis may reveal to malware analysts not only what the malware does, but also its developer’s future intentions (e.g., currently unfinished functionalities).
CISA has released 7 Industrial Control Systems (ICS) advisories on August 23, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ScadaPro Server uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.
The affected product uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.
Academic researchers from Northwestern University have shared details on ‘DirtyCred’, a previously unknown privilege escalation vulnerability affecting the Linux kernel.
The path traversal vulnerability in Linux and Unix reportedly exists in the RarLab’s UnRAR utility tool. It can be exploited by attackers to execute arbitrary codes on the targeted systems.
The use of containers—and orchestration platforms like Kubernetes—is increasing rapidly around the globe. Analysts predict that by 2023, more than 70% of global organizations will be running more than two containerized applications in production, up from less than 20% in 2019. The downside of this rapid growth is that many organizations have fallen behind when it comes to securing all of this new technology. This is especially true when it comes to responding to any incidents which may occur in containers.
This article will give you five practical steps to ensure that, when a security incident involving a container happens, your incident response team will be prepared. It is very easy to think that existing policies, methods and tools will cover containers, but they are actually very different and must be accounted for during an incident response effort.
VMware has released a security update to address a vulnerability in Tools. A remote attacker could likely exploit the vulnerability to take control of an affected system.
All aboard the schadenfreude train!
Over the last few years, there has been a lot of attention paid to the issue of child sexual abuse material (CSAM) online. It is a huge and serious problem. And has been for a while. If you talk to trust and safety experts who work in the field, the stories they tell are horrifying and scary. Trying to stop the production of such material (i.e., literal child abuse) is a worthy and important goal. Trying to stop the flow of such material is similarly worthy.
We speak with one of the more than 650 workers calling on Google’s parent company Alphabet to protect the location and browser history of people searching for information on abortion. A petition led by the Alphabet Workers Union also demands the company block advertisements that misleadingly direct users to so-called crisis pregnancy centers, a tactic employed by anti-abortion activists to lure patients to discourage them from seeking abortions. “Systems like Google, that know everything about you, can now be used against you,” says Alejandra Beatty, technical program manager at Alphabet healthcare subsidiary Verily and southwest chapter lead with the Alphabet Workers Union. She says organizers are also asking Google to extend its abortion benefits — including relocation support for employees hoping to move to states where abortion isn’t criminalized, and travel and healthcare costs for any out-of-state abortion procedures — to contractors who make up about half of the company’s workforce.
Story by Anna Filippova. Abridged translation by Sam Breazeale.
On August 18 Israeli forces carried out an overnight raid on the offices of seven Palestinian civil society organizations in the occupied West Bank. Armed soldiers stole documents, damaged property, and welded the office doors shut.
Sevastopol governor Mikhail Razvozhaev said the city's air defense system had been triggered after eyewitnesses reported hearing multiple explosions on Monday evening. According to local media outlets, the sounds shook the walls of a shopping center and shattered windows.
According to his Telegram channel, Sevastopol governor Mikhail Razvozhaev has ordered that signs to bomb shelters be placed around the city.
Russia’s annual Army-2022 exhibition wrapped up on Sunday, after a week of military showmanship aimed not only at international arms buyers, but also the Russian public. The military-technical forum at Patriot Park, a military theme park outside Moscow, included a variety of “family-friendly” exhibits designed to promote the Kremlin’s propaganda narrative about the ongoing war against Ukraine. The expo coincided with Russia’s International Army Games and the Moscow Conference on International Security. Meduza shares a look back at Army-2022, in photos.
"We stand in solidarity with our fellow human rights defenders in Palestinian society."
There is a puzzle about American hegemony that should interest us more than it does. We are a conquering empire (even if our latest conquest always seems to end in retreat), but we can’t agree on the content of the product we send abroad. Is it constitutional democracy? Or is it “openness” minus “whiteness” plus “diversity”? We are confident to the point of delusion, and at the same time, we are bewildered.
I recount all of the above to show you why I setup an interview with Arkin about the Justice Department and FBI's handling of the investigation into Trump and his possession of documents at Mar-a-Lago. He has the credibility to offer important insights into what pursuing an Espionage Act prosecution against a former US president may mean for the United States. Arkin is currently the senior editor for intelligence at Newsweek. He has written multiple reports related to the Justice Department's investigation into former President Donald Trump's mishandling of classified information. His reporting revealed that the FBI had an informant, who had knowledge of what documents Trump had in his possession and where they were located. He later reported more details on Trump's "private stash" of documents.In the 30-minute interview, which was recorded on August 19, Arkin outlines the timeline of events, what the DOJ investigation may mean for Trump's potential 2024 presidential campaign, and why he believes the FBI search of Mar-a-Lago has sparked one of the biggest political disasters in the history of the bureau.
Russia’s Federal Security Service (FSB) has accused the Ukrainian intelligence services of killing pro-war pundit Daria Dugina, the daughter of prominent Eurasianist philosopher Alexander Dugin, Interfax reported on Monday, August 22.€
Joseph Cuffari, addressed as the “Honorable” in this letter [PDF] from the House Committee seeking information on the January 6, 2021 raid of the Capitol building in an attempt to overturn election results, has been anything but honorable since being appointed to his position by former president Donald Trump.
Two robots enter, one robot leaves! Combat robotics are a fantastic showcase of design and skill, but the mechanical contenders don’t have to be big, heavy, and expensive. There is an Antweight division for combat robots in which most contenders weigh a mere 150 grams, and [Harry Makes Things] shows off four participants for Antweight World Series (AWS) 64.
"It is necessary to take firm action on one of our principal threats, the proliferation of fossil fuels."
Daniel Boyce, a research scientist at Bedford Institute of Oceanography in Nova Scotia, Canada, led the study examining 35,000 species of marine flora and fauna as well as bacteria and protozoans, devising a new analytical tool called the Climate Risk Index for Biodiversity (CRIB).
During an appearance last month on CNN’s State of the Union to discuss the Supreme Court ruling in Dobbs v. Jackson Women’s Health Organization, South Dakota Republican Gov. Kristi Noem did not answer host Dana Bash’s question about how, as she frequently says, she will “walk alongside mothers and their children” on a policy level, including supporting paid parental leave and state-funded childcare.
So when the temp agency Express Employment Professionals offered him a “temp-to-hire” position at a warehouse run by Tennant Company, a cleaning products manufacturer, Bush couldn’t help but get his hopes up. Bush said Express wasn’t concerned by his record and told him that if he worked 90 days as a temp, he’d be considered for a job working directly for Tennant with higher wages, plus benefits and sick days.
Julia Conley reports that a growing share of Americans also report high levels of daily stress and worry, according to Gallup.
When on August 8 the Federal Bureau of Investigation (FBI)€ raided Donald Trump's Mar-a-Lago estate in Florida in search of classified documents, the ex-president of the United States decried the episode as "an assault [that] could only take place in broken, third-world countries". He continued to lament that America had "now become one of those countries, corrupt at a level not seen before."
Sofia, Bulgaria—Unique among nations in my experience, Bulgaria is resistant to flattery. I had previously visited the Balkan country in 2006, when it was still visibly suffering from the aftereffects of shock therapy—the common euphemism for an ill-planned and corrupt transition from a decrepit state socialism to casino capitalism. The scenes at that time were familiar in all the former Warsaw Pact nations of the 1990s and 2000s, but with perhaps a harsher edge: an emptied countryside, degradation of public spaces, obvious mafiosos lording over the citizenry (I was particularly struck by the opulent and almost pharaonic tombstones honoring fallen gangsters), and a population that skewed old as the young sought opportunities abroad. In this environment, many in Bulgaria looked for hope in closer integration with the West. Bulgaria joined NATO in 2004, the European Union in 2007.
Through a series of opaque transactions over the past two years, Barre Seid, a 90-year-old manufacturing magnate, gave the massive sum to a nonprofit run by Leonard Leo, who co-chairs the conservative legal group the Federalist Society.
A federal judge has blocked key portions of Florida’s new “Stop WOKE Act” that attempts to block discussions of racism and white privilege in workplaces and public schools. The preliminary injunction comes as the law is being challenged by business owners, students, educators and the American Civil Liberties Union. We speak with Diane Roberts, journalist and professor of English at Florida State University, who says faculty have either become so scared that many have left the university or are considering leaving. “A lot of people will self-censor, and I think that was the idea all along,” she says, noting this is especially true for untenured faculty. Roberts also discusses DeSantis’s potential run for president. Her new Washington Post op-ed is headlined “DeSantis aims to scare academics. Unfortunately, it’s working.”
Ahead of Tuesday’s primary election in Florida, Republican Governor Ron DeSantis’s new Office of Election Crimes and Security made its first arrests of people it alleged engaged in voter fraud in the 2020 election. Almost all those charged were people who were formerly incarcerated and mistakenly thought they were eligible to vote. People of all political affiliations “are now being dragged from their homes in handcuffs because all they ever wanted to do was participate in democracy,” says Desmond Meade, president of the Florida Rights Restoration Coalition, who spearheaded an initiative to reenfranchise people with prior felony convictions, before it was overturned by Republicans.
So it was, and I recover.
Look up the definition of the word “conservative” and it will become immediately obvious that the term no longer applies to what the Grand Old Party has evolved into since 2016. Just as many publications and broadcast outlets have begun weaning themselves from the phrase “climate change” in favor of “climate crisis” or “climate catastrophe,” in referring to the extreme far right, it’s time for the media to refrain from using the term “conservative Republican”—except, of course, if it’s referring to Rep. Liz Cheney.
Fetterman’s attacks against Oz may be entertaining, but they aren’t unprecedented. Such characterizations can be helpful in elections.
The fact that the genius cannot get health care while the hacks who stole his ideas can do anything they want exposes the supposed meritocracy of capitalism. Any student of the founding of large corporations knows that the ones who get rich are the ones who are good at breaking the law, not the ones who come up with clever ideas. Gretchen and Elliot still want to be friends with Walt and his wife Skyler but only so they can humiliate Walt at every turn.
Notes:
The number of DMCA takedown notices received by Reddit has exploded over the past few years. Between 2017 and 2021, content removals surged from a 'measly' 4,352 to well over 665k. Meanwhile, banned users and subreddits have become much more common on the platform.
Meta must take responsibility and be held accountable to its actions — it’s time to bring its human rights reviews into the public eye. The company’s refusal and failure to release the full independent India Human Rights Impact Assessment (HRIA) report sets an alarming precedent for the long-awaited and twice delayed independent review of Meta’s content suppression of Palestinian voices, commissioned by BSR, a non-profit organization focusing on business and human rights. Access Now and a coalition of civil society organizations working in Arabic-speaking countries demand, via a joint statement, the immediate release of both the India HRIA report and Palestine’s BSR report.
“Meta must be held accountable for the harms it continues to inflict on marginalized and oppressed communities,” said Marwa Fatafta, MENA Policy and Advocacy Manager at Access Now. “Failing to publicly release its India and Palestine reviews shows Meta’s blatant disregard for human rights and utter disrespect for the global majority.”
The undersigned civil society organizations working in Arabic-speaking countries demand the immediate release of Meta’s India human rights impact assessment (HRIA) and BSR’s independent review of Meta’s content moderation in Palestine. Meta contracted with BSR, a third-party assessor, “to conduct a thorough examination to determine whether Facebook’s content moderation in Arabic and Hebrew, including its use of automation, have been applied without bias,” and promised to release the report “in the first quarter of 2022.”
Meta released its first human rights report last month, and it’s disappointing, to say the least. Many in civil society were intrigued, if not exactly hopeful, when Meta created a human rights team. We hoped it meant the company would start to take accountability seriously, and provide an easy path for us to engage with the right people to implement meaningful changes based on the feedback we provided. We were also concerned that Meta would use its creation of a human rights team to evade responsibility, whitewash bad behavior, and sidetrack human rights advocates seeking to engage with decision-makers who can implement rights-respecting policy, enforcement, and engineering changes. Unfortunately, our fears appear to have been justified.
I’ve spent many years criticizing government officials and politicians of both parties for threatening retaliation against individuals and companies for their speech. But there are some pretty clear lines of what counts as actual 1st Amendment violations in retaliating over speech, and what is just government folks mouthing off and expressing their own opinion. To be clear, I think government officials should mostly shut the fuck up, instead of trying to influence websites on how to moderate, but there’s a pretty big distance between unwise mouthing off and reaching the level where it becomes a state action issue.
KARK reports Arkansas State Police special agents are investigating two Crawford County Sheriff's deputies and a Mulberry Police Department (MPD) officer who were recorded earlier Sunday kneeing and punching 27-year-old Randall Worcester of Goose Creek, South Carolina and slamming the man's head into the pavement while holding him down a short distance from a convenience store in Mulberry. Employees at the store had called police after Worcester allegedly spat on and threatened them.
As CNN reported Saturday, last week marked the second time in as many months that the panel rejected financing for a $39 million planning and infrastructure project designed to protect the residents of Orleans Parish from storm-induced floodwaters, which are projected to intensify in the coming years as a result of the fossil fuel-driven climate crisis.
$71,610.03: the back wages, interest, and civil penalties paid to a live-in domestic worker by their negligent employer in Seattle. In July, King5 News reported, the city's Office of Labor Standards orchestrated the employer's settlement—redress for their failure to pay minimum wage, provide overtime pay, and track payment.€
As Brazil's presidential campaign kicks off this week, "The Territory"—a new film created in collaboration with the Uru-ea-wau-wau people of Brazil—documents the urgency and beauty of Indigenous land defenders' fight to resist settler encroachment in the Amazon.
"Illegal mining is a tumor growing in our country."
Earlier this year, I bought a Framework laptop. If you haven’t heard of the Framework, it’s a very new laptop company, but one that really believes in not just respecting, but encouraging tinkering and the right to repair. Cory Doctorow had written a glowing piece about the Framework that first got my attention, talking about how it was designed so that users can take it apart, fix things, and upgrade it easily. It literally ships with the only tool you’ll need (a T5 Torx screwdriver). Like Cory, prior to that, I had basically relied almost exclusively on ThinkPads (initially from IBM, and then Lenovo, once the line was sold off). I found that ThinkPads tended to be pretty reliable and to last a decently long time. Though, I have had more trouble with the last few ThinkPads I purchased, including the most recent from a few years back, which had to have the motherboard replaced three times (none of which fixed the problems before they finally sent me a new laptop entirely).
In recent years Brazil has carried out several high-profile anti-piracy operations. Among other things, this resulted in the seizure of 1.5 million illegal streaming devices. Some of these devices were repurposed and donated to schools. In addition, former pirate streaming boxes have found their way into hospitals and police cars too.
Some companies enforce their IP rights because they can, not necessarily because they should. This can lead to tension with fans, who in the majority of cases are also customers, but why stop there? Mike Dailly, one of the developers of the original Grand Theft Auto, had historically significant GTA prototype videos on his YouTube channel. Rockstar complained. YouTube took them down.
The long-awaited premiere of "House of the Dragon" finally arrived on Sunday. The Game of Thrones prequel immediately proved to be a hit on pirate sites, where the first episode was widely available nearly a day before the official release. As a result, hundreds of thousands of pirates saw the show before paying customers.
Whenver I sit down to write I tend to quickly trail off into an unrelated subject. I tire of plowing through to finish what I intended on writing. I realize this is a result of open-endedness: when I lack purpose when writing, I don't have anything to say.
Previously I wrote about the importance of being free to write long-term essays. I discussed the possibility of freedom from external restraints such as marketability or social status. I believe these are all vital to writing genuinely. I also realize that some boundaries are necessary.
To speak with someone effectively, the participants must stay on topic. All ideas must be presented clearly and as completely as the context permits (I can get away with far longer monologues here than face-to-face with my friends). As conversation continues, the idea solidifies the participants' minds and they are able to pursue further understanding more easily. Changing the subject interrupts that buildup, restarting the mental bridge-building process.
Recently, I discovered the Streamelements API used for text-to-speech is available for anyone to use. The most popular voice, Brian, tends to be (ab)used for fun. I'm not a huge fan of the TTS voice that comes with GNOME and other solutions would take a bit of effort to setup, so I decided to make a quick Fish script...
For me a computer is an equipment that allows me to create something or for doing creative activities (e.g. creating a document file, editing a photo, etc.), or traditional computer stuff like serving files (NAS, Samba, Media Player, etc.) or provide other services (Transmissions, etc.). Must support the majority of the *nix OS and must be controlled at least by a keyboard or through SSH, I must be able to install any OS any time because it is designed for such scope.
In the primordial days of Marginalia Search, it used a dynamic approach to crawling the Internet.
It ran a number of crawler threads, 32 or 64 or some such, that fetched jobs from a director service, that grabbed them straight out of the URL database, these jobs were batches of 100 or so documents that needed to be crawled.
Crawling was not planned ahead of time, but rather decided through a combination of how much of a website had been visited, and the quality score of that website determined where to go next. It also promoted crawling websites adjacent to high quality websites.
I'm excited to announce that chess has returned to Rob's Gemini Capsule!
The Chess Over Gemini service has been rewritten from scratch to be more robust, to scale more easily, and to have more features. The original implementation was written in Bash in just a few days and used very crude chess logic, barely enough to make pieces movable and calculate checks and checkmates. The plaintext storage format was difficult to modify and didn't store some important data. The new implementation uses the Python "chess" module and a SQLite database, allowing me to utilize much more powerful tools.
I've noticed a recent trend of projects moving most of their documentation online. This means in order to view it, you need a web browser and Internet connectivity. They may have some offline documentation, but I find that many projects contain information that can only be found online. Normally, you'd expect this additional documentation to appear in /usr/share/doc, but this is often not the case if it's not easily packagable.
Of course, it only resembles Minecraft superficially: it's a game based on voxels and the mining/building metaphors are similar, but in fact, the more nuanced mechanisms and gameplay differ significantly, not to mention that it's written entirely in C++ using a homebrew 3D graphics engine.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.