-- Leo's gemini proxy
-- Connecting to gemini.techrights.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Gemini version available ♊︎
Posted in News Roundup at 7:01 pm by Dr. Roy SchestowitzContentsGNU/LinuxDistributionsDevices/EmbeddedFree Software/Open SourceLeftovers
This has been an amazing week with so many cool releases, starting with the long-anticipated Q4OS 4 distro based on Debian GNU/Linux 11 and the Trinity Desktop Environment, and continuing with new updates to the SuperTuxKart arcade racing game, Inkscape SVG editor, OBS Studio professional recording and live streaming software, Mixxx free DJ software, as well as Deepin Linux and Nitrux distributions.
On top of that, Fedora Linux fans were able to take the beta release of the upcoming Fedora 35 for a test drive on their personal computers, Ubuntu users received a new important Linux kernel security update, Valve releases a new Proton version for Linux gamers, Linux Mint 20.3 got a codename and release date, and Arch Linux got a new ISO release powered by Linux kernel 5.14.
As this is the 150th release of this weekly Linux Roundup, I couldn’t help but think back to when it started. It was in 2018, which was strange here for me and my family, we just moved to my wife’s hometown, where we planned to run a guest house, which didn’t work out (we did it for two months), and I was in the apartment which we started to rent, and I was thinking what to do next, as I was a system administrator before that for 5 years (mostly Linux), and I decided to start to work online. And this newsletter was one of the first steps. Looking back, I am truly grateful that I took the step of faith and grateful for your support along the way.
In September 2021, New York Internet (NYI) had the most reliable hosting company site: it responded to all of Netcraft’s requests, with an average connection time of 61ms. NYI has appeared in the top 10 table seven times in 2021 so far. Customers can choose from a range of cloud, colocation, bare metal and managed solutions.
Bigstep, CWCS Managed Hosting and Dinahosting appear in second, third and fourth places. Bigstep came close to NYI in average connection time, averaging 63ms. CWCS and Dinahosting both followed, averaging 66ms and 73ms respectively.
Bigstep’s bare metal cloud hosting provides the flexibility of cloud hosting without the associated overhead and performance reductions of virtualization. The bare metal offerings are available in data centres in the UK and Romania.
CWCS provides dedicated servers along with cloud services, as well as domain registration and VPS hosting. CWCS has data centres across the UK, as well as North America.
Dinahosting provides cloud hosting and domain registration services, with data centres located at Interxion and Global Switch, in Madrid.
Josh and Kurt talk about recent events around Apple and Microsoft disclosing security vulnerabilities. Microsoft usually does a good job, but Apple has a long history of not having a great bug bounty or vulnerability disclosure policy. None of this is simple, but hopefully you’ll have some fun and learn a bit about the whole vulnerability disclosure process.
On this episode of This Week in Linux, we’ve got news for the Steam Deck, Steam Next Fest, Steam Proton. Then we’ve got KDE news for KDE Plasma 5.23, Plasma 5.24, Kdenlive, Kalendar & more. Then we’ll take a look at some Distro news with Alma Linux, Q4OS 4.6 and a bunch of Fedora news such as Fedora 35 Beta, Fedora Kinoite & Nest with Fedora. Later in the show, we’ll talk about PipeWire and why it’s awesome as well as the latest release of OBS Studio and some updates for Flatpak. All that and much more on Your Weekly Source for Linux GNews!
In episode 17 of the WordPress Briefing, Josepha Haden Chomphosy reflects on her WordCamp US keynote and digs into how participating in open source projects can help you learn 21st Century Skills.
In this video, I am going to show an overview of Q4OS 4.6 and some of the applications pre-installed.
I’m so happy to let you guys know about a very special development with LearnLinuxTV, that it’s going to be my only job going forward. It’s been a lot of hard work to get to this point, but it’s here and I’m very excited!
Hello and welcome to the 433rd installment of Linux in the Ham Shack. In this short-topics episode, the hosts discuss several topics including RaDAR, communicating across the Atlantic in the early days of radio, taxing open-source satellites, open source and Azure, the latest release of WSJT-X and much more. Thank you for listening and have a great week.
Typically when people get a VPS they’ll get one thing and stick with it but there’s no reason why that has to be the case, if you know you’re going to have a spike in usage why not let you hosting provider scale your service.
Playing video inside our web browsers, whether they be Chrome-based browsers of Firefox-based, is not a great experience. These web browsers don’t have the proper video acceleration needed to play smooth video.
Why Linus believes keeping Linux fun is critical, the massive investment Fedora is about to make in video, and why we suspect Cloudflare’s R2 service will make Amazon squirm.
Plus a low key update to the Raspberry Pi 4, and the changes in the new Docker Compose 2.0.
Thirty years ago, give or take, Linus Torvalds created Linux. At the Linux Foundation’s Open Source Summit last week, Torvalds talked with his good friend and VMware VP and chief open-source officer Dirk Hohndel about Linux’s history.
First things first, they talked about the actual date of Linux’s birthday. Hohndel noted that Torvalds “has redefined the birthday of Linux everyone used to use — August 25 — and then said, ‘well, actually it’s September’.” Indeed Torvalds and I have talked about this very point before, and you can choose between four dates for Linux’s “official” birthday.
The operating system that powers more than 90% of the world’s top servers and cloud infrastructure as well as the internet, Android smartphones, supercomputers, connected cars and the International Space Station was almost named “Freax.”
“I think I emailed five people about the 0.0 release,” said Linus Torvalds (pictured, left), the inventor of Linux, who recalled that a colleague changed the name almost immediately. “I am eternally grateful to other people for having more taste than I did.”
Read-copy update (RCU) vaguely resembles a reader-writer lock, but one in which readers do not exclude writers. This change in semantic permits RCU readers to be exceedingly fast and scalable. In fact, in the most aggressive case, rcu_read_lock() and rcu_read_unlock() generate no code, and rcu_dereference() emits but a single load instruction. This most aggressive case is achieved in production via Linux-kernel CONFIG_PREEMPT_NONE=y builds. Additional information on RCU is presented at the end of this post.
Paul McKenney has started a blog series on Rust for the Linux kernel. He has posted six of a planned 11 articles, though several are labeled as “under construction”.
It’s been one year now since Intel launched Tiger Lake mobile processors and since then we’ve been running routine benchmarks of the Core i7 1165G7 on Linux. Tiger Lake at launch was performing well under Linux but its performance has continued evolving nicely since on Linux, especially as it pertains to the Xe Graphics with the open-source OpenGL/Vulkan drivers. With Ubuntu 21.10 due out later this month, there is another performance boost to enjoy.
For those with Intel Tiger Lake notebooks contemplating the move to the non-LTS Ubuntu 21.10, there are more performance improvements to note. Similar to Ubuntu 21.10 boosting performance on the AMD/Radeon side, the Intel performance has also matured nicely over the past six months on Linux.
Usually, you would log in to a service on your web browser to monitor and track the market for investment opportunities if you’re an investor/trader.
But, what if you want an app for your Linux desktop and Linux phone? Considering we do have a few for Android/iOS smartphones, it should come in handy for Linux devices as well!
“Markets” utilizes the data from Yahoo Finance to provide you the required information about stocks, cryptocurrencies, currencies, and more.
While it is a simple desktop-focused app, it is available for Linux smartphones, and it offers a couple of valuable functionalities. Let me list the key highlights of what you can expect.
Mousai is a free and open-source application for identifying songs. If you’ve ever used Shazam or a similar app then using Mousai will not be any different for you. And even if you haven’t, its usage couldn’t be easier.
Have the song that you want to identify playing in the background. Open the app and hit the listen button. Wait a couple of seconds and Mousai will return the title and artist of your selected song. It works like magic!
Mousai is powered by AudD – a music recognition API. With it, you can recognize about 60 million tracks in microphone recordings, UGC, and audio files (even over the radio). And because it relies on the audd.io API to function, Mousai must log into the AudD website to get a token. Leaving this blank will give you a free trial of tokens per day.
There is a lot of great video editing software available for Linux. A few of them have the free version that you can try a hand on as well. But, more importantly, the online video editor that you may find features rich too.
Video-based marketing is the new trend and shall remain the best in the future too. With most people inclined to short and crisp videos, selecting the right software for creating a dynamic video for business and entertainment purposes becomes inevitable. With various OS available these days, the one that we principally rely on is Linux too.
pgCluu is a Perl program used to perform a full audit of a PostgreSQL Cluster performances. It is divided in two parts, a collector used to grab statistics on the PostgreSQL server using psql and sar, a reports builder that will generate all HTML and charts output.
We’ve reviewed a smorgasbord of open source music players. But Linux is endowed with a huge selection, and there’s still a few we’ve yet to review.
In this tutorial, we will show you how to install LibreNMS on Debian 11. For those of you who didn’t know, LibreNMS is an auto discovering PHP/MySQL-based network monitoring system that includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, HP, and many more.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of LibreNMS network monitoring system on a Debian 11 (Bullseye).
What makes Icinga Director so special is the fact that it tries to target both of them at once.
Icinga Director uses the Icinga 2 API to talk to your monitoring system. It will help you to deploy your configuration, regardless of whether you are using a single node Icinga installation or a distributed setup with multiple masters and satellites.
In this guide you will learn several ways how to quickly and easily delete files and directories in Linux using the command line.
One of the basic file system administration tasks in Linux involves creating, modifying, and deleting different types of files and directories. Knowing some basic tools and concepts for file deletion comes in handy and can save you time.
Brotli is a data format specification for data streams compressed with a specific combination of the general-purpose LZ77lossless compression algorithm, Huffman coding and 2nd order context modelling.
A compression algorithm developed by Google and works best for text compression. Brotli primarily used by web servers and content delivery networks to compress HTTP content, making internet websites load faster.
Brotli is a new compression method with a better compression ratio than Gzip.
Go is a programming language that was initially created by a team at Google as a replacement for C. They wanted to have a language where the compiler would be quick but also have easy programing and efficient production. Go can be used for many things, like networking or distributed systems programs, and has earned the name “the language of the cloud”.
It helps people do more with just a few words, making it easier to write long sentences without wasting time on formatting. If you need to share your program with other people, you can just compile it into one file so they don’t have to download anything.
In this tutorial, we’ll look at how to install and configure a programming workspace with Go via command line. You can follow along if you have a working Debian 11 system. Other Debian-based Linux distributions should work in a similar way.
Passbolt is a free, open-source and self-hosted password manager that allows you to store your website and other passwords securely. It is an extensible and OpenPGP based password manager and is available in both a subscription-based and community edition. It also allows you to share your login credentials with your friends.
Jack Wallen introduces new Linux users to the mount command and how to use it to mount an external drive to the internal file system.
In my last post, I wrote about setting up ZSwap in Debian 11, and now, apparently, I have to blog about this.
Most GNU/Linux distributions put the /tmp folder (where all sorts of temporary files the OS needs to have around for a little while go, as the name implies) on a RAM drive, using tmpfs.
Debian, it appears, doesn’t. Having /tmp mounted on an SSD in a modern computer will cause many unnecessary writes to the SSD and will contribute to the drive wearing out too quickly.
In this tutorial, we will show you how to install Bitwarden on Linux Mint 20. For those of you who didn’t know, Bitwarden, the open-source password manager, makes it easy to generate and store unique passwords for any browser or device. Using Bitwarden you can easily and safely generate, store, and secure unique passwords from any location or device. It is compliant with Privacy Shield, HIPAA, GDPR, CCPA, SOC2, and SOC3 security standards and comes with AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Bitwarden’s open-source password manager on a Linux Mint 20 (Ulyana).
I’ll admit it: I’m a fan of Linux. While I’ve used Slackware on workstations and Red Hat Enterprise Linux (RHEL) on servers for years, I love seeing how other distributions do things. What’s more, I really like to test applications and scripts I write on other distributions to ensure portability. In fact, that’s one of the great advantages of Linux, as I see it: You can download a distro and test your software on it for free. You can’t do that with a closed OS, at least not without either breaking an EULA or paying to play, and even then, you’re often signing up to download several gigabytes just to test an application that’s no more than a few hundred megabytes. But Linux is open source, so there’s rarely an excuse to ignore at least the three or four main distros, except that setting up a virtual machine can take a lot of clicks and sometimes complex virtual networking. At least, that used to be the excuse until Vagrant changed the virtual machine workflow for developers.
Linux is a most popular open source OS used widely on many systems, servers and other machines like Raspberry Pi, etc. There are many variants out there in Linux which are known as distributions. The most common distributions are Ubuntu, Debian, SUSE, Mint, CentOS, Redhat, ArcLinux and many more.
It is better to know the version of your operating system when you update or install packages or installing security patches, etc.
Some distributions like Ubuntu, Debian shows the version of the OS when you login as a welcome message. But this can be disabled manually.
Before this article gives us a walkthrough on creating videos from images under a Linux operating system environment, it is important to understand the why before we engage the how.
Disabling a user account in Linux means the user can no longer login to the system. However, the account will still persist on the system, which makes it different than deleting a user account entirely.
You may need to disable a user account temporarily, or disable the login capability for a system account. In this guide, you’ll learn a few different methods of disabling a user account on Linux. You’ll also see how to re-enable the account.
You may need to reinstall the GRUB 2 boot loader when the system does not boot into the GRUB menu. This may be due to the installation of security patches or human error.
If the GRUB 2 boot loader corrupted on your system then you will end up with one of the following error messages.
In this guide, we will demonstrate how to repair corrupted GRUB 2 Bootloader in RHEL 8 system.
Today we are looking at how to install Blender 2.93.4 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.
There is a couple of well-known open-source business management software and Odoo is one of them. It offers ERP, CRM, ECM, project planning, and more… In this article, we learn how to install Odoo 14 and 13 on a docker container running on Ubuntu 20.04 LTS Focal fossa.
Odoo is free business software that covers a wide range of tasks. In addition to classic ERP functions, the environment offers CRM, E-commerce, content management, project planning, warehouse management, accounting, personnel management, portal, knowledge base, product management, human resources, marketing, and more.
Not so long ago the only thing I needed to learn in order to create plugins for my blogs was PHP. I could farm out the JavaScript and CSS parts of development to freelancers. With the recent versions of WordPress however, more and more code is in JavaScript so I decided to learn JavaScript deeply.
In this tutorial we will talk about how to migrate Apache to Nginx. Apache and Nginx are probably the most used Web servers on Linux. The former is the most ancient of the two: its development started in 1995, and it played a very important role in the World Wide Web expansion; it is still the most popular web server around. The first version of Nginx, instead, was released in 2004. Nginx is not only a web server: it can also work as a reverse proxy and a load balancer.
Both Apache and Nginx are free and open source. One of their most important functionalities is the ability to serve multiple websites/resources. Apache uses the so called “VirtualHosts” while Nginx uses “Server Blocks”. In this tutorial we see how to migrate the most common Apache VirtualHost configurations to Nginx.
Well, interesting to Linux shell script programmers anyway.
I’m running chromium as a non-root user ‘chromium’. /usr/bin/chromium is a script that performs login to user ‘chromium’ then runs the real chromium executable.
I had the situation where clicked on the close-box top-right of the chromium window, it closed, but was unable to restart chromium. Found that some chromium processes were still running. These have to be killed. This also happens sometimes with seamonkey, leaving the user wondering why it won’t start.
What I want to do in the /usr/bin/chromium script is kill all these leftover processes. Simply running “killall chromium” will also kill the current script. Utility ‘ps’ can be run to find these processes, then run ‘kill’ on each one. That’s one way of doing it.
Only a few days ago Proton Experimental saw an update to pull in NVIDIA DLSS support for DirectX 12 and as of today’s update this has expanded to DirectX 11 titles too.
It’s still currently disabled by default with you needing to make a small adjustment to turn it on. This can be added to individual games by setting PROTON_HIDE_NVIDIA_GPU=0 PROTON_ENABLE_NVAPI=1 %command% in the launch options. Or you can try PROTON_ENABLE_NVAPI=1 %command% with “dxgi.nvapiHack = False” in a DXVK config file.
There’s also an update to newer DXVK that includes the latest development work and you should find that Monster Boy and the Cursed Kingdom is now playable with it. The Proton changelog can be found here.
SCS Software have begun expanding what’s possible with the newly introduced Convoy Mode multiplayer in both their truck sims Euro Truck Simulator 2 and American Truck Simulator.
Now available in Open Beta for owners is the 1.42 update, which adds it the “very loud request” of mod support to Convoy. Not an easy task since everything needs to match between players and online support is difficult at the best of times for developers to get right. Speaking on their blog they mentioned the challenge of “profile recovery when a crucial MOD is removed or changed, and visualizing what MODs are missing from the Steam Workshop when players join a server that contains modifications”.
Seems like Valve can’t catch a break with The International 2021 thanks to COVID-19. After having to move venues, they’ve now cancelled and refunded all live tickets. This is a pretty big blow to the biggest esports event of the year, with it having the biggest prize-pool ever for a single event at $40,018,195.
The saga continues for the GTA III and Vice City code that was reverse engineered and available on GitHub, as it has now been taken down once again from a DMCA request.
For the second time the code repository on GitHub is no more, with it linking to the public DMCA notice that shows Mitchell Silberberg & Knupp LLP acting for Take-Two Interactive Software. It requested a take down of all repositories (including forks) of the code and brings up the recent lawsuit filed against the developers involved in the code
Gaming on Linux has been a bit complex. Since most game developers don’t release versions for Linux, however, using the Stream might have solved a bit of that issue. True gamers always love to play the independent video game that is not developed by professionals, but they are playing to the fun. If you have been an old-school gamer and had been using the Itch desktop client on your other operating systems for a while, you can now install and use the Itch tool on your Ubuntu machines as well and enjoy the full Itch.io experience.
After you install the Itch tool, you can browse games, update games, and play right there in the application. Itch allows you to pay for the games and play your desired paid games without any hassle.
Following on from the big Hearth & Home update Iron Gate has tweaked Valheim once more, along with adding a new spooky themed item to build.
This follows on from the update released on September 17 which once again rebalanced HP / Stamina on most foods along with some bug fixes. Today though it’s a bit of a bigger patch enabling you to build the Halloween themed Jack-o-turnip for a limited time. There’s plenty more though like melee weapons use less stamina and the Fulings have become more menacing, since they have some new battle tactics.
Stardander is the next title from Fancy Fish Games who previously developed Aground and I Can’t Escape: Darkness that will see you run a school for witches. Blending together elements from strategic RPGs and Visual Novels, it will see you run Stardander School for Witches.
During your time as head you will accept witches into your school, train them up, guide them through turn-based battles and support them through navigate magical school life.
Based upon the source code release of the classic multiplayer shooter Wolfenstein: Enemy Territory, the ET: Legacy project continues maturing on modern platforms with ET: Legacy 2.78 out now. This is easily the best and suggested way to actually play Wolfenstein: Enemy Territory now, as ET: Legacy comes with a ton of improvements over the original while keeping the gameplay intact.
This release is part of their effort to speed up development and they said version 2.78 had a focus on “improving the competitive side of things” along with other general fixes.
After a year and a half lull in development has been , the published release of the desktop environment Lumina 1.6.1 , developed after the termination of TrueOS development within the project Trident (Void Linux desktop distribution). The environment components are written using the Qt5 library (without using QML). Lumina takes a classic approach to organizing user environments. It includes a desktop, an application bar, a session manager, an application menu, a system for configuring environment settings, a task manager, a system tray, a virtual desktop system. The project code is written in C ++ and is distributed under the BSD license.
Fluxbox is used as a window manager. The project is also developing its own file manager Insight, which has such capabilities as support for tabs for working with multiple directories at the same time, accumulation of links to selected directories in the bookmarks section, the presence of a built-in multimedia player and a photo viewer with support for slideshows, tools for managing ZFS snapshots, support for connecting external plug-in handlers.
↺ Lumina Desktop 1.6.1 Released With Theme Improvements While Bigger Improvements Planned – Phoronix
The Lumina Desktop Environment as the BSD-3 licensed desktop originally spearheaded for TrueOS/PC-BSD but found supported as well by other BSDs and Linux distributions is out with a rare new release.
Lumina Desktop 1.6 as the last major release came back in January 2020 while this weekend brought Lumina Desktop 1.6.1. Lumina Desktop 1.6.1 is a very minor update with various bug fixes plus also incorporating downstream theme work to the desktop.
The GNOME devs have recently published the release schedule for the GNOME 42 desktop environment, which is slated for release next year on March 23rd. It will be the second major update in the GNOME 4x series and development slowly kicked off this month.
GNOME 42 will stick to the same routine as in the GNOME 40 and GNOME 41 development cycles, which means that public testers will be able to take the Alpha, Beta, and Release Candidate (RC) milestones for a test drive on their personal computers. Here’s the official GNOME 42 release schedule.
GNOME 42 is on course to ship with support for a proper ‘dark mode’ toggle.
Right now Linux desktops lack a standardised, system-level way for users to indicate to the system, its apps, and even the websites they visit that they’d prefer them to use a dark appearance.
Now, you’re probably thinking: “Joey, Ubuntu already has a dark mode: I use it” — and you’re not mistaken.
Major desktop Linux distros, including Ubuntu and Pop!_OS, do include a dark theme option. But changing GTK theme the best way to approach this?
The release of the distribution kit Nitrux 1.6.1 , built on the Debian package base, KDE technologies and the init system has been OpenRC published . The distribution develops its own NX Desktop , which is an add-on over the user’s KDE Plasma environment. To install additional applications, the AppImages self-contained package system is being promoted. The boot images are 3.1 GB and 1.5 GB in size. The developments of the project are distributed under free licenses.
NX Desktop offers a different style, its own implementation of the system tray, notification center and various plasmoids, such as a network configurator and a multimedia applet for volume control and playback control of multimedia content. The package also includes applications from the set MauiKit , including the Index file manager (Dolphin can also be used), Note text editor, Station emulator, Clip music player, VVave video player, and Pix image viewer.
New version of Lakka has been released!
We are happy to announce new and updated version of Lakka.
The release of the distribution has been Lakka 3.5 published , which allows you to turn computers, set-top boxes or single-board computers into a full-fledged game console for running retro games. The project is a modification of the distribution LibreELEC kit , which was originally designed for creating home theaters. Lakka builds are generated for i386, x86_64 platforms (Intel, NVIDIA or AMD GPUs), Raspberry Pi 1-4, Orange Pi, Cubieboard, Cubieboard2, Cubietruck, Banana Pi, Hummingboard, Cubox-i, Odroid C1 / C1 + / XU3 / XU4 and etc. To install, just write the distribution to an SD card or USB drive, connect a gamepad and boot the system.
Lakka is based on the RetroArch game console emulator , which provides emulation of a wide range of devices and supports advanced features such as multiplayer games, save state, enhancing the image of old games with shaders, rewinding games, hot plugging gamepads and video streaming. Emulated consoles include Atari 2600/7800 / Jaguar / Lynx, Game Boy, Mega Drive, NES, Nintendo 64 / DS, PCEngine, PSP, Sega 32X / CD, SuperNES, etc. Supports gamepads from existing game consoles including Playstation 3, Dualshock 3, 8bitdo, Nintendo Switch, XBox 1 and XBox360.
Ansible is a Red Hat owned tool for automating system administration tasks. It is typically used in environments where an administrator wants to perform the same task, such as deploying security updates, on many computers without logging into each computer manually. Unlike many automation tools, Ansible does not require any special software to be installed on each client machine. Each client just needs the OpenSSH service to be installed on the clients and all the work and configuration is handled by one central server.
There are a lot of reasons for working with Ansible and this guide is meant to get you up and running quickly. If you’re like me, I have a terrible habit of not reading the fine manual. To quote the Simpsons character Renier Wolfcastle, “I was elected to lead not to read”. To follow along with this tutorial here are the basics you will need…
Widespread adoption of DevSecOps is inevitable. Security and delivery velocity are unrealistic expectations as part of a waterfall software development life cycle (SDLC). Businesses and government agencies are under constant pressure to deliver new features and functionality to their customers, constituents, and employees. Recent high-profile software supply chain breaches and President Biden’s Executive Order to improve the nation’s cybersecurity also increases the urgency for businesses and governments to move to DevSecOps.
All of that means, sooner or later, your enterprise will need to integrate security with its DevOps process.
Historically, cybersecurity teams focused on app security only at the end of a long, laborious waterfall SDLC, after scanning and remediating security issues. This model has shown cracks with age. Customer and market demands for new features, security, and compliance are at the top of executives’ minds. Digital transformation efforts aimed at adjusting to the new world of work during and after the pandemic have made software security a higher priority. A DevOps process that makes security an afterthought is out of step with software users and consumers.
What’s needed is a DevOps-to-DevSecOps transformation. Fortunately, cloud computing in the commercial and public sectors, combined with the influence of open source software (OSS), now gives development teams the tools, processes, and frameworks to deliver software at higher velocity while maintaining quality and security.
DevSecOps is an approach to software development and deployment that takes full advantage of the agility and responsiveness of DevOps, but also makes security a shared responsibility that is integrated into the full life cycle of your apps.
As with most things, of course, there are some challenges to overcome when implementing DevSecOps in an organization. Effective DevSecOps requires more than new tools and mindsets, it involves cultural changes (and leadership buy-in) as well.
In an episode of the “In The Clouds” Red Hat Streaming series, Chris Short had Kirsten Newcomer on to talk about DevSecOps, discussing tools, culture and misconceptions. Here we’ve distilled that discussion into a Q&A in which Kirsten gives some tips and recommendations towards successfully implementing DevSecOps in your organization.
It’s a fact of life. Systems, software, and services fail. Keeping users happy and the pager quiet is always at the front of every sysadmin’s mind. Therefore, knowing how to handle service failure quickly, efficiently, and (ideally) automatically is a hallmark of a capable (and well-rested) sysadmin. This article walks you through a few ways systemd can help you mitigate failure in your services.
We just wrapped up AnsibleFest 2021, which included customer spotlight sessions showcasing some of the ways Red Hat Ansible Automation Platform can help organizations scale and increase collaboration.
Is automation your organization’s focus area right now? Or is it security, application development or infrastructure modernization? Many of our customers find that it might not just be one platform or service, but a combination of technology solutions and services within Red Hat’s portfolio that could help address their needs.
The race for qualified talent is on. As your digital transformation journey continues, your new hires must have the skills necessary to integrate into a growing and changing organization. Tech giants with the resources to offer competitive salaries and hardy benefits packages make it more difficult for smaller organizations to recruit and retain excellent candidates.
Core technical competencies are necessary to ensure your candidates’ success, but be mindful that an aptitude for learning is equally important for employee growth. By focusing your hiring efforts on education and other soft skills (understanding employees can gain technical experiences on the job), you ensure that you are hiring malleable candidates with strong foundational skills.
That’s the takeaway for IT job hunters from the 2021 Open Source Jobs Report, conducted by The Linux Foundation and edX.
Virtually every employer (97 percent) included in their survey said that hiring open source talent is a current priority; 92 percent of them said it’s difficult to find that talent. That’s a challenge for hiring managers, but it puts qualified IT pros in a strong position if you’re looking for your next opportunity.
This month I didn’t have any particular focus. I just worked on issues in my info bubble.
Like each month, have a look at the work funded by Freexian’s Debian LTS offering.
Here’s a bunch of uploads for September. Mostly catching up with a few things after the Bullseye release.
Raspberry Pi’s are solid devices for DIY projects, and they’ve gotten pretty powerful and capable over the years. The latest iterations — Raspberry Pi 4 and 400 offer 8GB RAM variants sufficient to run heavy distributions like Ubuntu and other ARM Linux distributions.
However, there aren’t a lot of good Desktop distributions for Raspberry Pi apart from Ubuntu and Ubuntu MATE. So, we have some good news for the people who’re done with the same and Canonical’s Snap BS! An ARM variant of Pop!_OS will be available soon.

The Astro Pi project sees experiments, written by school children running on real Raspberry Pis. This might not seem very exciting until you hear where those Raspberry Pis are located, the International Space Station, in orbit high above the Earth.
Launched, literally, in December 2015 via the Principia mission, Astro Pi began when UK astronaut Sir Tim Peake took two Raspberry Pi B+, Pi cameras and Sense HAT add-on boards enclosed in aluminum chassis designed to manage the Raspberry Pi thermals to the ISS. The two Astro Pi computers, affectionately named Izzy and Ed were able to measure temperatures, humidity, air pressure, orientation and acceleration forces thanks to the Sense HATs plethora of onboard sensors. These two Raspberry Pi were used in multiple experiments since 2015, but the B+ models inside were getting a bit long in the tooth.
Ever wanted to build your own LoRaWAN connected weighing scale? Me neither, but apparently those types of products already exist for logistics and inventory management, and LilyGO’s latest ESP32 board – the TTGO T-Weigh – is designed for this exact purpose with a Semtech SX1272 based LoRa module, and a HX711 24-bit ADC chip.
The board can handle up to four scales that transfer weight data over WiFi, Bluetooth or LoRaWAN, and should be useful in applications that require weighting goods or products where there are limited connectivity options including logistics, farming.
UDOO is known for its x86 boards that embed an Arduino compatible MCU, but the UDOO KEY is different, as it does without an Intel or AMD processor, and instead, combines Raspberry Pi RP2040 microcontroller with Espressif ESP32 WiFi & Bluetooth WiSoC.
As we noted in the past combining Raspberry Pi Pico/RP2040 with ESP32 does not make a lot of sense in most cases, but here’s the UDOO KEY will be offered for just $4 for the first 1,000 units, so they’ll basically throw the ESP32 for free since it’s the same price as one Raspberry Pi Pico, before eventually selling the device for $20.
You might have noticed that the shopping experience on the Arduino Store has changed a little. We wanted to let you know what we’ve been working on to supercharge the store.
The main controller is a Raspberry Pi 4 running ROS2 (Robot Operating System), which takes inputs from a 360 LIDAR sensor, high-quality camera module, and IMU.
For those of us old enough to remember the VCR (and the difficulty of programming one), the ubiquitous vacuum fluorescent display, or VFD, is burned into our memories, mostly because of their brightness and contrast when compared to the superficially-similar LCD. These displays are incredibly common even apart from VCRs, though, and it’s easy to find them for next to no cost, but figuring out how to drive one if you just pulled it out of a 30-year-old VCR is going to take some effort. In this build, [mircemk] shows us how he drives unknown VFD displays using an Arduino in order to build his own weather forecasting station.
For this demonstration [mircemk] decided to turn a VFD into a weather forecasting station. First of all, though, he had to get the VFD up and running. For this unit, which came from a point-of-sale (POS) terminal, simply connecting power to the device turned on a demo mode for the display which let him know some information about it. From there, and with the knowledge that most POS terminals use RS232 to communicate, he was able to zero in on the Rx and Tx pins on the on-board microcontroller and interface them with an Arduino. From there it’s a short step to being able to output whatever he wanted to this display.
The DacBerry 400 S is a small, inexpensive DAC (digital to analog converter for audio) designed for the Raspberry Pi 400 computer-in-a-keyboard. It attaches to the 40-pin connector to give you 96 KHz/32-bit audio and sells for about €20 ($23).
The key Fairphone feature is the modular components, which make repairs easy with just a screwdriver. Inside the phone, you’ll find eight easily replaceable parts: the display, the USB-C port, selfie camera, ear speaker, main camera array, loudspeaker, battery, and the rubberized back. If you break anything, all of these parts will be available for sale on Fairphone.com. The only “noncommercial spare part” is the core module, which features the SoC, storage, RAM, device frame, and fingerprint reader.
Fairphone is striving for longevity this year, and the easy repairability of this model allows for an incredible five-year warranty at no extra cost. The company is also promising “long-term availability of spare parts”—parts for the Fairphone 2, a device that launched in 2015, are still for sale on the website.
Fairphone has announced the sustainable Fairphone 4, which brings an updated design and improved specs while retaining all the modularity you expect, reports Ron Amadeo.
“Designed to last, with fair and recycled materials, the Fairphone 4 brings you 5G speed, with great battery life and a premium dual-camera — all backed by our 5-year warranty,” according to the Fairphone website.
There is no question that competition yields better products in a marketplace. In fact I can make you the argument that we have lost many of those fierce battles of the past that are part of historical lore in the radio business.
You just don’t see stations going head to head in a market like they used to. It clearly exists today but consolidation in the marketplace has watered it down.
But I think the radio industry can benefit from some of the traits of an open source society.
What is open source? Open source is computer source code that is freely available for others to make modification and improvements before eventually going to market for redistribution. This is a common practice used by other industries that inherently advances improvement and innovation.
Microsoft has inadvertently re-heated the web browser wars with the company’s anti-competitive changes to Windows 11. It made it more difficult to change the default web browser and has expanded the use of links that force-opens Edge instead of the default browser.
The latter issue is something I addressed in 2017 with the release of EdgeDeflector. Instead of using regular https: links, Microsoft began switching out links in the Windows shell and its apps with microsoft-edge: links. Only its Edge browser recognized these links, so it would open regardless of your default browser setting. I created EdgeDeflector to also recognizes them and rewrites them to regular https: links that would then open in your default web browser.
“Browser monoculture” is often bemoaned as a threat to the web. According to Statscounter, which tracks browser use, over 70 per cent of the market is made up of people using Google Chrome or another browser based on the underlying Chromium project.
What web advocates worry about when they say this is bad is that Google can effectively determine the future of the web by determining which features to support and which not to. That’s a lot of power for a single company that also has an effective monopoly on search and advertising.
What would happen if Chrome decided to break fundamental features of the web and didn’t even feel the need to tell anyone?
Well, we can answer that question because that’s what Chrome did.
Earlier this year Chrome developers decided that the browser should no longer support JavaScript dialogs and alert windows when they’re called by third-party iframes.
Finally, after numerous delays, support for the next-generation AV1 Image File Format (AVIF) image format, which is based on the modern and royalty free AV1 video codec, is now enabled by default. It was supposed to land in Firefox 86 first, but it’s finally here in the Firefox 93 release.
AVIF support in Firefox was in development for more than four years. The new feature landed since Firefox 86, but it wasn’t enabled by default until now due to various bugs and regressions. Firefox 93 is the first release of the popular web browser to enable it by default to help you save even more bandwidth.
AVIF image support is especially notable as it was supposed to feature in last months’ Firefox 92 release. For those unaware, AVIF is a royalty-free image format that boasts comparable quality to JPEG but at a much reduced file size.
Eagle-eyed users may notice that the Firefox download progress bar now respects system colour scheme on Linux desktops. The browser had been applying its own CSS to the bar which, under certain GTK themes, rendered it invisible.
You might have heard of VPNs — virtual private networks — at some point, and chalked them up to something only “super techy” people or hackers would ever use. At this point in the evolution of online life, however, VPNs have become more mainstream, and anyone may have good reasons to use one. VPNs are beneficial for added security when you’re connected to a public wifi network, and you might also want to use a VPN at home when you’re online as well. Here are five reasons to consider using a VPN at home.
Here on The Document Foundation’s blog, we post about general news and activities in the LibreOffice world. But now we have a dedicated development blog, set up by Hossein Nourikhah, who recently joined us as a Developer Community Architect.
To know more about what is going on in LibreOffice, you can refer to the main Document Foundation blog. Also, if you want to learn more about the LibreOffice design, you can refer to the LibreOffice Design Team blog. And now, we have created a new blog, dedicated to the LibreOffice development!
LibreOffice development starts with setting up a development environment. After that, you can do the development in your favorite IDE. In this 80 minutes presentation, you will find everything you need to know to get started with LibreOffice development; from installing dependencies using distribution tools, LODE (LibreOffice Development Environment) or manual setup to compilation itself.
With this tutorial, you can build LibreOffice for yourself. Then we look at some simple tasks from LibreOffice EasyHacks. After that, you can try to get your submission merged into the LibreOffice code by submitting it to gerrit, and doing the fixes requested by the reviewers.
CodeSee, a maker of tools that help developers to visualize and understand large codebases, has unveiled OSS Port, a community website that aims to connect potential contributors with open source projects, and ease the process of onboarding.
CodeSee says it is addressing a situation in which developers spend more time trying to understand code than write it. With OSS Port, maintainers of software projects can provide best practices, guidance, and interactive visual walkthroughs of their codebases using CodeSee Maps, a technology now in beta for visualizing codebases and mapping their flow of execution.
Completion specs are defined in a declarative schema that specifies ‘subcommands,’ ‘options’ and ‘arguments.’ Suggestions are generated from information in the spec or can be generated dynamically by running shell commands or reading local files.
Fig’s completions are all open source and powered by contributions from the community. It supports completion specs for public CLI tools, and now supports building completions for a team’s internal CLI.
Arm’s Neoverse platform and ecosystem can help foster innovation and growth with successful deployment in the hyperscale and enterprise cloud data centers.
Whilst I really like what Sony has achieved here, I’ve grown to understand ANC simply isn’t for me. Some of the drawbacks of ANC somewhat bother me: the ear pressure it creates is tolerable, but is an additional energy drain over long periods of time and eventually gives me headaches. I’ve also found ANC accentuates the motion sickness I suffer from, probably because it messes up with some part of the inner ear balance system.
Most of all, I found that it didn’t provide noticeable improvements over good passive noise cancellation solutions, at least in terms of how high I have to turn the volume up to hear music or podcasts clearly. The human brain works in mysterious ways and it seems ANC cancelling a class of noises (low hums, constant noises, etc.) makes other noises so much more noticeable. People talking or bursty high pitched noises bothered me much more with ANC on than without.
It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path.
Security updates have been issued by Debian (apache2, fig2dev, mediawiki, plib, and qemu), Fedora (chromium, curl, kernel, kernel-headers, kernel-tools, openssh, rust-addr2line, rust-backtrace, rust-cranelift-bforest, rust-cranelift-codegen, rust-cranelift-codegen-meta, rust-cranelift-codegen-shared, rust-cranelift-entity, rust-cranelift-frontend, rust-cranelift-native, rust-cranelift-wasm, rust-gimli, rust-object, rust-wasmparser, rust-wasmtime-cache, rust-wasmtime-environ, rust-wasmtime-fiber, rust-wasmtime-types, rust-wast, rust-wat, and webkit2gtk3), Mageia (apache-mod_auth_openidc, c-ares, chromium-browser-stable, icu, libspf2, perl-DBI, python, and python-rsa), openSUSE (haproxy and opera), Oracle (kernel), SUSE (firefox and libvirt), and Ubuntu (python3.8).
Google’s love for open-source projects is definitely worth applauding. The California-based tech giant has recently announced its $1 sponsorship for the Secure Open Source (SOS) pilot program managed by the Linux Foundation.
Not long ago, Google committed $100 million to support third-party foundations fixing security issues in open-source software. So, this sounds like another step in the right direction.
PuTTY is one of the oldest and most popular SSH clients, originally for Windows, but now available on several platforms. It has won corporate support and endorsement, and is prepared and bundled within several third-party repositories.
Unfortunately, the 0.74 stable PuTTY release does not safely guard plain-text passwords provided to it via the -pw command line option for the psftp, pscp, and plink utilities as the documentation clearly warns. There is evidence within the source code that the authors are aware of the problem, but the exposure is confirmed on Microsoft Windows, Oracle Linux, and the package prepared by the OpenBSD project.
Syniverse, which provides services to carriers like AT&T, T-Mobile and Verizon, said the hack began in May 2016 but the company wasn’t aware of it till May 2021.
Privacy and online anonymity are not a privilege, they’re a right. But if you think of yourself as “better than” or “more deserving” of privacy than other, less technical or skilled people, then you’re part of the problem.
In India, you must forfeit your fingerprints, face, and iris in order to receive food, healthcare, education, and social security benefits. This is all thanks to Aadhaar, the world’s largest biometric identity system, and the poster child for Big ID programs taking the world by storm. Aadhar was supposed to improve access to public services, but instead created a privacy-harming tool for exclusion: between 1.5 to 2 million Indians lost access to benefits, including over one million children being denied access to school and women unable to access maternity care.
So, if Aadhaar is so harmful, why do Big ID programs continue to gain traction? The answer: People who stand to profit from selling these systems have strategically designed false narratives to advance their own interest. The consequences of accepting their lies as truth are dire, as India’s experience with digital ID has laid bare.
In early May 2021, 29-year-old Sweta Sundar went with three members of her family to a government school in south Delhi to get their first doses of the Covishield vaccine. The staff at the vaccination centre insisted that they verify their identities by submitting their Aadhaar details, even though, according to government issued guidelines, beneficiaries can provide six other types of government identification. “At the time, I just did as I was told,” Sundar said. “I didn’t think too much about it.” When Sundar returned home, she saw that she had been issued a Unique Health ID or UHID with the number printed on her vaccination certificate above her beneficiary reference number. Sundar was not sure what this identification number was. The three members of her family who had also been vaccinated after providing their Aadhaar information had been issued health ID numbers too. “They had not told us anything about a health ID or that they were issuing us one,” Sundar told me. “There was no conversation around it, let alone a consent seeking process. How could I give consent when I didn’t even know what the health ID was?”
The UHID that Sundar and her family found on their vaccination certificates is a unique identification code generated under the National Digital Health Mission or NDHM. The government launched the mission in August 2020 with the stated aim of leveraging technology for better health outcomes. The National Health Authority, the governmental body responsible for implementing various central health schemes including the NDHM, describes the mission on its website as one that “aims to develop the backbone necessary to support the integrated digital health infrastructure of the country.” The UHID is supposed to link each beneficiary of the NDHM to several other components of a digital health ecosystem by digitising personal health records, providing access to healthcare services including online pharmacies and telemedicine providers. The UHID is supposed to allow beneficiaries to access all their health records such as lab reports, prescriptions and discharge summaries and all other personal health data. Despite the NHA’s assurances of safeguarding sensitive health data shared under the NDHM, there are concerns about how such data can be used when India still lacks a data protection law. The government has also claimed that opting in by creating a UHID, and opting out by requesting a deletion of all personal data from the NDHM, is completely voluntary. However, several people like Sundar had already been allotted UHIDs without their consent.
Howie Hawkins, the Green Party’s 2020 presidential candidate, blasted Democrats today for accepting token climate measures in the shrinking Build Back Better reconciliation bill.
“Biden’s original climate proposals in his $2.3 trillion American Jobs Plan last March were inadequate to begin with. Only about $100 billion a year in that proposal were climate- and energy-related spending. Its policies included counter-productive measures like further natural gas development,” said Hawkins who made a detailed critique of the plan’s climate provisions at the time.
“As the Democrats keep cutting the Build Back Better reconciliation bill, they are surrendering to climate collapse as the global climate summit prepares to convene in Glasgow at the end of this month. The climate movement needs to recognize this reality and demand an emergency Green New Deal to really deal with this existential crisis,” Hawkins said.
President Joe Biden and House Speaker Nancy Pelosi said Friday that Democrats should accept a bill that spends around $2 trillion, which is down from the 10-year $3.5 trillion budget blueprint that Congress agreed to in August. The $3.5 trillion plan was itself down from the $6.1 trillion that Biden had proposed in the spring in his American Jobs Plan for physical infrastructure, including climate measures, and his American Families Plan to expand the social safety net.
The policies in Biden’s jobs and families plans are now proposed at smaller scales in two bills, a bipartisan infrastructure bill costing $550 billion in new spending on traditional roads and bridges infrastructure and the Build Back Better reconciliation bill for social and climate spending whose price tag keeps shrinking. On Friday, Pramilla Jayapal, chair of the Congressional Progressive Caucus, said progressives would have to accept the Biden and Pelosi proposal to scale back spending in the reconciliation bill.
The popular uprising against the neoliberal austerity measures and political repression of the Duque government in Colombia entered its fourth week today with the National Strike Committee announcing a new round of strikes and mass marches.
We demand that the Biden administration use its influence on the Colombian military and police to stop the brutal repression of free speech and assembly happening in the streets of Colombia over the past three weeks. The United States must use its influence to ensure the upcoming 2022 elections for president and parliament are fair and free of the fraud and political assassinations that we have witnessed conducted by the Far Right in the past.
Colombia has the highest wealth inequality in South America, and the divisions between the rich and poor are incredibly stark. Throughout the pandemic the working class across the globe bore the brunt of the suffering, and in Colombia it is no different.
The patents at issue are EP 13 63 794, EP 15 61 612, EP 15 71 016 and EP 16 35 234 and community model 487723-0001. These cover a tilting technology that allows riders of three-wheeled scooters to lean into corners. No party filed a timely opposition to patents EP 794, EP 612, EP 016, and the EPO revoked EP 234 in 2018.
Italian motorcycle manufacturer Piaggio is known for its Vespas. Meanwhile, Indian conglomerate Mahindra, which also makes two- and three-wheeled motorcycles, owns French company Peugeot.
Both the Milan and Paris first-instance courts concluded that Peugeot was infringing Piaggio’s patents. Both courts issued comprehensive sales, distribution, production, import and manufacturing bans for their countries. In addition, the Paris court awarded Piaggio damages of €1.5 million. However, these bans and payments are unlikely to be enforced pending an appeal.
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages. Permalink Send this to a friend
----------
➮ Sharing is caring. Content is available under CC-BY-SA.
-- Response ended
-- Page fetched on Sun Apr 28 08:32:45 2024