-- Leo's gemini proxy
-- Connecting to gemini.techrights.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Gemini version available ♊︎
Posted in News Roundup at 5:46 pm by Dr. Roy SchestowitzContentsGNU/LinuxDistributionsDevices/EmbeddedFree Software/Open SourceLeftovers
It took a long time for Linux to become officially supported on Chromebooks. In fact, it spent three years in beta until the release of Chrome OS 91. Now, anyone who wants to can install and run Linux on their Chromebook, with the caveat that they can only use one container at a time. A new update aims to remove this limitation.
On the latest version of Chrome OS, users can create multiple containers if they want to (though it’s a highly involved technical process). However, issues arise when there is a need to use separate containers for separate projects at the same time. As an example, even though a high-spec Chromebook could run one container for gaming while another container for development is also active, it can’t.
Hackaday editors Elliot Williams and Mike Szczys flap their gums about all the great hacks of the week. Something as simple as a wheel can be totally revolutionary, as we saw with a white cane mod for the visually impaired which adds an omniwheel that knows where it’s going. We enjoyed the collection of great hacks from all over the community that went into a multi-two-liter water rocket build. You’ll hear Elliot and Mike’s great debate about the origin of comments in computer code. And we spend plenty of time joking around about the worlds longest airplane flight (it was in a tiny Cessna and lasted over two months!)
In early September AMD posted their new “amd-pstate” CPU frequency scaling driver for Linux that leverages ACPI CPPC data available with Zen 2 and newer processors for making wiser frequency scaling decisions. The goal of AMD P-State is to offer better performance-per-Watt and today they have posted a new revision of this driver.
A set of patches improving the return trampoline “Retpoline” code used for Spectre V2 mitigations has made its way into tip.git’s “objtool/core” staging area ahead of the upcoming Linux 5.16 merge window.
These Linux Retpoline patches are the work covered earlier this month on Phoronix around rewriting the Retpoline rewrite code.
Well known AMD open-source OpenGL driver developer Marek Olšák has landed another big batch of patches to further lower the driver overhead of this Linux OpenGL driver.
Marek merged two sets of optimizations today to Mesa 22.0-devel of micro-optimizations for this AMD Radeon OpenGL driver used on Linux for Radeon HD 7000 “Southern Islands” GCN 1.0 GPUs and newer up through the latest Radeon RX 6000 series RDNA2 graphics cards.
Earlier this year was talk of finally retiring the Intel “i965″ Mesa classic OpenGL driver along with the rest of the “classic Mesa” driver code now that it’s been replaced by the Crocus Gallium3D driver and the other open-source Mesa OpenGL divers all using the modern Gallium3D architecture. Those plans are still on but shifting now into 2022.
Removing the long-standing Intel open-source i965 Mesa driver has been a possibility since earlier in the year when the “Crocus” Gallium3D driver was merged and has matured into good shape for providing accelerated OpenGL on old Intel 965 chipsets through Haswell. It’s with Broadwell and newer where Intel’s Iris Gallium3D driver has come together nicely and continues to work great through Xe Graphics. So between Crocus and Iris, Intel’s OpenGL driver is in a solid footing now.
With X.Org Server 21.1 having finally shipped this week, the X.Org Server Autotools build system support has been killed off.
X.Org Server is now all-in on using the Meson build system support that is considered quite mature at this point.
Removing Autotools support from the codebase lightened up the tree by over six thousand lines.
It’s been nine months since the release of Wayland 1.19 while now release plans have been drafted for Wayland 1.20.
Simon Ser is looking to release Wayland 1.20 in early-to-mid December and for that to happen the Wayland 1.20 Alpha release is expected to be made in about one week, a Wayland 1.20 beta in mid-November, and to then proceed with release candidates as needed until the final release is ready.
While there has been less major progress to report on Mesa’s Zink OpenGL-over-Vulkan code in recent weeks, Mike Blumenkrantz of Valve and others continue optimizing and fixing this increasing useful implementation. Most recently the game Bioshock: Infinite is running on Zink and there are more fixes in aiming toward OpenGL 4.6 conformance.
Zink is done. It’s finished. I’ve said it before, I’ve said it again after that, and I even said I meant it that one time, but now I’m serious.
Super serious.
We’re done here. There’s no need to check this blog anymore, and you don’t have to update zink ever again if you’ve pulled in the last week.
Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files. With Ventoy, you don’t need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD(x)EFI files to the USB drive and boot them directly. You can copy many files at a time and ventoy will give you a boot menu to select them. Both Legacy BIOS and UEFI are supported in the same way. Most type of OS supported (Windows/WinPE/Linux/Unix/Vmware/Xen…)
Want to transfer files to and from a remote server in Linux? Check out these powerful FTP clients that will help you transfer your data securely.
FTP or File Transfer Protocol is the most common method of transferring files between computers over a network. It’s also the go-to option to move large amounts of files back and forth from/to a server.
As such, you’ll find a variety of FTP clients, depending on your operating system, to help you with the same, each promising to deliver better transfer and management features than the other while staying true to its core functionality.
Sometimes, we need to transfer files between Unix and Windows systems. In Windows and Dos files, the line break is represented using two characters: the first is the carriage return (\r) (CR) and the second is the Line feed (\n) (LF). On the other hand, in Linux/Unix distributions the end of the line is indicated by using only one character that is a Line Feed (LF). However, this difference may cause issues, like code not compiling, scripts not working, text formating looking off.
Using the popular commands dos2unix and unix2dos, we can avoid the hidden character problems.
To compress a file or folder with the tar command is easy in Linux. Read this article to learn about various ways to compress files or folders with tar.
tar is a ubiquitous command in Linux. Most modern Linux distros should come with tar by default.
Now, I will discuss how to compress a file or folder with tar in Linux.
Extracting a tar file in Linux is very straightforward. You can use the same command to extract almost any kind of tar file: .tar.gz, .tar.bz2, and .tar.xz.
In this article we are going to explore how to deploy MongoDB with Docker. What is MongoDB? MongoDB is an open source document database built on an horizontal scale out architecture that uses a flexible schema for storing data.
Docker is a set of platform as a service products that uses OS level virtualization to deliver software service in packages called containers.
In this tutorial we are going to learn how to install wireguard VPN on Debian 11. Wireguard is a communication protocol which is free and open source software that implements encrypted virtual private networks(VPN) and was designed with some goals, to provide ease of use, high speed performance and low attack space.
OpenLiteSpeed is a web server that can be used to speed up dynamic content delivery. It also features a built-in caching system for static content.
OpenLiteSpeed is faster, consumes less memory, and requires fewer resources than Apache. It’s more secure because the source code is available for inspection, which means that bugs can be found and fixed quickly. OpenLiteSpeed uses Event MPM, so that it will scale on multicore servers better than Apache with Worker MPM. Since Event MPM has been around longer, it’s also more mature, so there are fewer known issues people might run into when using OpenLiteSpeed compared to apache. When configured properly OpenLiteSpeed can handle a lot of connections at once.
OpenLiteSpeed can be used as either a standalone web server by itself, in front of Apache, Nginx, or other web servers, or it can also sit behind another web server. You can use it with PHP-FPM to make your site super fast.
In this tutorial we are going to explore how to install Apache Cassandra 4 on our Ubuntu 21.10 server. Apache Cassandra is an open-source, free, NoSQL database used to store large data.
In this tutorial guide we are going to learn how to install Anydesk on Ubuntu 21.04.
Anydesk is a closed source remote desktop application, it provides platform independent remote access to personal computers and other devices running the host application. It is both suitable for personal use and company wise.
This video showing step by step how to customize your KDE plasma desktop a minimal And elegant look with Orchis Theme.
In this tutorial we are going to learn how to install Oracle VirtualBox on Ubuntu 21.04 and learn about it rich feature content.
VirtualBox is free, open source virtualization software. So what is virtualization? It is the process of running a virtual instance of a computer system in a layer abstracted from the actual hardware.
Nextcloud is free software distributed under an open-source license and can be used to set up personal cloud just like Google Drive, iCloud, Dropbox, and Onedrive. When using a client, the server is automatically synchronized with a local directory. Hence, the same data stored on NextCloud can be accessed from multiple devices using a client app or via the web interface.
The server-side program of NextCloud is meant to work on Linux operating systems, therefore any Linux user even the beginner one can easily install it. Apart from the Linux OS, the user also needs PHP and a web server like Nginx or Apache to set this personal cloud platform.
In this tutorial guide we are going to learn how to install Mongodb on Ubuntu 21.04. Mongodb is an open source NoSQL database that provides high throughput for data driven applications. Unlike relational databases such as MySQL, Oracle and SQL server which store data in tables according to a rigid schema, Mongodb stores data in documents with flexible schema.
In this guide you are going to learn how to install GNS3 2.2.26 on our Ubuntu 21.04 server.
GNS3 is free and open source software used by many network engineers to emulate, configure, test and troubleshoot virtual networks. GNS3 allows one to run small topology consisting of few devices in your laptop, to those that have many devices hosted on multiple servers or even hosted on the cloud.
GNS3 help you prepare for certifications such as CISCO CCNA, CCNP, CCIE and also help while trying real deployments. GNS3 help network engineers to virtualize real hardware. At first it used to emulate CISCO devices with the help of Dynamips but now it has evolved until it can support other devices from multiple network providers i.e brocade, cumulus Linux switches, Docker instances etc.
In this tutorial we are going to learn how to install PostgreSQL 14 on Rocky Linux. PostgreSQL is world’s most advanced open source relational database. It has experienced running up to 30 years that is why it has earned strong reputation for its reliability, robustness and its strong performance.
We are progressively reaching the end of our Q2 2021 survey analysis articles. This time we look at the usage of a specific set of tools among Linux Gamers.
[...]
You can probably guess that some of them are more popular than others. It will come as absolutely no surprise to learn that ProtonDB is, for example, widely known and used. But how about Steam Tinker Launcher (STL) vs GameHub? or Minigalaxy vs Heroic Games Launcher? Such comparisons of popularity are not as obvious.
Among the Ancients is the latest update for the tough submarine survival game Barotrauma, bringing with it new alien ruins and character progression to give you more of everything.
Characters got a visual overhaul with many new hair styles, facial features and accessories. Skin tone can now also be changed, thanks to the implementation of a skin shader system. While character animations and proportions are now more realistic, they still retain their trademark ragdoll appearance and movement for maximum viewing pleasure as you fall about all over the place. The new progression system enables you to unlock special talents and buffs to make each class a bit more unique too.
Terraformers: First Steps on Mars is the free prologue for the upcoming colony sim from Asteroid Lab and Goblinz Publishing. Available now to try out.
Terraformers is a strategy game with roguelite elements in which you terraform Mars. Explore the planet’s wonders, exploit its resources and expand by settling new cities. Start the terraforming process: warming the planet, creating oceans and spreading life. This free prologue offers up an exclusive challenge to lead humanity’s first attempt at settling the Red Planet.
If reading Hackaday teaches us anything, it’s that there is a subset of hackers who take things like emulator builds a step farther than most. [GamecubePC] is very clearly one such hacker. Enter the GamecubePC, which you can read about on Hackaday.io. The GamecubePC is a multi-year project that aims to stuff an entire Windows 10 PC into a GameCube shell while still being able to play Wii and GameCube titles at native resolution and performance.
Running the newest Steam client beta paired with the newest Proton Experimental should yield more Windows games working on Steam Play with Linux.
Valve has been busy getting more anti-cheat/DRM services working under Proton (Steam Play) ahead of the first Steam Deck devices shipping to consumers later this quarter. Their latest achievement is getting CEG DRM’ed games working, at least if you are willing to use Proton Experimental and Steam beta for the time being… About time considering Valve developed CEG (Custom Executable Generation).
Kali Linux NetHunter is the first Android penetration testing platform for Android devices. The NetHunter is an open-source project meaning developers can freely use it without getting copyright infringements or any other related threats. This project allows the supported Android devices to access the kali toolset, thus enabling penetration testing. In addition, there are various unique features offered by Kali NetHunter that are not possible on other hardware platforms.
The NetHunter interface permits users to work efficiently with complex configuration files via a local web interface. Besides this feature, custom kernels that support 802.11 wireless injections and back connect preconfigured VPN service constitute a formidable network security advancement plus discrete dropbox with Kali Linux at your fingertips always.
It’s no secret to anyone who has read my distro reviews in the past that I love Arch and Arch based systems…and EndeavourOS is no exception. If you love Arch, and you want Arch with a nice graphical installer, easy desktop environment choosing and installation, minimal bloat, and a great and friendly community, give EndeavourOS a try; I highly doubt you will be disappointed. Frankly, I have used EndeavourOS multiple times in the past, and I always come back to it unless I need an Ubuntu system or something else for some specific reason. I used to use Manjaro a lot, but EndeavourOS took my #1 spot when it came to Arch based systems. But, with that said, Manjaro and other systems are absolutely awesome too, and have some perks that EndeavourOS does not; but I’ll save that for the Manjaro review coming in the near future.
Rolling release users had a variety of package updates this week to include updates of rpm, Plasma, rsyslog, webkit2gtk3, systemd, AppStream and more, which were updated throughout the week’s four openSUSE Tumbleweed snapshots.
The latest snapshot to be released, 20211027, updated eight packages. Mozilla Thunderbird 91.2.1 increased the memory required per threads for AArch64 to avoid an out of memory state and the email client also had Link Time Optimization enabled for Tumbleweed. The php7 7.4.25 update was a security release focusing on bug fixes like one that affected high memory usage during encoding detection and another fix addressed Common Vulnerabilities and Exposure–2021-21703. The 9.22 version of the real-time web framework perl-Mojolicious added a referer method and fixed the response status log message to use the trace log level instead of debug. A second release this week of mpg123 updated the package to version 1.29.2, which had a single fix for a non-live-decoder safeguard. AppStream, which is a cross-distribution package for standardizing software component metadata, updated to version 0.14.6; the new version updated documentation and added support for source locales. The package also added support for image and video screenshot handling and the changed states that it added Fedora to the continuous integration environment.
Snapshot 20211025 had an update of rpm 4.17.0. The update had many improvements, new translations and python generators and debuginfo extraction have been split into a separate upstream project. The rsyslog had two updates in Tumbleweed this week and this snapshot brought in version 8.2110.0, which fixes a couple of bugs affecting configurations. The 5.14.14 Linux Kernel had a whole bunch of fixes for Advanced Linux Sound Architecture and Btrfs. There were also several 4.2.20 library updates for libyui , which implemented the C++17 standard for package plugins. Another update in the snapshot was the update of the Free Remote Desktop package freerdp 2.4.1; the package update addressed two CVEs and one of those was an improper client input validation for gateway connections that would allow to overwrite memory.
Despite a few technical difficulties (openQA workers were updated to Leap 15.3), we managed to release 4 snapshots to the public (built and tested 7). You have received snapshots 1021, 1024, 1025, and 1027.
Winter is Coming for CentOS 8—but here is how you can enjoy your holidays after all.
The server environment is complex and if you’re managing thousands of Linux servers, the last thing you want is for an operating system vendor to do something completely unexpected.
That is exactly what Red Hat, the parent company of the CentOS Project, did when it suddenly announced a curtailment of support for CentOS 8 – sending thousands of organizations scrambling for an alternative.
In this article, we’ll review what happened with CentOS 8 and what it means for users who have already upgraded from CentOS release 7 to release 8. We’ll also look at your alternatives for replacing CentOS 8.
I first encountered Linux through the Usenet post because I was a very avid Usenet reader and contributor—starting in about ‘85 or so. I saw the Andrew Tanenbaum post about the release of Minix and newsgroups were created for that, so that was an exciting chance to have [something like] Unix on desktop-grade hardware.
I’d been running Unix at work since ‘84, ‘85 and had tried (on a number of occasions) to gather enough hardware to be able to run it at home and just really couldn’t ever afford to put it together because disks were expensive. I remember when that famous first message came out from Linus [Torvalds]. I was not a PC guy at the time.
By April of 1992, which was five months after that announcement, I was at a computer show at a fairgrounds and felt that things had gotten cheap enough. So, I went and bought a 386 motherboard and four megabytes of RAM (in April of 1992, it was $35 per megabyte!) specifically to run Linux, popped on a drive, brought it home and put together a PC.
Being a sysadmin often attracts “Lone Ranger” types. You spend most of your time interacting with servers and intermittently cruising forums—searching for solutions or vulnerabilities. However, this work style often keeps you working alone in close quarters and can put pressure on you when high-profile incidents occur or you need an extra pair of hands.
These situations might make you wish you had a more extensive network to lean on. In this article, I share ways of building a network of contacts within and outside your company.
2020 saw the evolution of millions of new “offices” – dining room tables, living room couches, and more – as employees across the board found themselves working remotely in unfamiliar settings. In time, with the help of both technology and resilience, we’ve not only adapted but in many cases, thrived. A recent remote work study found that 97 percent of employees hope to work remotely at least part of the time for the rest of their careers, and many companies are incorporating that number into their long-term plans.
But as we think about return-to-office and hybrid work plans, there isn’t a clearly written manual or one-size-fits-all solution – and we’ll continue to have our work cut out for us we navigate another potentially significant shift in the way we operate.
Here are a few guiding principles that HR and IT leaders should keep in mind to ensure a smooth and secure transition for all employees, wherever they choose to work.
Data and analytics are changing the way we do business — enabling organizations to better serve their customers and get more done quicker. However, to obtain value from AI and data science efforts, organizations need to deploy, operationalize and put these analytical assets into production. To help put analytical insights into action quicker, we are pleased to announce the general availability of SAS Viya on Red Hat OpenShift. Initially available on VMWare, Viya will support other infrastructure variations in subsequent releases.
New tech graduates enter the workforce every year. What generational differences and unique challenges will these younger professionals face? Mentorship is essential to make the transition into enterprise IT, regardless of where a person worked before. But it’s not always clear what mentees need, or what would be most beneficial for them.
In this episode, we speak to people about what makes a good mentor, how learning can go both ways, and what is most meaningful in mentoring relationships.
Jetson SUB is a mini PC powered by NVIDIA Jetson Xavier NX module and equipped with a 512GB SSD, a WiFi module, all housed in an aluminum case with a cooling fan.
Preloaded with NVIDIA Jetpack, the mini PC is designed for higher-end edge AI and IoT workloads leveraging the 384 NVIDIA CUDA cores, 48 Tensor cores, the hexa-core Carmel 64-bit Arm processor, and the two NVIDIA Deep Learning Accelerators (NVDLA) engines from the Xavier NX SoC.
Seeed’s $799 “Jetson SUB Mini PC Kit” combines Leetop’s A206 carrier board with a Xavier NX, a case, and a fan. Features include a 512GB SSD, WiFi/BT, GbE, HDMI, DP, and 4x USB.
Seeed has launched a mini-PC for edge AI applications based on Leetop’s A206 Jetson carrier board equipped with a Jetson Xavier NX module. The Jetson SUB Mini PC Kit sells for $799, complete with a Re_computer case, heatsink, and fan.
E-con’s IP66-protected “SmarteCAM” edge AI camera series runs Linux and Nvidia Jetpack on the Jetson TX2 and offers GbE with PoE. The first model features a 2MP, HD Starvis IMX290 sensor with ultra-low light support and an ISP with HDR.
E-con Systems has announced a line of ready-to-deploy SmarteCAM cameras based on Nvidia’s hexa-core Jetson TX2 module that offers IP66-protection against water and dust. The 323 x 120 x 100mm SmarteCAM connects to a host computer or the Internet via a GbE port along with 802.3at compliant PoE at up to 25W. Applications include crowd monitoring and analysis, smart farming, sports broadcasting, smart traffic, smart cities, and Intelligent Video Analytics (IVA).
The initial SmarteCAM20_CUTX2 model is equipped with an HD-ready Starvis IMX290 sensor with ultra-low light sensitivity. The IMX290 is featured on E-con’s e-CAM220_CUMI327_MOD camera, which is part of an e-CAM22_CUXVR kit designed to work with Nvidia‘s Jetson AGX Xavier Development Kit.
The Raspberry Pi Foundation launched the Raspberry Pi Zero 2 W board yesterday with the main difference against Raspberry Pi Zero W board being the much faster Raspberry Pi RP3A0 SiP with a Broadcom quad-core Cortex-A53 processor clocked at 1.0 GHz and overclockable to 1.2 GHz.
I received my sample shortly after publishing the announcement, and I had time to test it. Since the main difference is the processor, I’ll focus this review on benchmarks and whether additional cooling is required for the board.
The GPU-less NXP i.MX 8XLite Cortex-A35/M4 SoC was just announced earlier this month for V2X and IIoT applications, and now SolidRun unveiled the first module based on the new processor with the “i.MX 8XLite System-on-Module”.
Also equipped with a RoadLINK SAF5400 safety modem, SolidRun’s Mini SoM targets vehicle telematics, vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications, road infrastructure connectivity, and industrial equipment.
Soil sensors are handy things, but while sensing moisture is what they do, how they handle that data is what makes them useful. Ensuring usefulness is what led [Maakbaas] to design and create an ESP32-based soil moisture sensor with wireless connectivity, deep sleep, data logging, and the ability to indicate that the host plant needs watering both visually, and with a push notification to a mobile phone.
To measure wind speed and direction, most people turn the traditional cup anemometer and wind vane. Another less-known method is to use an array of ultrasonic transducers, which doesn’t need any moving parts. [Andy] demonstrates building an ultrasonic anemometer using a cheap after-market parking distance sensor kit and an Arduino. Demo video after the break.
Winding a single strand of wire onto a cylinder when creating a homemade coil can be a very tedious process, and worse, the spacing between each rotation is inconsistent or has overlaps rather than a smooth, even surface. To make things a bit more easier and efficient, YouTuber Mr. Innovative created a DIY machine that accomplishes the task with very little human involvement.
The core of the device is an Arduino Nano, which is connected to a pair of A4988 stepper motor drivers and a screen, all mounted onto a custom PCB. The 3.5” LCD functions as a touch display that lets the user select both the length of the wrapping and the width of the wire. This allows the number of windings to be calculated by dividing the length (such as 100mm) by the wire’s diameter (such as 200um for a total of 500 windings).
Anyone who engages in C/C++ development on a modern GNU/Linux system typically ends up using the GCC or LLVM compiler, to which Red Hat actively contributes. As a member of the toolchain engineering team, I mostly work on runtime libraries (glibc), but being acquainted with the internals of the compiler that builds Red Hat Enterprise Linux (RHEL) is useful.
With this goal in mind, and with a bit of advice from experienced engineers on the team, I decided to dip my toes into GCC internals by attempting to implement a small optimization. I was pointed to a list of open “tree optimization” bugs marked as
China has told its finance sector to embrace free and open source software (FOSS).
An opinion from the People’s Bank of China and the nation’s Central Cyberspace Administration essentially boils down to “go for it”.
The document instructs China’s financial sector players to use FOSS whenever they feel it is apposite, to contribute to FOSS projects, and to respect the licences under which such software is published. Financial institutions are also encouraged to collaborate with tech companies, universities and other institutions on FOSS efforts.
Since she tested positive for the coronavirus in April 2020, Josie Cabrera Taveras has found herself sleeping for up to 15 hours a day, stopping in grocery store aisles to catch her breath, lapsing in and out of consciousness and unable to return to her job as a nanny.
She believes that she is one of thousands, possibly millions, of Americans who may have a condition known as “long Covid.” The Biden administration has said people with the condition could qualify for federal disability protections and benefits, which can include health care, housing and unemployment benefits.
But like many others who may have long Covid, Ms. Taveras, 31, has had a hard time proving it.
The Solarwinds software supply chain attack is the one everyone knows about. But supply chain attacks are becoming commonplace, and that’s bad news. There are efforts afoot, such as the Linux Foundation’s Software Package Data Exchange® (SPDX) project, which ensures transparency and improves compliance for software bill of materials (SBOM). But, we need SBOMs now.
In previous editions of Cybersec Charcha, we discussed what you could do to protect your data from being stolen and how to best implement strong digital security practices to protect yourself and your sensitive information. However, we haven’t yet looked at what you can do to take back control — if your data has already been compromised in a data breach.
Data breaches are now becoming increasingly common. In 2021 alone, we have seen some of the most serious instances of data breaches — both in India and around the world. In a scenario like this, it becomes really important to learn not only how you can protect yourself, but also the measures you can take if your data is leaked in a data breach.
In the sixth edition of Cybersec Charcha, we’ll be exploring what you can do to take back control in the aftermath of a data breach.
In a brilliant write-up, [Stephen Tong] brings us his “Use-After-Free for Dummies“. It’s a surprising tale of a vulnerability that really shouldn’t exist, and a walkthrough of how to complete a capture the flag challenge. The vulnerable binary is running on a Raspberry Pi, which turns out to be very important. It’s a multithreaded application that uses lock-free data sharing, through pair of integers readable by multiple threads. Those ints are declared using the volatile keyword, which is a useful way to tell a compiler not to optimize too heavily, as this value may get changed by another thread.
[...]
[Ido Hoorvitch] of CyberArk had some pandemic induced time on his hands, and opted to collect packet captures of 5000 password protected WiFi networks around Tel Aviv. In the old days, you had to capture a 4-way handshake to have any chance at breaking WPA encryption. In 2018 a new technique was discovered, where a single authentication response was all that was required to attempt to crack the key — no active user required.
GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information.
Of the three branches of government in India, the judiciary has been forced to carry the burden of protecting the people’s right to privacy. Since 2017 when the court held that the right to privacy is a fundamental right under the Indian Constitution—triggered by government lawyers formally submitting that it was not a fundamental right—there have not been any significant legislative enactments or executive actions to safeguard this right.
On the contrary, threats to privacy and freedom of expression have been mounting through growing surveillance and cyber intrusion activity, intermediary rules that undermine internet freedom, and the lack of a data protection law.
Therefore, when the Pegasus project revealed that several Indian journalists, ministers, activists, and others had been spied on, and the government failed to provide answers, all hopes were pegged on the Supreme Court.
Security updates have been issued by Debian (bind9, gpsd, jbig2dec, libdatetime-timezone-perl, tzdata, webkit2gtk, and wpewebkit), Fedora (flatpak, java-1.8.0-openjdk, java-11-openjdk, and php), SUSE (qemu), and Ubuntu (bind9).
The vulnerability allows a low-privilege user to escalate his privileges to root using a bug in PHP-FPM.
PHP is one of the most commonly used programming languages on the planet. As you know it is a programming language originally designed for use in web-based applications with HTML content.
The diffoscope maintainers are pleased to announce the release of diffoscope version 189. This version includes the following changes:
We assisted Mr. Srinivas Kodali, an independent privacy researcher, in drafting and sending a legal notice to the Hyderabad Police Commissioner, when we learned that Hyderabad Police is stopping random passers-by on the roads, and going through their phones. News videos clearly showed police personnel asking people to unlock their phones and hand it over to police officials. The police officials then admittedly searched the phones for keywords such as ‘ganja’, ‘weed’ and ‘stuff’. This is a clear and blatant abuse of police power, and is entirely illegal.
Early reports on the Facebook Papers have laid bare what civil society around the world has warned of for years now — Facebook is much more interested in rapidly expanding its user base and leveraging people’s data to maximize profits than in ensuring everyone can use its platforms safely.
For more than a decade, grassroots activists, researchers, digital security help desks, and others serving at-risk communities have been diligently documenting and presenting Facebook with mounting evidence of its failed policies’ negative impact, both in people’s lives and on our societies.
In India, Palestine, Ethiopia, Myanmar, Syria, Australia, Tunisia, and so many other places around the world, Facebook’s “move fast and break things” model has had dire consequences for human rights defenders and journalists, along with women, LGBTQ+ communities, people facing discrimination based on race, religion, or caste, and other marginalized groups.
In many cases, Facebook is still relying on resource-strapped civil society actors, often struggling themselves to navigate a tense and complex landscape, rather than investing in its own capacity to meet its users’ needs.
Facebook in India has been selective in curbing hate speech, misinformation and inflammatory posts, particularly anti-Muslim content, according to leaked documents obtained by The Associated Press, even as the internet giant’s own employees cast doubt over its motivations and interests.
I will be helping out various in open source projects and services provided SUNET, focusing on privacy and security. I will also continue working on all of the upstream projects I maintain, including SecureDrop.
A team of French government energy scientists are warning that the collapse of the global oil system is coming so rapidly it could derail the transition to a renewable energy system if it doesn’t happen fast enough. In just 13 years, global oil production could enter into a terminal and exponential decline, accompanied by the overall collapse of the global oil and gas industries over the next three decades.
But this is not because the earth is running out of oil and gas. Rather, it’s because they are increasingly eating themselves to stay alive. The oil and gas industries are consuming exponentially more and more energy just to keep extracting oil and gas. That’s why they’ve entered a downwards spiral of increasing costs of production, diminishing profits, rising debt and irreversible economic decline.
Chevron has long dominated oil production in Lost Hills, a massive fossil fuel reserve in Central California that was accidentally discovered by water drillers more than a century ago. The company routinely pumps hundreds of thousands of gallons of water mixed with a special concoction of chemicals into the ground at high pressure to shake up shale deposits and release oil and gas. The process — called hydraulic fracturing, or fracking — produces thousands of barrels of oil every day. But it also leaves the company saddled with millions of gallons of wastewater laced with toxic chemicals, salts, and heavy metals.
Between the late 1950s and 2008, Chevron disposed much of the slurry produced in Lost Hills in eight cavernous impoundments at its Section 29 facility. Euphemistically called “ponds,” the impoundments have a combined surface area of 26 acres and do not have synthetic liners to prevent leaking. That meant that over time, salts and chemicals in the wastewater could leak into the ground and nearby water sources like the California Aqueduct, a network of canals that delivers water to farms in the Central Valley and cities like Los Angeles.
The Israeli Defense Ministry on 19 October 2021 issued a military order declaring six Palestinian civil society organizations in the Occupied Palestinian Territory to be “terrorist organizations.” The groups are Addameer, al-Haq, Defense for Children Palestine, the Union of Agricultural Work Committees, Bisan Center for Research and Development and the Union of Palestinian Women Committees. The designation, made pursuant to a 2016 Israeli statute, effectively outlaws the activities of these civil society groups. It authorizes Israeli authorities to close their offices, seize their assets and arrest and jail their staff members, and it prohibits funding or even publicly expressing support for their activities.
On October 20, at least half a million workers in South Korea — from across the construction, transportation, service, and other sectors — are walking off their jobs in a one-day general strike. The strike will be followed by mass demonstrations in urban centers and rural farmlands, culminating in a national all-people’s mobilization in January 2022. The Korean Confederation of Trade Unions (KCTU), the country’s largest labor union umbrella with 1.1 million members, is organizing these mobilizations in a broad-based front with South Korea’s urban poor and farmers.
My partner came to me the other day, complaining that the game she bought from Ubisoft, Heroes of Might and Magic V: Hammers of Fate, wouldn’t install. This is an expansion pack of “Heroes of Might and Magic V” from 2006 and is now offered on Ubisoft’s service of some sort – I don’t know much about it. I don’t use it. It’s one of her favourite game series and she’s going to be taking a trip soon where she’ll need the moral support that gaming provides. I offered to take a look.
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages. Permalink Send this to a friend
----------
➮ Sharing is caring. Content is available under CC-BY-SA.
-- Response ended
-- Page fetched on Sun Apr 28 11:39:40 2024