All the News that Matters

• Debian: DSA-4891-1: tomcat9 security update>
  Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. For the stable distribution (buster), these problems have been fixed in

• openSUSE: 2021:0548-1 important: umoci>
  An update that fixes one vulnerability is now available.

• Fedora 33: mosquitto 2021-da3784629e>
  Update to 1.6.14 https://mosquitto.org/blog/2021/03/version-2-0-9-released/

• Fedora 33: perl-Net-CIDR-Lite 2021-d0cc9a393f>
  This update disallows use of IP addresses with leading zeroes in the octet values, which could have been interpreted ambiguously as either octal or decimal values.

• Fedora 32: mosquitto 2021-65100169e4>
  Update to 1.6.14 https://mosquitto.org/blog/2021/03/version-2-0-9-released/

• Fedora 32: perl-Net-CIDR-Lite 2021-57661d377a>
  This update disallows use of IP addresses with leading zeroes in the octet values, which could have been interpreted ambiguously as either octal or decimal values.

• Key Perl Core developer quits, says he was bullied for daring to suggest programming language contained 'cruft'
  'After saying this, I immediately received hostile messages' says pumpking of version 5.xOn Monday, the Perl Core developer known as Sawyer X announced his intention to leave the three-person Perl Steering Committee, or Council, and the Perl Core group because of what he described as community hostility.…

• OpenMandriva Lx 4.3 Promises Linux Kernel 5.11, Official AMD Vulkan Driver
  The OpenMandriva Lx devs unveiled today their plans for releasing a new update in the 4.x series of their RPM-based fork of the Mandriva Linux distribution, OpenMandriva Lx 4.3.

• How To Visualize Disk Space Usage With Vizex In Linux
  This guide explains how to visualize disk space usage with vizex and how to display directory and file information using vizexdf in Linux.

• Oracle vs Google: No, the Supreme Court did not say APIs aren't copyright -- and that's a good thing
  Anyone wanting to bring a similar case in the future will have to be very, very bold and very, very rich. Column You won't be paying an Oracle tax on your next Android phone. After 10 years of Big Red claiming dibs on Android internals and Google telling them to GTFO, the legals have finally been settled by the US Supreme Court. Google has won.…

• How to create new users in OpenShift with htpasswd and OAuth
  OpenShift is flexible in the options available for authentication; here's how to use htpasswd for authentication.

• How to make a bootable Windows USB drive on Linux using Woeusb-ng?
  As a Linux user, you may need to make a bootable Windows USB drive for testing and education purposes or even to install it alongside your favourite distro. Whatever your reasons, you will be able to create a Microsoft OS bootable flash drive after reading this humble post. So power on your system and plug in your USB flash drive as you are only a few lines away from acquire this skill.

• A Definitive Series to Learn Java Programming for Beginners
  Java is a General purpose, Object Oriented Programming Language written by James Gosling. It is known for many features which makes it different from other Programming languages. It is one of those Programming Language that has always remained in demand since the time of its initial release.

• How to enable Large Indexes in MariaDB 10 on Debian 10
  This tutorial shows you how to enable large indexes in MariaDB 10 on Debian 10. This refers to the innodb_large_prefix option which exists in MariaDB and MySQL.

• Nuvola Player 4.21 Brings Official Support for Linux Mint, Anghami Support, and More
  Ji?í Janoušek announced the release of Nuvola Player 4.21, a new version of this free and open-source universal music player for web-based media streaming services.

• How to install VMware tools in Debian 10
  VMware tools enable the integration between the host and the guest operating systems. In this article, we will explain how to install VMware tools in Debian using two different methods.

• Mozilla partners with NVIDIA to democratize and diversify voice technology
  As technology makes massive shift to voice-enabled products, NVIDIA invests $1.5 million in Mozilla Common Voice to transform the voice recognition landscape  Over the next decade, speech is expected to …

• Is Linux A More Secure Option Than Windows For Businesses? hegt/he
  There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it.

• The FSF doubles down on restoring RMS after his non-apology apology
  Weeks after being readmitted to the Free Software Foundation board, Stallman speaks and the board stands behind him.

• Encrypt your files with this open source software
  Many years ago, there was encryption software called TrueCrypt. Its source code was available, although there were no major claims that anyone had ever audited or contributed to it. Its author was (and remains to this day) anonymous. Still, it was cross-platform, easy to use, and really, really useful.read more

• Lenovo M93 Ultra Small Desktop PC- OBS Studio – Week 6
  This week’s blog looks at video recording on the Lenovo M93 using OBS Studio.

• Scheduling tasks with cron
  Cron is a scheduling daemon that executes tasks at specified intervals. These tasks are called cron jobs and are mostly used to automate system maintenance or administration tasks. For example, you could set a cron job to automate repetitive tasks such as backing up database or data, updating the system with the latest security patches, […]

• 9to5Linux Weekly Roundup: April 11th, 2021
  The twenty-eighth installment of the 9to5Linux Weekly Roundup is out, for the week ending on April 11th, keeping you guys up to date with the most important things happening in the Linux world.

• How to Install and Configure an NFS Server on Ubuntu 20.04
  NFS or Network File System is a distributed file system protocol that allows you to share directories over a network. With NFS, you can mount remote directories on your system and work with the files on the remote machine as if they were local files.

• MySQL SHOW USERS: List All Users in a MySQL Database
  Today we are going to guide you on how to show all users in the MySQL users Database.A common question that most beginner MySQL users ask is “How do I see all of the users in my MySQL server?” Most of them assume that there is a show users command in MySQL, but there isn’t one. This is a common mistake because there are other MySQL commands for displaying information about the database. For example, SHOW DATABASES will show us all of the databases that are present in our MySQL Server, and SHOW TABLES will show us all the tables in the MySQL database that you have selected.

• Why Crate.io has returned to its pure open source roots
  The headline benefits of open source are widely known and well-articulated. Open source technologies provide enterprise-level scalability, performance, security, and reliability. Trust is there, and it's deserved. But what's less celebrated, other than by die-hard open source adherents, are the inner workings of the everyday community contributions building those macro benefits at the atomic level. For those offering open source technologies, it is the community's constant user-driven testing and hardening that forges those technologies into robust and proven solutions.read more

• School Custodian Refuses To Download Phone App That Monitors Location, Says It Got Her Fired
  Michelle Dionne, a former employee at a cleaning company in Darwell, Alberta, says she was fired for refusing to download an app that would check her location and ensure she was working her scheduled hours. CBC.ca reports: Dionne says she was thrilled to get the job last fall -- responsible for things like disinfecting door handles, light switches and bathrooms to prevent possible spread of the coronavirus. When her boss told her to download the app, Dionne says she was concerned about her privacy. The app would go on her personal phone and, she says, her boss didn't clearly explain how it worked or what would happen to any data it collected.[...] The app, called Blip, generates a geofence -- a virtual boundary, created by the employer using GPS -- that detects when an employee enters or leaves. The app registers a signal from the worker's cell phone, when their "locations" setting is turned on, so the boss can tell whether an employee is on site and how many hours that person works. It only registers an employee's location when they enter and exit the geofence and doesn't track their specific movements. It's not clear where that data is stored, or whether any other employee information might be included.   Go Public reached out to the maker of the app, U.K.-based BrightHR. Spokesperson Natalie Shallow said, although the app collects data, that data "belongs to the customer organization" -- meaning, the company using the app -- and therefore is subject to the company's own policies. The data's protection "complies with all applicable laws, including Alberta's Personal Information Protection Act," Shallow said. Dionne worried about where the information might end up. She knew apps like Instagram, Facebook and others had been breached. She says no one told her how securely the information would be protected.   Dionne's former boss admits she didn't know where the data generated by Blip would be stored when she introduced the app to her workforce last fall. "I never asked that question and it never came up in my mind to ask," said Hanan Yehia, founder and owner of H.Y. Cleaning Services, which operates cleaning services for eight locations in northern Alberta. She says after Dionne raised concerns, she went back to BrightHR for more information and was told employees' movements within the geofence are not specifically monitored. Yehia says she shared that information with Dionne. The app was a solution to a problem, says Yehia -- she was looking for a way to simplify payroll by easily tracking hours and making sure employees who claimed they were working were actually on the job. "We had some issues in some locations where they would say they were on site, that they were working, but they weren't," she said, clarifying that attendance was not an issue with Dionne. She also says Dionne's refusal to download the app wasn't the sole reason she was fired.
        
  
  Read more of this story at Slashdot.
  

• Las Vegas Pushes To Become First To Ban Ornamental Grass
  With a first-in-the-nation policy, Las Vegas is seeking to ban grass that nobody walks on. "Las Vegas-area water officials have spent two decades trying to get people to replace thirsty greenery with desert plants, and now they're asking the Nevada Legislature to outlaw roughly 40% of the turf that's left," reports The Associated Press. By outlawing this ornamental grass that requires four times as much water as drought-tolerant landscaping, the region can reduce annual water consumption by roughly 15% and save about 14 gallons of water per person per day. From the report: The proposal is part of a turf war waged since at least 2003, when the water authority banned developers from planting green front yards in new subdivisions. It also offers owners of older properties the region's most generous rebate policies to tear out sod -- up to $3 per square foot. Those efforts are slowing. The agency says the number of acres converted under its rebate program fell last year to six times less than what it was in 2008. Meanwhile, water consumption in southern Nevada has increased 9% since 2019.   Justin Jones, a Clark County commissioner who serves on the water authority's board, doesn't think ripping out ornamental turf will upend people's lives. "To be clear, we are not coming after your average homeowner's backyard," he said. But grass in the middle of a parkway, where no one walks: "That's dumb." "The only people that ever set foot on grass that's in the middle of a roadway system are people cutting the grass," Jones said. The agency has different regulations for yards and public parks. Based on satellite imaging, it believes banning ornamental grass will primarily affect common areas maintained by homeowner associations and commercial property owners.
        
  
  Read more of this story at Slashdot.
  

• Global PC Market Swells by 55% in Q1 2021 To 82.7 Million
  The latest data from research firm Canalys shows continued strength in the worldwide PC market in the first quarter of 2021, with shipments of desktops and notebooks, including workstations, up 55% year on year. From the report: Though this growth rate was buoyed by a weak Q1 2020, total shipments of 82.7 million units is still impressive, and the highest Q1 shipment number since 2012. Backlogs on orders from 2020, particularly for notebooks, were a key driver, though new demand is also a factor as smaller businesses begin their recoveries. Shipments of notebooks and mobile workstations increased 79% year on year to reach 67.8 million units. Desktops improved slightly at the start of 2021 after a string of poor quarters in 2020, with the level of shipment decline easing. Shipments of desktop and desktop workstations fell 5% year on year to 14.8 million units.   The strong recovery from a weak Q1 2020 saw all vendors in the top five achieve double-digit year-on-year shipment growth. Lenovo maintained pole position in the PC market, securing a 25% market share and posting year-on-year growth of 61%, with shipments of 20.4 million units. HP, spurred by strong Chromebook shipments, came second with total shipments of 19.2 million units, a 64% increase on Q1 2020. Dell lost market share against Q4, but took third place in the rankings, growing shipments 23% year on year to hit 12.9 million units. Apple and Acer made up the rest of the top five, shipping 6.6 million and 5.7 million units to enjoy the highest and second-highest annual growth respectively. Cumulatively, the top five vendors accounted for 78.5% of all PC shipments in Q1 2021.
        
  
  Read more of this story at Slashdot.
  

• Tech Workers At the New York Times Have Formed a Union
  An anonymous reader quotes a report from The Verge: Tech workers at The New York Times have formed a union under the NewsGuild of New York, and they are demanding voluntary recognition from the paper's management. The new union, called the Tech Times Guild, represents more than 650 workers from the digital side of the company, including software engineers, designers, and data analysts. Those employees are not included in the editorial union of The New York Times, which represents more than 3,000 reporters and media professionals at the newspaper and is also organized under NewsGuild. The editorial union has historically excluded employees on the digital side of the paper, even as the company has expanded into more ambitious data and digital work. As a result, the Tech Times Guild is seeking a separate bargaining unit, which would negotiate separately with the Times management. "As of now, we face a number of challenges," the Tech Times Guild said in a statement on Twitter, "including sudden or unexplained termination, opaque promotion processes, unpaid overtime, and underinvestment in diverse representation. Without a union, we lack the data or bargaining rights to address these issues."   The Times has not formally responded to the union's request for recognition. "Voluntary recognition is a significant decision," The New York Times Company said in a statement. "We have heard questions from colleagues such as what a union would mean for staff, who might be included in the union, and how colleagues would have a say in who might represent them. We want to make sure all voices are heard."
        
  
  Read more of this story at Slashdot.
  

• EU Poised To Set AI Rules That Would Ban Surveillance and Social Behavior Ranking
  The European Union is poised to ban artificial intelligence systems used for mass surveillance or for ranking social behavior, while companies developing AI could face fines as high as 4% of global revenue if they fail to comply with new rules governing the software applications. From a report: The rules are part of legislation set to be proposed by the European Commission, the bloc's executive body, according to a draft of the proposal obtained by Bloomberg. The details could change before the commission unveils the measure, which is expected to be as soon as next week. The EU proposal is expected to include the following rules:   * AI systems used to manipulate human behavior, exploit information about individuals or groups of individuals, used to carry out social scoring or for indiscriminate surveillance would all be banned in the EU. Some public security exceptions would apply.  * Remote biometric identification systems used in public places, like facial recognition, would need special authorization from authorities.  * AI applications considered to be 'high-risk' would have to undergo inspections before deployment to ensure systems are trained on unbiased data sets, in a traceable way and with human oversight.  * High-risk AI would pertain to systems that could endanger people's safety, lives or fundamental rights, as well as the EU's democratic processes -- such as self-driving cars and remote surgery, among others.  * Some companies will be allowed to undertake assessments themselves, whereas others will be subject to checks by third-parties. Compliance certificates issued by assessment bodies will be valid for up to five years.  * Rules would apply equally to companies based in the EU or abroad.
        
  
  Read more of this story at Slashdot.
  

• There's Another Facebook Phone Number Database Online
  An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines last week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard reports. From the report: Motherboard verified the tool, which comes in the form of a bot on the social network and messaging platform Telegram, outputs accurate phone numbers of Facebook users that aren't included in the dataset of 500 million users. The data also appears to be different to another Telegram bot outputting Facebook phone numbers that Motherboard first reported on in January. "Hello, can you tell me how you got my number?" one person included in the dataset asked Motherboard when reached for comment. "Omg, this is insane," they added. Another person returned Motherboard's call and, after confirming their name, said "If you have my number then yes it seems the data is accurate."   A description for the bot reads "The bot give [sic] out the phone numbers of users who have liked the Facebook page." To use the bot, customers need to first identify the unique identification code of the Facebook Page they want to get phone numbers from, be that a band, restaurant, or any other sort of Page. This is possible with at least one free to use website. From there, customers enter that code into the bot, which provides a cost of the data in U.S. dollars and the option to proceed with the purchase, according to Motherboard's tests. A Page with tens of thousands of likes from Facebook users can cost a few hundred dollars, the bot shows. The data for Motherboard's own Page would return 134,803 results and cost $539, for example.
        
  
  Read more of this story at Slashdot.
  

• 'Why It's Easier To Move Country Than Switch Social Media'
  Cory Doctorow, writing at Wired: When we talk about social media monopolies, we focus too much on network effects, and not enough on switching costs. Yes, it's true that all your friends are already stuck in a Big Tech silo that doesn't talk to any of the other Big Tech silos. It needn't be that way: interoperable platforms have existed since the first two Arpanet nodes came online. You can phone anyone with a phone number and email anyone with an email address.   The reason you can't talk to Facebook users without having a Facebook account isn't that it's technically impossible -- it's that Facebook forbids it. What's more, Facebook (and its Big Tech rivals) have the law on their side: the once-common practice of making new products that just work with existing ones (like third-party printer ink, or a Mac program that can read Microsoft Office files, or an emulator that can play old games) has been driven to the brink of extinction by Big Tech. They were fine with this kind of "competitive compatibility" when it benefited them, but now that they dominate the digital world, it's time for it to die.   To restore competitive compatibility, we would need reform to many laws: software copyright and patents, the anti-circumvention laws that protect digital rights management, and the cybersecurity laws that let companies criminalize violations of their terms of service.
        
  
  Read more of this story at Slashdot.
  

• NAME:WRECK Vulnerabilities Impact Millions of Smart and Industrial Devices
  Catalin Cimpanu, reporting at Record: Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria -- which the company describes as "an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks." Although never visible to end-users, TCP/IP stacks are libraries that vendors add to their firmware to support internet connectivity and other networking functions for their devices. These libraries are very small but, in most cases, underpin the most basic functions of a device, and any vulnerability here exposes users to remote attacks. The NAME:WRECK research is the fifth set of vulnerabilities impacting TCP/IP libraries that have been disclosed over the past three years, and the third set disclosed part of Project Memoria.
        
  
  Read more of this story at Slashdot.
  

• Counter Strike' Bug Allows Hackers To Take Over a PC With a Steam Invite
  Hackers could take control of victims' computers just by tricking them into clicking on a Steam invite to play Counter Strike: Global Offensive, Motherboard reports, citing a bug filing review. From a report: A bug in the game engine used in Counter Strike: Global Offensive could be exploited by hackers to take full control of a target's machine. A security researcher alerted Valve about the bug in June of 2019. Valve is the maker of Source Engine, which is used by CS:GO, Team Fortress 2, and several other games. The researcher, who goes by the name Florian, said that while that the bug has been fixed in some games that use the Source engine, it is still present in CS:GO, and he demonstrated it in a call with Motherboard. Florian's correspondence with Valve occurred on HackerOne, the bug bounty platform used by the company to get reports about vulnerabilities. Valve admitted that it was being slow to respond, even though it classified the bug as "critical" in the thread with the researchers, which Motherboard reviewed. "I am honestly very disappointed because they straight up ignored me most of the time," Florian said in an online chat.
        
  
  Read more of this story at Slashdot.
  

• The Global Business of Professional Trolling
  Professional political trolling is still a thriving underground industry around the world, despite crackdowns from the biggest tech firms. From a report: Coordinated online disinformation efforts offer governments and political actors a fast, cheap way to get under rivals' skin. They also offer a paycheck to people who are eager for work, typically in developing countries. "It's a more sophisticated means of disinformation to weaken your advisories," said Todd Carroll, CISO and VP of Cyber Operations at CybelAngel. Facebook last week said it had uncovered a massive troll farm in Albania, linked to an Iranian militant group. The operation had the the hallmarks of a typical troll farm, which Facebook defines as "a physical location where a collective of operators share computers and phones to jointly manage a pool of fake accounts as part of an influence operation." "The main thing we saw was strange signals centralized coordination between different fake accounts," said Ben Nimmo, Facebook's global influence operations threat intelligence lead. Like numerous troll farms uncovered over the past few years, there was one easy giveaway: content from the network targeted Iran, but was posted on social media during normal working hours on Central European Time.
        
  
  Read more of this story at Slashdot.
  

• Security Researcher Drops Chrome and Edge Exploit on Twitter
  An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave. From a report: The researcher, Rajvardhan Agarwal, told The Record today that the exploit code is for a Chromium bug that was used during the Pwn2Own hacking contest that took place last week. During the contest, security researchers Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security used a vulnerability to run malicious code inside Chrome and Edge, for which they received $100,000. Per contest rules, details about this bug were handed over to the Chrome security team so the bug could be patched as soon as possible. While details about the exact nature of the bug were never publicly disclosed, Agarwal told The Record he spotted the patches for this bug by looking at the source code commits to the V8 JavaScript engine, a component of the Chromium open-source browser project, which allowed him to recreate the Pwn2Own exploit, which he uploaded earlier today on GitHub, and shared on Twitter. However, while Chromium developers have patched the V8 bug last week, the patch has not yet been integrated into official releases of downstream Chromium-based browsers such as Chrome, Edge, and others, which are still vulnerable to attacks.
        
  
  Read more of this story at Slashdot.
  

• Microsoft Announces New Webcam and USB-C Speaker for the Work from Home Era
  Microsoft's long-awaited new webcam is finally here, alongside a number of accessories designed for the work from home era. From a report: Rumors of a new Microsoft webcam have been circulating for years, and the result is what Microsoft calls the Modern Webcam. It's a fairly basic and affordable 1080p webcam that will start shipping for $69.99 in June. The Microsoft Modern Webcam will support up to 1080p HDR output at 30fps and connects via USB-A, not USB-C. It's not the 4K webcam found on Microsoft's Surface Hub 2, and it doesn't include Windows Hello support either. It's really a simple webcam designed for students or workers to quickly add a better video calling option to an existing laptop or PC. Microsoft is also including a privacy shutter and LED indicator to let people easily see when the webcam is active. Microsoft is also launching a new USB-C speaker. The Modern USB-C Speaker is designed primarily for Microsoft Teams, and it even includes a button to launch a control panel for Teams with quick actions for meetings.
        
  
  Read more of this story at Slashdot.
  

• Apple Will Hold a Special Event on April 20
  If you're wondering when Apple will hold its next event, Siri may have the answer. From a report: Ask the digital helper: "When is the next Apple event?" and it will respond with "the special event is on Tuesday, April 20, at Apple Park in Cupertino, CA. You can get all the details on Apple.com." MacRumors, which spotted the reply, says the virtual assistant is providing it in certain instances on iPhone, iPad, Mac, and HomePod. While it's an open secret that Apple is planning an event for later this month where it's expected to debut a new iPad Pro, Siri has seemingly leaked the date ahead of confirmation. We won't have to wait long to find out if the info is correct, though. Apple normally sends out invites to the press a week ahead of the proceedings, so it should make it official later today. The event itself is expected to be a virtual affair starring the iPad Pro (in two sizes) and possibly featuring the AirTags Bluetooth tracker. Apple's next premium slate reportedly features a Mini LED display on the flagship 12.9-inch model, but supply chain issues could see it ship later than planned and in limited quantities.
        
  
  Read more of this story at Slashdot.
  

• US Recommends 'Pause' For J&J Vaccine Over Clot Reports
  iggymanz writes: The U.S. is recommending a "pause" in using the single-dose Johnson & Johnson COVID-19 vaccine to investigate reports of potentially dangerous blood clots. The Centers for Disease Control and Prevention and the Food and Drug Administration said Tuesday they were investigating unusual clots that occurred 6 to 13 days after vaccination. The clots occurred in veins that drain blood from the brain and occurred together with low platelets. All six cases were in women between the ages of 18 and 48; there was one death and all remained under investigation. The reports appear similar to a rare, unusual type of clotting disorder that European authorities say is possibly linked to another COVID-19 vaccine not yet cleared in the U.S., from AstraZeneca. More than 6.8 million doses of the J&J vaccine have been administered in the U.S., the vast majority with no or mild side effects.
        
  
  Read more of this story at Slashdot.
  

• New Microsoft Surface Laptop 4 Goes for Battery Life
  Microsoft on Tuesday announced a new 2021 Surface Laptop, called the Surface Laptop 4. The new version adds 11th-gen Intel Core processors, paired with Intel Iris XE graphics. There's also an AMD processor option -- Zen 2 series -- with a graphics chip called AMD Radeon Graphics Microsoft Surface Edition. From a report: For all the buzz Microsoft's Surface tablets get, I've always thought the Surface Laptop was actually Microsoft's secret weapon. Since Surface Laptop debuted in 2017, it's been a strong contender for the best all-purpose slim Windows laptop. But plenty of companies offer 13-inch-class slim laptops, all hoping to be the Windows version of Apple's ubiquitous MacBook Air. (Microsoft also introduced a 15-inch version in 2019.) Microsoft says the Surface Laptop has the Surface line's highest level of customer satisfaction. Besides simply working well and being stylish and easy to use, the Surface Laptop was frequently on sale at very reasonable prices, making it a great way to get a rock-solid clamshell laptop for not much money. Shortly before the Surface Laptop 4 preorders went live, you could still order a Core i5 13-inch Surface Laptop 3 (with 8GB RAM and a 128GB SSD) for $769, or $899 for a 256GB SSD.
        
  
  Read more of this story at Slashdot.
  

Engadget"Engadget"

• Samsung is hosting yet another Unpacked event on April 28th
  The event will be livestreamed on April 28th, and the invite teases that "the most powerful Galaxy is coming."

• 'Mass Effect Legendary Edition' comparison trailer shows off the upgrades
  A 4K look at all the improvements coming to the Mass Effect trilogy next month.

• Fortnite’s next crossover character is Aloy from ‘Horizon Zero Dawn’
  Epic Games is teaming her up with Lara Croft for a limited-time event.

• Apple TV+ docuseries will explore high-tech music production with Mark Ronson
  'Watch the Sound with Mark Ronson' premieres on July 30th on Apple TV+.

• Discord blocks adult NSFW servers on its iOS app
  Those communities are still available on Android and other platforms.

• Epic announces billion-dollar funding round ahead of Apple trial
  Sony has increased its stake in the company with a $200 million investment.

• The Polestar 2 is getting a cheaper, single-motor option
  The EV will have a longer range in cooler climates if you add a new heat pump.

• Apple confirms April 20th launch event, new iPads and Macs expected
  Mark your calendars, friends: Apple has just sent out invitations for a launch event on April 20th at 10:00 AM Pacific/1:00 PM Eastern, where the company is expected to pull back the curtain on a slate of refreshed tablets and PCs.

• AMD unveils its first Ryzen 5000 CPUs with built-in graphics
  AMD has unveiled its first Ryzen 5000-series chips with built-in graphics, and it's promising a leap in performance over Intel equivalents.

• Playpulse's smart exercise bike lets you choose between workout classes and Netflix
  The Playpulse One lets you attend classes, play games, and watch TV all while riding.

• This $79 smartwatch is actually a metronome for musicians
  Condense your old practice equipment with this smartwatch that can be worn on your chest, wrist or leg. Stronger vibrations and simple controls make this wearable a great tool for musicians of all kinds.

• Nintendo’s Switch Lite will soon come in deep blue
  The new colorway drops the same day as Miitopia.

• Android's latest feature reminds you to avoid distracted walking
  Google is rolling out a 'Heads Up' feature on Android that will remind you to stop using your phone while you're walking.

• Facebook's speed-dating app gives you four minutes to impress
  The experimental video app Sparked has no public profiles or Tinder-style swiping.

• You can now store PS5 games on a USB drive
  Sony is rolling out the first major PS5 system update on April 14th, and it adds support for storing the new console's games on USB drives.

• Facebook's Portal+ smart display is on sale for $200 right now
  Save big on Facebook's Portal+ smart display at QVC, where you can get it for 29 percent off.

• Google is working to bring Sony's 360 Reality Audio to Android
  Google could be working with Sony to integrate 360 Reality Audio into its Android software.

• Dell's refreshed Inspiron line includes a 16-inch laptop
  In addition to the typical performance upgrades we see every year, the company is also unveiling the Inspiron 16 Plus

• Roku unveils an Express 4K+ set-top box and its first rechargeable remote
  Roku's entry-level streaming box is getting a 4K upgrade: the $40 Roku Express 4K+. And it's finally unveiling a rechargeable voice remote.

• Spotify's voice-controlled 'Car Thing' is available for some subscribers
  Spotify admitted its voice-controlled in-car streaming player existed in 2019. Now you might have a chance to actually use it.

• Microsoft's Surface Laptop 4 features Intel and AMD CPUs
  Almost a year and a half since launching the Surface Laptop 3, Microsoft is finally ready with a follow-up. The Surface Laptop 4 continues the line's tradition of being, well, kind of basic.

• Microsoft's new 'Modern' accessories include its first webcam in years
  Microsoft is launching a range of new workplace-oriented accessories, including a webcam and Surface Headphones 2+, that are certified to work with Teams.

• Roku's OS 10 brings AirPlay 2 and HomeKit support to its HD streaming devices
  Roku has started rolling out its latest operating system, and it will gives its HD streaming devices AirPlay 2 and HomeKit compatibility.

• Dell's XPS 13 now comes with an optional $300 OLED display
  Starting today, you can pay an extra $300 on the price of the Full HD model to configure a new XPS 13 with a 3,456 x 2,160 OLED panel.

• Facebook's Oversight Board will consider appeals to remove content
  Facebook's Oversight Board now accepts appeals to remove content, not just restore it.

• Develop a Linux command-line Tool to Track and Plot Covid-19 Stats
  by Nawaz Abbasi    It’s been over a year and we are still fighting with the pandemic at almost every aspect of our life. Thanks to technology, various tools and mechanisms to track Covid-19 related metrics. This introductory-level tutorial discusses developing one such tool at just Linux command-line, from scratch.
  We will start with introducing the most important parts of the tool – the APIs and the commands. We will be using 2 APIs for our tool - COVID19 API and Quickchart API and 2 key commands – curl and jq. In simple terms, curl command is used for data transfer and jq command to process JSON data.
  The complete tool can be broken down into 2 keys steps:
  
  1. Fetching (GET request) data from the COVID19 API and piping the JSON output to jq so as to process out only global data (or similarly, country specific data).
   $ curl -s --location --request GET 'https://api.covid19api.com/summary' | jq -r '.Global'  {   "NewConfirmed": 561661,   "TotalConfirmed": 136069313,   "NewDeaths": 8077,   "TotalDeaths": 2937292,   "NewRecovered": 487901,   "TotalRecovered": 77585186,   "Date": "2021-04-13T02:28:22.158Z"  } 
  2. Storing the output of step 1 in variables and calling the Quickchart API using those variables, to plot a chart. Subsequently piping the JSON output to jq so as to filter only the link to our chart.
   $ curl -s -X POST \   -H 'Content-Type: application/json' \   -d '{"chart": {"type": "bar", "data": {"labels": ["NewConfirmed (${newConf})", "TotalConfirmed (${totConf})", "NewDeaths (${newDeath})", "TotalDeaths (${totDeath})", "NewRecovered (${newRecover})", "TotalRecovered (${totRecover})"], "datasets": [{"label": "Global Covid-19 Stats (${datetime})", "data": [${newConf}, ${totConf}, ${newDeath}, ${totDeath}, ${newRecover}, ${totRecover}]}]}}}' \   https://quickchart.io/chart/create | jq -r '.url'  https://quickchart.io/chart/render/zf-be27ef29-4495-4e9a-9180-dbf76f485eaf    That’s it! Now we have our data plotted out in a chart:
  
      Go to Full Article          

• FSF’s LibrePlanet 2021 Free Software Conference Is Next Weekend, Online Only
  by George Whittaker    On Saturday and Sunday, March 20th and 21st, 2021, free software supporters from all over the world will log in to share knowledge and experiences, and to socialize with others within the free software community. This year’s theme is “Empowering Users,” and keynotes will be Julia Reda, Nathan Freitas, and Nadya Peek. Free Software Foundation (FSF) associate members and students attend gratis at the Supporter level. 
  You can see the schedule and learn more about the conference at https://libreplanet.org/2021/, and participants are encouraged to register in advance at https://u.fsf.org/lp21-sp. 
  The conference will also include workshops, community-submitted five-minute Lightning Talks, Birds of a Feather (BoF) sessions, and an interactive “exhibitor hall” and “hallway” for socializing.
      Go to Full Article          

• Review: The New weLees Visual LVM, a new style of LVM management, has been released
  by George Whittaker    Maintenance of the storage system is a daily job for system administrators. Linux provides users with a wealth of storage capabilities, and powerful built-in maintenance tools. However, these tools are hardly friendly to system administrators while generally considerable effort is required for mastery.
  As a Linux built-in storage model, LVM provides users with plenty flexible management modes to fit various needs. For users who can fully utilize its functions, LVM could meet almost all needs. But the premise is thorough understanding of the LVM model, dozens of commands as well as accompanying parameters.
  The graphical interface would dramatically simplify both learning curve and operation with LVM, in a similar approach as partition tools that are widely used on Windows/Linux platforms. Although scripts with commands are suitable for daily, automatic tasks, the script could not handle all functions in LVM. For instance, manual calculation and processing are still required by many tasks.
  Significant effort had been spent on this problem. Nowadays, several graphical LVM management tools are already available on the Internet, some of them are built-in with Linux distributions and others are developed by third parties. But there remains a critical problem: desire for remote machines or headless servers are completely ignored.
  This is now solved by Visual LVM Remote. Front end of this tool is developed based on the HTTP protocol. With any smart device that can connect to the storage server, Users can perform management operations.
  Visual LVM is developed by weLees Corporation and supports all Linux distributions. In addition to working with remote/headless servers, it also supports more advanced features of LVM compared with various on-shelf graphic LVM management tools.
  Dependences of Visual LVM Remote  Visual LVM Remote can work on any Linux distribution that including two components below:
    LVM2
      Libstdc++.so
   UI of Visual LVM Remote  With a concise UI, partitions/physical volumes/logical volumes are displayed by disk layout. With a glance, disk/volume group information can be obtained immediately. In addition, detailed relevant information of the object will be displayed in the information bar below with the mouse hover on the concerned object.
      Go to Full Article          

• Nvidia Linux drivers causing random hard crashes and now a major security risk still not fixed after 5+ months
  Image       The recent fiasco with Nvidia trying to block Hardware Unboxed from future GPU review samples for the content of their review is one example of how they choose to play this game. This hatred is not only shared by reviewers, but also developers and especially Linux users.
  The infamous Torvalds videos still traverse the web today as Nvidia conjures up another evil plan to suck up more of your money and market share. This is not just one off shoot case; oh how much I wish it was. I just want my computer to work.
  If anyone has used Sway-WM with an Nvidia GPU I’m sure they would remember the –my-next-gpu-wont-be-nvidia option.
  These are a few examples of many.
  The Nvidia Linux drivers have never been good but whatever has been happening at Nvidia for the past decade has to stop today. The topic in question today is this bug: [https://forums.developer.nvidia.com/t/bug-report-455-23-04-kernel-panic-due-to-null-pointer-dereference]
  This bug causes hard irrecoverable crashes from driver 440+. This issue is still happening 5+ months later with no end in sight. At first users could work around this by using an older DKMS driver along with a LTS kernel. However today this is no longer possible. Many distributions of Linux are now dropping the old kernels. DKMS cannot build. The users are now FORCED with this “choice”:
  {Use an older driver and risk security implications} or {“use” the new drivers that cause random irrecoverable crashes.}
  This issue is only going to get more and more prevalent as the kernel is a core dependency by definition. This is just another example of the implications of an unsafe older kernel causing issue for users: https://archlinux.org/news/moving-to-zstandard-images-by-default-on-mkinitcpio/
  If you use Linux or care about the implications of a GPU monopoly, consider AMD. Nvidia is already rearing its ugly head and AMD is actually putting up a fight this year.
        #Linux  NVIDIA  News                   

• Parallel shells with xargs: Utilize all your cpu cores on UNIX and Windows
  by Charles Fisher    Introduction  One particular frustration with the UNIX shell is the inability to easily schedule multiple, concurrent tasks that fully utilize CPU cores presented on modern systems. The example of focus in this article is file compression, but the problem rises with many computationally intensive tasks, such as image/audio/media processing, password cracking and hash analysis, database Extract, Transform, and Load, and backup activities. It is understandably frustrating to wait for gzip * running on a single CPU core, while most of a machine's processing power lies idle.
  This can be understood as a weakness of the first decade of Research UNIX which was not developed on machines with SMP. The Bourne shell did not emerge from the 7th edition with any native syntax or controls for cohesively managing the resource consumption of background processes.
  Utilities have haphazardly evolved to perform some of these functions. The GNU version of xargs is able to exercise some primitive control in allocating background processes, which is discussed at some length in the documentation. While the GNU extensions to xargs have proliferated to many other implementations (notably BusyBox, including the release for Microsoft Windows, example below), they are not POSIX.2-compliant, and likely will not be found on commercial UNIX.
  Historic users of xargs will remember it as a useful tool for directories that contained too many files for echo * or other wildcards to be used; in this situation xargs is called to repeatedly batch groups of files with a single command. As xargs has evolved beyond POSIX, it has assumed a new relevance which is useful to explore.
  
  
  Why is POSIX.2 this bad?  A clear understanding of the lack of cohesive job scheduling in UNIX requires some history of the evolution of these utilities.
      Go to Full Article          

• Bypassing Deep Packet Inspection: Tunneling Traffic Over TLS VPN
  by Dmitriy Kuptsov   
  In some countries, network operators employ deep packet inspection techniques to block certain types of traffic. For example, Virtual Private Network (VPN) traffic can be analyzed and blocked to prevent users from sending encrypted packets over such networks.
  
  By observing that HTTPS works all over the world (configured for an extremely large number of web-servers) and cannot be easily analyzed (the payload is usually encrypted), we argue that in the same manner VPN tunneling can be organized: By masquerading the VPN traffic with TLS or its older version - SSL, we can build a reliable and secure network. Packets, which are sent over such tunnels, can cross multiple domains, which have various (strict and not so strict) security policies. Despite that the SSH can be potentially used to build such network, we have evidence that in certain countries connections made over such tunnels are analyzed statistically: If the network utilization by such tunnels is high, bursts do exist, or connections are long-living, then underlying TCP connections are reset by network operators.
  
  Thus, here we make an experimental effort in this direction: First, we describe different VPN solutions, which exist on the Internet; and, second, we describe our experimental effort with Python-based software and Linux, which allows users to create VPN tunnels using TLS protocol and tunnel small office/home office (SOHO) traffic through such tunnels.
  I. INTRODUCTION
  Virtual private networks (VPN) are crucial in the modern era. By encapsulating and sending client’s traffic inside protected tunnels it is possible for users to obtain network services, which otherwise would be blocked by a network operator. VPN solutions are also useful when accessing a company’s Intranet network. For example, corporate employees can access the internal network in a secure way by establishing a VPN connection and directing all traffic through the tunnel towards the corporate network. This way they can get services, which otherwise would be impossible to get from the outside world.
  II. BACKGROUND
  There are various solutions that can be used to build VPNs. One example is Host Identity Protocols (HIP) [7]. HIP is a layer 3.5 solution (it is in fact located between transport and network layers) and was originally designed to split the dual role of IP addresses - identifier and locator. For example, a company called Tempered Networks uses HIP protocol to build secure networks (for sampling see [4]).
      Go to Full Article          

• How to Save Time Running Automated Tests with Parallel CI Machines
  by Artur Trzop   
  Automated tests are part of many programming projects, ensuring the software is flawless. The bigger the project, the larger the test suite can be.This can result in automated tests taking a lot of time to run. In this article you will learn how to run automated tests faster with parallel Continuous Integration machines (CI) and what problems can be encountered. The article covers common parallel testing problems, based on Ruby & JavaScript tests.
  Slow automated tests
  Automated tests can be considered slow when programmers stop running the whole test suite on their local machine because it is too time consuming. Most of the time you use CI servers such as Jenkins, CircleCI, Github Actions to run your tests on an external machine instead of your own. When you have a test suite that runs for an hour then it’s not efficient to run it on your computer. Browser end-to-end tests for your web project can take a really long time to execute. Running tests on a CI server for an hour is also not efficient. You as a developer need a fast feedback loop to know if your software works fine. Automated tests should help you with that.
  Split tests between many CI machines to save time
  A way to save you time is to make CI build as fast as possible. When you have tests taking e.g. 1 hour to run then you could leverage your CI server config and setup parallel jobs (parallel CI machines/nodes). Each of the parallel jobs can run a chunk of the test suite. 
  
  You need to divide your tests between parallel CI machines. When you have a 60 minutes test suite you can run 20 parallel jobs where each job runs a small set of tests and this should save you time. In an optimal scenario you would run tests for 3 minutes per job. 
  
  How to make sure each job runs for 3 minutes? As a first step you can apply a simple solution. Sort all of your test files alphabetically and divide them by the number of parallel jobs. Each of your test files can have a different execution time depending on how many test cases you have per test file and how complex each test case is. But you can end up with test files divided in a suboptimal way, and this is problematic. The image below illustrates a suboptimal split of tests between parallel CI jobs where one job runs too many tests and ends up being a bottleneck.
      Go to Full Article          

• The KISS Web Development Framework
  by Blake McBride   
  Perhaps the most popular platform for applications is the web. There are many reasons for this including portability across platforms, no need to update the program, data backup, sharing data with others, and many more. This popularity has driven many of us to the platform.
  
  Unfortunately, the platform is a bit complex. Rather than developing in a particular environment, with web applications it is necessary to create two halves of a program utilizing vastly different technologies. On top of that, there are many additional challenges such as the communications and security between the two halves.
  
  A typical web application would include all of the following building blocks:
  Front-end layout (HTML/CSS)  Front-end functionality (JavaScript)  Back-end server code (Java, C#, etc.)  Communications (REST, etc.)  Authentication  Data persistence (SQL, etc.) 
  All these don't even touch on all the other pieces that are not part of your application proper, such as the server (Apache, tomcat, etc), the database server (PostgreSQL, MySQL, MongoDB, etc), the OS (Linux, etc.), domain name, DNS, yadda, yadda, yadda.
  
  The tremendous complexity notwithstanding, most application developers mainly have to concern themselves with the six items listed above. These are their main concerns.
  
  Although there are many fine solutions available for these main concerns, in general, these solutions are siloed, complex, and incongruent. Let me explain.
  
  Many solutions are siloed because they are single-solution packages that are complete within themselves and disconnected from other pieces of the system.
  
  Some solutions are so complex that they can take years to learn well. Developers can struggle more with the framework they are using than the language or application they are trying to write. This is a major problem.
  
  Lastly, by incongruent I mean that the siloed tools do not naturally fit well together. A bunch of glue code has to be written, learned, and supported to fit the various pieces together. Each tool has a different feel, a different approach, a different way of thinking.
  
  Being frustrated with all of these problems, I wrote the KISS Web Development Framework. At first it was just various solutions I had developed. But later it evolved into a single, comprehensive web development framework. KISS, an open-source project, was specifically designed to solve these exact challenges.
  
  KISS is a single, comprehensive, fully integrated web development framework that includes integrated solutions for:
  
  Front-end
  Custom HTML controls  Easy communications with the back-end with built-in authentication  Browser cache control (so the user never has to clear their cache)  A variety of general purpose utilities 
  Back-end
      Go to Full Article          

• Linux in Healthcare - Cutting Costs & Adding Safety
  by Alex Gosselin   
  Healthcare domain directly deals with our health and lives. Healthcare is prevention, diagnosis, and treatment of any disease, injury, illness, or any other physical and mental impairments in humans. Emergency situations are often dealt with by the healthcare sector very frequently. With immense scope for improvisations, a thriving healthcare domain deals from telemedicine to insurance, and inpatient hospitals to outpatient clinics.  With practitioners practicing in multiple areas like medicine, chiropractic, nursing, dentistry, pharmacy, allied health, and others, it's an industry with complex processes and data-oriented maintenance systems often difficult to manage manually with paperwork.
  
  Need is the mother of innovation and hence people across the world have invented software and systems to manage:
  Patients’ data or rather medical history  Bills and claims for own and third-party services  Inventory management  Communication channels among various departments like reception, doctor’s room, investigation rooms, wards, Operation theaters, etc.  Controlled Medical equipment and much more. 
  Thus, saving our precious time, making life easier, and minimizing human errors.
  
  HealthCare integrated with Linux: With high availability, critical workloads, low power consumption and reliability, Linux has established itself in the likes of windows, and Mac OS. With a “stripped-down” graphical interface and minimal OS version, it provides a strong impetus for performance restricting many services from running and direct control over hardware. Integrating Linux with the latest technological solutions in healthcare (check out Elinext healthcare solutions, as an example), businesses are saving a lot along with enhanced security.
  
   
  
  Few drivers promoting Linux in healthcare are: 
  
  Open Source: One of the utmost benefits of Linux is its open-source saving license cost for  health care organizations. Most of the software and programs running on Linux OS are largely open sources too. Anyone can modify Linux kernel based on open source license, resulting customization as per your needs. Using open-source, there is no need to request additional resources or sign additional agreements. It provides you vendor independence. With a creditable Linux community backed by various organizations, you have satisfactory support.
      Go to Full Article          

• MuseScore Created New Font in Memory of Original SCORE Program Creator
  Image      
  MuseScore represents a free notation software for operating systems such as Windows, macOS and Linux. It is designed and suitable for music teachers, students & both amateur and professional composers. MuseScore is released as FOSS under the GNU GPL license and it’s accompanied by freemium MuseScore.com sheet music catalogue with mobile score viewer, playback app and an online score sharing platform. In 2018, the MuseScore company was acquired by Ultimate Guitar, which included full-time paid developers in the open source team. Since 2019 the MuseScore design team has been led by Martin Keary, known as blogger Tantacrul, who has consistently criticized composer software in connection with design and usability. From that moment on, a qualitative change was set in motion in MuseScore.
  
  Historically, the engraving quality in MuseScore has not been entirely satisfactory. After the review by Martin Keary, MuseScore product owner (previously known as MuseScore head of design) and Simon Smith, an engraving expert, who has produced multiple detailed reports on the engraving quality of MuseScore 3.5, it has become apparent that some key engraving issues should be resolved immediately.That would have a significant impact on the overall quality of our scores. Therefore, these changes will considerably improve the quality of scores published in the sheet music catalog, MuseScore.com.
  
  The MuseScore 3.6 was called 'engraving release,' which addressed many of the biggest issues affecting sheet music's layout and appearance and resulted from a massive collaboration between the community and internal team.
  
   
  
  Two of the most notable additions in this release are Leland, our new notation font and Edwin, our new typeface.
  
  Leland is a highly sophisticated notation style created by Martin Keary & Simon Smith. Leland aims to provide a classic notation style that feels 'just right' with a balanced, consistent weight and a finessed appearance that avoids overly stylized quirks.
  
  The new typeface, Edwin, is based on the New Century Schoolbook, which has long been the typeface of choice by some of the world's leading publishers, explicitly chosen as a complementary companion to Leland. We have also provided new default style settings (margins, line thickness, etc.) to compliment Leland and Edwin, which match conventions used by the world's leading publishing houses.
  
  “Then there's our new typeface, Edwin, which is an open license version of new Century Schoolbook - long a favourite of professional publishers, like Boosey and Hawkes. But since there is no music written yet, you'll be forgiven for missing the largest change of all: our new notation font: Leland, which is named after Leland Smith, the creator of a now abandoned application called SCORE, which was known for the amazing quality of its engraving. We have spent a lot of time finessing this font to be a world beater.”
  
  — Martin Keary, product owner of MuseScore
  
  Equally as important as the new notation style is the new vertical layout system. This is switched on by default for new scores and can be activated on older scores too. It is a tremendous improvement to how staves are vertically arranged and will save the composer’s work hours by significantly reducing his reliance on vertical spacers and manual adjustment.
  
  MuseScore 3.6 developers also created a system for automatically organizing the instruments on your score to conform with a range of common conventions (orchestral, marching band, etc.). Besides, newly created scores will also be accurately bracketed by default. A user can even specify soloists, which will be arranged and bracketed according to your chosen convention. These three new systems result from a collaboration between Simon Smith and the MuseScore community member, Niek van den Berg.
  
  MuseScore team has also greatly improved how the software displays the notation fonts: Emmentaler and Bravura, which more accurately match the original designers' intentions and have included a new jazz font called 'Petaluma' designed by Anthony Hughes at Steinberg.
  
  Lastly, MuseScore has made some beneficial improvements to the export process, including a new dialog containing lots of practical and time-saving settings. This work was implemented by one more community member, Casper Jeukendrup.
  
  The team's current plans are to improve the engraving capabilities of MuseScore, including substantial overhauls to the horizontal spacing and beaming systems. MuseScore 3.6 may be a massive step, although there is a great deal of work ahead.
  
  Links
  
  Official release notes: MuseScore 3.6
  
  Martin Keary’s video: “How I Designed a Free Music Font for 5 Million Musicians (MuseScore 3.6)”
  
  Official video: “MuseScore 3.6 - A Massive Engraving Overhaul!”
  
  Download MuseScore for free: MuseScore.org
        #Linux  Music Software  FOSS