Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All/All+Images) (Single Column)

LinuxSecurity - Security Advisories

  • Debian: DSA-4891-1: tomcat9 security update>
    Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. For the stable distribution (buster), these problems have been fixed in







LWN.net

  • FreeBSD 13.0 released
    The FreeBSD 13 release is out. It includes a lot of updated software, theremoval of a number of GNU tools (including the toolchain), and more, butnot WireGuard. See the releasenotes for the details.


  • [$] Comparing SystemTap and bpftrace
    There are times when developers and system administrators need to diagnoseproblems in running code. The program to be examined can be a user-spaceprocess, the kernel, or both. Two of the major tools available on Linux toperform this sort of analysis areSystemTap andbpftrace. SystemTap has been availablesince 2005, while bpftrace is a more recent contender that, to some,may appear tohave made SystemTap obsolete. However, SystemTap is still the preferredtool forsome real-world use cases.


  • Security updates for Tuesday
    Security updates have been issued by Debian (libpano13), Fedora (mosquitto and perl-Net-CIDR-Lite), Mageia (curl, mongodb, pdfbox, python-jinja2, rygel, spamassassin, tor, velocity, webkit2, and wireshark), openSUSE (umoci), Oracle (389-ds:1.4, kernel, and virt:ol and virt-devel:rhel), Red Hat (kernel and kpatch-patch), Slackware (dnsmasq and irssi), and SUSE (cifs-utils, rubygem-actionpack-4_2, and spamassassin).


  • [$] NUMA-aware qspinlocks
    While some parts of the core kernel reached a relatively stable "done"state years ago, others never really seem to be finished. One of thelatter variety is undoubtedly the kernel's implementation of spinlocks,which arbitrate access to data at the lowest levels of the kernel. Lockperformance can have a significant effect on the performance of the systemas a whole, so optimization work can pay back big dividends. Lest onethink that this work is finally done, the NUMA-awareqspinlock patch set shows how some more performance can be squeezed outof the kernel's spinlock implementation.


  • The FSF on Stallman's reinstatement
    The Free Software Foundation has finally issueda statement on why the decision to return Richard Stallman to theorganization's board of directors was taken.We decided to bring RMS back because we missed his wisdom. His historical,legal and technical acumen on free software is unrivaled. He has a deepsensitivity to the ways that technologies can contribute to both theenhancement and the diminution of basic human rights. His global network ofconnections is invaluable. He remains the most articulate philosopher andan unquestionably dedicated advocate of freedom in computing.
    RMS acknowledges that he has made mistakes. He has sincere regrets,especially at how anger toward him personally has negatively impacted thereputation and mission of FSF. While his personal style remains troublingfor some, a majority of the board feel his behavior has moderated andbelieve that his thinking strengthens the work of the FSF in pursuit of itsmission.
    There is also aseparate statement from Stallman.


  • Security updates for Monday
    Security updates have been issued by CentOS (kernel and libldb), Debian (mediawiki, qemu, ruby-kramdown, and xen), Fedora (grub2, libldb, libopenmpt, python-pikepdf, python39, samba, squid, and webkit2gtk3), openSUSE (bcc, ceph, gssproxy, hostapd, isync, kernel, openexr, openSUSE KMPs, and tpm2-tss-engine), SUSE (fwupdate and wpa_supplicant), and Ubuntu (spamassassin).


  • Kernel prepatch 5.12-rc7
    The 5.12-rc7 kernel prepatch is out; it'srather larger than Linus would have liked."End result: I'm still waffling about the final 5.12 release. The factthat we have a big rc7 does make me think that I'll probably do an rc8this time around. But it ends up depending a bit on how the upcomingweek goes, and if things are deathly quiet, I may end up deciding thatan rc8 doesn't really make sense."



  • HPVM v1.0 released
    HPVM ("heterogeneous parallelvirtual machine") is a compiler for targets like GPUs and FPGAs based onLLVM; the 1.0 release is available now. "This release is a major addition to our first release (version 0.5),adding support for linear algebra tensor operations, Pytorch andKeras frontends, approximations for convolution operators, and anefficient and flexible framework for approximation tuning. Our novelapproximation-tuner automatically selects approximation knobs forindividual tensor operations and selects configurations that maximizea (configurable) performance objective."


  • [$] Seccomp user-space notification and signals
    The seccomp()mechanism allows the imposition of a filter program (expressed in "classic" BPF)that makes policy decisions on whether to allow each system call invoked by the targetprocess. The user-space notificationfeature further allows those decisions to be deferred to anotherprocess. As this recentpatch set from Sargun Dhillon shows, though, user-space notificationstill has some rough edges, especially when it comes to signals. Thispatch makes a simple change to try to address a rather complex problembrought to the fore by changes in the Go language's preemption model.


  • Security updates for Friday
    Security updates have been issued by Debian (lib3mf, php-pear, and python-django), Fedora (perl-Net-Netmask), openSUSE (flatpak, libostree, xdg-desktop-portal,, fwupd, fwupdate, and hostapd), Oracle (kernel, libldb, nettle, and squid), Red Hat (nettle), and SUSE (fwupdate, tpm2-tss-engine, and umoci).


  • [$] Debian votes on a statement — and a leader
    Richard Stallman's return to the FreeSoftware Foundation's board of directors has provoked a flurry of responses, and many organizations inthe free-software community have expressed their unhappiness with thatappointment. In almost every case, the process leading up to thatexpression has been carried out behind closed doors. The Debian project,instead, is deciding what to do in a classic Debian way — holding a publicvote on a general resolution with a wide range of possible outcomes.


  • Security updates for Thursday
    Security updates have been issued by Fedora (chromium, libldb, rpm, samba, and seamonkey), openSUSE (isync), Oracle (kernel), Red Hat (openssl and squid), SUSE (ceph, flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk, fwupd, fwupdate, and openexr), and Ubuntu (curl, linux-lts-trusty, and lxml).



  • [$] Resurrecting DWF
    Five years ago, we looked at an effort toassist in the assignment of CommonVulnerabilities and Exposures (CVE) IDs, especially for open-sourceprojects.Developers in the free-software world have often found it difficult toobtain CVE IDs for the vulnerabilities that they find.The Distributed WeaknessFiling (DWF) project was meant to reduce the friction in theCVE-assignment process, but it never really got off the ground. In a blogpost, Josh Bressers said that DWF was hampered by trying to follow therules for CVEs. That has led to a plan to restart DWF, but this time without the"yoke of legacy CVE".



LXer Linux News





  • How to make a bootable Windows USB drive on Linux using Woeusb-ng?
    As a Linux user, you may need to make a bootable Windows USB drive for testing and education purposes or even to install it alongside your favourite distro. Whatever your reasons, you will be able to create a Microsoft OS bootable flash drive after reading this humble post. So power on your system and plug in your USB flash drive as you are only a few lines away from acquire this skill.


  • A Definitive Series to Learn Java Programming for Beginners
    Java is a General purpose, Object Oriented Programming Language written by James Gosling. It is known for many features which makes it different from other Programming languages. It is one of those Programming Language that has always remained in demand since the time of its initial release.




  • How to install VMware tools in Debian 10
    VMware tools enable the integration between the host and the guest operating systems. In this article, we will explain how to install VMware tools in Debian using two different methods.



  • Is Linux A More Secure Option Than Windows For Businesses? hegt/he
    There are many factors to consider when choosing an OS, security being among one of the most critical. The general consensus among experts is that Linux is the most secure OS by design - an impressive feat that can be attributed to a variety of characteristics including its transparent open-source code, strict user privilege model, diversity, built-in kernel security defenses and the security of the applications that run on it.



  • Encrypt your files with this open source software
    Many years ago, there was encryption software called TrueCrypt. Its source code was available, although there were no major claims that anyone had ever audited or contributed to it. Its author was (and remains to this day) anonymous. Still, it was cross-platform, easy to use, and really, really useful.read more



  • Scheduling tasks with cron
    Cron is a scheduling daemon that executes tasks at specified intervals. These tasks are called cron jobs and are mostly used to automate system maintenance or administration tasks. For example, you could set a cron job to automate repetitive tasks such as backing up database or data, updating the system with the latest security patches, […]


  • 9to5Linux Weekly Roundup: April 11th, 2021
    The twenty-eighth installment of the 9to5Linux Weekly Roundup is out, for the week ending on April 11th, keeping you guys up to date with the most important things happening in the Linux world.


  • How to Install and Configure an NFS Server on Ubuntu 20.04
    NFS or Network File System is a distributed file system protocol that allows you to share directories over a network. With NFS, you can mount remote directories on your system and work with the files on the remote machine as if they were local files.


  • MySQL SHOW USERS: List All Users in a MySQL Database
    Today we are going to guide you on how to show all users in the MySQL users Database.A common question that most beginner MySQL users ask is “How do I see all of the users in my MySQL server?” Most of them assume that there is a show users command in MySQL, but there isn’t one. This is a common mistake because there are other MySQL commands for displaying information about the database. For example, SHOW DATABASES will show us all of the databases that are present in our MySQL Server, and SHOW TABLES will show us all the tables in the MySQL database that you have selected.


  • Why Crate.io has returned to its pure open source roots
    The headline benefits of open source are widely known and well-articulated. Open source technologies provide enterprise-level scalability, performance, security, and reliability. Trust is there, and it's deserved. But what's less celebrated, other than by die-hard open source adherents, are the inner workings of the everyday community contributions building those macro benefits at the atomic level. For those offering open source technologies, it is the community's constant user-driven testing and hardening that forges those technologies into robust and proven solutions.read more




Slashdot

  • Las Vegas Pushes To Become First To Ban Ornamental Grass
    With a first-in-the-nation policy, Las Vegas is seeking to ban grass that nobody walks on. "Las Vegas-area water officials have spent two decades trying to get people to replace thirsty greenery with desert plants, and now they're asking the Nevada Legislature to outlaw roughly 40% of the turf that's left," reports The Associated Press. By outlawing this ornamental grass that requires four times as much water as drought-tolerant landscaping, the region can reduce annual water consumption by roughly 15% and save about 14 gallons of water per person per day. From the report: The proposal is part of a turf war waged since at least 2003, when the water authority banned developers from planting green front yards in new subdivisions. It also offers owners of older properties the region's most generous rebate policies to tear out sod -- up to $3 per square foot. Those efforts are slowing. The agency says the number of acres converted under its rebate program fell last year to six times less than what it was in 2008. Meanwhile, water consumption in southern Nevada has increased 9% since 2019.   Justin Jones, a Clark County commissioner who serves on the water authority's board, doesn't think ripping out ornamental turf will upend people's lives. "To be clear, we are not coming after your average homeowner's backyard," he said. But grass in the middle of a parkway, where no one walks: "That's dumb." "The only people that ever set foot on grass that's in the middle of a roadway system are people cutting the grass," Jones said. The agency has different regulations for yards and public parks. Based on satellite imaging, it believes banning ornamental grass will primarily affect common areas maintained by homeowner associations and commercial property owners.
          

    Read more of this story at Slashdot.


  • Global PC Market Swells by 55% in Q1 2021 To 82.7 Million
    The latest data from research firm Canalys shows continued strength in the worldwide PC market in the first quarter of 2021, with shipments of desktops and notebooks, including workstations, up 55% year on year. From the report: Though this growth rate was buoyed by a weak Q1 2020, total shipments of 82.7 million units is still impressive, and the highest Q1 shipment number since 2012. Backlogs on orders from 2020, particularly for notebooks, were a key driver, though new demand is also a factor as smaller businesses begin their recoveries. Shipments of notebooks and mobile workstations increased 79% year on year to reach 67.8 million units. Desktops improved slightly at the start of 2021 after a string of poor quarters in 2020, with the level of shipment decline easing. Shipments of desktop and desktop workstations fell 5% year on year to 14.8 million units.   The strong recovery from a weak Q1 2020 saw all vendors in the top five achieve double-digit year-on-year shipment growth. Lenovo maintained pole position in the PC market, securing a 25% market share and posting year-on-year growth of 61%, with shipments of 20.4 million units. HP, spurred by strong Chromebook shipments, came second with total shipments of 19.2 million units, a 64% increase on Q1 2020. Dell lost market share against Q4, but took third place in the rankings, growing shipments 23% year on year to hit 12.9 million units. Apple and Acer made up the rest of the top five, shipping 6.6 million and 5.7 million units to enjoy the highest and second-highest annual growth respectively. Cumulatively, the top five vendors accounted for 78.5% of all PC shipments in Q1 2021.
          

    Read more of this story at Slashdot.


  • Tech Workers At the New York Times Have Formed a Union
    An anonymous reader quotes a report from The Verge: Tech workers at The New York Times have formed a union under the NewsGuild of New York, and they are demanding voluntary recognition from the paper's management. The new union, called the Tech Times Guild, represents more than 650 workers from the digital side of the company, including software engineers, designers, and data analysts. Those employees are not included in the editorial union of The New York Times, which represents more than 3,000 reporters and media professionals at the newspaper and is also organized under NewsGuild. The editorial union has historically excluded employees on the digital side of the paper, even as the company has expanded into more ambitious data and digital work. As a result, the Tech Times Guild is seeking a separate bargaining unit, which would negotiate separately with the Times management. "As of now, we face a number of challenges," the Tech Times Guild said in a statement on Twitter, "including sudden or unexplained termination, opaque promotion processes, unpaid overtime, and underinvestment in diverse representation. Without a union, we lack the data or bargaining rights to address these issues."   The Times has not formally responded to the union's request for recognition. "Voluntary recognition is a significant decision," The New York Times Company said in a statement. "We have heard questions from colleagues such as what a union would mean for staff, who might be included in the union, and how colleagues would have a say in who might represent them. We want to make sure all voices are heard."
          

    Read more of this story at Slashdot.


  • EU Poised To Set AI Rules That Would Ban Surveillance and Social Behavior Ranking
    The European Union is poised to ban artificial intelligence systems used for mass surveillance or for ranking social behavior, while companies developing AI could face fines as high as 4% of global revenue if they fail to comply with new rules governing the software applications. From a report: The rules are part of legislation set to be proposed by the European Commission, the bloc's executive body, according to a draft of the proposal obtained by Bloomberg. The details could change before the commission unveils the measure, which is expected to be as soon as next week. The EU proposal is expected to include the following rules:   * AI systems used to manipulate human behavior, exploit information about individuals or groups of individuals, used to carry out social scoring or for indiscriminate surveillance would all be banned in the EU. Some public security exceptions would apply.  * Remote biometric identification systems used in public places, like facial recognition, would need special authorization from authorities.  * AI applications considered to be 'high-risk' would have to undergo inspections before deployment to ensure systems are trained on unbiased data sets, in a traceable way and with human oversight.  * High-risk AI would pertain to systems that could endanger people's safety, lives or fundamental rights, as well as the EU's democratic processes -- such as self-driving cars and remote surgery, among others.  * Some companies will be allowed to undertake assessments themselves, whereas others will be subject to checks by third-parties. Compliance certificates issued by assessment bodies will be valid for up to five years.  * Rules would apply equally to companies based in the EU or abroad.
          

    Read more of this story at Slashdot.


  • There's Another Facebook Phone Number Database Online
    An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines last week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard reports. From the report: Motherboard verified the tool, which comes in the form of a bot on the social network and messaging platform Telegram, outputs accurate phone numbers of Facebook users that aren't included in the dataset of 500 million users. The data also appears to be different to another Telegram bot outputting Facebook phone numbers that Motherboard first reported on in January. "Hello, can you tell me how you got my number?" one person included in the dataset asked Motherboard when reached for comment. "Omg, this is insane," they added. Another person returned Motherboard's call and, after confirming their name, said "If you have my number then yes it seems the data is accurate."   A description for the bot reads "The bot give [sic] out the phone numbers of users who have liked the Facebook page." To use the bot, customers need to first identify the unique identification code of the Facebook Page they want to get phone numbers from, be that a band, restaurant, or any other sort of Page. This is possible with at least one free to use website. From there, customers enter that code into the bot, which provides a cost of the data in U.S. dollars and the option to proceed with the purchase, according to Motherboard's tests. A Page with tens of thousands of likes from Facebook users can cost a few hundred dollars, the bot shows. The data for Motherboard's own Page would return 134,803 results and cost $539, for example.
          

    Read more of this story at Slashdot.


  • 'Why It's Easier To Move Country Than Switch Social Media'
    Cory Doctorow, writing at Wired: When we talk about social media monopolies, we focus too much on network effects, and not enough on switching costs. Yes, it's true that all your friends are already stuck in a Big Tech silo that doesn't talk to any of the other Big Tech silos. It needn't be that way: interoperable platforms have existed since the first two Arpanet nodes came online. You can phone anyone with a phone number and email anyone with an email address.   The reason you can't talk to Facebook users without having a Facebook account isn't that it's technically impossible -- it's that Facebook forbids it. What's more, Facebook (and its Big Tech rivals) have the law on their side: the once-common practice of making new products that just work with existing ones (like third-party printer ink, or a Mac program that can read Microsoft Office files, or an emulator that can play old games) has been driven to the brink of extinction by Big Tech. They were fine with this kind of "competitive compatibility" when it benefited them, but now that they dominate the digital world, it's time for it to die.   To restore competitive compatibility, we would need reform to many laws: software copyright and patents, the anti-circumvention laws that protect digital rights management, and the cybersecurity laws that let companies criminalize violations of their terms of service.
          

    Read more of this story at Slashdot.


  • NAME:WRECK Vulnerabilities Impact Millions of Smart and Industrial Devices
    Catalin Cimpanu, reporting at Record: Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria -- which the company describes as "an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks." Although never visible to end-users, TCP/IP stacks are libraries that vendors add to their firmware to support internet connectivity and other networking functions for their devices. These libraries are very small but, in most cases, underpin the most basic functions of a device, and any vulnerability here exposes users to remote attacks. The NAME:WRECK research is the fifth set of vulnerabilities impacting TCP/IP libraries that have been disclosed over the past three years, and the third set disclosed part of Project Memoria.
          

    Read more of this story at Slashdot.


  • Counter Strike' Bug Allows Hackers To Take Over a PC With a Steam Invite
    Hackers could take control of victims' computers just by tricking them into clicking on a Steam invite to play Counter Strike: Global Offensive, Motherboard reports, citing a bug filing review. From a report: A bug in the game engine used in Counter Strike: Global Offensive could be exploited by hackers to take full control of a target's machine. A security researcher alerted Valve about the bug in June of 2019. Valve is the maker of Source Engine, which is used by CS:GO, Team Fortress 2, and several other games. The researcher, who goes by the name Florian, said that while that the bug has been fixed in some games that use the Source engine, it is still present in CS:GO, and he demonstrated it in a call with Motherboard. Florian's correspondence with Valve occurred on HackerOne, the bug bounty platform used by the company to get reports about vulnerabilities. Valve admitted that it was being slow to respond, even though it classified the bug as "critical" in the thread with the researchers, which Motherboard reviewed. "I am honestly very disappointed because they straight up ignored me most of the time," Florian said in an online chat.
          

    Read more of this story at Slashdot.


  • The Global Business of Professional Trolling
    Professional political trolling is still a thriving underground industry around the world, despite crackdowns from the biggest tech firms. From a report: Coordinated online disinformation efforts offer governments and political actors a fast, cheap way to get under rivals' skin. They also offer a paycheck to people who are eager for work, typically in developing countries. "It's a more sophisticated means of disinformation to weaken your advisories," said Todd Carroll, CISO and VP of Cyber Operations at CybelAngel. Facebook last week said it had uncovered a massive troll farm in Albania, linked to an Iranian militant group. The operation had the the hallmarks of a typical troll farm, which Facebook defines as "a physical location where a collective of operators share computers and phones to jointly manage a pool of fake accounts as part of an influence operation." "The main thing we saw was strange signals centralized coordination between different fake accounts," said Ben Nimmo, Facebook's global influence operations threat intelligence lead. Like numerous troll farms uncovered over the past few years, there was one easy giveaway: content from the network targeted Iran, but was posted on social media during normal working hours on Central European Time.
          

    Read more of this story at Slashdot.


  • Security Researcher Drops Chrome and Edge Exploit on Twitter
    An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave. From a report: The researcher, Rajvardhan Agarwal, told The Record today that the exploit code is for a Chromium bug that was used during the Pwn2Own hacking contest that took place last week. During the contest, security researchers Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security used a vulnerability to run malicious code inside Chrome and Edge, for which they received $100,000. Per contest rules, details about this bug were handed over to the Chrome security team so the bug could be patched as soon as possible. While details about the exact nature of the bug were never publicly disclosed, Agarwal told The Record he spotted the patches for this bug by looking at the source code commits to the V8 JavaScript engine, a component of the Chromium open-source browser project, which allowed him to recreate the Pwn2Own exploit, which he uploaded earlier today on GitHub, and shared on Twitter. However, while Chromium developers have patched the V8 bug last week, the patch has not yet been integrated into official releases of downstream Chromium-based browsers such as Chrome, Edge, and others, which are still vulnerable to attacks.
          

    Read more of this story at Slashdot.


  • Microsoft Announces New Webcam and USB-C Speaker for the Work from Home Era
    Microsoft's long-awaited new webcam is finally here, alongside a number of accessories designed for the work from home era. From a report: Rumors of a new Microsoft webcam have been circulating for years, and the result is what Microsoft calls the Modern Webcam. It's a fairly basic and affordable 1080p webcam that will start shipping for $69.99 in June. The Microsoft Modern Webcam will support up to 1080p HDR output at 30fps and connects via USB-A, not USB-C. It's not the 4K webcam found on Microsoft's Surface Hub 2, and it doesn't include Windows Hello support either. It's really a simple webcam designed for students or workers to quickly add a better video calling option to an existing laptop or PC. Microsoft is also including a privacy shutter and LED indicator to let people easily see when the webcam is active. Microsoft is also launching a new USB-C speaker. The Modern USB-C Speaker is designed primarily for Microsoft Teams, and it even includes a button to launch a control panel for Teams with quick actions for meetings.
          

    Read more of this story at Slashdot.


  • Apple Will Hold a Special Event on April 20
    If you're wondering when Apple will hold its next event, Siri may have the answer. From a report: Ask the digital helper: "When is the next Apple event?" and it will respond with "the special event is on Tuesday, April 20, at Apple Park in Cupertino, CA. You can get all the details on Apple.com." MacRumors, which spotted the reply, says the virtual assistant is providing it in certain instances on iPhone, iPad, Mac, and HomePod. While it's an open secret that Apple is planning an event for later this month where it's expected to debut a new iPad Pro, Siri has seemingly leaked the date ahead of confirmation. We won't have to wait long to find out if the info is correct, though. Apple normally sends out invites to the press a week ahead of the proceedings, so it should make it official later today. The event itself is expected to be a virtual affair starring the iPad Pro (in two sizes) and possibly featuring the AirTags Bluetooth tracker. Apple's next premium slate reportedly features a Mini LED display on the flagship 12.9-inch model, but supply chain issues could see it ship later than planned and in limited quantities.
          

    Read more of this story at Slashdot.


  • US Recommends 'Pause' For J&J Vaccine Over Clot Reports
    iggymanz writes: The U.S. is recommending a "pause" in using the single-dose Johnson & Johnson COVID-19 vaccine to investigate reports of potentially dangerous blood clots. The Centers for Disease Control and Prevention and the Food and Drug Administration said Tuesday they were investigating unusual clots that occurred 6 to 13 days after vaccination. The clots occurred in veins that drain blood from the brain and occurred together with low platelets. All six cases were in women between the ages of 18 and 48; there was one death and all remained under investigation. The reports appear similar to a rare, unusual type of clotting disorder that European authorities say is possibly linked to another COVID-19 vaccine not yet cleared in the U.S., from AstraZeneca. More than 6.8 million doses of the J&J vaccine have been administered in the U.S., the vast majority with no or mild side effects.
          

    Read more of this story at Slashdot.


  • New Microsoft Surface Laptop 4 Goes for Battery Life
    Microsoft on Tuesday announced a new 2021 Surface Laptop, called the Surface Laptop 4. The new version adds 11th-gen Intel Core processors, paired with Intel Iris XE graphics. There's also an AMD processor option -- Zen 2 series -- with a graphics chip called AMD Radeon Graphics Microsoft Surface Edition. From a report: For all the buzz Microsoft's Surface tablets get, I've always thought the Surface Laptop was actually Microsoft's secret weapon. Since Surface Laptop debuted in 2017, it's been a strong contender for the best all-purpose slim Windows laptop. But plenty of companies offer 13-inch-class slim laptops, all hoping to be the Windows version of Apple's ubiquitous MacBook Air. (Microsoft also introduced a 15-inch version in 2019.) Microsoft says the Surface Laptop has the Surface line's highest level of customer satisfaction. Besides simply working well and being stylish and easy to use, the Surface Laptop was frequently on sale at very reasonable prices, making it a great way to get a rock-solid clamshell laptop for not much money. Shortly before the Surface Laptop 4 preorders went live, you could still order a Core i5 13-inch Surface Laptop 3 (with 8GB RAM and a 128GB SSD) for $769, or $899 for a 256GB SSD.
          

    Read more of this story at Slashdot.


  • Billions of Smartphone Owners Will Soon Be Authorizing Payments Using Facial Recognition
    An anonymous reader quotes a report from ZDNet: The next few years will see billions of users regularly using facial recognition technology to secure payments made through their smartphone, tablets or smartwatches, according to new analysis carried out by Juniper Research. Smartphone owners are already used to staring at their screens to safely unlock their devices without having to dial in a secret code; now, facial recognition will increasingly be deployed to verify the identity of a user making a payment with their handset, whether that's via an app or directly in-store, in wallet mode.   In addition to facial features, Juniper Research's analysts predict that a host of biometrics will be used to authenticate mobile payments, including fingerprint, iris and voice recognition. Biometric capabilities will reach 95% of smartphones globally by 2025, according to the researchers; by that time, users' biological characteristics will be authenticating over $3 trillion-worth of payment transactions -- up from $404 billion in 2020. [...] "All you need for software-based facial recognition is a front-facing camera on the device and accompanying software," Nick Maynard, lead analyst at Juniper Research, tells ZDNet. "In a hardware-based system, there will be additional hardware layers that add additional security levels. It's increasingly important to differentiate because hardware-based systems are the more secure of the two." Maynard's research shows that between now and 2025, the number of handsets using hardware-based systems will grow by a dramatic 376% to reach 17% of smartphones. Juniper expects the number of smartphone owners using [software-based facial recognition systems] to secure payments to grow by 120% to 2025, to reach 1.4 billion devices -- that is, roughly 27% of smartphones globally. "Hardware-based systems obviously have additional costs per device," adds Maynard, "but the reason it is growing well is really that Apple has been driving it forward. They've made the technology a part of their high-end devices, and shown that hardware-based facial recognition technology can be done and can be very secure."   "Software-based facial recognition is strong because it's very easy to deploy," Maynard continues, "but we are expecting a shift towards hardware-based systems as software becomes invalidated by fraudster approaches. Fraudster methods are always evolving, and the hardware needs to evolve with it."
          

    Read more of this story at Slashdot.


The Register





  • What's Red and scale-y and shacked up with NEC? A new Red Hat network function virtualization solution, apparently
    Living on the Edge as SA networks roll out
    The move to 5G has allowed vendors and carriers to fundamentally rethink how their networks are structured. Once the norm, tightly integrated vendor-specific hardware is gradually being supplanted by virtualized alternatives that run happily on standards-agnostic kit. Jumping on the bandwagon is Japanese provider NEC, which today said it would use RedHat's OpenShift Kubernetes platform for its upcoming 5G hardware.…

















  • NASA writes software update for Ingenuity helicopter to enable first Mars flight
    Won’t say when flight tests will resume, because uploads and testing are hard when your machine is 15 light minutes away
    NASA will upload a "minor modification" of flight control software to the Ingenuity helicopter ahead of its first attempt at powered flight on Mars, and says the process of doing so means it can’t say when attempts to send craft into Red skies will take place.…


  • Tencent Cloud opens first Indonesian data center
    Jakarta bit barn offers subset of services - CLI, GPU, some storage services, advanced security services and serverless aren't on offer
    Chinese web giant Tencent has opened its first cloud data center in Indonesia.…

















  • Clearview AI accused over free trials to US police that were plausibly deniable
    Plus: Another Google AI boffin resigns and AI tries to recreate music from famous musicians who died at 27
    In Brief A year-long investigation into Clearview, the dodgy facial recognition startup, has revealed how its software has been used by over 1,800 public agencies in an attempt to identify over 7,000 people from 2018 to 2020.…










  • United States' plan to beat China includes dominating tech standards groups – especially for 5G
    'Strategic Competition Act' calls for appointment of a new ambassador-at-large for tech
    America's plan to compete with China includes a call for the land of the free to dominate tech standards bodies, especially for 5G, and to appoint an ambassador level official to lead a new “Technology Partnership Office” that Washington will use to drive tech collaboration among like-minded nations.…



  • Wormhole encrypted file transfer app reboots Firefox Send after Mozilla fled
    App's developers believe they can manage potential abuse
    Earlier this month, a startup called Socket, Inc., launched Wormhole, a web app for encrypting files and making them available to those who receive the URL-embedded encryption key, without exposing the files to the cloud-based intermediary handling the transfer.…




Linux.com offline for now

Phoronix


  • System76 Developing "COSMIC" Desktop Environment For Pop!_OS
    System76 has their in-house Pop!_OS Linux distribution derived from Ubuntu and have long been customizing their GNOME-based desktop. However, the Linux PC vendor is now taking things a step further by developing their own desktop environment dubbed COSMIC...




  • Vulkan Video Arrives For New Industry-Standard Video Encode/Decode
    For years we have been eager to learn more about the long mentioned Vulkan Video API, which was supposed to come in H1-2020, but now has finally arrived with today's v1.2.175 update in provisional form. The new Vulkan Video extensions allow for GPU-accelerated video encode/decode. The initial public work is treated as a provisional specification and with limited codec coverage but will be expanded upon in time...





  • Slackware 15 Beta Process Begins
    Back in February Slackware 15.0 went into alpha, nine years since Slackware 14.0 made its debut or even five years since Slackware 14.2. Now Slackware 15.0 is up to its beta phase...


  • Secret Memory Areas For Linux Might Finally Be Ready With memfd_secret
    In development for more than one year has been the ability to create secret memory areas on Linux that would be visible only to the owning process and is not mapped for other processes or the kernel page tables. That "memfd_secret" system call has finally materialized in Linux-Next and looking like it could be ready for mainline...




  • NVIDIA Announces Grace CPU For ARM-Based AI/HPC Processor
    NVIDIA announced today in kicking off GTC21 the "Grace" high performance Arm processor for AI and high performance computing workloads. But before getting too excited, this high performance Arm chip isn't expected to be ready until 2023...


  • Radeon Vulkan Variable Rate Shading Benchmarks For Boosting RDNA2 Performance
    Landing in Mesa 21.1 on Friday was a variable rate shading (VRS) override for the Radeon Vulkan "RADV" driver for providing significant performance boosts by effectively rendering less. This feature is limited to RDNA2 graphics processors while here are some benchmarks on what it means for 4K gaming with the AMD Radeon RX 6000 series graphics cards on Linux.



  • Intel DG1 Graphics Card Nears Working State On Linux
    While these kernel patches aren't expected to land until the Linux 5.14 kernel cycle later in the summer, a set of 19 patches published on Monday morning begin allowing a test system to boot with the DG1 graphics card...



  • Intel Rocket Lake Target Added To GCC 11
    While Intel is often very proactive in adding new CPU families to the open-source GCC and LLVM/Clang compilers where it tends to land a year or more in advance of the processors actually shipping, occasionally there are slipups. Today in fact the "Rocket Lake" support finally was merged into GCC 11 days ahead of that compiler release and after the CPUs were already launched at the end of March...



  • Linux 5.13 Will Stop Restricting CPU Power Metrics Access For AMD Energy Driver
    Following the PLATYPUS discovery last year that CPU energy information could be used for possible side channel attacks, the Intel RAPL counters were not only restricted to root but the "amd_energy" driver for exposing CPU energy information on supported Zen series CPUs was also dialed back to root-only in the name of security. Linux 5.13 is introducing a new mechanism so AMD CPUs will be able to still read the energy counters even if not operating as root...


  • Dynatron A38 Performance For Cooling 280 Watt AMD EPYC CPUs
    Announced in March by Dynatron was their A38 CPU cooler for AMD Ryzen Threadripper and EPYC processors. This heatsink fan is rated for cooling up to 280 Watt SP3/sTRX4/TR4 processors making it capable of cooling even the newest high-end EPYC "Milan" processors with the EPYC 75F3 and 7763 processors. Here are some initial benchmarks of this cooler with the AMD EPYC 7763 server processor.


  • SiFive FU740 PCIe Support Queued Ahead Of Linux 5.13
    Arguably the most interesting RISC-V board announced to date is SiFive's HiFive Unmatched with the FU740 RISC-V SoC that features four U74-MC cores and one S7 embedded core. The HiFive Unmatched also has 16GB of RAM, USB 3.2 Gen 1, one PCI Express x16 slot (operating at x8 speeds), an NVMe slot, and Gigabit Ethernet. The upstream kernel support for the HiFive Unmatched and the FU740 SoC continues...





  • Radeon Vulkan Driver Adds Option Of Rendering Less For ~30% Greater Performance
    If your current Vulkan-based Radeon Linux gaming performance isn't cutting it and a new GPU is out of your budget or you have been unable to find a desired GPU upgrade in stock, the Mesa RADV driver has added an option likely of interest to you... Well, at least moving forward with this feature being limited to RDNA2 GPUs for now...


  • Wine 6.6 Released With Better Plug & Play Driver Support
    Wine 6.6 is out as the open-source project's first release of April for running Windows games and applications primarily on Linux and macOS platforms. With Wine 6.6 comes more feature work that will ultimately be incorporated into the Wine 7.0 release due out in early 2022...



  • AMD EPYC 7003 Series Working Out Well With The Supermicro H12SSL-i
    Following last month's launch of the AMD EPYC 7003 "Milan" series prominent motherboard vendors have been fairly quick to enable Milan support for capable motherboards originally launched for the prior EPYC 7002 "Rome" processors. For those in the market for a 1P ATX motherboard that will work with these exciting new server processors, the Supermicro H12SSL-i is a nice entry-level motherboard that gets the job done and with its BIOS v2.0 release is working well for the new Zen 3 server CPUs.


  • Fedora 34 Adding SEVCTL Utility For Managing AMD SEV
    The upcoming release of Fedora 34 will make it the first major Linux distribution to have sevctl available, an open-source utility for managing AMD EPYC systems with Secure Encrypted Virtualization (SEV)...





Engadget"Engadget"


























OSnews

  • Was the NE2000 really that bad?
    Over the last few months I have been on and off digging into the history of early PC networking products, especially Ethernet-based ones. In that context, it is impossible to miss the classic NE2000 adapter with all its offshoots and clones. Especially in the Linux community, the NE2000 seems to have had rather bad reputation that was in part understandable but in part based on claims that simply make no sense upon closer examination. A deep dive into this very popular and widespread NE2000 adapter.


  • FreeBSD/arm64 becoming Tier 1 in FreeBSD 13
    FreeBSD will promote arm64 to a Tier 1 architecture in FreeBSD 13. This means we will provide release images, binary packages, and security and errata updates. While we anticipate there will be minor issues with this first release, we believe the port is mature enough that they can be resolved during the life of FreeBSD 13. Maybe not massively relevant right now, but with Arm making its way into both servers and desktops, this is some good future-proofing for FreeBSD.


  • X.Org Server Git lands support for hardware-accelerated XWayland with NVIDIA
    The NVIDIA-led work to allow XWayland OpenGL and Vulkan acceleration with their proprietary driver has just been merged into X.Org Server Git. The XWayland changes needed to allow the NVIDIA proprietary driver to work in an accelerated manner have landed in X.Org Server 1.21 Git. The main change is xwayland: implement pixmap_from_buffers for the eglstream backend that was merged just a few minutes ago. NVIDIA is a big blocker for Wayland, so any steps forward are good steps  even if it takes a while before this code ends up on our desktops.


  • IBM COBOL for Linux on x86 1.1 brings COBOL capabilities to Linux
    COBOL for Linux on x86 1.1 is the latest addition to the IBM COBOL compiler family, which includes Enterprise COBOL for z/OS and COBOL for AIX. COBOL for Linux on x86 is a productive and powerful development environment for building and modernizing COBOL applications. It includes an optimizing COBOL compiler and a COBOL runtime library. COBOL for Linux on x86 is based on the same advanced optimization technology as Enterprise COBOL for z/OS. It offers both performance and programming capabilities for developing business critical COBOL applications for Linux on x86 systems. COBOL for Linux on x86 is designed to support clients on their journey to the cloud. It enables clients to strategically deploy business-critical applications written in COBOL to a hybrid cloud environment or best-fit platforms, which includes IBM Z (z/OS), IBM Power Systems (AIX), and x86 (Linux) platforms. As I understand it, theres still a lot of COBOL code all over the industry, so it makes sense for IBM to make its COBOL technologies available to more people.


  • A bit of XENIX history
    An old post from 2014. From 1986 to 1989, I worked in the Xenix group at Microsoft. It was my first job out of school, and I was the most junior person on the team. I was hopelessly naive, inexperienced, generally clueless, and borderline incompetent, but my coworkers were kind, supportive and enormously forgiving – just a lovely bunch of folks. Microsoft decided to exit the Xenix business in 1989, but before the group was dispersed to the winds, we held a wake. Many of the old hands at MS had worked on Xenix at some point, so the party was filled with much of the senior development staff from across the company. There was cake, beer, and nostalgia; stories were told, most of which I can’t repeat. Some of the longer-serving folks dug through their files to find particularly amusing Xenix-related documents, and they were copied and distributed to the attendees. These are kinds of stories that need to be written down for posterity, of we risk losing a lot of valuable information and backstories to some of the less successful technology products of our time.


  • Rust in the Android platform
    Correctness of code in the Android platform is a top priority for the security, stability, and quality of each Android release. Memory safety bugs in C and C++ continue to be the most-difficult-to-address source of incorrectness. We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android releases. Yet in spite of these efforts, memory safety bugs continue to be a top contributor of stability issues, and consistently represent ~70% of Android’s high severity security vulnerabilities. In addition to ongoing and upcoming efforts to improve detection of memory bugs, we are ramping up efforts to prevent them in the first place. Memory-safe languages are the most cost-effective means for preventing memory bugs. In addition to memory-safe languages like Kotlin and Java, we’re excited to announce that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself. Rust is popping up everywhere.


  • Signal embeds shady cryptocurrency in its service
    Many technologists viscerally felt yesterday’s announcement as a punch to the gut when we heard that the Signal messaging app was bundling an embedded cryptocurrency. This news really cut to heart of what many technologists have felt before when we as loyal users have been exploited and betrayed by corporations, but this time it felt much deeper because it introduced a conflict of interest from our fellow technologists that we truly believed were advancing a cause many of us also believed in. So many of us have spent significant time and social capital moving our friends and family away from the exploitative data siphon platforms that Facebook et al offer, and on to Signal in the hopes of breaking the cycle of commercial exploitation of our online relationships. And some of us feel used. Signal users are overwhelmingly tech savvy consumers and we’re not idiots. Do they think we don’t see through the thinly veiled pump and dump scheme that’s proposed? It’s an old scam with a new face. Allegedly the controlling entity prints 250 million units of some artificially scarce trashcoin called MOB (coincidence?) of which the issuing organization controls 85% of the supply. This token then floats on a shady offshore cryptocurrency exchange hiding in the Cayman Islands or the Bahamas, where users can buy and exchange the token. The token is wash traded back and forth by insiders and the exchange itself to artificially pump up the price before it’s dumped on users in the UK to buy to allegedly use as “payments”. All of this while insiders are free to silently use information asymmetry to cash out on the influx of pumped hype-driven buys before the token crashes in value. Did I mention that the exchange that floats the token is the primary investor in the company itself, does anyone else see a major conflict of interest here? And there goes Signal, down the drain, throwing away all the goodwill it has managed to build up. Apparently, the donations they received from users werent enough, and it has to resort to shady schemes like these to keep the service running. I wasnt using Signal to begin with, but this ensures Im not touch it with a ten foot pole. As for cryptocurrency, a topic we effectively do not cover on OSNews  Im not saying cryptocurrency is by definition shady, but lets just say I dont read many stories about cryptocurrency that instill me with any confidence in its trustworthiness and stability in any way, shape, or form. The technology in and of itself is cool, but what people are doing with it is, well, not.


  • Steam on FreeBSD
    Steam is a gaming platform that sells and manages games on Windows and Linux. Since FreeBSD has some pretty good Linux emulation, it is possible – with some footnotes – to run Linux Steam Games on FreeBSD. This was already possible in 2016 but the tooling keeps being updated, so let’s take a look at how things work. This is really interesting. Wines and Valves efforts are paying off in so many unforeseen ways.


  • Supreme Court sides with Google in Oracle’s API copyright case
    Great news from the Supreme Court of the United States. In a ruling on Monday, the Supreme Court found that Google could legally use elements of Oracle’s Java application programming interface (API) code when building Android. “Google’s copying of the API to reimplement a user interface, taking only what was needed to allow users to put their accrued talents to work in a new and transformative program, constituted a fair use of that material,” the Supreme Court ruled in a 6-2 opinion, with one justice (Amy Coney Barrett) not taking part in the ruling. It overturned an earlier federal decision, which found that Google’s use of the API had constituted infringement. Not only is Googles specific use case declared fair use, but any and all similar cases are fair use as well, as a matter of law, the Supreme Court ruled. We reach the conclusion that in this case, where Google reimplemented a user interface, taking only what was needed to allow users to put their accrued talents to work in a new and transformative program, Google’s copying of the Sun Java API was a fair use of that material as a matter of law. Not only is this the only possible correct and proper ruling, it also means Oracle and Larry Ellison fall flat on their face which is always a joyous occasion as far as Im concerned. And so ends the saga that, according to my pet conspiracy theory, was set up as one-two punch between Steve Jobs and Larry Ellison, who were incredibly close friends. Apples patent assault on Android vendors and Oracles attack on Googles Android API usage happened at the same time, right after Jobs proclaimed he would go thermonuclear war! on Android. Now, you can argue that these two simultaneous assaults were entirely coincidental, and that these two close friends did not coordinate their attacks in any way. I, on the other hand, remain convinced this was a premeditated, coordinated assault on Android  entirely befitting the two, by all accounts, unpleasant people Jobs and Ellison are.


  • webOS OSE 2.10.0 released
    We’re pleased to announce the release of webOS Open Source Edition (OSE) 2.10.0. Theres a new storage access framework, cookie encryption of Blink has been enabled, a peripheral manager service has been added, and there are ACG enhancements.


  • Most loved programming language Rust sparks privacy concerns
    Rust developers have repeatedly raised concerned about an unaddressed privacy issue over the last few years. Rust has rapidly gained momentum among developers, for its focus on performance, safety, safe concurrency, and for having a similar syntax to C++.  StackOverflows 2020 developer survey ranked Rust first among the  most loved programming languages.! However, for the longest time developers have been bothered by their production builds leaking potentially sensitive debug information. Ill leave this one for you folks to figure out, but from a laymans perspective, it looks like a really dumb thing to keep paths from the developers machine like this in compiled binaries? At least after countless years, the Rust developers seem committed to fixing it, finally.


  • AmiSSL 4.9 released
    This is version 4.9 of the open-source based AmiSSL library for Amiga based operating systems. Version 4.x is a new major release which comes with full compatibility to the OpenSSL 1.1.x line which includes important security related fixes, TLSv1.3 and comes with new encryption ciphers which are required nowadays to connect to modern SSL-based services (e.g. HTTPS). This may seem like a small update to an insignificant package, but its hugely important for smaller operating systems like Amiga OS to remain usable in this day and age.


  • Google is restricting which apps can see the other installed apps on your device
    Google is making some new changes to the Developer Program Policy that will make it harder for apps to see what other apps are installed on your Android device. Google says it regards the full list of installed apps on a user’s device to be personal and sensitive information, and as such, will limit which apps can access this information. Specifically, Google will be restricting which apps can request the QUERY_ALL_PACKAGES permission which is currently required for apps targeting API level 30 (Android 11) and above that want to query the list of installed apps on a user’s device that runs Android 11 or later. These moves by Google to make Androids permission system less permissive is a welcome one. These changes dont really restrict users in what kinds of access and permissions they can give applications if they choose to do so, but the default access levels applications get are getting more restrictive, which I think is a good thing. As long as we can keep making different choices and grant the access we choose, all is well.


  • Windows 95: how does it look today?
    Windows 95 was the “next-generation” OS from Microsoft: redesigned UI, long file names support, 32-bit apps and many other changes. Some of Windows 95 components are still in use today. How does it look? Let’s test it and figure it out. Its always fun to dive back into old operating systems we used to use every day. Windows 95 is such a monumental release, and one that changed the face of computing overnight. It turned an already massive computer company into one of the largest, most powerful companies in the world, and its influence on how desktop and laptop user interfaces work today can be seen everywhere. Windows 95 also happens to be delightfully pleasant to look at, especially taking into account the jumbled, chaotic mess of a user interface Windows has become today.


  • Pixel 6 will be powered by new Google-made ‘Whitechapel’ chip
    9to5Google can report today that Google’s upcoming phones for this fall, including the presumed Pixel 6, will be among the first devices to run on the “GS101” Whitechapel chip. First rumored in early 2020, Whitechapel is an effort on Google’s part to create their own systems on a chip (SoCs) to be used in Pixel phones and Chromebooks alike, similar in to how Apple uses their own chips in the iPhone and Mac. Google was said to be co-developing Whitechapel with Samsung, whose Exynos chips rival Snapdragon processors in the Android space. Per that report, Google would be ready to launch devices with Whitechapel chips as soon as 2021. According to documentation viewed by 9to5Google, this fall’s Pixel phones will indeed be powered by Google’s Whitechapel platform. Googles been hinting at this for a few years now. Im curious to see how these will stack up against Apples and Qualcomms chips, because unlike what some people seem to think, Google has a lot of experience designing and building chips  just not for consumer devices.



Linux Journal - The Original Magazine of the Linux Community

  • Develop a Linux command-line Tool to Track and Plot Covid-19 Stats
        by Nawaz Abbasi    It’s been over a year and we are still fighting with the pandemic at almost every aspect of our life. Thanks to technology, various tools and mechanisms to track Covid-19 related metrics. This introductory-level tutorial discusses developing one such tool at just Linux command-line, from scratch.
    We will start with introducing the most important parts of the tool – the APIs and the commands. We will be using 2 APIs for our tool - COVID19 API and Quickchart API and 2 key commands – curl and jq. In simple terms, curl command is used for data transfer and jq command to process JSON data.
    The complete tool can be broken down into 2 keys steps:

    1. Fetching (GET request) data from the COVID19 API and piping the JSON output to jq so as to process out only global data (or similarly, country specific data).
     $ curl -s --location --request GET 'https://api.covid19api.com/summary' | jq -r '.Global'  {   "NewConfirmed": 561661,   "TotalConfirmed": 136069313,   "NewDeaths": 8077,   "TotalDeaths": 2937292,   "NewRecovered": 487901,   "TotalRecovered": 77585186,   "Date": "2021-04-13T02:28:22.158Z"  } 
    2. Storing the output of step 1 in variables and calling the Quickchart API using those variables, to plot a chart. Subsequently piping the JSON output to jq so as to filter only the link to our chart.
     $ curl -s -X POST \   -H 'Content-Type: application/json' \   -d '{"chart": {"type": "bar", "data": {"labels": ["NewConfirmed (${newConf})", "TotalConfirmed (${totConf})", "NewDeaths (${newDeath})", "TotalDeaths (${totDeath})", "NewRecovered (${newRecover})", "TotalRecovered (${totRecover})"], "datasets": [{"label": "Global Covid-19 Stats (${datetime})", "data": [${newConf}, ${totConf}, ${newDeath}, ${totDeath}, ${newRecover}, ${totRecover}]}]}}}' \   https://quickchart.io/chart/create | jq -r '.url'  https://quickchart.io/chart/render/zf-be27ef29-4495-4e9a-9180-dbf76f485eaf    That’s it! Now we have our data plotted out in a chart:

        Go to Full Article          


  • FSF’s LibrePlanet 2021 Free Software Conference Is Next Weekend, Online Only
        by George Whittaker    On Saturday and Sunday, March 20th and 21st, 2021, free software supporters from all over the world will log in to share knowledge and experiences, and to socialize with others within the free software community. This year’s theme is “Empowering Users,” and keynotes will be Julia Reda, Nathan Freitas, and Nadya Peek. Free Software Foundation (FSF) associate members and students attend gratis at the Supporter level. 
    You can see the schedule and learn more about the conference at https://libreplanet.org/2021/, and participants are encouraged to register in advance at https://u.fsf.org/lp21-sp
    The conference will also include workshops, community-submitted five-minute Lightning Talks, Birds of a Feather (BoF) sessions, and an interactive “exhibitor hall” and “hallway” for socializing.
        Go to Full Article          


  • Review: The New weLees Visual LVM, a new style of LVM management, has been released
        by George Whittaker    Maintenance of the storage system is a daily job for system administrators. Linux provides users with a wealth of storage capabilities, and powerful built-in maintenance tools. However, these tools are hardly friendly to system administrators while generally considerable effort is required for mastery.
    As a Linux built-in storage model, LVM provides users with plenty flexible management modes to fit various needs. For users who can fully utilize its functions, LVM could meet almost all needs. But the premise is thorough understanding of the LVM model, dozens of commands as well as accompanying parameters.
    The graphical interface would dramatically simplify both learning curve and operation with LVM, in a similar approach as partition tools that are widely used on Windows/Linux platforms. Although scripts with commands are suitable for daily, automatic tasks, the script could not handle all functions in LVM. For instance, manual calculation and processing are still required by many tasks.
    Significant effort had been spent on this problem. Nowadays, several graphical LVM management tools are already available on the Internet, some of them are built-in with Linux distributions and others are developed by third parties. But there remains a critical problem: desire for remote machines or headless servers are completely ignored.
    This is now solved by Visual LVM Remote. Front end of this tool is developed based on the HTTP protocol. With any smart device that can connect to the storage server, Users can perform management operations.
    Visual LVM is developed by weLees Corporation and supports all Linux distributions. In addition to working with remote/headless servers, it also supports more advanced features of LVM compared with various on-shelf graphic LVM management tools.
    Dependences of Visual LVM Remote  Visual LVM Remote can work on any Linux distribution that including two components below:
      LVM2
        Libstdc++.so
     UI of Visual LVM Remote  With a concise UI, partitions/physical volumes/logical volumes are displayed by disk layout. With a glance, disk/volume group information can be obtained immediately. In addition, detailed relevant information of the object will be displayed in the information bar below with the mouse hover on the concerned object.
        Go to Full Article          


  • Nvidia Linux drivers causing random hard crashes and now a major security risk still not fixed after 5+ months
    Image       The recent fiasco with Nvidia trying to block Hardware Unboxed from future GPU review samples for the content of their review is one example of how they choose to play this game. This hatred is not only shared by reviewers, but also developers and especially Linux users.
    The infamous Torvalds videos still traverse the web today as Nvidia conjures up another evil plan to suck up more of your money and market share. This is not just one off shoot case; oh how much I wish it was. I just want my computer to work.
    If anyone has used Sway-WM with an Nvidia GPU I’m sure they would remember the –my-next-gpu-wont-be-nvidia option.
    These are a few examples of many.
    The Nvidia Linux drivers have never been good but whatever has been happening at Nvidia for the past decade has to stop today. The topic in question today is this bug: [https://forums.developer.nvidia.com/t/bug-report-455-23-04-kernel-panic-due-to-null-pointer-dereference]
    This bug causes hard irrecoverable crashes from driver 440+. This issue is still happening 5+ months later with no end in sight. At first users could work around this by using an older DKMS driver along with a LTS kernel. However today this is no longer possible. Many distributions of Linux are now dropping the old kernels. DKMS cannot build. The users are now FORCED with this “choice”:
    {Use an older driver and risk security implications} or {“use” the new drivers that cause random irrecoverable crashes.}
    This issue is only going to get more and more prevalent as the kernel is a core dependency by definition. This is just another example of the implications of an unsafe older kernel causing issue for users: https://archlinux.org/news/moving-to-zstandard-images-by-default-on-mkinitcpio/
    If you use Linux or care about the implications of a GPU monopoly, consider AMD. Nvidia is already rearing its ugly head and AMD is actually putting up a fight this year.
          #Linux  NVIDIA  News                   


  • Parallel shells with xargs: Utilize all your cpu cores on UNIX and Windows
        by Charles Fisher    Introduction  One particular frustration with the UNIX shell is the inability to easily schedule multiple, concurrent tasks that fully utilize CPU cores presented on modern systems. The example of focus in this article is file compression, but the problem rises with many computationally intensive tasks, such as image/audio/media processing, password cracking and hash analysis, database Extract, Transform, and Load, and backup activities. It is understandably frustrating to wait for gzip * running on a single CPU core, while most of a machine's processing power lies idle.
    This can be understood as a weakness of the first decade of Research UNIX which was not developed on machines with SMP. The Bourne shell did not emerge from the 7th edition with any native syntax or controls for cohesively managing the resource consumption of background processes.
    Utilities have haphazardly evolved to perform some of these functions. The GNU version of xargs is able to exercise some primitive control in allocating background processes, which is discussed at some length in the documentation. While the GNU extensions to xargs have proliferated to many other implementations (notably BusyBox, including the release for Microsoft Windows, example below), they are not POSIX.2-compliant, and likely will not be found on commercial UNIX.
    Historic users of xargs will remember it as a useful tool for directories that contained too many files for echo * or other wildcards to be used; in this situation xargs is called to repeatedly batch groups of files with a single command. As xargs has evolved beyond POSIX, it has assumed a new relevance which is useful to explore.


    Why is POSIX.2 this bad?  A clear understanding of the lack of cohesive job scheduling in UNIX requires some history of the evolution of these utilities.
        Go to Full Article          


  • Bypassing Deep Packet Inspection: Tunneling Traffic Over TLS VPN
        by Dmitriy Kuptsov   
    In some countries, network operators employ deep packet inspection techniques to block certain types of traffic. For example, Virtual Private Network (VPN) traffic can be analyzed and blocked to prevent users from sending encrypted packets over such networks.

    By observing that HTTPS works all over the world (configured for an extremely large number of web-servers) and cannot be easily analyzed (the payload is usually encrypted), we argue that in the same manner VPN tunneling can be organized: By masquerading the VPN traffic with TLS or its older version - SSL, we can build a reliable and secure network. Packets, which are sent over such tunnels, can cross multiple domains, which have various (strict and not so strict) security policies. Despite that the SSH can be potentially used to build such network, we have evidence that in certain countries connections made over such tunnels are analyzed statistically: If the network utilization by such tunnels is high, bursts do exist, or connections are long-living, then underlying TCP connections are reset by network operators.

    Thus, here we make an experimental effort in this direction: First, we describe different VPN solutions, which exist on the Internet; and, second, we describe our experimental effort with Python-based software and Linux, which allows users to create VPN tunnels using TLS protocol and tunnel small office/home office (SOHO) traffic through such tunnels.
    I. INTRODUCTION
    Virtual private networks (VPN) are crucial in the modern era. By encapsulating and sending client’s traffic inside protected tunnels it is possible for users to obtain network services, which otherwise would be blocked by a network operator. VPN solutions are also useful when accessing a company’s Intranet network. For example, corporate employees can access the internal network in a secure way by establishing a VPN connection and directing all traffic through the tunnel towards the corporate network. This way they can get services, which otherwise would be impossible to get from the outside world.
    II. BACKGROUND
    There are various solutions that can be used to build VPNs. One example is Host Identity Protocols (HIP) [7]. HIP is a layer 3.5 solution (it is in fact located between transport and network layers) and was originally designed to split the dual role of IP addresses - identifier and locator. For example, a company called Tempered Networks uses HIP protocol to build secure networks (for sampling see [4]).
        Go to Full Article          


  • How to Save Time Running Automated Tests with Parallel CI Machines
        by Artur Trzop   
    Automated tests are part of many programming projects, ensuring the software is flawless. The bigger the project, the larger the test suite can be.This can result in automated tests taking a lot of time to run. In this article you will learn how to run automated tests faster with parallel Continuous Integration machines (CI) and what problems can be encountered. The article covers common parallel testing problems, based on Ruby & JavaScript tests.
    Slow automated tests
    Automated tests can be considered slow when programmers stop running the whole test suite on their local machine because it is too time consuming. Most of the time you use CI servers such as Jenkins, CircleCI, Github Actions to run your tests on an external machine instead of your own. When you have a test suite that runs for an hour then it’s not efficient to run it on your computer. Browser end-to-end tests for your web project can take a really long time to execute. Running tests on a CI server for an hour is also not efficient. You as a developer need a fast feedback loop to know if your software works fine. Automated tests should help you with that.
    Split tests between many CI machines to save time
    A way to save you time is to make CI build as fast as possible. When you have tests taking e.g. 1 hour to run then you could leverage your CI server config and setup parallel jobs (parallel CI machines/nodes). Each of the parallel jobs can run a chunk of the test suite. 

    You need to divide your tests between parallel CI machines. When you have a 60 minutes test suite you can run 20 parallel jobs where each job runs a small set of tests and this should save you time. In an optimal scenario you would run tests for 3 minutes per job. 

    How to make sure each job runs for 3 minutes? As a first step you can apply a simple solution. Sort all of your test files alphabetically and divide them by the number of parallel jobs. Each of your test files can have a different execution time depending on how many test cases you have per test file and how complex each test case is. But you can end up with test files divided in a suboptimal way, and this is problematic. The image below illustrates a suboptimal split of tests between parallel CI jobs where one job runs too many tests and ends up being a bottleneck.
        Go to Full Article          


  • The KISS Web Development Framework
        by Blake McBride   
    Perhaps the most popular platform for applications is the web. There are many reasons for this including portability across platforms, no need to update the program, data backup, sharing data with others, and many more. This popularity has driven many of us to the platform.

    Unfortunately, the platform is a bit complex. Rather than developing in a particular environment, with web applications it is necessary to create two halves of a program utilizing vastly different technologies. On top of that, there are many additional challenges such as the communications and security between the two halves.

    A typical web application would include all of the following building blocks:
    Front-end layout (HTML/CSS)  Front-end functionality (JavaScript)  Back-end server code (Java, C#, etc.)  Communications (REST, etc.)  Authentication  Data persistence (SQL, etc.) 
    All these don't even touch on all the other pieces that are not part of your application proper, such as the server (Apache, tomcat, etc), the database server (PostgreSQL, MySQL, MongoDB, etc), the OS (Linux, etc.), domain name, DNS, yadda, yadda, yadda.

    The tremendous complexity notwithstanding, most application developers mainly have to concern themselves with the six items listed above. These are their main concerns.

    Although there are many fine solutions available for these main concerns, in general, these solutions are siloed, complex, and incongruent. Let me explain.

    Many solutions are siloed because they are single-solution packages that are complete within themselves and disconnected from other pieces of the system.

    Some solutions are so complex that they can take years to learn well. Developers can struggle more with the framework they are using than the language or application they are trying to write. This is a major problem.

    Lastly, by incongruent I mean that the siloed tools do not naturally fit well together. A bunch of glue code has to be written, learned, and supported to fit the various pieces together. Each tool has a different feel, a different approach, a different way of thinking.

    Being frustrated with all of these problems, I wrote the KISS Web Development Framework. At first it was just various solutions I had developed. But later it evolved into a single, comprehensive web development framework. KISS, an open-source project, was specifically designed to solve these exact challenges.

    KISS is a single, comprehensive, fully integrated web development framework that includes integrated solutions for:

    Front-end
    Custom HTML controls  Easy communications with the back-end with built-in authentication  Browser cache control (so the user never has to clear their cache)  A variety of general purpose utilities 
    Back-end
        Go to Full Article          


  • Linux in Healthcare - Cutting Costs & Adding Safety
        by Alex Gosselin   
    Healthcare domain directly deals with our health and lives. Healthcare is prevention, diagnosis, and treatment of any disease, injury, illness, or any other physical and mental impairments in humans. Emergency situations are often dealt with by the healthcare sector very frequently. With immense scope for improvisations, a thriving healthcare domain deals from telemedicine to insurance, and inpatient hospitals to outpatient clinics.  With practitioners practicing in multiple areas like medicine, chiropractic, nursing, dentistry, pharmacy, allied health, and others, it's an industry with complex processes and data-oriented maintenance systems often difficult to manage manually with paperwork.

    Need is the mother of innovation and hence people across the world have invented software and systems to manage:
    Patients’ data or rather medical history  Bills and claims for own and third-party services  Inventory management  Communication channels among various departments like reception, doctor’s room, investigation rooms, wards, Operation theaters, etc.  Controlled Medical equipment and much more. 
    Thus, saving our precious time, making life easier, and minimizing human errors.

    HealthCare integrated with Linux: With high availability, critical workloads, low power consumption and reliability, Linux has established itself in the likes of windows, and Mac OS. With a “stripped-down” graphical interface and minimal OS version, it provides a strong impetus for performance restricting many services from running and direct control over hardware. Integrating Linux with the latest technological solutions in healthcare (check out Elinext healthcare solutions, as an example), businesses are saving a lot along with enhanced security.

     

    Few drivers promoting Linux in healthcare are: 

    Open Source: One of the utmost benefits of Linux is its open-source saving license cost for  health care organizations. Most of the software and programs running on Linux OS are largely open sources too. Anyone can modify Linux kernel based on open source license, resulting customization as per your needs. Using open-source, there is no need to request additional resources or sign additional agreements. It provides you vendor independence. With a creditable Linux community backed by various organizations, you have satisfactory support.
        Go to Full Article          


  • MuseScore Created New Font in Memory of Original SCORE Program Creator
    Image      
    MuseScore represents a free notation software for operating systems such as Windows, macOS and Linux. It is designed and suitable for music teachers, students & both amateur and professional composers. MuseScore is released as FOSS under the GNU GPL license and it’s accompanied by freemium MuseScore.com sheet music catalogue with mobile score viewer, playback app and an online score sharing platform. In 2018, the MuseScore company was acquired by Ultimate Guitar, which included full-time paid developers in the open source team. Since 2019 the MuseScore design team has been led by Martin Keary, known as blogger Tantacrul, who has consistently criticized composer software in connection with design and usability. From that moment on, a qualitative change was set in motion in MuseScore.

    Historically, the engraving quality in MuseScore has not been entirely satisfactory. After the review by Martin Keary, MuseScore product owner (previously known as MuseScore head of design) and Simon Smith, an engraving expert, who has produced multiple detailed reports on the engraving quality of MuseScore 3.5, it has become apparent that some key engraving issues should be resolved immediately.That would have a significant impact on the overall quality of our scores. Therefore, these changes will considerably improve the quality of scores published in the sheet music catalog, MuseScore.com.

    The MuseScore 3.6 was called 'engraving release,' which addressed many of the biggest issues affecting sheet music's layout and appearance and resulted from a massive collaboration between the community and internal team.

     

    Two of the most notable additions in this release are Leland, our new notation font and Edwin, our new typeface.

    Leland is a highly sophisticated notation style created by Martin Keary & Simon Smith. Leland aims to provide a classic notation style that feels 'just right' with a balanced, consistent weight and a finessed appearance that avoids overly stylized quirks.

    The new typeface, Edwin, is based on the New Century Schoolbook, which has long been the typeface of choice by some of the world's leading publishers, explicitly chosen as a complementary companion to Leland. We have also provided new default style settings (margins, line thickness, etc.) to compliment Leland and Edwin, which match conventions used by the world's leading publishing houses.

    “Then there's our new typeface, Edwin, which is an open license version of new Century Schoolbook - long a favourite of professional publishers, like Boosey and Hawkes. But since there is no music written yet, you'll be forgiven for missing the largest change of all: our new notation font: Leland, which is named after Leland Smith, the creator of a now abandoned application called SCORE, which was known for the amazing quality of its engraving. We have spent a lot of time finessing this font to be a world beater.”

    — Martin Keary, product owner of MuseScore

    Equally as important as the new notation style is the new vertical layout system. This is switched on by default for new scores and can be activated on older scores too. It is a tremendous improvement to how staves are vertically arranged and will save the composer’s work hours by significantly reducing his reliance on vertical spacers and manual adjustment.

    MuseScore 3.6 developers also created a system for automatically organizing the instruments on your score to conform with a range of common conventions (orchestral, marching band, etc.). Besides, newly created scores will also be accurately bracketed by default. A user can even specify soloists, which will be arranged and bracketed according to your chosen convention. These three new systems result from a collaboration between Simon Smith and the MuseScore community member, Niek van den Berg.

    MuseScore team has also greatly improved how the software displays the notation fonts: Emmentaler and Bravura, which more accurately match the original designers' intentions and have included a new jazz font called 'Petaluma' designed by Anthony Hughes at Steinberg.

    Lastly, MuseScore has made some beneficial improvements to the export process, including a new dialog containing lots of practical and time-saving settings. This work was implemented by one more community member, Casper Jeukendrup.

    The team's current plans are to improve the engraving capabilities of MuseScore, including substantial overhauls to the horizontal spacing and beaming systems. MuseScore 3.6 may be a massive step, although there is a great deal of work ahead.

    Links

    Official release notes: MuseScore 3.6

    Martin Keary’s video: “How I Designed a Free Music Font for 5 Million Musicians (MuseScore 3.6)”

    Official video: “MuseScore 3.6 - A Massive Engraving Overhaul!”

    Download MuseScore for free: MuseScore.org
          #Linux  Music Software  FOSS                   


Page last modified on October 08, 2013, at 07:08 PM