Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All/All+Images) (Single Column)

LinuxSecurity - Security Advisories


  • Debian LTS: DLA-3218-1: libpgjava security update
    pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setText(int, InputStream)` or PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This


  • Debian LTS: DLA-3217-1: g810-led security update
    g810-led, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.


  • Debian LTS: DLA-3216-1: vlc security update
    Mitsurugi Heishiro found out that in VLC, multimedia player and streamer, a potential buffer overflow in the vnc module could trigger remote code execution if a malicious vnc URL is deliberately played.


  • Fedora 37: librime 2022-18023b665f
    Update capnproto to version 0.9.2 to address CVE-2022-46149. Dependent packages were rebuilt for both the fix for the security issue and the capnproto SONAME bump.


  • Fedora 37: rr 2022-18023b665f
    Update capnproto to version 0.9.2 to address CVE-2022-46149. Dependent packages were rebuilt for both the fix for the security issue and the capnproto SONAME bump.


LWN.net


  • [$] Juggling software interrupts and realtime tasks
    The software-interrupt mechanism is one of the oldest parts in the kernel;arguably, the basic design behind it predates Linux itself. Softwareinterrupts can get in the way of other work so, for almost aslong as they have existed, developers have wished that theycould be made to go away. That has never happened, though, and doesn'tlook imminent. Instead, Android systems have long carried a patch thattries to minimize the impact of software interrupts, at least in somesituations. John Stultz is now postingthat work, which contains contributions from a number of authors, inthe hope of getting it into the mainline kernel.


  • Security updates for Friday
    Security updates have been issued by Debian (snapd), Fedora (firefox, libetpan, ntfs-3g, samba, thunderbird, and xen), SUSE (busybox, emacs, and virt-v2v), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-hwe, linux-gcp, linux-hwe, linux-oracle, and tiff).


  • Samsung, LG, Mediatek certificates compromised to sign Android malware(Bleeping Computer)
    Bleeping Computer reportsthat the Android platform signing certificates for several manufacturershave leaked and been used to sign malware.
    However, based on the results, even though Google said that "all affected parties were informed of the findings and have taken remediation measures to minimize the user impact," it looks like not all the vendors have followed Google's recommendations since, at least in Samsung's case, the leaked platform certificates are still being used to digitally sign apps.


  • Memory Safe Languages in Android 13 (Google security blog)
    Over on the Google security blog, Jeffrey Vander Stoep writes about the impact of focusing on using memory-safe languages for new code in Android.As the amount of new memory-unsafe code entering Android has decreased, so too has the number of memory safety vulnerabilities. From 2019 to 2022 it has dropped from 76% down to 35% of Android’s total vulnerabilities. 2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.
    While correlation doesn’t necessarily mean causation, it’s interesting to note that the percent of vulnerabilities caused by memory safety issues seems to correlate rather closely with the development language that’s used for new code. This matches the expectations published in our blog post 2 years ago about the age of memory safety vulnerabilities and why our focus should be on new code, not rewriting existing components. Of course there may be other contributing factors or alternative explanations. However, the shift is a major departure from industry-wide trends that have persisted for more than a decade (and likely longer) despite substantial investments in improvements to memory unsafe languages.
    (Thanks to Rahul Sundaram.)


  • [$] Disunity at The Document Foundation
    The Document Foundation(TDF) was created in 2010 to steward andsupport the development of the LibreOffice suite, which was then a new fork of OpenOffice.org. TDF hasclearly been successful; unlike OpenOffice,which is currently under the Apache umbrella, LibreOffice is an activelydeveloped and widely used project. But TDF has also been showing signs of stress in recentyears, and the situation does not appear to be getting better. There arecurrently some significant disagreements over just what role TDF shouldplay; if those cannot be resolved, there is a real chance that they couldrip the Foundation apart.


  • Security updates for Thursday
    Security updates have been issued by CentOS (device-mapper-multipath, firefox, hsqldb, krb5, thunderbird, and xorg-x11-server), Debian (libraw), Fedora (freerdp and grub2), SUSE (bcel, emacs, glib2, glibc, grub2, nodejs10, and tomcat), and Ubuntu (linux-azure-fde and snapd).



  • [$] Python and hashing None
    The recent discussion of a proposed change to the Python language—the usualfare on the language's Ideasforumwas interesting, somewhat less for the actual feature underdiscussion than for the other issues raised. The change itself is a minor, conveniencefeature that would provide a reproducible iteration order for certainkinds of sets betweenseparate invocations of the interpreter. That is a pretty limited use case, and onethat could perhaps be fulfilled in other ways, but the discussion alsohighlighted some potentially worrying trends in the way that feature ideas are handled inthe Python community.


  • The BPF extensible scheduler class
    It was only a matter of time before somebody found a way to inject BPF intothe CPU scheduler. This patchseries, posted by Tejun Heo and containing work by David Vernet, JoshDon, and Barret Rhoden, does exactly that. The cover letter covers themotivation behind this work in detail:
    One of our main goals was to lower the barrier to entry for experimenting with the scheduler. sched_ext provides ergonomic callbacks and helpers to ease common operations such as managing idle CPUs, scheduling tasks on arbitrary CPUs, handling preemptions from other scheduling classes, and more. While sched_ext does require some ramp-up, the complexity is self-contained, and the learning curve gradual. Developers can ramp up by first implementing simple policies such as global FIFO in only tens of lines of code, and then continue to learn the APIs and building blocks available with sched_ext as they build more featureful and complex schedulers.
    There is a bit more documentation in thispatch.



LXer Linux News


  • Feel like a Linux wizard with the Thunar file manager
    Computers are fancy filing cabinets, full of virtual folders and files waiting to be referenced, cross-referenced, edited, updated, saved, copied, moved, renamed, and organized. In this article, I'll take a look at a file manager for your Linux system.


  • Tracing stateless video hardware decoding in V4L2
    Although there are many excellent tracing tools, the new v4l2-tracer utility traces V4L2 stateless decoding more comprehensively, adding the ability to replay (i.e. "retrace") the traced activity, portably, between different userspace environments.


  • Google says Android runs better when covered in Rust
    Banishing memory safety bugs cuts critical vulnerabilitiesGoogle has been integrating code written in the Rust programming language into its Android operating system since 2019 and its efforts have paid off in the form of fewer vulnerabilities.…



  • 8 ideas for measuring your open source software usage
    Those of us who support open source project communities are often asked about usage metrics — a lot. The good news is that there are approximations and alternative metrics that can satisfy your thirst for knowledge about the software's usage, at least partially. This article explores these alternatives including their benefits and shortcomings.




  • How to Install Apache Hadoop on Ubuntu 22.04
    Apache Hadoop is an open-source framework for processing and storing big data. In this tutorial, we will install the latest version of Apache Hadoop on an Ubuntu 22.04 server. Hadoop gets installed on a single node server and we create a Pseudo-Distributed Mode of Hadoop deployment.


  • ARMedONE Cluster board supports up to 28x Popular Computer Modules
    The ARMedOne is a carrier board in E-ATX form-factor that can handle popular SO-DIMM computer modules like the Raspberry Pi CM3/CM4, Jetson Nano/Xavier/TX2 NX, NXP iMX8, etc. The product is expected to be released around mid-December 2022 on Kickstarter. The ARMedOne is a PC/Server mainboard capable of housing up to 28 computer modules from Raspberry […]


Linux Insider"LinuxInsider"












Slashdot

  • Graduate Students Analyze, Crack, and Remove Under-Desk Surveillance Devices
    "Graduate students at Northeastern University were able to organize and beat back an attempt at introducing invasive surveillance devices that were quietly placed under desks at their school," reports Motherboard:Early in October, Senior Vice Provost David Luzzi installed motion sensors under all the desks at the school's Interdisciplinary Science & Engineering Complex (ISEC), a facility used by graduate students and home to the "Cybersecurity and Privacy Institute" which studies surveillance. These sensors were installed at night — without student knowledge or consent — and when pressed for an explanation, students were told this was part of a study on "desk usage," according to a blog post by Max von Hippel, a Privacy Institute PhD candidate who wrote about the situation for the Tech Workers Coalition's newsletter.... Students began to raise concerns about the sensors, and an email was sent out by Luzzi attempting to address issues raised by students.... Luzzi wrote, the university had deployed "a Spaceti occupancy monitoring system" that would use heat sensors at groin level to "aggregate data by subzones to generate when a desk is occupied or not." Luzzi added that the data would be anonymized, aggregated to look at "themes" and not individual time at assigned desks, not be used in evaluations, and not shared with any supervisors of the students. Following that email, an impromptu listening session was held in the ISEC. At this first listening session, Luzzi asked that grad student attendees "trust the university since you trust them to give you a degree...." After that, the students at the Privacy Institute, which specialize in studying surveillance and reversing its harm, started removing the sensors, hacking into them, and working on an open source guide so other students could do the same. Luzzi had claimed the devices were secure and the data encrypted, but Privacy Institute students learned they were relatively insecure and unencrypted.... After hacking the devices, students wrote an open letter to Luzzi and university president Joseph E. Aoun asking for the sensors to be removed because they were intimidating, part of a poorly conceived study, and deployed without IRB approval even though human subjects were at the center of the so-called study. von Hippel notes that many members of the computer science department were also in a union, and thus networked together for a quick mass response. Motherboard writes that the controversy ultimately culminated with another listening session in which Luzzi "struggles to quell concerns that the study is invasive, poorly planned, costly, and likely unethical.""Afterwards, von Hippel took to Twitter and shares what becomes a semi-viral thread documenting the entire timeline of events from the secret installation of the sensors to the listening session occurring that day. Hours later, the sensors are removed..."


    Read more of this story at Slashdot.


  • What is ChatGPT, the AI Chatbot That's Taking The Internet By Storm
    A reader submits a report: Artificial Intelligence (AI) research company OpenAI on Wednesday announced ChatGPT, a prototype dialogue-based AI chatbot capable of understanding natural language and responding in natural language. It has since taken the internet by storm, with people marvelling at how intelligent the AI-powered bot sounds. Some even called it a replacement for Google, since it's capable of giving solutions to complex problems directly," almost like a personal know-all teacher. "We've trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer follow-up questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests," OpenAI wrote on its announcement page for ChatGPT.ChatGPT is based on GPT-3.5, a language model that uses deep learning to produce human-like text. However, while the older GPT-3 model only took text prompts and tried to continue on that with its own generated text, ChatGPT is more engaging. It's much better at generating detailed text and can even come up with poems. Another unique characteristic is memory. The bot can remember earlier comments in a conversation and recount them to the user.ChatGPT wrote a poem about Slashdot. Try ChatGPT for yourself here.


    Read more of this story at Slashdot.


  • Trailers Released for 2023 First-Person Shooter 'Starship Troopers: Extermination'
    You can read the news in Military Times magazine. "Coming just after the 25th anniversary of the release of the cult classic Starship Troopers (November 1997), Offworld Industries and Sony Pictures Consumer Projects are bringing the fight against the Arachnids to a computer near you." An official announcement and gameplay teaser were released for the upcoming game this week. "Starship Troopers: Extermination is a co-op FPS that puts you on the far-off front lines of an all-out battle against the Bugs!" explains its page on Steam. "Squad up, grab your rifle, and do your part as an elite Deep Space Vanguard Trooper set to take back planets claimed by the Arachnid threat!" The page says an "Early Access" launch is planned for 2023:In Starship Troopers: Extermination, our vision is to show a galactic war between the Federation and the Arachnid Empire. After our initial launch and throughout the course of Early Access development, players will get to engage with exciting new updates that expand upon the in-game universe, and provide feedback through the Steam Community Hub that our developers can take into consideration.... [W]e will be sharing an exciting and robust roadmap with content already planned for 2023. Throughout Early Access we will provide players with more weapons, an updated class leveling system as well as progression achievements and unlockable skins for both weapons and armor. Additionally we will be adding vehicles special call in attacks including massive Orbital Strikes to help during missions. On the enemy side we will be adding more bugs, flying enemies, and boss battles that require complex player coordination to accomplish. As we progress in development, our goal is to then begin ongoing planetary battles where the player can explore new items and enemies introduced in previous updates as an epic war breaks out. This transition adds a new world as we head to the completion of Early Access. The intent throughout Early Access is to convey that this part of our development cycle is the beginning of the war and the battle will only increase in complexity and ferocity as we move to full release. Starship Troopers: Extermination is expected to be in Early Access for approximately 1 year. The full version of Starship Troopers: Extermination will span multiple worlds to liberate them from the Arachnid Threat. This will include additional weapons, enemies types, class progression upgrades, community events, and encounters. The player will have a more diverse roster of customization options allowing them to tailor their Troopers to fit their playstyle and experience." Starship Troopers: Extermination will launch with a massive map on Planet Valaka. Up to twelve players can team up to complete side and main missions before escaping to the extraction zone. We'll have more to share closer to the Early Access launch in 2023! We plan to work closely with the community on Steam's Community Hub and in the official Starship Troopers: Extermination Discord as we add features, tune gameplay, and develop new content. "Starship Troopers is in a league of its own when it comes to 90s science fiction films," writes Boing Boing's Devin Nealy. "Despite serving as an adaptation of the Robert A. Heinlein book, Starship Troopers forges a unique identity through its striking visuals and deft use of satire." Noting the two "pretty weak" straight-to-video sequels (and two more CGI-animated films), Nealy argues that "Until the franchise finds a creative team that can properly capture the essence of the first film, a video game might be the best option for the series."


    Read more of this story at Slashdot.


  • Physicists Use Google's Quantum Computer to Create Holographic Wormhole Between Black Holes
    "In an experiment that ticks most of the mystery boxes in modern physics, a group of researchers announced Wednesday that they had simulated a pair of black holes in a quantum computer," reports the New York Times [alternate URL here. But in addition, the researchers also sent a message between their two black holes, the Times reports, "through a shortcut in space-time called a wormhole. "Physicists described the achievement as another small step in the effort to understand the relation between gravity, which shapes the universe, and quantum mechanics, which governs the subatomic realm of particles.... Quanta magazine reports:The wormhole emerged like a hologram out of quantum bits of information, or "qubits," stored in tiny superconducting circuits. By manipulating the qubits, the physicists then sent information through the wormhole, they reported Wednesday in the journal Nature. The team, led by Maria Spiropulu of the California Institute of Technology, implemented the novel "wormhole teleportation protocol" using Google's quantum computer, a device called Sycamore housed at Google Quantum AI in Santa Barbara, California. With this first-of-its-kind "quantum gravity experiment on a chip," as Spiropulu described it, she and her team beat a competing group of physicists who aim to do wormhole teleportation with IBM and Quantinuum's quantum computers. When Spiropulu saw the key signature indicating that qubits were passing through the wormhole, she said, "I was shaken." The experiment can be seen as evidence for the holographic principle, a sweeping hypothesis about how the two pillars of fundamental physics, quantum mechanics and general relativity, fit together.... The holographic principle, ascendant since the 1990s, posits a mathematical equivalence or "duality" between the two frameworks. It says the bendy space-time continuum described by general relativity is really a quantum system of particles in disguise. Space-time and gravity emerge from quantum effects much as a 3D hologram projects out of a 2D pattern. Indeed, the new experiment confirms that quantum effects, of the type that we can control in a quantum computer, can give rise to a phenomenon that we expect to see in relativity — a wormhole.... To be clear, unlike an ordinary hologram, the wormhole isn't something we can see. While it can be considered "a filament of real space-time," according to co-author Daniel Jafferis of Harvard University, lead developer of the wormhole teleportation protocol, it's not part of the same reality that we and the Sycamore computer inhabit. The holographic principle says that the two realities — the one with the wormhole and the one with the qubits — are alternate versions of the same physics, but how to conceptualize this kind of duality remains mysterious. Opinions will differ about the fundamental implications of the result. Crucially, the holographic wormhole in the experiment consists of a different kind of space-time than the space-time of our own universe. It's debatable whether the experiment furthers the hypothesis that the space-time we inhabit is also holographic, patterned by quantum bits. "I think it is true that gravity in our universe is emergent from some quantum [bits] in the same way that this little baby one-dimensional wormhole is emergent" from the Sycamore chip, Jafferis said. "Of course we don't know that for sure. We're trying to understand it." Here's how principal investigator Spiropulu summarizes their experiment. "We found a quantum system that exhibits key properties of a gravitational wormhole yet is sufficiently small to implement on today's quantum hardware."


    Read more of this story at Slashdot.


  • 20 Videogame QA Testers in Albany Win Union Vote at Activision Blizzard
    "A group of about 20 quality assurance testers at Activision Blizzard's Albany location won their bid for a union Friday afternoon," reports the Washington Post:The workers join the Game Workers Alliance, a union at the gaming company that already includes testers from Wisconsin-based Raven Software. Amanda Laven, a Blizzard Albany quality assurance tester, said that the union vote comes just about a year after the testers first began collecting signatures for a union. "We knew we were gonna win, but it's still extremely exciting and gratifying, especially because tomorrow marks the first anniversary of when we started organizing," Laven said. The testers are the lowest paid workers at Blizzard Albany, formerly called Vicarious Visions, a studio known for its work on the Guitar Hero and Crash Bandicoot franchises. The Game Workers Alliance is the first union at a major video game company in the U.S., and Friday's news marks the union's second significant win in an industry that has historically not organized.... The Blizzard Albany testers took their cues from seeing testers at Call of Duty-maker Raven petition the company and gather signatures. On May 28, Raven testers won their bid to unionize. They're currently undergoing bargaining efforts for a contract.


    Read more of this story at Slashdot.


  • Becoming America's #2 Seller of Electric Vehicles, Ford Passes Kia in November
    CNBC reports:Ford Motor said Friday that it has achieved CEO Jim Farley's goal of becoming the second best-selling automaker of electric vehicles in the U.S. The Detroit automaker, citing third-party industry data, narrowly topped Hyundai/Kia to hit the goal.... Ford said its share of the electric vehicle segment was 7.4% through November, up from 5.7% a year earlier. Ford reported sales of 53,752 all-electric vehicles in the U.S. through November. Tesla, which does not break out domestic results, reported global deliveries of more than 908,000 EVs through the third quarter. Hyundai's sales do not include the Nexo hydrogen fuel cell vehicle. The company says with that vehicle, it slightly outsold Ford in battery- and fuel cell-powered vehicles of 54,043 units through November. The sales come after the South Korean automaker lost incentives that gave buyers of its EVs tax credits of up to $7,500 under the Biden administration's Inflation Reduction Act, which took effect in August. Vehicles such as Ford's EVs that are produced in North America still qualify for the credit. The article notes that General Motors — America's second-largest automaker — also "plans to significantly step up EV production in the coming years." Although so far, through the third quarter of this year, "it reported sales of less than 23,000 EVs."


    Read more of this story at Slashdot.


  • What Happened After Matt Taibbi Revealed Twitter's Deliberations on Hunter Biden Tweets?
    "Twitter CEO Elon Musk turned to journalist Matt Taibbi on Friday to reveal the decision-making behind the platform's suppression of a 2020 article from the New York Post regarding Hunter Biden's laptop," reports Newsweek. "Taibbi later deleted a tweet showing [former Twitter CEO] Jack Dorsey's email address," adds the Verge, covering reactions to Taibbi's thread — and the controversial events that the tweets described:At the time, it was not clear if the materials were genuine, and Twitter decided to ban links to or images of the Post's story, citing its policy on the distribution of hacked materials. The move was controversial even then, primarily among Republicans but also with speech advocates worried about Twitter's decision to block a news outlet. While Musk might be hoping we see documents showing Twitter's (largely former) staffers nefariously deciding to act in a way that helped now-President Joe Biden, the communications mostly show a team debating how to finalize and communicate a difficult moderation decision. Taibbi himself tweeted that "Although several sources recalled hearing about a 'general' warning from federal law enforcement that summer about possible foreign hacks, there's no evidence - that I've seen - of any government involvement in the laptop story." More from the Verge:Meanwhile, Taibbi's handling of the emails — which seem to have been handed to him at Musk's direction, though he only refers to "sources at Twitter" — appears to have exposed personal email addresses for two high-profile leaders: Dorsey and Representative Ro Khanna. An email address that belongs to someone Taibbi identifies as Dorsey is included in one message, in which Dorsey forwards an article Taibbi wrote criticizing Twitter's handling of the Post story. Meanwhile, Khanna confirmed to The Verge that his personal Gmail address is included in another email, in which Khanna reaches out to criticize Twitter's decision to restrict the Post's story as well. "As the congressman who represents Silicon Valley, I felt Twitter's actions were a violation of First Amendment principles so I raised those concerns," Khanna said in a statement to The Verge. "Our democracy can only thrive if we are open to a marketplace of ideas and engaging with people with whom we disagree." The story also revealed the names of multiple Twitter employees who were in communications about the moderation decision. While it's not out of line for journalists to report on the involvement of public-facing individuals or major decision makers, that doesn't describe all of the people named in the leaked communications.... "I don't get why naming names is necessary. Seems dangerous," Twitter co-founder Biz Stone wrote Friday in apparent reference to the leaks.... The Verge reached out to Taibbi for comment but didn't immediately hear back. Twitter, which had its communications team dismantled during layoffs last month, also did not respond to a request for comment. Wired adds:What did the world learn about Twitter's handling of the incident from the so-called Twitter Files? Not much. After all, Twitter reversed its decision two days later, and then-CEO Jack Dorsey said the moderation decision was "wrong." In other news, "Twitter will start showing view count for all tweets," Elon Musk announced Friday, "just as view count is shown for all videos." And he shared other insights into his plans for Twitter's future. "Freedom of speech doesn't mean freedom of reach. Negativity should & will get less reach than positivity."


    Read more of this story at Slashdot.


  • Computer Program For Particle Physics At Risk of Obsolescence
    "Maintenance of the software that's used for the hardest physics calculations rests almost entirely with a retiree," reports Quanta magazine, saying the situation "reveals the problematic incentive structure of academia."Particle physicists use some of the longest equations in all of science. To look for signs of new elementary particles in collisions at the Large Hadron Collider, for example, they draw thousands of pictures called Feynman diagrams that depict possible collision outcomes, each one encoding a complicated formula that can be millions of terms long. Summing formulas like these with pen and paper is impossible; even adding them with computers is a challenge. The algebra rules we learn in school are fast enough for homework, but for particle physics they are woefully inefficient. Programs called computer algebra systems strive to handle these tasks. And if you want to solve the biggest equations in the world, for 33 years one program has stood out: FORM. Developed by the Dutch particle physicist Jos Vermaseren, FORM is a key part of the infrastructure of particle physics, necessary for the hardest calculations. However, as with surprisingly many essential pieces of digital infrastructure, FORM's maintenance rests largely on one person: Vermaseren himself. And at 73, Vermaseren has begun to step back from FORM development. Due to the incentive structure of academia, which prizes published papers, not software tools, no successor has emerged. If the situation does not change, particle physics may be forced to slow down dramatically... Without ongoing development, FORM will get less and less usable — only able to interact with older computer code, and not aligned with how today's students learn to program. Experienced users will stick with it, but younger researchers will adopt alternative computer algebra programs like Mathematica that are more user-friendly but orders of magnitude slower. In practice, many of these physicists will decide that certain problems are off-limits — too difficult to handle. So particle physics will stall, with only a few people able to work on the hardest calculations. In April, Vermaseren is holding a summit of FORM users to plan for the future. They will discuss how to keep FORM alive: how to maintain and extend it, and how to show a new generation of students just how much it can do. With luck, hard work and funding, they may preserve one of the most powerful tools in physics. Thanks to long-time Slashdot reader g01d4 for submitting the story.


    Read more of this story at Slashdot.


  • America's TSA Begins Quietly Testing Facial Recognition Tech at 16 Airports
    America's Transportation Security Administration "has been quietly testing controversial facial recognition technology for passenger screening at 16 major domestic airports — from Washington to Los Angeles," reports the Washington Post. Their article adds that the agency "hopes to expand it across the United States as soon as next year."Kiosks with cameras are doing a job that used to be completed by humans: checking the photos on travelers' IDs to make sure they're not impostors.... You step up to the travel document checker kiosk and stick your ID into a machine. Then you look into a camera for up to five seconds and the machine compares your live photo to the one it sees on your ID. They call this a "one to one" verification system, comparing one face to one ID. Even though the software is judging if you're an impostor, there's still a human agent there to make the final call (at least for now). So how accurate is it? The TSA says it's been better at verifying IDs than the manual process. "This technology is definitely a security enhancement," said [TSA program manager Jason] Lim. "We are so far very satisfied with the performance of the machine's ability to conduct facial recognition accurately...." But the TSA hasn't actually released hard data about how often its system falsely identifies people, through incorrect positive or negative matches. Some of that might come to light next year when the TSA has to make its case to the Department of Homeland Security to convert airports all over the United States into facial recognition systems.... The TSA says it doesn't use facial recognition for law-enforcement purposes. It also says it minimizes holding on to our face data, so it isn't using the scans to build out a new national database of face IDs. "The scanning and match is made and immediately overwritten at the Travel Document Checker podium. We keep neither the live photo nor the photo of the ID," said Lim. But the TSA did acknowledge there are cases in which it holds on to the data for up to 24 months so its science and technology office can evaluate the system's effectiveness.... "None of this facial recognition technology is mandated," said Lim. "Those who do not feel comfortable will still have to present their ID — but they can tell the officer that they do not want their photo taken, and the officer will turn off the live camera." There are also supposed to be signs around informing you of your rights. Here's the TSA's web page about the program. Thanks to long-time Slashdot reader SonicSpike for sharing the article.


    Read more of this story at Slashdot.


  • FTX Subsidiary Plans Restarting Withdrawals in Japan, as US Requests Review of Fraud Allegations
    "FTX Japan is looking to restart withdrawals," reports CoinDesk, "after a plan to return deposits was approved by its parent, the failed FTX exchange." "If the plan works out, the collapsed crypto exchange's users in Japan might be some of the first customers to get their money back...."In a notice posted on its website, FTX Japan said it was able to confirm with the company's bankruptcy lawyers in the U.S. that Japanese customers' funds "should not be part of FTX Japan's estate given how these assets are held and property interests under Japanese law." FTX Japan had been working on the plan to restart withdrawals for the last two weeks, and says it was approved by the FTX Trading management team.... "As part of the plan, we are incorporating controls, security audit, reconciliations and reviews to put in place a robust and secure process," the notice said. Meanwhile, America's Department of Justice "has requested that an independent examiner be appointed to review 'substantial and serious allegations of fraud, dishonesty' and 'incompetence'," reports CNBC: FTX's bankruptcy case demands an independent review, the Department of Justice said, because of allegations of fraud and dishonesty which could damage the entire crypto industry. Andrew Vara, the U.S. bankruptcy trustee for FTX's case, said Sam Bankman-Fried and his team mismanaged the company or potentially engaged in fraudulent conduct. The DOJ is seeking an independent examiner to investigate what happened... Former federal prosecutor Renato Mariotti told CNBC that the move "shows a level of interest and attention that they're paying to this that should be troubling to Mr. Bankman-Fried."


    Read more of this story at Slashdot.


The Register



  • After lunar orbit trip NASA's Orion capsule is on its way back home
    Heat shield will be put to the test for the first time, what could go wrong?
    NASA's Orion capsule, designed to send the next crew of astronauts to the Moon, is heading back to Earth after spending some time in a distant retrograde orbit above the satellite's surface.…




  • Medibank prognosis gets worse after more stolen data leaked
    Plus Australia launches an investigation into insurer's data privacy practices
    Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web. …


  • Google says Android runs better when covered in Rust
    Banishing memory safety bugs cuts critical vulnerabilities
    Google has been integrating code written in the Rust programming language into its Android operating system since 2019 and its efforts have paid off in the form of fewer vulnerabilities.…




  • Twitter tries to lure brands back with spend-matching scheme
    Spend $500k and we'll double your money, but please ignore the trolls
    Twitter is reportedly trying to plug its drop in advertising revenues by concocting a series of inducements to convince some brands that have paused spending on the platform to reopen their wallets.…



Linux.com




  • Linux Foundation Newsletter: November 2022
    This month, we've got great news to share across the Linux Foundation. Here’s a roundup of must-read updates, including the release of Sylva, LF Europe’s first project, a new report from LF Research, community updates, Cyber Monday deals from LF Training 8 Certification, and so much more. We've also got a preview of what’s coming up in December!
    Contents

    Training 8 Certification: Cyber Monday deals are here!

    Telco cloud project Sylva launches under LF Europe at ONE Summit
    Expanding industry evolution at ONE Summit
    LF Member Summit: Coming together as a community
    New LF Research report serves as a guide to releasing internal code
    LFX: Understanding project health
    Diversity, equity, and inclusion
    Mentorship
    LF Project news and updates
    Upcoming events
    Follow us

    The post Linux Foundation Newsletter: November 2022 appeared first on Linux.com.








Phoronix





  • AMD Radeon With Linux 6.1 + Mesa 23.0-dev vs. NVIDIA R525 Gaming Performance
    With the Linux 6.1 kernel due to be released in the next week, Mesa 23.0-devel continuing to see a lot of improvements land for RADV and RadeonSI, and the NVIDIA R525 Linux driver series being available, here is a fresh look at the AMD Radeon vs. NVIDIA GeForce Linux gaming performance with various graphics cards and an assortment of Linux games -- both native and via Valve9s Steam Play.


  • Fedora 38 Might Ship With A Sway ISO Spin
    While the Sway Wayland compositor has long been available via the Fedora package repositories, Sway fans within the Fedora space are hoping that Fedora 38 will ship with a Fedora Sway spin being available for an easy and out-of-the-box experience for running this i3-inspired Wayland compositor...







Engadget"Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics"

  • ‘The Callisto Protocol’ patch attempts to address PC performance issues
    One day after releasing The Callisto Protocol to promised the hotfix would “improve performance,” adding that “a number of additional updates” were on the way.
    We’re aware that some users are experiencing stuttering issues on the PC. We’ve got a patch that will be available in a few hours to improve performance, with a number of additional updates on the way.
    — The Callisto Protocol (@CallistoTheGame) December 2, 2022
    Since its release, PC players have taken to YouTube, Reddit and other online forums to complain about The Callisto Protocol’s performance issues. On Steam, the game currently holds a “Mixed” score after nearly 10,000 player reviews, with the majority of negative posts complaining about the game’s technical shortcomings.

    Digital Foundry details the problems in its recent video on the game. According to the outlet, The Callisto Protocol doesn’t precompile its shaders. That’s a big no-no for an Unreal Engine 4 game on PC. Nearly every time The Callisto Protocol introduces new assets or shows something for the first time, players can expect massive stuttering, with the effect worse on PCs with older and less powerful CPUs.

    How much the first patch fixes the shader compilation issue is hard to say. Some Twitter users report a “huge” difference, but note the problem isn’t completely fixed. Watching the few YouTube videos that document how the update affects performance, you can still see still plenty of micro stutters. If you want to play The Callisto Protocol on PC, I would say your best bet is to wait before buying the game.


  • Stunning ‘The Last of Us' trailer puts Joel and Ellie's relationship in the spotlight
    If the wait to watch HBO's adaptation of The Last of Us wasn't long enough already, the network has shared a new trailer for the upcoming series ahead of its January 15th release date. Clocking in at almost two-and-a-half minutes long, the clip offers our best look yet at the Craig Mazin (Chernobyl) production. And for those who may have worried that the series would hew too closely to Naughty Dog's source material, it shows the adaptation's creators weren't afraid to bring something new to the franchise. 

    That's on display early on when there's a short scene of Ellie pretending to be a clicker. The exchange that follows is one of the few light-hearted moments in the trailer. Later in the clip, eagle-eyed fans will spot Ashley Johnson, the actor who voiced Ellie in the video games.  

    If you're unfamiliar with The Last of Us, the trailer serves as a decent overview of the first game's story. At the center of the narrative are Joel and Ellie, played by Pedro Pascal and Bella Ramsey in the upcoming HBO series. Joel must escort Ellie across a post-apocalyptic version of the US in the hopes that she may be the key to protecting what's left of the world's population from a fungal infection that turns its victims into aggressive, zombie-like creatures known as the Infected.    

    From all the marketing material HBO has shared to promote The Last of Us, it's clear the network has high hopes for the series. Footage from the show capped off a sizzle reel HBO uploaded earlier this year to hype its 2023 slate. 


  • Netflix's latest 'The Witcher: Blood Origin' trailer teases the appearance of a certain bard
    With its latest Witcher franchise spinoff scheduled to arrive on December 25th, Netflix has shared a new trailer for The Witcher: Blood Origin. The approximately two-minute-long clip expands on the teaser the company uploaded last month. After most of Netflix's past promotional material for Blood Origin focused on Michelle Yeoh's character Scian, the latest trailer gives her co-stars, including Sophia Brown and Laurence O’Fuarain, a chance to shine. It probably won't surprise you to find out they're all badasses in their own way.

    Set some 1,200 years before the story of Geralt and Ciri, Blood Origin promises to give fans more insight into the creation of the first witcher. You'll want to watch the clip through to the end to catch a glimpse of Jaskier (Joey Batey). It looks like everyone's favorite bard will work alongside Minnie Driver to immortalize the exploits of Scian's band of elves. When Driver announced she was joining The Witcher franchise back in September, she said her character would play a pivotal role "in connecting Blood Origin's past with The Witcher's future."

    Blood Origin comes during a period of uncertainty for Netflix'sThe Witcher. The company recently announced that Henry Cavill would not return to play Geralt of Rivia after the show's third season. Liam Hemsworth will carry the series moving forward.


  • Twitter reinstates account of Daily Stormer’s infamous neo-Nazi creator
    Twitter has restored the account of Andrew Anglin, one of America’s most notorious neo-Nazis. The creator of the white supremacist website The Daily Stormer had been banned from the social media platform for nearly a decade. His return would appear to be part of Elon Musk’s offer of “general amnesty to users who had “not broken the law or engaged in egregious spam.” Anglin, it should be noted, is currently in hiding while attempting to avoid a 2019 court order to pay $14 million for leading a harassment campaign against Jewish residents in Montana.
    Neo-Nazi Andrew Anglin, who was booted off Twitter in 2013, has had his account restored. pic.twitter.com/sEv5UDVUw2
    — Right Wing Watch (@RightWingWatch) December 2, 2022
    Shortly after regaining control of his account, Anglin tweeted a defense of Ye, the rapper formerly known as Kanye West. “Saying you love Hitler is not even a big deal,” Anglin said, referencing Ye’s recent InfoWars interview. “No one cares about that. The man died 80 years ago.” Ye’s now-infamous interview with Alex Jones saw the rapper declare his “love” for Adolf Hitler and deny that the Holocaust had ever happened. Anglin later tweeted an endorsement of Ye’s 2024 presidential campaign.

    The reinstatement comes in the same week Twitter suspended Ye for tweeting a photo of the Star of David merged with a swastika. Anglin is only one of a few prominent white nationalists to return to Twitter following Elon Musk’s takeover of the company. One estimate by software engineer Travis Brown suggests Twitter has restored as many as 12,000 accounts since October 27th, including those belonging to Richard Spencer and Patrick Casey.
    White nationalist Patrick Casey, who has repeatedly ban evaded on Twitter, (https://t.co/qjFcmNTyOa), claimed that he has been reinstated on the platform. Casey thanked Twitter owner Elon Musk for the supposed development. pic.twitter.com/bf5ROtwELa
    — Alex Kaplan (@AlKapDC) November 30, 2022
    The return of even just one avowed neo-Nazi is likely to reinforce fears from civil rights groups, advertisers and governments over Elon Musk's handling of the platform. On November 26th, the billionaire claimed hate speech impressions had recently decreased compared to October last year. However, findings from the Center for Countering Digital Hate, the Anti-Defamation League and other groups that study online platforms suggest that there’s been a dramatic increase in the prevalence of hate speech on Twitter since Musk’s takeover.


  • Judge dismisses indictment against Huawei exec Meng Wanzhou
    More than four years after her arrest, the drawn-out legal saga of Huawei Chief Financial Officer Meng Wanzhou came to a formal end this week. On Friday, US District Judge Ann Donnelly dismissed an indictment against Meng, according to arrested Meng in 2018 for allegedly violating American sanctions against Iran. Meng, who is also the daughter of Huawei founder and CEO Ren Zhengfei, spent the next three years fighting attempts to extradite her to the US, where she faced up to 30 years in prison for bank and wire fraud charges. Donnelly dismissed the indictment “with prejudice,” meaning the Justice Department can’t bring the same charges against Meng again.

    Before entering into an agreement with US prosecutors last year, Meng spent three years under house arrest. The detainment strained relationships between the United States and China and led to an international incident. China apprehended two Canadians, Michael Spavor and Michael Kovrig, within days of Meng’s arrest. They were later released after Meng entered into a deferred prosecution agreement with the Justice Department. As part of the agreement, she acknowledged having made false statements about Huawei’s business in Iran. Meng flew home to China the day Donnelly approved the pact.

    Huawei and its subsidiaries are still facing charges in the US. Most notably, the Justice Department recently announced charges against two Chinese spies who had allegedly tried to interfere in a criminal investigation into the company. Earlier this week, the FCC also banned telecom and video surveillance equipment from Huawei, among a handful of other Chinese companies. Meng currently serves as the company's rotating chairperson and deputy chairwoman, as well as CFO. 


  • Pentagon unveils B-21 Raider aircraft with advanced stealth technology
    The US military has unveiled the B-21 Raider, its first new stealth bomber in 30 years. Northrop Grumman, which developed the aircraft, first showed us a silhouette of the plane covered by a shroud way back in 2015. Now, the Pentagon has officially presented the B-21 at an event at Northrop Grumman's plant in Palmdale, California, but most of its details still remain a secret. Prior to the event, though, the company called it the "world’s first sixth-generation aircraft," which means it's a lot more technologically advanced than the military jets in service today.

    According to announcement. A Northrop Grumman official also said that the B-21 can fly in full stealth mode every day, according to #DefiningPossible#RiseoftheRaiderpic.twitter.com/rZIINucOug
    — Northrop Grumman (@northropgrumman) December 3, 2022



  • Meta faces lawsuit for harvesting financial data from tax prep websites
    A group of anonymous plaintiffs who filed their taxes online in 2020 using H&R Block has sued Meta, accusing the company of violating users' trust and privacy. If you'll recall, a recent Markup investigation revealed that H&R Block, along with other popular tax-filing websites like TaxAct and TaxSlayer, have been sending users' sensitive financial information to Meta through its Pixel tracking tool. 

    Pixel is a piece of code companies can embed on their websites so they can track visitors' activities and identify Facebook and Instagram users to target with ads. Apparently, the aforementioned tax prep websites had been transmitting personal information, such as income data, filing statuses, refund amounts and dependents' tuition grants, to Meta through that code. The tax-filing services had already changed their Pixel settings to stop sending information or had been reevaluating how they used Pixel by the time Markup's report came out. 

    In a statement sent to Engadget when the news first came out, Meta said that advertisers are prohibited from sharing personal information and that it uses an automated system that can filter out sensitive content sent through Pixel. The plaintiffs acknowledged in their complaint (PDF, courtesy of The Markup) that Meta does require businesses that use Pixel to "have lawful rights to collect, use and share" user data before providing the company with any information. However, the plaintiffs argue that Meta makes no effort to enforce that rule and instead relies on a "broken honor-system" that has resulted in "repeated, documented violations."

    According to The Markup, the lawsuit is seeking class action status for people who used the tax prep services mentioned in the publication's report. The services themselves, however, were not named as defendants in the case. 


  • Security flaw in Florida tax website exposed filers' sensitive data
    Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida's Department of Revenue website had a flaw that exposed hundreds of filers' bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer's application number — you just needed to change the digits in the link.

    There were over 713,000 applications in the Department's pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.

    Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was "no sign" attackers abused the flaw, but didn't say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.

    Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.


  • John Wick's creator is writing a movie based on 'Sifu'
    John Wick creator Derek Kolstad is working on yet another videogame adaptation. Fresh off the news that he's writing and producing a Streets of Rage film, it emerged that Kolstad is taking on the same duties for a live-action movie based on Sifu.

    Kolstad and his partners at media company Story Kitchen have teamed up with Sifu developer and publisher Sloclap, as Deadline reports. The beat-'em-up proved a hit when it was released in February, as it sold a million copies in three weeks — despite Elden Ring and Horizon Forbidden West arriving at around the same time. What makes Sifu stand out from the pact is that every time the protagonist dies in their quest for vengeance, they get older but their enemies stay the same age.

    That hook alone gives a screenwriter a lot of intriguing possibilities. The one vs. many aspect of Sifu seems right up Kolstad's alley as well, given his experience with the John Wick franchise and Nobody. As if all that wasn't enough, Kolstad is also behind Netflix's Splinter Cell, an upcoming animated series based on Ubisoft's games.


OSnews

  • Snap updates happen without user consent
    Traditionally, updates on Linux systems are controlled by the user. You get an icon in the system tray that looks important; you click on it; it asks you if you want to install updates; you say “yes” or “no”; updates are applied, or not; when you next restart any applications that you have running that were updated, the new version is picked up. Data isn’t lost, because updates don’t restart the application. You can (and do) update the Linux kernel in this way, and your computer just stays up (usually running on the old version of the kernel until you next restart.) Mechanisms have been added over time to allow auto updates to take place for critical security patches (“unattended upgrades”) but these have typically to be opt in. And again, they don’t restart running applications. Snap breaks this contract. The update channel for Snap is independent from the KDE updater (on Kubuntu), and seemingly the Gnome updater (on Ubuntu). If you consent to applying updates from the general system tray “updates needed” notification, Snap updates are not included; they’re not even listed in the pending notifications from the system tray. Snap updates only happen when the Snap updater is running, either if the application is not running or after the period of time required to force updates has expired. Snap updates happen without consent. I would really, really suggest moving away from Ubuntu, and opting for the countless better alternatives instead, like Fedora (the best desktop, in my view), Linux Mint (a great desktop, but a bit more conservative than Fedora), any of the Arch derivatives (for bleeding edge and tons of fooling around with AUR), or Void (for those of us with taste). Or any, any of the others. Ubuntu just does not seem to have its users best interests at heart, and Snap is the best example of that.


  • Why we can’t trust Apple
    This is a problem for all of us. Most people who can afford one have bought their iPhone or iPad already. The programmers already have their MacBooks. And while everyone will need to buy replacements at some point, that’s a steady-state or at best low-growth business. When Apple says more, it means the Wall Street kind of “more”: a hockey stick of growth. Which means, Apple needs to find growth outside its usual business. And these days, that means: advertising. And online advertising requires: surveillance. And a surveillance-enabled ad business leads, inevitably, to deceiving customers. Its already happening, and like the boiling frog (which is not actually how it works  the frog will definitely jump out if its being slowly boiled; the tiny detail not part of most retellings is that the researcher had removed the frogs brains), Apple users are slowly being prepped for slaughter.


  • Memory safe languages in Android 13
    In Android 13, about 21% of all new native code (C/C++/Rust) is in Rust. There are approximately 1.5 million total lines of Rust code in AOSP across new functionality and components such as Keystore2, the new Ultra-wideband (UWB) stack, DNS-over-HTTP3, Android’s Virtualization framework (AVF), and various other components and their open source dependencies. These are low-level components that require a systems language which otherwise would have been implemented in C++. To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code. We don’t expect that number to stay zero forever, but given the volume of new Rust code across two Android releases, and the security-sensitive components where it’s being used, it’s a significant result. It demonstrates that Rust is fulfilling its intended purpose of preventing Android’s most common source of vulnerabilities. Historical vulnerability density is greater than 1/kLOC (1 vulnerability per thousand lines of code) in many of Android’s C/C++ components (e.g. media, Bluetooth, NFC, etc). Based on this historical vulnerability density, it’s likely that using Rust has already prevented hundreds of vulnerabilities from reaching production. These numbers dont lie.


  • Secure Boot: this is not the protection we are looking for
    So there you have it: recommending idly Secure Boot for all systems requiring intermediate security level accomplishes nothing, except maybe giving more work to system administrators that are recompiling their kernel, while offering exactly no measurable security against many threats if UEFI Administrative password and MOK Manager passwords are not set. This is especially true for laptop systems where physical access cannot be prevented for obvious reasons. For servers in colocation, the risk of physical access is not null. And finally for many servers, the risk of a rogue employee somewhere in the supply chain, or the maintenance chain cannot be easily ruled out. The author makes a compelling case, but my knowledge on this topic is too limited to confidently present this article as a good one. Ill leave it to those among us with more experience on this subject to shoot holes in the article, or to affirm it.


  • Do not use services that hate the internet
    As you look around for a new social media platform, I implore you, only use one that is a part of the World Wide Web. If posts in a social media app do not have URLs that can be linked to and viewed in an unauthenticated browser, or if there is no way to make a new post from a browser, then that program is not a part of the World Wide Web in any meaningful way. Consign that app to oblivion. Yep.


  • Used thin client PCs are an unsexy, readily available Raspberry Pi alternative
    Raspberry Pi boards are hard to get, probably also next year,! says Andreas Spiess, single-board enthusiast and YouTuber, in his distinctive Swiss accent. Hes not wrong. Spiess says he and his fellow Pi devotees need a strategy to survive! without new boards, so he suggests looking in one of the least captivating, most overlooked areas of computing: used, corporate-minded thin client PCs. Spiess Pi replacements, suggested and refined by many of his YouTube commenters and Patreon subscribers, are Fujitsu Futros, Lenovo ThinkCentres, and other small systems (some or all of which could be semantically considered thick clients! or simply mini PCs,! depending on your tastes and retro-grouch sensibilities). Theyre the kind of systems you can easily find used on eBay, refurbished on Amazon Renewed, or through other enterprise and IT asset disposition sources. Theyre typically in good shape, given their use and environment. And compared to single-board enthusiast systems, many more are being made and replaced each year. A project I want to undertake is set up an UltraSPARC machine, and then tie several Sun Rays to them. I also want to mess around with using Linux as the host for several thin clients  theyre so cheap, and it seems like theyre really fun to mess around with.


  • Tales of the M1 GPU
    There is still a long road ahead! The UAPI that we are using right now is still a prototype, and there are a lot of new features that need to be added or redesigned in order to support a full Vulkan driver in the future. Since Linux mandates that the UAPI needs to remain stable and backwards compatible across versions (unlike macOS), that means that the kernel driver will not be heading upstream for many months, until we have a more complete understanding of the GPU rendering parameters and have implemented all the new design features needed by Vulkan. The current UAPI also has performance limitations… it can’t even run GPU rendering concurrently with CPU processing yet! And of course there is still a lot of work to do on the userspace side, improving conformance and performance and adding support for more GL extensions and features! Some features like tesselation and geometry shaders are very tricky to implement (since they need to be partially or fully emulated), so don’t expect full OpenGL 3.2+ for quite a long time. This article is a detailed look at the work done by Asahi Lina to create a Linux GPU driver for Apples M1, after Alyssa Rosenzweig reverse engineered the M1 GPU on macOS. This is a tour de force of excellence, and every current and future M1/M2 Linux user should be thankful for the amazing work these people are doing.


  • Ubuntu Touch OTA-24 released for Ubuntu Phone users
    Highlights of this release include initial gesture support with double-tap to wake for selected devices, improvements to fingerprint unlock by allowing more backoff time between read retries, as well as support for media buttons on headsets for most Ubuntu Phone devices. In addition, the Ubuntu Touch OTA-24 update adds support for handling the sms:// URL scheme for properly opening the Messaging app, adds Full HD 1080p support to the Aethercast implementation, improves SMS and MMS support, and adds various performance tweaks to the Mir-Android-Platform. Im kind of surprised the current releases are still based on Ubuntu 16.04  thats quite an old release. They are working on upgrading the base to 20.04, and the switchover should happen relatively soon.


  • The Internet Archive just put 565 Palm Pilot apps in your web browser
    Yes, I am playing Dope Wars on a Palm Pilot inside my iPhone. It’s thanks to The Internet Archive, which is once again launching a giant collection of software you can instantly play on any web browser, up to and including your touchscreen-equipped phone. There are currently 565 classic Palm apps in all, including games, widgets, and even free trials from both the greyscale and color eras. This is probably the easiest way to experience Palm OS applications now. I will still opt for any of my dozen or so real devices, but having so many applications safe and sound on the Archive is amazingly awesome.


  • Meet your new two-factor authenticator: your Commodore 64
    Multi-factor authentication is ripe for disruption. SMS 2FA is inherently defective. Phone authenticators get stolen. Security tokens get lost. But just try misplacing a Commodore SX-64. And any thief who tries to grab it and run gets a free hernia truss from the prison infirmary. I want to see someone carry an SX-64 into a coffee shop to authenticate something. Please.



Linux Journal News

  • What’s New in Debian 11 “Bullseye”?
    Image
    Debian is a preferred choice of millions of Linux users for some of the most popular and powerful operating systems, like Ubuntu and its derivatives are based on Debian.
    Debian 11has finally been released, finally, after a long development work of two years. Bullseye – that’s the name given to this latest Debian Linux distro. So what are the updates and upgrades? In this article, let’s check out what’s new in Debian 11.
    Debian 11’s ArchitectureDebian supports a good range of hardware architectures. 
    Supported Architectures
    ARM EABI (armel) ARMv7 (EABI hard-float ABI and armhf) 64-bit ARM (arm64) 32-bit PC (i386) 64-bit PC (amd64) Little-endian MIPS (mipsel) 64-bit little-endian PowerPC 64-bit little-endian MIPS IBM System z (s390x)Not Supported Hardware
    Old MIPS 32-bit CPUsLinux Kernel InformationDebian 11 supports the Linux Kernel 5.10 LTS. Debian 10 Buster, the earlier version to Debian 11, used Linux Kernel 4.19 while released. A newer kernel means a new set of bug fixes, new hardware support, and improved performance.
    This is the perfect kernel for Debian bullseye considering the Debian lifecycle.   
    Supports exFATexFAT is the shortened form of the Extensible File Allocation Table. It’s a filesystem used for flash memory, such as SD cards and USB flash drives.
    Now Debian 11 provides support for the exFAT. For mounting the exFAT filesystem, you don’t need the filesystem-in-userspace implementation provided by the exfat-fuse package additionally anymore. Thanks to kernel 5.10! exFAT comes in handy with it. Tools for checking and creating an exFAT are given in the exfatprogs package.
    Bauhaus Movement Inspired Theme & WallpaperDebian features cool wallpapers and a default theme for each of the major releases. Debian 11’s theme is inspired by the Bauhaus movement. Bauhaus means “building house” and it was an art and design movement from 20th century Germany. The Bauhaus movement revolved around abstract, geometric style featuring little emotion or sentiments. 
    Its modern aesthetic still is immensely influential for designers, architects, and artists. You can see this theme all through Debian 11 whether it’s the installer, login window, or the Grub menu.
    Newer Desktop Environment VersionsDebian 11 offers newer desktop environment versions. Desktop flavors you get here are, KDE Plasma 5.20, GNOME 3.38, LXDE 11, LXQt 0.16, Xfce 4.16, and MATE 1.24. Debian prefers stability and it’s quite clear from the desktop environments. You might not get the latest cutting-edge distributions like Fedora or Arch/Manjaro.
    Updated PackagesDebian 11 consists of more than 11,294 new packages out of 59,551 packages. It also reduced over 9,519 “obsolete” packages and removed 42,821 that were updated. A total of 5,434 packages remained as they were.
    A good number of software applications and package updates are included in Debian bullseye, such as Apache 2.4.48, Calligra 3.2, Emacs 27.1, LibreOffice 7.0, Inkscape 1.0.2, Linux kernel 5.10 series, Perl 5.32, PHP 7.4, Vim 8.2, PostgreSQL 13, and the list goes on. All these ready-to-use software packages are built with over 30,000 source packages.
    With this huge selection of packages and wide architecture support, Debian has always stayed committed to its aim of being The Universal Operating System.
    Improved Printer and Scanner FeaturesDebian 11 presents a new ipp-usb package. It is built with a vendor-neutral IPP-over-USB protocol that is supported by many latest printers. So, many modern-day printers will be supported now by Debian. And you won’t need the drivers for that.
    SANE driverless backend lets you use scanners without any trouble.
    EndnotesWant to try Debian Bullseye? Get it from here. You can also check “bullseye” with Live Images without installing it on your PC. This will load and run the entire OS in read-only mode. These live images are available for the i386 and amd64 architectures in the form of USB sticks, DVDs, and netboot setups. Debian Live has a standard image. So you can try a basic Debian without any GUIs.
    And that’s the ending of this article. Hope you find our Debian 11 guide helpful.
    #Linux Debian News


  • Nvidia Linux drivers causing random hard crashes and now a major security risk still not fixed after 5+ months
    Image The recent fiasco with Nvidia trying to block Hardware Unboxed from future GPU review samples for the content of their review is one example of how they choose to play this game. This hatred is not only shared by reviewers, but also developers and especially Linux users.
    The infamous Torvalds videos still traverse the web today as Nvidia conjures up another evil plan to suck up more of your money and market share. This is not just one off shoot case; oh how much I wish it was. I just want my computer to work.
    If anyone has used Sway-WM with an Nvidia GPU I’m sure they would remember the –my-next-gpu-wont-be-nvidia option.
    These are a few examples of many.
    The Nvidia Linux drivers have never been good but whatever has been happening at Nvidia for the past decade has to stop today. The topic in question today is this bug: [https://forums.developer.nvidia.com/t/bug-report-455-23-04-kernel-panic-due-to-null-pointer-dereference]
    This bug causes hard irrecoverable crashes from driver 440+. This issue is still happening 5+ months later with no end in sight. At first users could work around this by using an older DKMS driver along with a LTS kernel. However today this is no longer possible. Many distributions of Linux are now dropping the old kernels. DKMS cannot build. The users are now FORCED with this “choice”:
    {Use an older driver and risk security implications} or {“use” the new drivers that cause random irrecoverable crashes.}
    This issue is only going to get more and more prevalent as the kernel is a core dependency by definition. This is just another example of the implications of an unsafe older kernel causing issue for users: https://archlinux.org/news/moving-to-zstandard-images-by-default-on-mkinitcpio/
    If you use Linux or care about the implications of a GPU monopoly, consider AMD. Nvidia is already rearing its ugly head and AMD is actually putting up a fight this year.
    #Linux NVIDIA News


  • MuseScore Created New Font in Memory of Original SCORE Program Creator
    Image
    MuseScore represents a free notation software for operating systems such as Windows, macOS and Linux. It is designed and suitable for music teachers, students & both amateur and professional composers. MuseScore is released as FOSS under the GNU GPL license and it’s accompanied by freemium MuseScore.com sheet music catalogue with mobile score viewer, playback app and an online score sharing platform. In 2018, the MuseScore company was acquired by Ultimate Guitar, which included full-time paid developers in the open source team. Since 2019 the MuseScore design team has been led by Martin Keary, known as blogger Tantacrul, who has consistently criticized composer software in connection with design and usability. From that moment on, a qualitative change was set in motion in MuseScore.

    Historically, the engraving quality in MuseScore has not been entirely satisfactory. After the review by Martin Keary, MuseScore product owner (previously known as MuseScore head of design) and Simon Smith, an engraving expert, who has produced multiple detailed reports on the engraving quality of MuseScore 3.5, it has become apparent that some key engraving issues should be resolved immediately.That would have a significant impact on the overall quality of our scores. Therefore, these changes will considerably improve the quality of scores published in the sheet music catalog, MuseScore.com.

    The MuseScore 3.6 was called 'engraving release,' which addressed many of the biggest issues affecting sheet music's layout and appearance and resulted from a massive collaboration between the community and internal team.

     

    Two of the most notable additions in this release are Leland, our new notation font and Edwin, our new typeface.

    Leland is a highly sophisticated notation style created by Martin Keary & Simon Smith. Leland aims to provide a classic notation style that feels 'just right' with a balanced, consistent weight and a finessed appearance that avoids overly stylized quirks.

    The new typeface, Edwin, is based on the New Century Schoolbook, which has long been the typeface of choice by some of the world's leading publishers, explicitly chosen as a complementary companion to Leland. We have also provided new default style settings (margins, line thickness, etc.) to compliment Leland and Edwin, which match conventions used by the world's leading publishing houses.

    “Then there's our new typeface, Edwin, which is an open license version of new Century Schoolbook - long a favourite of professional publishers, like Boosey and Hawkes. But since there is no music written yet, you'll be forgiven for missing the largest change of all: our new notation font: Leland, which is named after Leland Smith, the creator of a now abandoned application called SCORE, which was known for the amazing quality of its engraving. We have spent a lot of time finessing this font to be a world beater.”

    — Martin Keary, product owner of MuseScore

    Equally as important as the new notation style is the new vertical layout system. This is switched on by default for new scores and can be activated on older scores too. It is a tremendous improvement to how staves are vertically arranged and will save the composer’s work hours by significantly reducing his reliance on vertical spacers and manual adjustment.

    MuseScore 3.6 developers also created a system for automatically organizing the instruments on your score to conform with a range of common conventions (orchestral, marching band, etc.). Besides, newly created scores will also be accurately bracketed by default. A user can even specify soloists, which will be arranged and bracketed according to your chosen convention. These three new systems result from a collaboration between Simon Smith and the MuseScore community member, Niek van den Berg.

    MuseScore team has also greatly improved how the software displays the notation fonts: Emmentaler and Bravura, which more accurately match the original designers' intentions and have included a new jazz font called 'Petaluma' designed by Anthony Hughes at Steinberg.

    Lastly, MuseScore has made some beneficial improvements to the export process, including a new dialog containing lots of practical and time-saving settings. This work was implemented by one more community member, Casper Jeukendrup.

    The team's current plans are to improve the engraving capabilities of MuseScore, including substantial overhauls to the horizontal spacing and beaming systems. MuseScore 3.6 may be a massive step, although there is a great deal of work ahead.

    Links

    Official release notes: MuseScore 3.6

    Martin Keary’s video: “How I Designed a Free Music Font for 5 Million Musicians (MuseScore 3.6)”

    Official video: “MuseScore 3.6 - A Massive Engraving Overhaul!”

    Download MuseScore for free: MuseScore.org
    #Linux Music Software FOSS


  • Virtual Machine Startup Shells Closes the Digital Divide One Cloud Computer at a Time
    Image Startup turns devices you probably already own - from smartphones and tablets to smart TVs and game consoles - into full-fledged computers.
    Shells (shells.com), a new entrant in the virtual machine and cloud computing space, is excited to launch their new product which gives new users the freedom to code and create on nearly any device with an internet connection.  Flexibility, ease, and competitive pricing are a focus for Shells which makes it easy for a user to start-up their own virtual cloud computer in minutes.  The company is also offering multiple Linux distros (and continuing to add more offerings) to ensure the user can have the computer that they “want” to have and are most comfortable with.

    The US-based startup Shells turns idle screens, including smart TVs, tablets, older or low-spec laptops, gaming consoles, smartphones, and more, into fully-functioning cloud computers. The company utilizes real computers, with Intel processors and top-of-the-line components, to send processing power into your device of choice. When a user accesses their Shell, they are essentially seeing the screen of the computer being hosted in the cloud - rather than relying on the processing power of the device they’re physically using.

    Shells was designed to run seamlessly on a number of devices that most users likely already own, as long as it can open an internet browser or run one of Shells’ dedicated applications for iOS or Android. Shells are always on and always up to date, ensuring speed and security while avoiding the need to constantly upgrade or buy new hardware.

    Shells offers four tiers (Lite, Basic, Plus, and Pro) catering to casual users and professionals alike. Shells Pro targets the latter, and offers a quad-core virtual CPU, 8GB of RAM, 160GB of storage, and unlimited access and bandwidth which is a great option for software engineers, music producers, video editors, and other digital creatives.

    Using your Shell for testing eliminates the worry associated with tasks or software that could potentially break the development environment on your main computer or laptop. Because Shells are running round the clock, users can compile on any device without overheating - and allow large compile jobs to complete in the background or overnight. Shells also enables snapshots, so a user can revert their system to a previous date or time. In the event of a major error, simply reinstall your operating system in seconds.

    “What Dropbox did for cloud storage, Shells endeavors to accomplish for cloud computing at large,” says CEO Alex Lee. “Shells offers developers a one-stop shop for testing and deployment, on any device that can connect to the web. With the ability to use different operating systems, both Windows and Linux, developers can utilize their favorite IDE on the operating system they need. We also offer the added advantage of being able to utilize just about any device for that preferred IDE, giving devs a level of flexibility previously not available.”

    “Shells is hyper focused on closing the digital divide as it relates to fair and equal access to computers - an issue that has been unfortunately exacerbated by the ongoing pandemic,” Lee continues. “We see Shells as more than just a cloud computing solution - it’s leveling the playing field for anyone interested in coding, regardless of whether they have a high-end computer at home or not.”

    Follow Shells for more information on service availability, new features, and the future of “bring your own device” cloud computing:

    Website: https://www.shells.com

    Twitter: @shellsdotcom

    Facebook: https://www.facebook.com/shellsdotcom

    Instagram: https://www.instagram.com/shellscom
    #virtual-machine #cloud-computing #Shells


  • Ubuntu 20.10 “Groovy Gorilla” Arrives With Linux 5.8, GNOME 3.38, Raspberry Pi 4 Support
    Article Images Image
    Just two days ago, Ubuntu marked the 16th anniversary of its first ever release, Ubuntu 4.10 “Warty Warthog,” which showed Linux could be a more user friendly operating system.

    Back to now, after the six months of development cycle and the release of the current long-term Ubuntu 20.04 “Focal Fossa,” Canonical has announced a new version called Ubuntu 20.10 “Groovy Gorilla” along with its seven official flavor: Kubuntu, Lubuntu, Ubuntu MATE, Ubuntu Kylin, Xubuntu, Ubuntu Budgie, and Ubuntu Studio.

    Ubuntu 20.10 is a short term or non-LTS release, which means it will be supported for 9 months until July 2021. Though v20.10 does not seem a major release, it does come with a lot of exciting and new features. So, let’s see what Ubuntu 20.10 “Groovy Gorilla” has to offer:
    New Features in Ubuntu 20.10 “Groovy Gorilla”

    Ubuntu desktop for Raspberry Pi 4
    Starting with one of the most important enhancements, Ubuntu 20.10 has become the first Ubuntu release to feature desktop images for the Raspberry Pi 4. Yes, you can now download and run Ubuntu 20.10 desktop on your Raspberry Pi models with at least 4GB of RAM.

    Even both Server and Desktop images also support the new Raspberry Pi Compute Module 4. The 20.10 images may still boot on earlier models, but new Desktop images only built for the arm64 architecture and officially only support the Pi 4 variant with 4GB or 8GB RAM.
    Linux Kernel 5.8


    Upgrading the previous Linux kernel 5.4, the latest Ubuntu 20.10 ships the new Linux kernel 5.8, which is dubbed“the biggest release of all time” by Linus Torvalds as it contains the highest number of over 17595 commits.

    So it’s obvious that Linux 5.8 brings numerous updates, new features, and hardware support. For instance, Kernel Event Notification Mechanism, Intel Tiger Lake Thunderbolt support, extended IPv6 Multi-Protocol Label Switching (MPLS) support, Inline Encryption hardware support, Thunderbolt support for Intel Tiger Lake and non-x86 systems, and initial support for booting POWER10 processors.
    GNOME 3.38 Desktop Environment


    Another key change that Ubuntu 20.10 includes is the latest version of GNOME desktop environment, which enhances the visual appearance, performance, and user experience of Ubuntu.

    One of my favorite features that GNOME 3.38 introduces is a much-needed separate “Restart” button in the System menu.



    Among other enhancements, GNOME 3.38 also includes:
    Better multi-monitor support Revamped GNOME Screenshot app Customizable App Grid with no “Frequent Apps” tab Battery percentage indicator New Welcome Tour app written in Rust Core GNOME apps improvementsShare Wi-Fi hotspot Via QR Code


    If you’re the person who wants to share the system’s Internet with other devices wirelessly, this feature of sharing Wi-Fi hotspot through QR code will definitely please you.

    Thanks to GNOME 3.38, you can now turn your Linux system into a portable Wi-Fi hotspot by sharing QR code with the devices like laptops, tablets, and mobiles.
    Add events in GNOME Calendar app


    Forget to remember the events? A pre-installed GNOME Calendar app now lets you add new events (birthday, meetings, reminders, releases), which displays in the message tray. Instead of adding new events manually, you can also sync your events from Google, Microsoft, or Nextcloud calendars after adding online accounts from the settings.
    Active Directory Support


    In the Ubiquity installer, Ubuntu 20.10 has also added an optional feature to enable Active Directory (AD) integration. If you check the option, you’ll be directed to configure the AD by giving information about the domain, administrator, and password.


    Tools and Software upgrade


    Ubuntu 20.10 also features the updated tools, software, and subsystems to their new versions. This includes:
    glibc 2.32, GCC 10, LLVM 11 OpenJDK 11 rustc 1.41 Python 3.8.6, Ruby 2.7.0, PHP 7.4.9 perl 5.30 golang 1.13 Firefox 81 LibreOffice 7.0.2 Thunderbird 78.3.2 BlueZ 5.55 NetworkManager 1.26.2Other enhancements to Ubuntu 20.10:Nftables replaces iptables as default backend for the firewall Better support for fingerprint login Cloud images with KVM kernels boot without an initramfs by default Snap pre-seeding optimizations for boot time improvements
    A full release notes of Ubuntu 20.10 is also available to read right from here.
    How To Download Or Upgrade To Ubuntu 20.10
    If you’re looking for a fresh installation of Ubuntu 20.10, download the ISO image available for several platforms such as Desktop, Server, Cloud, and IoT.

    But if you’re already using the previous version of Ubuntu, you can also easily upgrade your system to the Ubuntu 20.10. For upgrading, you must be using Ubuntu 20.04 LTS as you cannot directly reach 20.10 from 19.10, 19.04, 18.10, 18.04, 17.04, or 16.04. You should first hop on to v20.04 and then to the latest v20.10.

    As Ubuntu 20.10 is a non-LTS version and by design, Ubuntu only notifies a new LTS release, you need to upgrade manually by either choosing a GUI method using the built-in Software Updater tool or a command line method using the terminal.

    For command line method, open terminal and run the following commands:

    sudo apt update && sudo apt upgrade

    sudo do-release-upgrade -d -m desktop

    Or else, if you’re not a terminal-centric person, here’s an official upgrade guide using a GUI Software Updater.

    Enjoy Groovy Gorilla!
    Ubuntu Groovy Gorilla GNOME GNOME 3.0 Raspberry Pi kernel


  • Linux Mint 20.1 “Ulyssa” Will Arrive In Mid-December With Chromium, WebApp Manager
    Article Images Image
    As the Linux Mint team is progressing to release the first point version of Linux Mint 20 series, its founder and project leader Clement Lefebvre has finally revealed the codename for Linux Mint 20.1 as “Ulyssa”. He has also announced that Mint 20.1 will most probably arrive in mid-December (just before Christmas).

    Until you wait for its beta release to test Linux Mint 20.1, Clement has also shared some great news regarding the new updates and features that you’ll get in Mint 20.1.

    First, packaging of open source Chromium web browser and its updates directly through the official Mint repositories. As the team noticed delays between the official release and the version available in Linux distros, it has now decided to set up their own packaging and build Chromium package based on upstream code, along with some patches from Debian and Ubuntu as well.

    As a result, the first test build of Chromium is available to download from here.

    In last month's blog, the Mint team introduced a new WebApp Manager, inspired by Peppermint OS and its SSB (Site Specific Browser) application manager, ICE. It is a WebApp management system that will debut in Linux Mint 20.1 to turn a website into a standalone desktop application.

    However, the Debian package of WebApp Manager v1.0.5 is now available to download, which comes with UI improvements, bug fixes and better translations for languages.

     

     

    Another feature that you’ll be thrilled to see in Linux Mint 20.1 is the hardware video acceleration enabled by default in the Celluloid video player. Obviously, hardware-accelerated players will bring smoother playback, better performance and reduced CPU usage.

     

     

    Besides the confirmed features, the Linux Mint team is also looking for feedback on a side-project by Stephen Collins, “Sticky notes.” It is a note-taking app, which is still in Alpha stage. But if all goes well, who knows, you’ll see Sticky notes app in the upcoming Linux Mint.

     

     

    The Linux Mint team has also asked for opinion on IPTV (Internet Protocol Television). If you use M3U IPTV on your phone, tablet or smart TV, you can let them know. The team seems interested to develop an IPTV solution for Linux desktop as a side project if the audience is small or turn it into an official Linux Mint project, if demand is good enough.
    Linux Mint


  • Newest IPFire Release Includes Security Fixes and Additional Hardware Support (IPFire 2.25 - Core Update 147)
    Image
    Michael Tremer, maintainer of the IPFire project, announced IPFire 2.25 Core Update 147 today. This is the newest IPFire release since Core Update 146 on June 29th.

    IPFire 2.25 Core Update 147 includes some important security updates including a newer version of Squid web proxy that has patched recent vulnerabilities.

    Beyond security updates, IPFire 2.25 Core Update 147 adds support for additional hardware, as well as enhancing support for existing hardware because the new release ships with version 20200519 of the Linux firmware package.

    IPFire 2.25 Core Update 147 also rectified a recurring issue relating to forwarding GRE connections.

    In addition, the update improved IPFire on AWS configurations.

    IPFire 2.25 Core Update 147 includes these updated packages: bind 9.11.20, dhcpcd 9.1.2, GnuTLS 3.6.14, gmp 6.2.0, iproute2 5.7.0, libassuan 2.5.3, libgcrypt 1.8.5, libgpg-error 1.38, OpenSSH 8.3p1, squidguard 1.6.0.

    You can download IPFire 2.25 Core Update 147 here.
    Releases





Linux Magazine News (path: lmi_news)






  • AlmaLinux 8.7 Now Available
    The developers of AlmaLinux have released the latest version of the OS, named Stone Smilodon, to the general public.





  • Zorin OS 16.02 Now Available
    Zorin OS 16.2 has been officially released just seven months after the first point release of the user-friendly Linux operating system.


Page last modified on November 17, 2022, at 06:39 PM