All the News that Matters

• Debian LTS: DLA-2710-2: rabbitmq-server regression update>
  It was discovered that the previous upload of the package rabbitmq-server versioned 3.6.6-1+deb9u1 introduced a regression in function fmt_strip_tags. Big thanks to Christoph Haas for the reporting an issue and for testing the update.

• Mageia 2021-0369: golang security update>
  encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method (CVE-2021-27918).

• Mageia 2021-0368: lib3mf security update>
  A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability (CVE-2021-21772).

• Debian: DSA-4944-1: krb5 security update>
  It was discovered that the Key Distribution Center (KDC) in krb5, the MIT implementation of Kerberos, is prone to a NULL pointer dereference flaw. An unauthenticated attacker can take advantage of this flaw to cause a denial of service (KDC crash) by sending a request containing a

• Fedora 34: varnish-modules 2021-cf7585f0ca>
  New upstream release. This is a security release for CVE-2021-36740 aka VSV00007

• Fedora 34: vmod-uuid 2021-cf7585f0ca>
  New upstream release. This is a security release for CVE-2021-36740 aka VSV00007

• Using Pacman on Arch Linux and Manjaro
  In this guide, you’ll learn how to use pacman on Arch Linux, Manjaro, and other distros based on Arch. Read on to master pacman with commands to install packages, remove packages, update the system, etc.

• Secure, Simple and Scalable Video Conferencing with Jitsi
  Jitsi Meet is an open-source application that can be self-hosted in your own environment. In this article, we’ll share the details of how to get Jitsi up and running

• How to install and use ClamAV on Ubuntu 20.04
  ClamAV is an open-source and free antivirus software toolkit able to detect many types of malicious software, including viruses, trojans, malware, adware, rootkits and other malicious threats. In the following tutorial, you will learn how to configure ClamAV on Ubuntu 20.04 LTS. The same principle will work for the newer version Ubuntu 21.04 (Hirsute Hippo).

• 28 books recommended by open source technologists to read right now
  It may not be the season of summer where you are, but summer reading lists are quintessential and somewhat cozy no matter what part of the world you live in. Did you get our summer reading list?

• How to Fix yay: error while loading shared libraries: libalpm.so.12
  If you are running Arch Linux in a system for a longer time, things can break due to its rolling release nature combined with your hardware support. If you use the AUR Helper Yay, then sometimes, yay can be corrupted due to several installations, upgrade of other packages. This quick guide is to help you to fix yay error – while loading shared libraries: libalpm.so.12.

• Firewalld 1.0 Firewall Management Tool is Here with Big Improvements
  Firewalld is front-end controller for iptables and nftables used to implement persistent network traffic rules. Ten years after its first release, Firewalld reached version 1.0. The biggest change is removing Python 2 support.

• Assembly of Python External C++ procedure returning the vector of strings objects
  This post is an immediate followup for the most recent post at Lxer.com regarding return of one string. Consider the task already been treated with 2D vector and dumping the content of vector to disk file. This approach would allow us to solve the same task via to straight forward returning vector of strings from C++ procedure to Python module.

• How to Install and use Maldet on Ubuntu 20.04
  Linux Malware Detect (LMD), also known as Maldet, is a malware scanner for Linux released under the GNU GPLv2 license. In the following tutorial, you will learn how to configure Maldet on Ubuntu 20.04 LTS. The same principle will work for the newer version Ubuntu 21.04 (Hirsute Hippo).

• How To Setup Backup Server Using Rsnapshot In Linux
  Rsnapshot is a filesystem snapshot utility based on rsync for Linux and Unix-like operating systems. It allows you to easily create periodic snapshots of local machines, and remote machines over ssh. This guide explains what is Rsnapshot, how to install Rsnapshot in Linux , and how to setup backup server using Rsnapshot in Linux.

• 5 useful ways to manage Kubernetes with kubectl
  Kubernetes is software to help you run lots of containers in an organized way. Aside from providing tools to manage (or orchestrate) the containers you run, Kubernetes also helps those containers scale out as needed. With Kubernetes as your central control panel (or control plane), you need a way to manage Kubernetes, and the tool for that job is kubectl. The kubectl command lets you control, maintain, analyze, and troubleshoot Kubernetes clusters.read more

• The Linux Foundation Announces Conference Schedule for Open Source Summit + Embedded Linux Conference 2021
  Premier open source event covering the most critical and innovative open source topics gathers developers and technologists both in-person and virtually this September...

• How to Install InspIRCd IRC Chat Server on Debian 10
  InspIRCd is a robust IRC server that runs in UNIX-like environments that comes with its own scripting language called AngelScript. This tutorial shows you how to install and configure InspIRCd on Debian 10.

• Assembly of Python External C++ procedure returning the value of string type
  Writing C++ procedure below we get a final answer as C++ string , then via sequence of operations which convert string to the pointer (say c) to "const char" and finally return required value via pointer to PyObject provided by PyUnicode_FromString(c) to Python Runtime module.

• How To Install MariaDB 10.5 on Ubuntu 20.04
  In the following tutorial, you will learn how to install the latest stable release of MariaDB 10.5 on Ubuntu 20.04. You can also use the same guide to upgrade to the newer 10.6 if you prefer however for stability we recommend staying on 10.5 until the newer version matures a bit more.MariaDB is one of the most popular open-source databases next to its originator MySQL. The original creators of MySQL developed MariaDB in response to fears that MySQL will suddenly become a paid service due to Oracle acquiring it in 2010. With its history of doing similar tactics, the developers behind MariaDB have promised to keep it open source and free from such fears as what has happened to MySQL.

• How to Upgrade PHP Version to PHP 8.0 on Ubuntu
  Upgrade PHP version to PHP 8.0 on Ubuntu. You can upgrade your current PHP version to the latest release PHP 8.0 on your Ubuntu.

• How to Recursively Change File Permissions in Linux
  Sometimes you can’t edit files because of the “Permission denied” error. Learn how to recursively change file permissions in Linux.

• Emulate the Commodore 64 home computer with Linux
  The C64 is notable for being one of the first widespread home computers, helping it to expand its collection of games as a result. We recommend the best free and open source emulators.

• How to Install Gitea Code Hosting Service on Fedora 34
  Gitea is an open-source code-hosting solution based on the Git platform. This article will cover how to install and configure Gitea on Fedora 34 and how to set up your first Git repository.

• How to Install Fail2ban on Ubuntu 20.04 with Configuration
  In the following tutorial you will learn how to install fail2ban on Ubuntu 20.04 with example configurations to learn how to deploy as an effective means of protection for your website and servers.

• CLI Cloud Storage Manager Rclone 1.56.0 Adds New Serve Docker Command, Reworked Config, New librclone C Library
  Rclone, a free and open source command line cloud storage sync tool, was updated to version 1.56.0, which includes some important new features. There's a new backend, new commands including Docker serve, a reworked configuration system, and there's also a new librclone C library.

• Colonial Pipeline Sued by Customers Affected by Its Ransomware Incident
  The owner of the EZ Mart gas station is suing Colonial Pipeline, accusing it of lax security, reports the Washington Post: He and his lawyers are hoping to also represent the hundreds of other small gas stations that were hurt by the hack. It's just one of several class-action lawsuits that are popping up in the wake of high-profile ransomware attacks. Another lawsuit filed against Colonial in Georgia in May seeks to get damages for regular consumers who had to pay higher gas prices. A third is in the works, with law firm Chimicles Schwartz Kriner & Donaldson-Smith LLP seeking to mount a similar effort.   Colonial isn't the only company that's been targeted. Another suit was launched in June against the San Diego based hospital system Scripps Health after it was hit by a ransomware attack...   In the case of Colonial Pipeline, hundreds of gas stations were shut down, leading to huge lines of cars waiting for what little fuel remained. The rise in suits may mean companies and organizations that are hacked are no longer just on the hook for reimbursing people who had their data stolen. They could now be liable for all kinds of damages that go well beyond a heightened risk of identity theft or credit card fraud...  The potential for lawsuits will keep growing as ransomware attacks do. And if lawyers can reasonably show that a company made some kind of mistake in protecting its system, victims will have an avenue to sue.
        
  
  Read more of this story at Slashdot.
  

• SANS Institute Hopes to Find New Cybersecurity Talent With a Game
  storagedude writes: Alan Paller, founder of the cybersecurity training SANS Technology Institute, has launched an initiative aimed at finding and developing cybersecurity talent at the community college and high school level — through a game developed by their CTO James Lyne. A similar game was already the basis of a UK government program that has reached 250,000 students, and Paller hopes the U.S. will adopt a similar model to help ease the chronic shortage of cybersecurity talent. And Paller's own Cyber Talent Institute (or CTI) has already reached 29,000 students, largely through state-level partnerships.   But playing the game isn't the same as becoming a career-ready cybersecurity pro. By tapping high schools and community colleges, the group hopes to "discover and train a diverse new generation of 25,000 cyber stars by the year 2025," Paller told eSecurity Planet. "SANS is an organization that finds people who are already in the field and makes them better. What CTI is doing is going down a step in the pipeline, to the students, to find the talent earlier, so that we don't lose them. Because the way the education system works, only a few people seem to go into cybersecurity. We wanted to change that.   "You did an article earlier this month about looking in different places for talent, looking for people who are already working. That's the purpose of CTI. To reach out to students. It's to go beyond the pipeline that we automatically come into cybersecurity through math, computer science, and networking and open the funnel much wider. Find people who have not already found technology, but who have three characteristics that seem to make superstars — tenacity, curiosity, and love of learning new things. They don't mind being faced with new problems. They like them. And what the game does is find those people. So CTI is just moving to earlier in the pipeline."
        
  
  Read more of this story at Slashdot.
  

• RNA Breakthrough Creates High-Yield, Drought-Tolerant Rice, Potatoes
  "Thanks to a breakthrough in RNA manipulation, crop scientists have developed new potato and rice varieties with higher yields and increased drought tolerance," reports UPI:  By inserting a gene responsible for production of a protein called FTO, scientists produced bigger rice and potato plants with more expansive root systems. In experiments, the plants' longer roots improved their drought resistance.  Test results — detailed Thursday in the journal Nature Biotechnology — showed the RNA-manipulated plants also improved their rate of photosynthesis, boost yields by as much as 50 percent...  In the lab, the manipulated rice plants grew at three times their normal rate. In the field, the rice plants increased their mass by 50 percent. They also sprouted longer roots, increased their photosynthesis rate and produced larger yields. When they repeated the experiments with potato plants, the researchers got similar results, suggesting the new gene manipulation method could be used to bolster a variety of crops.   The researchers hope this could help crops survive climate change, and even prevent forests from being cleared for food production, according to the article. And one of the study's co-authors adds "This really provides the possibility of engineering plants to potentially improve the ecosystem as global warming proceeds."
        
  
  Read more of this story at Slashdot.
  

• Virtual Comic-Con Includes Trailers For 'Blade Runner' Series, 'Dune' Movie - and NASA Panels
  Comic-Con went virtual again in 2020. (San Diego businesses will miss the chance to profit from the 100,000 visitors the convention usually attracted.) And NPR reports the convention has gotten smaller in other ways: Both Marvel Studios and DC are staying away; as it did last year, DC is again directing its resources towards its own event, DC FanDome, set for mid-October. But fans of shows like Doctor Who, Dexter and Comic-Con stalwart The Walking Dead will have lots to look forward to.   Rotten Tomatoes and The Verge have gathered up the trailers that did premier. Some of the highlights:  Blade Runner: Black Lotus , an upcoming anime television series set to premiere in late 2021 on Crunchyroll and Adult Swim (co-producing it with Alcon Television Group).The upcoming remake of Dune J.J. Abrams' new four-part Showtime documentary about UFOs.Season 2 of Star Trek: Lower Decks and the new Star Trek: Prodigy, a CGI-animated series about a group of aliens who escape captivity onboard the Enterprise. But interestingly, one of the more visibile presenters was: NASA. Current and former NASA officials made appearances on several different panels, according to Space.com, including one on modern space law, U.N. treaty-making, and how it all stacks up against the portrayal we get in our various future-space franchises. And NASA also touted its virtual simulation platform Ed-Tech, "where students can have access to the same tools that professionals use and in the case of space are given the opportunity to solve real problems related to missions to our Moon, Mars, and beyond... from piloting to terra-forming to creating habitats and spacecraft."   There was also a panel of four NASA engineers titled "No Tow Trucks Beyond Mars," on "how we go boldly where thereâ(TM)s no one around to fix it. Hear stories from the trenches of the heartbreaks, close calls, and adventures of real-life landing (and flying!) on Mars and our round-table discussion of what Netflix got right in their movie Stowaway."   Sunday's panels will include an astronomer, an astrobiologist, and a geologist/paleontologist discussing "The Science of Star Wars" with the concept designer for Star Wars episodes 7-9, Rogue One, and Solo.
        
  
  Read more of this story at Slashdot.
  

• 'Nuclear Power's Reliability is Dropping as Extreme Weather Increases'
  A comprehensive new analysis published in Nature "calculates that the frequency of climate-related nuclear plant outages is almost eight times higher than it was in the 1990s," reports Ars Technica.   "The analysis also estimates that the global nuclear fleet will lose up to 1.4 percent — about 36 TWh — of its energy production in the next 40 years and up to 2.4 percent, or 61 TWh, by 2081-2100."  The author analyzed publicly available databases from the International Atomic Energy Agency to identify all climate-linked shutdowns (partial and complete) of the world's 408 operational reactors. Unplanned outages are generally very well documented, and available data made it possible to calculate trends in the frequency of outages that were linked to environmental causes over the past 30 years. The author also used more detailed data from the last decade (2010-2019) to provide one of the first analyses of which types of climate events have had the most impact on nuclear power.   While the paper doesn't directly link the reported events to climate change, the findings do show an overall increase in the number of outages due to a range of climate events. The two main categories of climate disruptions broke down into thermal disruptions (heat, drought, and wildfire) and storms (including hurricanes, typhoons, lightning, and flooding). In the case of heat and drought, the main problem is the lack of cool-enough water — or in the case of drought, enough water at all — to cool the reactor. However, there were also a number of outages due to ecological responses to warmer weather; for example, larger than usual jellyfish populations have blocked the intake pipes on some reactors. Storms and wildfires, on the other hand, caused a range of problems, including structural damage, precautionary preemptive shutdowns, reduced operations, and employee evacuations. In the timeframe of 2010 to 2019, the leading causes of outages were hurricanes and typhoons in most parts of the world, although heat was still the leading factor in Western Europe (France in particular). While these represented the most frequent causes, the analysis also showed that droughts were the source of the longest disruptions and thus the largest power losses.   The author calculated that the average frequency of climate-linked outages went from 0.2 outages per year in the 1990s to 1.5 outages in the timeframe of 2010 to 2019. A retrospective analysis further showed that, for every 1 degree C rise in temperature (above the average temperature between 1951 and 1980), the energy output of the global fleet fell about 0.5 percent.
        
  
  Read more of this story at Slashdot.
  

• Does the Open Source Movement Need to Evolve?
  A cloud company's CTO argues on CTO that the "hypocrite commits" controversy "is symptomatic, on every side, of related trends that threaten the entire extended open-source ecosystem and its users."  That ecosystem has long wrestled with problems of scale, complexity and free and open-source software's (FOSS) increasingly critical importance to every kind of human undertaking. Let's look at that complex of problems:   - The biggest open-source projects now present big targets.  - Their complexity and pace have grown beyond the scale where traditional "commons" approaches or even more evolved governance models can cope.  - They are evolving to commodify each other. For example, it's becoming increasingly hard to state, categorically, whether "Linux" or "Kubernetes" should be treated as the "operating system" for distributed applications. For-profit organizations have taken note of this and have begun reorganizing around "full-stack" portfolios and narratives.  - In so doing, some for-profit organizations have begun distorting traditional patterns of FOSS participation. Many experiments are underway. Meanwhile, funding, headcount commitments to FOSS and other metrics seem in decline.  - OSS projects and ecosystems are adapting in diverse ways, sometimes making it difficult for for-profit organizations to feel at home or see benefit from participation.  Meanwhile, the threat landscape keeps evolving:   - Attackers are bigger, smarter, faster and more patient, leading to long games, supply-chain subversion and so on.  - Attacks are more financially, economically and politically profitable than ever.  - Users are more vulnerable, exposed to more vectors than ever before.  - The increasing use of public clouds creates new layers of technical and organizational monocultures that may enable and justify attacks.  - Complex commercial off-the-shelf solutions assembled partly or wholly from open-source software create elaborate attack surfaces whose components (and interactions) are accessible and well understood by bad actors.  - Software componentization enables new kinds of supply-chain attacks. Meanwhile, all this is happening as organizations seek to shed nonstrategic expertise, shift capital expenditures to operating expenses and evolve to depend on cloud vendors and other entities to do the hard work of security. The net result is that projects of the scale and utter criticality of the Linux kernel aren't prepared to contend with game-changing, hyperscale threat models.   Among other things, the article ultimately calls for a reevaluation of project governance/organization and funding "with an eye toward mitigating complete reliance on the human factor, as well as incentivizing for-profit companies to contribute their expertise and other resources." (With whatever culture changes this may require.) It also suggests "simplifying the stack" (and verifying its components), while pushing "appropriate" responsibility for security up to the application layer.  Slashdot reader joshuark argues this would be not so much the end of Open Source as "more turning the page to the next chapter in open-source: the issues of contributing, reviewing, and integrating into an open-source code base."
        
  
  Read more of this story at Slashdot.
  

• Amazon Wants Apartment Buildings to Install a 'Key' System that Lets Them Enter the Lobby
  "Amazon is tired of ringing doorbells," reports the Associated Press. "The online shopping giant is pushing landlords around the country — sometimes with financial incentives — to give its drivers the ability to unlock apartment-building doors themselves with a mobile device."  The service, dubbed Key for Business, is pitched as a way to cut down on stolen packages by making it easy to leave them in lobbies and not outside. Amazon benefits because it enables delivery workers to make their rounds faster. And fewer stolen packages reduce costs and could give Amazon an edge over competitors. Those who have installed the device say it reduces the constant buzzing by delivery people and is a safer alternative to giving out codes to scores of delivery people.   But the Amazon program, first announced in 2018, may stir security and privacy concerns as it gains traction. The company said that it does background checks on delivery people and that they can unlock doors only when they have a package in hand to scan. But tenants may not know that Amazon drivers have access to their building's front doors, since Amazon leaves it up to the building to notify them...   Amazon didn't respond to questions about potential hacking. The company has already installed the device in thousands of U.S. apartment buildings but declined to give a specific number... Amazon salespeople have been fanning out to cities across the country to knock on doors, make cold calls or approach building managers on the street to urge them to install the device. The company has even partnered with local locksmiths to push it on building managers while they fix locks. Amazon installs the device for free and sometimes throws in a $100 Amazon gift card to whoever lets them in.
        
  
  Read more of this story at Slashdot.
  

• Church Official Exposed Through America's 'Vast and Largely Unregulated Data-Harvesting'
  The New York Times' On Tech newsletter shares a thought-provoking story:  This week, a top official in the Roman Catholic Church's American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went.   I know that people will have complex feelings about this matter. Some of you may believe that it's acceptable to use any means necessary to determine when a public figure is breaking his promises, including when it's a priest who may have broken his vow of celibacy. To me, though, this isn't about one man. This is about a structural failure that allows real-time data on Americans' movements to exist in the first place and to be used without our knowledge or true consent. This case shows the tangible consequences of practices by America's vast and largely unregulated data-harvesting industries. The reality in the United States is that there are few legal or other restrictions to prevent companies from compiling the precise locations of where we roam and selling that information to anyone.   This data is in the hands of companies that we deal with daily, like Facebook and Google, and also with information-for-hire middlemen that we never directly interact with. This data is often packaged in bulk and is anonymous in theory, but it can often be traced back to individuals, as the tale of the Catholic official shows...   Losing control of our data was not inevitable. It was a choice — or rather a failure over years by individuals, governments and corporations to think through the consequences of the digital age.   We can now choose a different path.   "Data brokers are the problem," writes the EFF, arguing that the incident "shows once again how easy it is for anyone to take advantage of data brokers' stores to cause real harm." This is not the first time Grindr has been in the spotlight for sharing user information with third-party data brokers... But Grindr is just one of countless apps engaging in this exact kind of data sharing. The real problem is the many data brokers and ad tech companies that amass and sell this sensitive data without anything resembling real users' consent.   Apps and data brokers claim they are only sharing so-called "anonymized" data. But that's simply not possible. Data brokers sell rich profiles with more than enough information to link sensitive data to real people, even if the brokers don't include a legal name. In particular, there's no such thing as "anonymous" location data. Data points like one's home or workplace are identifiers themselves, and a malicious observer can connect movements to these and other destinations. Another piece of the puzzle is the ad ID, another so-called "anonymous" label that identifies a device. Apps share ad IDs with third parties, and an entire industry of "identity resolution" companies can readily link ad IDs to real people at scale.    All of this underlines just how harmful a collection of mundane-seeming data points can become in the wrong hands... That's why the U.S. needs comprehensive data privacy regulation more than ever. This kind of abuse is not inevitable, and it must not become the norm.
        
  
  Read more of this story at Slashdot.
  

• Three Die After Untreatable 'Superbug' Fungus Infections in Two Different Cities
  "U.S. health officials said Thursday they now have evidence of an untreatable fungus spreading in two hospitals and a nursing home," reports the Associated Press:  The "superbug" outbreaks were reported in a Washington, D.C, nursing home and at two Dallas-area hospitals, the Centers for Disease Control and Prevention reported. A handful of the patients had invasive fungal infections that were impervious to all three major classes of medications. "This is really the first time we've started seeing clustering of resistance" in which patients seemed to be getting the infections from each other, said the CDC's Dr. Meghan Lyman...    Health officials have sounded alarms for years about the superbug after seeing infections in which commonly used drugs had little effect. In 2019, doctors diagnosed three cases in New York that were also resistant to a class of drugs, called echinocandins, that were considered a last line of defense. In those cases, there was no evidence the infections had spread from patient to patient — scientists concluded the resistance to the drugs formed during treatment. The new cases did spread, the CDC concluded....  Those cases were seen from January to April. Of the five people who were fully resistant to treatment, three died — both Texas patients and one in Washington.   Lyman said both are ongoing outbreaks and that additional infections have been identified since April. But those added numbers were not reported.    The fungus, Candida auris, "is a harmful form of yeast that is considered dangerous to hospital and nursing home patients with serious medical problems," they add — and it's spread through contaminated surfaces or contact with patients.   Newsweek points out that while it's only recently appeared in America, "infections have occurred in over 30 countries worldwide."
        
  
  Read more of this story at Slashdot.
  

• Kaspersky Warns Fake Windows 11 Installers Are Spreading Malware
  Long-time Slashdot reader Ammalgam writes: If you're planning to install Windows 11, you should make sure you download it from official sources. This is because, people who are using pirated or fake methods to get Windows 11 are also downloading malware along with it, according to Kaspersky. The particular file referenced is called 86307_windows 11 build 21996.1 x64 + activator.exe. While it sounds like it includes Windows 11 build 21996.1, and an installer that will automatically activate Windows for you there are some red flags. First, it's only 1.75GB, so while people who want to install Windows 11 might think that's a large file that could be Windows, a real Windows 11 ISO is about 4.87GB...   "The 1.75 GB file looks legitimate. But most of this space consists of one DLL file that contains a lot of useless information," explains Mint.   And Kaspersky adds that "it even comes with a license agreement (which few people read) calling it a 'download manager for 86307_windows 11 build 21996.1 x64 + activator' and noting that it would also install some sponsored software. If you accept the agreement, a variety of malicious programs will be installed on your machine."
        
  
  Read more of this story at Slashdot.
  

• China Compromised More than a Dozen US Pipelines Between 2011 and 2013
  "Hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago, the Biden administration revealed Tuesday while also issuing first-of-its-kind cybersecurity requirements on the pipeline industry," reports the Wall Street Journal.  The disclosure of previously classified information about the aggressive Chinese hacking campaign, though dated, underscored the severity of foreign cyber threats to the nation's infrastructure, current and former officials said. In some cases, the hackers possessed the ability to physically damage or disrupt compromised pipelines, a new cybersecurity alert said, though it doesn't appear they did so. Previously, senior administration officials had warned that China, Russia and others were capable of such cyber intrusions. But rarely has so much information been released about a specific and apparently successful campaign.   Chinese state-sponsored hackers between 2011 and 2013 had targeted nearly two dozen U.S. oil and natural gas pipeline operators with the specific goal of "holding U.S. pipeline infrastructure at risk," the Federal Bureau of Investigation and the Department of Homeland Security said in Tuesday's joint alert. Of the known targets, 13 were successfully compromised and an additional eight suffered an "unknown depth of intrusion," which officials couldn't fully assess because the victims lacked complete computer log data, the alert said. Another three targets were described as "near misses" of the Chinese campaign, which relied heavily on spear phishing attacks.   Newsweek adds that the same day the U.S. Department of Homeland Security "announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast." In a statement, DHS said it would require operators of federally designated critical pipelines to implement "specific mitigation measures" to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a "cybersecurity architecture design review."
        
  
  Read more of this story at Slashdot.
  

• Mozilla Stops FTP Support in Firefox 90
  A post on Mozilla's security blog calls FTP "by now one of the oldest protocols still in use" — and it's suffering from "a number of serious security issues."  The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user's device using the FTP protocol.   Aligning with our intent to deprecate non-secure HTTP and increase the percentage of secure connections, we, as well as other major web browsers, decided to discontinue support of the FTP protocol. Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox's HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP.   The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol — Firefox 90 will no longer support the FTP protocol.
        
  
  Read more of this story at Slashdot.
  

• With Profits Soaring, Tech Companies 'Won the Pandemic'
  In April of 2020, Jeff Bezos announced Amazon would spend their next quarter focusing on people instead of profits, remembers the New York Times:  At the end of July 2020, Amazon announced quarterly results. Rather than earning zero, as Mr. Bezos had predicted, it notched an operating profit of $5.8 billion — a record for the company. The months since have established new records. Amazon's margins, which measure the profit on every dollar of sales, are the highest in the history of the company, which is based in Seattle... Amazon's pandemic triumph was echoed all over the world of technology companies.   Even as 609,000 Americans have died and the Delta variant surges, as corporate bankruptcies hit a peak for the decade, as restaurants, airlines, gyms, conferences, museums, department stores, hotels, movie theaters and amusement parks shut down and as millions of workers found themselves unemployed, the tech industry flourished. The combined stock market valuation of Apple, Alphabet, Nvidia, Tesla, Microsoft, Amazon and Facebook increased by about 70 percent to more than $10 trillion. That is roughly the size of the entire U.S. stock market in 2002. Apple alone has enough cash in its coffers to give $600 to every person in the United States. And in the next week, the big tech companies are expected to report earnings that will eclipse all previous windfalls.   Silicon Valley, still the world headquarters for tech start-ups, has never seen so much loot. More Valley companies went public in 2020 than in 2019, and they raised twice as much money when they did. Forbes calculates there are now 365 billionaires whose fortunes derive from tech, up from 241 before the virus.   No single industry has ever had such power over American life, dominating how we communicate, shop, learn about the world and seek distraction and joy. What will Silicon Valley do with this power? Who if anyone might restrain tech, and how much support will they have...? The biggest, and perhaps the only, threat to tech now is from government...   Beyond the threat of misuse of tech lurks an even darker possibility: a misplaced confidence in the ability of one loosely regulated sector to run so much of the world.
        
  
  Read more of this story at Slashdot.
  

• Researchers Found a Malicious NPM Package Using Chrome's Password-Recovery Tools
  Threatpost reports on "another vast software supply-chain attack" that was "found lurking in the npm open-source code repository...a credentials-stealing code bomb" that used the password-recovery tools in Google's Chrome web browser. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also listens for incoming commands from the attacker's command-and-control (C2) server and can upload files, record from a victim's screen and camera, and execute shell commands...   ReversingLabs researchers, who published their findings in a Wednesday post, said that during an analysis of the code repository, they found an interesting embedded Windows executable file: a credential-stealing threat. Labeled "Win32.Infostealer.Heuristics", it showed up in two packages: nodejs_net_server and temptesttempfile. At least for now, the first, main threat is nodejs_net_server. Some details:  nodejs_net_server: A package with 12 published versions and a total of more than 1,300 downloads since it was first published in February 2019...finally upgrading it last December with a script to download the password-stealer, which the developer hosts on a personal website. It was subsequently tweaked to run TeamViewer.exe instead, "probably because the author didn't want to have such an obvious connection between the malware and their website," researchers theorized...   ReversingLabs contacted the npm security team on July 2 to give them a heads-up about the nodejs_net_server and tempdownloadtempfile packages and circled back once again last week, on Thursday, since the team still hadn't removed the packages from the repository. When Threatpost reached out to npm Inc., which maintains the repository, a GitHub spokesperson sent this statement: "Both packages were removed following our investigation...."
        
  
  Read more of this story at Slashdot.
  

• Repairable, Modular Framework Laptop Begins Shipping
  "Are you old enough to remember when laptops had removable batteries?" asks CNET. "Frustrated by mainstream laptops with memory soldered to the motherboard and therefore not upgradable?"   "The 13.5-inch Framework Laptop taps into that nostalgia, addressing one of the biggest drawbacks in modern laptops as part of the right-to-repair movement. It was designed from the ground up to be as customizable, upgradable and repairable as technologically possible... and boy does it deliver." It features four expansion card slots, slide-in modules that snap into USB-C connectors, socketed storage and RAM, a replaceable mainboard module with fixed CPU and fan, battery, screen, keyboard and more. It's a design that makes the parts easy to access, all while delivering solid performance at competitive prices and without sacrificing aesthetics.   The laptop's in preorder now for the U.S. and Canada, slated to ship in small batches depending upon the configuration. Core i7-based systems are expected to go out in August, while Core i5 systems won't be available until September. Prices for the Framework Laptop start at $999 for the prefab Core i5-1135G7 model with 8GB RAM and 256GB SSD, $1,399 for the Core i7-1165G7 Performance model with 16GB RAM and 512GB storage or a vPro Core i7-1185G7 Professional model with 32GB RAM and 1TB storage. Framework expects to expand into new regions by the end of the year; $999 converts to roughly £730 or AU$1,360... The DIY model adds Linux to the list of operating systems you can install, and doesn't restrict Windows Pro to the vPro model...   With the Framework, in addition to the ports you can swap out the mainboard, touchpad, keyboard, speakers, battery... anything you can think of. Don't feel like doing it yourself? Framework is publishing all the information necessary for a repair shop or IT department to not just swap parts, but to perform repairs... Nothing is buried under other parts, so everything's easy to get to. Each Framework part has a QR code and short URL to take you to all the info you'll need about it and the labels on the standard parts (memory and SSD) are easy to read.   Or, as Engadget puts it, the laptop is "designed, from the get-go, to be modular and repairable by every one of its users." Created by Nirav Patel, formerly of Oculus, the machine aims to demonstrate that there is a better, more sustainable way of doing things. It shouldn't be that, if your tech fails, you either have to buy a new model, or let the manufacturer's in-house repair teams charge $700 for a job that should've cost $50 . After all, if we're going to survive climate change, we need to treat our tech more sustainably and keep as much as possible out of the landfill...   The Framework laptop is equipped with a 1080p, 60fps webcam with an 80-degree field of view, and it's one of the best built-in webcams I've seen.  PCWorld calls it "the ultimate Right to Repair laptop."
        
  
  Read more of this story at Slashdot.
  

Engadget"https://www.engadget.com/"?

• Las Vegas police solve an old murder case using record-low volume of DNA
  Las Vegas police appear to have smashed a record while using ancestry to find cold case suspects. BBC Newsreports that Vegas law enforcement claims to have solved the 1989 murder of 14-year-old Stephanie Isaacson (pictured here) using the smallest known volume of DNA. Investigators sent just 0.12 nanograms of DNA samples, or about 15 cells, to Othram9s gene sequencing lab to help find a match. For context, a typical home DNA testing kit collects at least 750 nanograms.
  
  Othram used the sequences to comb through ancestry databases and pinpoint the suspect9s cousin and identify Darren Roy Marchand as the culprit. The team confirmed the match by comparing the sample against Marchand9s DNA from an arrest for a 1986 murder case. Marchand was never convicted and died in 1995.
  
  Vegas police launched the investigation after resident Justin Woo donated money to help law enforcement solve cases using "minimal" DNA levels. The investigation at Othram started on January 19th, but it wasn9t until July 12th that the company identified a suspect.
  
  Othram chief David Mittlemen characterized the effort as a "huge milestone" in a discussion with the BBC. This could theoretically solve cold cases where the samples were previously thought too small to be usable.
  
  The breakthrough won9t necessarily thrill everyone, however. There have been concerns that law enforcement might violate privacy when conducting these tests, and the Justice Department has established guidelines precisely to prevent those kinds of abuses. While there9s no indication Vegas authorities crossed boundaries in the Richardson case, a much larger range of potentially solvable cases also widens the potential for more privacy violations.
  

• WhatsApp says NSO spyware was used to attack officials working for US allies
  The NSO Group has denied that its spyware was used to compromise many politicians9 phones, but WhatsApp is telling a different story. The chat giant9s CEO, Will Cathcart, told The Guardian in an interview that governments allegedly used NSO9s Pegasus software to attack senior government officials worldwide in 2019, including high-ranking national security officials who were US allies. The breaches were reportedly part of a larger campaign that compromised 1,400 WhatsApp users in two weeks, prompting a lawsuit.
  
  The reporting on the NSO "matches" with findings from the 2019 attack on WhatsApp, Cathcart said. Human rights activists and journalists were also believed to be victims.
  
  The executive was responding to allegations that governments used Pegasus to hack phones for 37 people, including those of women close to murdered Saudi journalist Jamal Khashoggi. Those targets were also on a 2016 list of over 50,000 phone numbers that included activists, journalists and politicians, although it9s not clear that anyone beyond the 37 fell prey to attacks.
  
  NSO has strongly rejected claims about the hacks and the list, insisting that there9s "no factual basis" and that the list was too large to be focused solely on potential Pegasus targets. It also directly challenged Cathcart, asking if the WhatsApp exec had "other alternatives" to its tools that would help thwart "pedophiles, terrorists and criminals" using encrypted software.
  
  Cathcart, however, didn9t buy that explanation — he pointed to the 1,400 people as possible evidence that the number of targets was "very high." Whatever the truth, it9s safe to say WhatsApp won9t shy away from its lawsuit (or a war of words) any time soon.
  

• GM sues Ford over the name of its hands-free driving feature
  Ford might be excited about its BlueCruise hands-free driving tech, but GM is less than thrilled about it. The Super Cruise feature and its autonomy-focused Cruise company.
  
  GM was holding mediated talks with Ford to reach a "good-faith" arrangement, according to DFP sources. The two sides reportedly didn9t make a deal before a July 24th deadline, however, prompting the lawsuit. A GM spokesperson said the company had "no choice" but to sue Ford after trying to resolve the dispute "amicably."
  
  Ford9s representative, meanwhile, argued that GM9s lawsuit was "meritless and frivolous." People understood that "cruise" was short for cruise control, Ford said, and BlueCruise was ultimately the "next evolution" of its Intelligent Adaptive Cruise Control feature. The automaker added that GM didn9t seem to have issues with other brands9 naming schemes, such as BMW9s Active Cruise Control and Hyundai9s Smart Cruise Control.
  
  The attention to Ford isn9t surprising. Both companies see hands-free driving as a major selling point for their cars, with full self-driving a long-term goal. It9s also no secret that the two Detroit brands have been fierce rivals for a long time — neither Ford nor GM will want to cede ground, at least not quickly. We wouldn9t be surprised if the lawsuit ends with a settlement, but not before the companies have traded some verbal jabs.
  

• Oculus makes it easier to create mixed reality apps
  Expect to see more mixed reality apps in the future, at least for the Oculus Quest 2. WinFuturenotes that Oculus has unveiled a toolkit, Passthrough API Experimental, that will make it relatively easy to "seamlessly" merge VR with the real world view from the Quest 29s cameras.
  
  You can project images on flat surfaces, create composite layers that float in space, and even apply visual styles (akin to social media filters) to real scenes. You could give yourself a virtual monitor to use with your real-world keyboard, for instance, or turn your home into a psychedelic dreamscape by flicking a virtual switch.
  
  Privacy shouldn9t be an issue, Oculus claimed. The API only processes raw camera footage on-device, and apps can9t access, store or view imagery of the world around you. A rogue app shouldn9t transmit video of your home, to put it another way.
  
  Oculus expects to deliver the framework to Unity engine developers with its next software development kit release. It will take a while for finished apps to surface, but don9t be surprised if mixed reality games and productivity tools become relatively commonplace as a result of Oculus9 new tools.
  

• Audi hopes its off-road hybrid will win the 2022 Dakar Rally
  The Volkswagen group9s desire to crush records with electrified cars now extends to one of the world9s toughest off-road challenges. Autoblogreports that Audi has started testing the RS Q E-Tron, a from-scratch hybrid off-roader it hopes will score overall victory in the 2022 Dakar Rally. If so, it would be the first electrified vehicle to win the gruelling competition.
  
   The RS Q E-Tron relies on an electric drivetrain with two modified Formula E motors, one at each axle. As you won9t find a charging station in the middle of the desert, however, Audi uses a race-ready TFSI engine as part of an energy converter that charges the battery while driving and braking. This isn9t a zero-emissions car, then, but it stays in a relatively efficient power band (between 4,500RPM and 6,000RPM) that should reduce the racer9s environmental impact.
  
  The machine should be highly adaptable, too. Unlike many EVs, the front and rear axles aren9t mechanically connected — software handles torque distribution instead. That not only allows for an easily reconfigurable center differential, but saves the bulk that would normally be used for a conventional differential and propshaft.
  
  Audi plans to enter the machine into multiple cross-country rallies in 2021 before participating in the Dakar Rally in January.
  
  If Audi is successful, the RS Q E-Tron will make a stronger case for eco-friendly endurance racing. While not a pure EV, it will handle extremely long stages (up to 500 miles) with a significantly reduced emissions footprint. It also won9t surprise you to hear that Audi wants more than just bragging rights. It expects lessons learned from the car to reach production cars. We wouldn9t count on something with a similar drivetrain when the VW group is transitioning to EVs, but it9s easy to imagine electric SUVs and crossovers that are better-suited to off-roading.
  

• Hitting the Books: Digital youth activism can help save America from itself
  Social media routinely proves itself a cesspool of racist, bigoted and toxic opinions — and that9s just coming from the adults. But for the younger generations that have never lived in an unconnected world, these seemingly unnavigable platforms have proven to be a uniquely potent tool for organizing and empowering themselves to change the real world around them. In Digital For Good: Raising Kids to Thrive in an Online World by Richard Culatta. Copyright 2021 Harvard Business School Publishing Corporation. All rights reserved.
  
  
  Young Voices Matter
  
  The first step for creating engaged digital citizens is making sure we’re teaching young people that their contributions and opinions matter. I think deep down we all believe this and want it to be true. But there are many elements of our society that are set up to communicate the opposite message. Much of school is designed in a way that tells our kids that they are to apply the skills they are learning some day in their hypothetical future, not now. They are taught to learn math because they will need it to get into college. They are taught to write because it will be an important skill when they get a job. In history, the people they learn about are always adults, not kids. They have little choice or control over the learning experience itself; they are handed a schedule, given assignments (that they didn’t have any input in designing), and told to complete by a date that they didn’t choose. The message that young voices don’t matter is reinforced by the fact that they can’t vote until they are eighteen. One of the most important tenets of democracy is the idea that everyone has a voice. We teach that to our children, yet we offer very few ways to actually use that voice before they’re no longer kids. Fortunately, the digital world gives a wide set of tools that can help change that narrative. These tools allow youth to have a voice and learn how to make a meaningful impact on their community, family, and in some cases, the world as a whole—right now, not decades down the road. 
  
  Just Some Students from Florida
  
  In February 2018, Marjory Stoneman High School in Parkland, Florida, was in the news worldwide when nineteen-year-old Nikolas Cruz entered the school with a semiautomatic rifle, killing seventeen people and injuring seventeen others. This horrific event became one of the deadliest school shootings in US history. Yet there was a unique ending to this tragic story that set it apart for another reason. In other school shootings, traditional news media and political leaders quickly shape the national conversation around the event. A narrative emerges around what actually happened, with speculation about the causes, who is to blame, and the political responses to justify action (or lack thereof). But in the case of Parkland, it was the students who shaped the national conversation. Frustrated about viewpoints and conclusions from adults that they did not share or agree with, they used their access to social media to reset and redirect the conversation into what has now become one of the most powerful examples of youth engagement ever seen. Within a week of the shooting, the students had appeared on nearly every major news program and had raised more than $3 million in donations to support their cause. Emma Gonzáles, one of the most recognizable faces of the movement, has over 1.5 million Twitter followers—about twice as many as the National Rifle Association. 
  
  Not long after the shooting, I met Diane Wolk-Rogers, a history teacher at Stoneman High School. As she explained, nobody could have prepared these students for the horror they faced on that day. But they had been prepared to know how to use technology to make their voices heard. Wolk-Rogers says, “They are armed with incredible communication skills and a sense of citizenship that I find so inspiring.” So when it was time to act, they knew the tools of the trade. 
  
  Engaged digital citizens know how to use technology to identify and propose solutions and promote action around causes that are important to them and their communities. Micro-activism is a term used to describe small-scale efforts that, when combined, can bring about significant change. While young people might not be able to vote or run for office, they have a whole range of micro-activism opportunities—all made possible by their participation in the digital world. For youth who have access to social media, micro-activism can be as simple as using their digital platforms to call awareness to issues that matter to them—eradicating racism, protecting our planet, or funding their school, and so on. Most states have a function on their website to submit ideas or feedback directly to the office of the governor. Through sites like Change.org anyone, regardless of age, can submit suggestions to political leaders or private sector entities. You can also add your name in support of other petitions that are gaining momentum. There are many compelling stories of youth who have used Change.org to call attention to issues that matter to them. Examples include a ten-year-old who used the platform to convince Jamba Juice to switch from Styrofoam cups to a more environmentally friendly alternative. Or a seventh grader who used Change.org to successfully petition the Motion Picture Association to change the rating on a movie about school bullying so students in her junior high would be allowed to see it.
  
  Not all acts of micro-activism will immediately result in a desired change. But regardless of the outcome, learning how to impact community issues using digital tools is an important skill to develop in and of itself. The ability to motivate others to act for good in a virtual space will be a significant (if not the significant) determining factor in the effectiveness of future civic leaders. Young people need to practice using tech to make a difference now, if they are going to be prepared to lead our society when they grow up. 
  

• Apple Watch Series 6 Product Red drops to $265 at Amazon
  Now might be a good time to buy the Apple Watch Series 6 — at least, if you9re fond of red. Amazon is selling the 40mm Product Red edition of the Apple smartwatch for just $265 at checkout, well below the official $399 price. That9s lower than the price we saw in April, and makes it more affordable than a brand-new Apple Watch SE. Unless you find a huge sale for the SE, this is clearly the better buy.
  
  Buy Apple Watch Series 6 at Amazon - $265
  
  The Series 6 is ultimately a subtle evolution of the Series 5, but that9s not a bad thing. The always-on display is still very helpful, and on Series 6 is brighter to help you see it during outdoor expeditions. It9s slightly faster, lasts slightly longer on battery and charges quickly. We9d add that the Apple Watch remains the go-to wristwear for iPhone users between the tight integration, deep app ecosystem and wide range of bands and accessories.
  
  Timing is the main concern at this point. It9s no secret that the Series 6 is nearly a year old, and Series 7 is likely just a couple of months away. If money isn9t your main concern, it might be worth waiting for the updated hardware. With that said, the Series 7 likely won9t see discounts like this for a long while — the Series 6 is still a good value if you either can9t afford to wait or just want a full-featured Apple Watch at the lowest possible price.
  
  Follow @EngadgetDeals on Twitter for the latest tech deals and buying advice.
  

• Engadget Podcast: Is the Valve Steam Deck a Switch killer?
  This week on the show, Devindra and Engadget Buyer’s Guide Editor Kris Naudus chat about Valve’s new Steam Deck portable with Jordan Minor, Apps and Games Analyst at PCMag. Is the hardware powerful enough to truly make it a portable gaming PC? And should we trust Valve with hardware at all after the Steam Machine debacle? Also, we dive into Jeff Bezos’s jaunt to space, Facebook’s spat with the Biden administration and the issues surrounding NSO’s controversial spyware Pegasus. 
  
  Listen below, or subscribe on your podcast app of choice. If you9ve got suggestions or topics you9d like covered on the show, be sure to Morning After and Engadget News!
  Engadget · Is Valve’s Steam Deck a Switch killer?
  
  
  Subscribe!
  
  iTunes
  
  Spotify
  
  Pocket Casts
  
  Stitcher
  
  Google Podcasts
  
  Topics
  
  What is Valve’s Steam Deck and can it compete with the Switch? – 1:21
  
  Check out PCMag9s preview of the Steam Deck!
  
  Jeff Bezos touches space – 27:14
  
  President Biden gets tough on Facebook���almost – 33:15
  
  Details aboutNSO’s zero-click phone spyware programare troubling – 37:03
  
  A recap of the Anime Tube Kickstarter disaster – 48:39
  
  Soon you can buy a Sad Wolverine figure (but it’s expensive) – 48:39
  
  Working on – 59:08
  
  Pop culture picks – 1:02:49
  
  Video livestream
  Credits
  Hosts: Kris Naudus and Devindra Hardawar
  Guest: Jordan Minor
  Producer: Ben Ellman
  Livestream producers: Julio Barrientos, Owen Davidoff, Luke Brooks
  Graphics artists: Luke Brooks, Kyle Maack
  Music: Dale North and Terrence O9Brien
  

• 'Blade Runner: Black Lotus' anime trailer reveals a replicant on the run
  Adult Swim and Crunchyroll has released the first trailer for Blade Runner: Black Lotus, the anime series they9re co-producing, at San Diego Comic-Con this year. The show is set in Los Angeles in the year 2032, putting its events in between the original Harrison Ford movie set in 2019 and the sequel film starring Ryan Gosling set in 2049. It features a new replicant named Elle known as the "Black Lotus," who was created with special powers. She seems to have escaped from her creators, and is currently being hunted down by authorities.
  
  In the action-packed trailer, you9ll see Elle take down foe after foe — she goes from not knowing how she9s able to knock a handful of men completely out cold to wielding a katana — in a backdrop of smoke, fog and neon lights. Elle is voiced by Jessica Henwick (Iron Fist) in the English version and Arisa Shida in the Japanese version. The show will run for 13 episodes, which will be directed by Shinji Aramaki (Ultraman, Ghost in the Shell: SAC 2045) and Kenji Kamiyama (Ghost in the Shell: Stand Alone Complex, SAC_2045). It9s produced by Alcon Entertainment and animation studio Sola Digital Arts, with Shinichiro Watanabe (Cowboy Bebop) serving as a creative producer.
  
  When Blade Runner: Black Lotus debuts this fall, you can watch it in English on Adult Swim and in Japanese on Crunchyroll.
  
  
  

• SpaceX will launch NASA's Europa Clipper mission to Jupiter's moon
  A SpaceX Falcon Heavy rocket will be launching NASA9s long-awaited mission to Europa, Jupiter9s icy moon that may have the conditions to support life. The agency has been planning to send a probe to the Jovian moon for years and finalized its plans in 2019. In its announcement, NASA said the Europa Clipper spacecraft is scheduled to launch in October 2024 on top of a Falcon Heavy rocket from Kennedy Space Center9s Launch Complex 39A. It has also revealed that the contract will cost the agency approximately $178 million — a bargain, compared to what it would9ve cost to launch the mission on top of NASA9s Space Launch System rocket.
  
  As estimated a single SLS launch to cost a whopping $2 billion. Far from ideal, especially since the SLS would need gravity assist from Venus and travel farther to be able to reach its goal, whereas the Falcon Heavy wouldn9t. In addition, NASA told Ars that the SLS would need $1 billion worth of additional modifications to be able to complete the mission. 
  
  If Europa Clipper launches in October 2024 as planned, it will reach Jupiter9s orbit in April 2030. The probe will then investigate whether the icy moon truly has conditions suitable for life. It9ll capture "high-resolution images of Europa9s surface, determine its composition, look for signs of recent or ongoing geological activity, measure the thickness of the moon9s icy shell, search for subsurface lakes, and determine the depth and salinity of Europa9s ocean."
  

• Relaxing behind the wheel of Mercedes’ level 3 autonomous Drive Pilot
  
  The dream of autonomous driving everywhere is still a long way away. But soon Mercedes will launch Drive Pilot, its level 3 autonomous driving system in Germany on the S-Class and EQS. We had a chance to try the system out at the automaker’s test track and, while it did what it was supposed to do, we found it hard to turn off our driving brain while behind the wheel.
  
  The system works on highways in traffic at speeds up to 60 kph (37 mph). Essentially it’s for daily commuting. But during that time the driver can stop paying attention and the Mercedes is responsible for everything that happens. That’s not to say you can nap, the vehicle still tracks the driver with an in-car monitor and it requires the driver to take over when it’s about to go faster than 37 mph, an emergency vehicle shows up, it rains or other situations that the vehicle is not built to handle. But you can play Tetris and text people. So that’s fun. Watch our video for the full story.
  

• Mercedes EQS first drive: S-Class luxury in an EV
  
  Mercedes has a lot to prove with its first proper EV coming to the United States. The EQS will land in dealers this fall at a yet-to-be-announced price point and, when it does, it’ll take on offerings from Tesla and Porsche. How will it fare against these EVs? We had a chance to drive the 2021 EQS for two days and figure out how it stacks up not just against competitors but up against the S-Class itself.
  
  On our drive we got time behind the 450+ with rear-wheel drive, the 580 4Matic with all-wheel drive, and the Edition One version with its two-tone paint and 580 4Matic powerplant. All vehicles have a 107.8 kWh capacity battery pack and on the WLTP range test, the vehicle is rated at 485 miles. Of course, the more stringent EPA testing needs to be done and that number should fall. For now, we have a drive and impressions while we wait for range estimates and pricing. Watch our first drive video above for the full story.
  

• NASA clears Boeing Starliner for July 30th test flight to ISS
  More than 18 months after its failed first attempt to make it to the International Space Station, Boeing’s Starliner is ready for a second shot. Following a flight readiness review, NASA is moving forward with the craft’s upcoming July 30th uncrewed orbital flight test. Unless there’s an unforeseen delay, the capsule will launch from the Space Force’s Cape Canaveral Station mounted on an Atlas V rocket at 2:53PM ET. Should NASA postpone the flight, it will again attempt to carry out the test on August 3rd at the earliest.
  
  The purpose of the flight is for NASA to conduct an end-to-end test of Starliner’s capabilities. It wants to know if the capsule can handle every aspect of a trip to the ISS, including launch, docking as well as atmospheric re-entry. “[Orbital Flight Test-2] will provide valuable data that will help NASA certify Boeing’s crew transportation system to carry astronauts to and from the space station,” the agency said.
  
  If the flight is a success, NASA will move forward with a crewed test of the Starliner. Steve Stich, commercial crew program manager at NASA, said that could happen “as soon as later this year.” Both Boeing and NASA have a lot invested in the viability of Starliner. For the aerospace company, its decision not to conduct an end-to-end test of the craft before its failed 2019 flight left the agency “surprised,” leading to questions about the project. Meanwhile, NASA is keen to have two capsules that can ferry its astronauts to the ISS. Right now, it’s limited to just SpaceX’s Crew Dragon. “It’s very important for the commercial crew program to have two space transportation systems,” Stich told reporters.
  

• ‘Star Trek: Prodigy’ trailer is a treat for ‘Voyager’ fans
  CBS has shared the first trailer for Star Trek Twitter account. We’ll note here CBS Viacom also shared a trailer for the second season of Lower Decks. Star Trek: Prodigy will debut this fall on Paramount+, before it eventually airs on Nickelodeon.
  

• Activision Blizzard execs respond to harassment and discrimination lawsuit
  The California Department of Fair Employment and Housing (DFEH) pic.twitter.com/NsMV6CNdTE
  — Jason Schreier (@jasonschreier) July 23, 2021
  "People with different backgrounds, views, and experiences are essential for Blizzard, our teams, and our player community," Brack wrote. "I disdain 9bro culture,9 and have spent my career fighting against it."
  
  pic.twitter.com/BxGeMTuRYF
  — Jason Schreier (@jasonschreier) July 23, 2021
  "A recently filed lawsuit presented a distorted and untrue picture of our company, including factually incorrect, old and out of context stories — some from more than a decade ago," Fran Townsend, executive vice president for corporate affairs at the publisher, wrote in a memo to employees. Some Blizzard employees are "fuming" over the note, according to Schreier.
  
  Townsend, a former Homeland Security advisor to President George W. Bush who joined Activision Blizzard this year, said "the Activision companies of today, the Activision companies that I know, are great companies with good values." Townsend also claimed Activision Blizzard "takes a hardline approach to inappropriate or hostile work environments and sexual harassment issues" and that the company has "put tremendous effort into creating fair compensation policies that reflect our commitment to equal opportunity."
  

• Tokyo Olympics opening ceremony included a light display with 1,800 drones
  There may not have been any fans in the Olympic Stadium, but Japan still found a way to put on a show for the opening of the 2020 Summer Games. The host country charmed early with the parade of nations, which featured an orchestrated video game soundtrack, and then showed off the type of creativity it9s known for with a performance involving the Olympic pictograms. But Tokyo saved the biggest spectacle for last.
  Future pic.twitter.com/5whY4RFYoG
  — カルピスJunky (@calpice_drag) July 23, 2021
  Toward the end of the ceremony, a fleet of 1,824 drones took to the skies above the Olympic Stadium. Initially arrayed in the symbol of the 2020 Games, they then took on the shape of the Earth before a rendition of John Lennon9s "Imagine," which was reworked by Hans Zimmer for the Olympics, played across the stadium.
  
  We9ve seen displays like this before. At Super Bowl LI in 2017, a pre-taped segment featuring 300 Intel drones forming the US flag punctuated Lady Gaga9s halftime performance. Technically, the drone show that occurred above Tokyo isn9t the biggest ever. As of earlier this year, that distinction belongs to a 3,281-display Hyundai-owned car brand Genesis put on in Shanghai, China. But even with fewer drones involved, the Tokyo drone show was still impressive. 
  
  If you missed the opening ceremony, you can watch it again at 7:30PM ET on NBC.
  

• Microsoft offers discounts on hundreds of Xbox and PC games
  Xbox9s EA Play. There are details about that on each game9s product page.
  
  You9ll also be able to save on PCs and accessories as part of the sale. Microsoft has cut the prices of several gaming PCs and laptops by up to $500. You can save up to $300 on the $2,700. There are solid deals on VR headsets too, including the HTC Vive Cosmos and Vive Cosmos Elite, which have been discounted by $250 to $449 and $649 respectively.
  
  Follow @EngadgetDeals on Twitter for the latest tech deals and buying advice.
  

• Erica Synths Matrix Mixer lets you patch your modular like an Etch A Sketch
  Erica Synths9 SYNTRX is an undeniably interesting instrument. But one of the most unique things about it is definitely the patching matrix. It9s a digital reimagining of the pin-based patching system found on classic the classic EMS Synthi. People were apparently so enamored with the matrix that the company is now offering it as a standalone product called the Matrix Mixer.
  
  As you9d expect the Matrix Mixer is, a mixer. It has 16 3.5mm ins and 16 3.5mm outs along the X and Y axes which you can use to combine either audio or control voltage signals. The actual interface for combining them is the same as the SYNTRX: a 16x16 grid of LEDs that you navigate using a pair of knobs just like you were drawing on an Etch A Sketch. Pressing down on the encoders enables a connection, and then you can cycle through different levels of attenuation, from 100-, to 70- and then 30-percent.
  
  This makes it quick and easy to connect a bunch of different modules and synths without a rats nest of cables. You can even connect multiple sources or destination to the same patch point without special stacking cables.
  
  Before this desktop version of the Matrix Mixer, and even before the SYNTRX, Erica Synths made a Eurorack Module called the Matrix Mixer. The core idea was the same, but it had less inputs and outputs, relied on a tiny touchscreen for controls and was limited to Eurorack connections. This new version easily integrates other sources like a guitar or synthesizer using the 1/4-inch in and outs on the back. You can even patch a Buchla Music Easel in using special adapter cards.
  
  The Matrix Mixer can even store presets, allowing you to quickly recall particular patches, though you will have to manually set all the parameters on your modules. 
  
  Erica Synths has brought one of the best features of the SYNTRX to a wider audience and expanded it flexibility. But, it doesn9t come cheap. It9s currently available for preorder for €490 or $599 and is expected to star shipping on July 26.
  

• Facebook’s cloud gaming service hits iOS devices as a web app
  Facebook has become the latest company to offer a cloud gaming service on iOS, only once again you won9t access it through the App Store. Starting today, you can visit the Facebook Gaming website to add a Progressive Web App (PWA) that acts as a shortcut to the service on your iPhone or iPad. To do so, visit the platform9s website and tap the "Add to Home Screen" option from the Safari share sheet.
  
  It9s not an elegant solution, but it9s the same one employed by Amazon and Microsoft. When Apple tweaked its guidelines last September to allow for cloud gaming clients on iOS, it said games offered in a streaming service had to be individually downloaded from the App Store. That9s a requirement both Microsoft and Facebook said was not congruent with how every other platform treats cloud gaming services.
  
  "We9ve come to the same conclusion as others: web apps are the only option for streaming cloud games on iOS at the moment," Vivek Sharma, Facebook9s vice-president of gaming, Pay platform.
  

• Eargo's in-app test transforms its next-gen hearing aids
  Eargo recently announced its latest smart hearing aid — the Eargo 5. We don’t do a lot of hearing aid news here at Engadget, but the California-based company makes some of the most "gadgety" we’ve tried and the latest model certainly appears to continue that trend.
  
  Like the Neo HiFi and the Neobefore it, the Eargo 5 is a tiny, "invisible" (completely in the canal, or CIC) hearing aid that comes with a charging case. With older Eargos, that case doubled as a way to connect the “buds” to your phone. Unfortunately, that meant the buds had to be in it while they were updated. What’s new this time around is that you can perform profile changes and more while actually wearing the hearing aids. What9s more, there are key new features that change how the hearing aids sound. It’s an exciting update for fans of the brand as it adds to Eargo’s already slick user experience, something sorely lacking in many of the mainstream brands you find at your local audiologists.
  
  The most interesting new feature is “Sound Match." Hearing aids have long had different profiles, and will usually be tuned for your own needs by an audiologist, but Eargo’s direct-to-consumer (and the need for the buds to be in the case) approach has made this much-needed personalization difficult. Until now?
  
  Sound Match is effectively a hearing test built-in to the Eargo app. Once you pair the case (via Bluetooth) you can remove the Eargo 5s and the app will walk you through the test. If you’ve ever completed a hearing test, you’ll be familiar with this one. The app plays a series of sounds and you tell it if you can hear it or not; at the end, you’ll be presented with the results for each ear.
  James Trew / Engadget
  As simple as this is, my initial experiences with it weren’t entirely smooth. Not least because it took a few tries (and some back and forth with Eargo) to even get the case to pair with the app. After trying several restarts and installations, I was able to get connected and access the test — most likely due to me having early hardware.
  
  From then on the test was mostly straightforward, until I spotted there was a “replay” button. I noticed that sometimes when I didn’t initially hear a sound, I definitely heard it after tapping replay. As in, it was audible enough that I wouldn’t have missed it the first time around. This meant I had to re-do the test to make sure I hadn’t incorrectly tapped “No” when really the sound just didn’t play at all.
  
  Minor hiccups aside, once I was confident I had completed the test properly, I could further customize the experience by changing what profiles are available on the device. There are six situational ones (restaurant/meeting etc) and four presets. You can store a total of four on the hearing aids themselves.
  
  Previous Eargo models would simply tell you the number of the audio profile that is active as you switch through the four on offer (via a double-tap on your tragus). With the Eargo 5 it now tells you the name of that profile if you chose one of the "situational" ones to eliminate any guesswork. You can also further tweak these profiles in the app, or simply change the volume and noise reduction (there’s now noise reduction here too I should mention) without having to permanently change the profile. This includes adjusting the volume and the treble/bass.
  James Trew / Engadget
  Although you can now adjust the sound and profiles while actually wearing the Eargo (before, you had to take them out and plop them in the case, which is less than ideal), there’s no capability for music/audio streaming from your phone. Eargo uses ultrasonic commands to communicate between the case and the hearing aids. That’s a neat way to enable small updates, but not enough for anything more heavyweight. Remember, size is key here, and streaming on devices this small, that go fully in your ear, isn’t a simple thing to do.
  
  This new customization functionality really does improve the Eargo experience. I have tried several different devices and the ones that best serve my hearing loss are, predictably, the ones that have been tuned by an audiologist. This meant that, while older Eargos were some of the most appealing in terms of user experience and fit, they weren’t quite suitable for my personal situation and only provided users with limited tools to adjust the sound to their needs.
  
  With the Eargo 5, I find them much more assistive in my hearing, particularly on the side I have problems with. In fact, I personally prefer just wearing only one, as my hearing loss is unilateral and having a boost on the "good" side can feel a bit much. I also find wearing both a bit less comfortable. There’s no logical reason why wearing one for extended periods should be fine, but two isn’t, but I think the combination of too much "extra" hearing (on my good side) and the physical feeling of something in both ears is just a lot of sensory stimulation, for me at least. Obviously, if you have a bilateral hearing deficiency you’ll want all the assistance you can get.
  
  If you own a pair of older Eargos and were wondering if the hearing test feature might come to your model via an update, sadly it9s not possible. There9s specific hardware here to enable the ultrasonic commands, that isn9t present in previous models.
  James Trew / Engadget
  Beyond Sound Match, Eargo claims the sound has been redesigned from the ground up for “optimal audio and speech performance.” The company doesn’t elaborate further but, with the new customization feature, it’s fair to say this is a very different experience than previous models already so any other improvements are hard to pick out, but good to know they are there.
  
  Beyond the core updates, there are some welcome usability tweaks, too. The charging case now has lights around where the hearing aids should be placed to help you correctly seat them at night. Those lights also provide feedback by changing color when there’s a software update or the aids aren’t charging properly. You’ll also no longer need to make sure the contacts on the buds meet the ones in the case. A new magnetic inductive charging system means they will click themselves into the right position automatically.
  
  While Eargo9s app remains a slick experience, there are a few small opportunities to improve it further. The volume control is nice and simple, and you can choose to boost either side individually, or both as a pair. What’s lacking is visual feedback or even a tone in your ear, to let you know when you’ve reached the top or bottom of the range. There’s also no indication of whether any changes you make to a profile are permanently saved or an obvious way to reset them to default, but these are minor UI issues.
  
  Battery life is claimed to be around 16 hours per charge. Add to that the battery in the case and this means you won’t need to plug them in for a couple of days, which is handy for weekends away where you don’t want to have to worry about finding an outlet. Should you need to, though, the charger is USB-C, so likely something you already have for your phone or laptop (a cable is, of course, included).
  
  All in all, it9s a substantial update for a direct-to-consumer product. Eargo has been getting a lot of things right in terms of making its products user-friendly and appealing to a mass audience. This matters when it9s estimated thatover 40 million Americans could benefit from an assistive hearing device. What was lacking, until now that is, was a way to tune them to your specific needs. Which in the world of hearing loss, can be the difference between understanding the television a bit better and being able to pick out quieter sounds in a noisy environment. The latter is something that makes daily life feel a lot more natural and makes social situations much more comfortable, so it9s something really valuable to have on a device this small.
  
  Remember, though, hearing aids are not a cheap product category. A good pair will often run you a couple of thousand dollars, more if you want something bespoke. The Eargo 5, then, at $2,950 might seem steep compared to a pair of wireless headphones but is relatively affordable among its hearing aid peers. If you’re already an Eargo user looking to upgrade, there’s a “repeat customer discount” that can shave off $500 from the MSRP.
  

• This week's best deals: $100 off Apple's iPad Air and more
  A bunch of gadgets went on sale this week, from Apple products to streaming devices. The latest iPad Air is $100 off at Amazon, bringing it down to an all-time low of $500. Plus, you can still grab a pair of AirPods Pro for $190 and this year9s Apple TV 4K with 64GB of storage of $180. If you9re more of a Roku person, many of the company9s streaming gadgets are on sale — including the Roku Streambar, which is down to $99. And those looking for a new TV can save hundreds on some of the latest OLED sets from LG, Sony and Samsung in Best Buy9s Black Friday in July sale. Here are the best tech deals we found this week that you can still get today.
  iPad AirDana Wollman/Engadget
  The latest iPad Air is down to the best price we9ve seen it, just $500 for the base model. That9s $100 off its normal price and a great deal on what we think is the best iPad for most people. We gave the slab a score of 90 for its fast performance, speedy WiFi, healthy battery life and support for the second-generation Apple Pencil. 
  
  Buy iPad Air (64GB) at Amazon - $500Buy iPad Air (256GB) at Amazon - $639
  
  Buy iPad Air (64GB, cellular) at Amazon - $629Buy iPad Air (256GB, cellular) at Amazon - $780
  Best Buy Black Friday in July saleLG
  Best Buy9s Black Friday in July sale runs through this weekend and, while there are a bunch of gadgets on sale, OLED TVs stand out with some of the best prices. The retailer knocked hundreds of dollars off the latest LG OLED sets and you can also save on Sony and Samsung TVs, too.
  
  Shop Black Friday in July sale
  AirPods ProBilly Steele / Engadget
  The AirPods Pro are back on sale for $190, or $60 off their normal price. While not a record low, it9s still one of the best sale prices we9ve seen all year. The AirPods Pro earned a score of 87 for their improved audio quality, comfortable fit, solid ANC and IPX4 water resistance.
  
  Buy AirPods Pro at Amazon - $190
  10.2-inch iPad
  Apple9s 10.2-inch iPad is still on sale for $299, or $30 off its normal price. It9s arguably the best iPad for new tablet owners and we liked its improved performance, familiar design and support for the first-generation Apple Pencil.
  
  Buy 10.2-inch iPad at Amazon - $299
  MacBook Air M1
  The latest MacBook Air M1 is down to $899 at Amazon, or $100 off its regular price. It9s one of the best laptops for most people, and the M1 chipset only makes it a better buy. The Air M1 earned a score of 94 from us for its incredibly fast performance, excellent keyboard and trackpad, good battery life and lack of fan noise.
  
  Buy MacBook Air M1 at Amazon - $899
  Apple TV 4K (64GB)Devindra Hardawar/Engadget
  The 2021 Apple TV 4K with 64GB of storage is nearly $20 off right now, bringing it down to $180. This deal represents a new record-low price on the set-top box, and it lets you get the extra-storage model for the original price of the base model. We gave the Apple TV 4K a score of 90 for its excellent new Siri remote, improved performance, HomeKit integration and support for Dolby Vision and Atmos.
  
  Buy Apple TV 4K (64GB) at Amazon - $180
  Roku saleValentina Palladino / Engadget
  A bunch of Roku devices are on sale at Amazon, including the Roku Streambar, which is down to a record low of $99. This compact soundbar is a convenient gadget to get if you want to upgrade your home theater system without spending a ton of money. We gave it a score of 86 for its space-saving design, Dolby Audio support and built-in 4K streaming technology. If you want to spend even less, a handful of Roku streamers have been discounted, including the Express ($25) and the Streaming Stick+ ($39).
  
  Buy Roku Streambar at Amazon - $99Buy Roku Express at Amazon - $25Buy Roku Express 4K+ at Amazon - $29Buy Roku Streaming Stick+ at Amazon - $39
  Instant Pot Duo Crisp
  The Instant Pot Duo Crisp multi-cooker and air fryer is down to $98 at Amazon, or more than $50 off its normal price. You9re getting 11 cooking modes with this appliance, including air fry, dehydrate, bake, broil and more, plus most of the accessories needed to try out all of the presets. While we have seen this model on sale for $79 around Black Friday, this is the best price we9ve seen on Amazon all year.
  
  Buy Instant Pot Duo Crisp at Amazon - $98
  ThermoWorks Thermapen Mk4
  The Thermapen Mk4 has been discounts to $69 as ThermoWorks makes room for the new Thermapen One thermometer. The Mk4 is the best instant-read thermometer we9ve used so far —the backlit display makes it easy to read in almost any situation and the display rotates depending on how you9re holding the pen. Plus, you never have to remember to turn it off because the pen automatically turns on when you pick it up and will shut off after some time of no use.
  
  Buy Thermapen Mk4 at ThermoWorks - $69
  Virgin Galactic sweepstakes
  In Omaze9s latest giveaway, you can win two seats on one of the first Virgin Galactic flights to space. In addition, you9ll go on a tour of Spaceport America in New Mexico with Richard Branson. You don9t have to pay to enter, but funds from all paid entries will support Space for Humanity, an organization that hopes to make space more accessible for all.
  
  Enter to win at Omaze
  Gaming PC sweepstakes
  Omaze is giving away another $20,000 to build your ultimate gaming PC. This sweepstakes is free to enter, but funds donated with purchased entries will benefit Schools on Wheels, an organization that provides free tutoring and mentoring services to children experiencing homelessness across Southern California.
  
  Enter to win at Omaze
  
  Pricing and availability is subject to change. No donation or payment necessary to enter or win this sweepstakes.Mirror9s summer sale knocks $400 off its high-tech fitness system when using the code JULY400 at checkout. The discount breaks down to $150 off the mirror device itself, plus free delivery and installation. Just know that the sale is only on the product itself, not on the subscription needed to take the Mirror9s fitness classes.
  
  Buy Mirror - $1,345
  Eufy SpaceView Pro baby monitor
  Eufy9s SpaceView Pro baby monitor kit is down to $130, or $40 off its normal price. It comes with one camera that9s capable of shooting 720p video, and one video receiver that lets you see what your kid9s up to at all times. In addition to the camera9s 330-degree pan and 110-degree tilt capabilities, we also appreciate the display9s 12-hour battery life when kept on.
  
  Buy SpaceView Pro at Amazon - $130
  Fitbit Charge 4
  Fitbit9s Charge 4 tracker is back down to its record-low price of $100. If the smartwatch life isn9t for you, this might be a good fit because it does a good job marrying fitness tracking with handy smart features. We gave it a score of 82 for its accurate built-in GPS, standard Fitbit Pay and multi-day battery life.
  
  Buy Charge 4 at Amazon - $100
  Arturia Destination: Sound sale
  Arturia has knocks 50 percent off all of its individual software titles through August 8. That means you can get some of our favorite music software, including Pigments and Analog Labs, for $99 each. This is a good opportunity to add new synths and other software instruments to your collection for less.
  
  Shop Arturia sale
  Board games
  A number of our favorite board games are on sale at Amazon, including Codenames for $11 and Star Wars: Outer Rim for $43. While you may be spending more time out of the house this summer, now9s a good time to stock up on some new games to get you through the colder fall and winter months.
  
  Buy Codenames at Amazon - $11Buy Star Wars: Outer Rim at Amazon - $43
  NordVPN
  One of our recommended VPNs is running a good sale on a two-year subscription. You can sign up for NordVPN for only $89 for the first two years, which comes out to $44.50 per year — and an additional summer promotion adds three free months on top of that. We like NordVPN for its speed, its no-logs policy, the thousands of servers it has to choose from and that one account supports up to six connected devices.
  
  Sign up for NordVPN (two years) - $89
  
  Follow @EngadgetDeals on Twitter for the latest tech deals and buying advice.
  

• GM recalls Bolt EVs once again over fire risks
  GM is issuing a second recall for 2017 to 2019 Bolt EVs over potential fire issues. The company says it plans to replace defective batteries, but until it can do so it9s advising Bolt customers to limit their charging up to 90 percent, and not to go below 70 miles of range. It9s also reiterating a recommendation from last week against parking indoors and leaving the car9s to charge overnight unattended. This latest recall follows a similar one from last November, where GM recalled more than 68,000 Bolts.
  
  The company also suggests that Bolt customers visit their nearest Chevy EV dealer to get the advanced diagnostics software, which should alert them ahead of any future battery issues. Hyundai, which also sources batteries from LG Chem like GM, ended up replacing more than 75,000 batteries for its Kona EV.
  
  While it may sound alarming — GM9s recalls were triggered by five Bolt fires between 2017 and 2019 — it9s worth noting that gas cars typically cause around 150 fires a day, according to a FEMA report. Still, EV makers need to prove they can responsibly deal with potential issues before they can hurt more people (and before it leads to more negative sentiment towards electric vehicles).
  
  
  

• How to clean and organize your PC
  Outside of your phone, your PC is likely the one piece of technology you use the most. If for no other reason than that, you should take care of it. Not only will it last for longer, but it will also work better over the time that you keep it. In this how-to, we9ll share some tips on how to take care of your PC. Of course, it9s impossible to cover this topic from every angle, so think of this guide as an introduction more than anything else.
  How to clean your computer and peripheralsWill Lipman Photography for Engadget
  Windows PCs, especially desktops, come in various shapes and sizes, but the tips we9re about to go through here will help you clean your computer whether you bought it prebuilt or put together yourself. If you own a laptop, look at our recent Mac organization guide. All the steps we detail there will work just as well for a Windows portable.
  
  Before cleaning the inside of your computer, start with your display and peripherals. At this stage, all you9ll need is some distilled water in a spray bottle and a microfiber cloth. You can buy the former at a grocery store or make it yourself. And if you don9t already own any microfiber cloths, Amazon sells affordable 24-packs you can get for about $15. Once you have those in hand, spray the water onto a clean cloth and wipe down your computer9s display before moving to the mouse and keyboard. You want to start with your screen to avoid transferring dirt and residue to the panel.
  
  It’s possible to write an entirely separate guide on how to clean keyboards, but the short version is you9ll want to pick up a keycap puller and use that to give you unobstructed access to any debris and gunk that has been building up under your keys. If the keycaps have a lot of dirt and residue on them, your best option is to soak them in warm water and use a toothbrush to scrub away the buildup. Give them plenty of time to dry before reinstalling them on your keyboard.
  Will Lipman Photography for Engadget
  Once you’re done with those, turn off your PC and unplug everything that9s connected to it. You9ll also want to switch off the power supply unit (PSU) by flipping the toggle on its outside to the "O" position. Next, push down on the power button a couple of times to discharge any static electricity that you might be carrying around.
  
  If at all possible, do most of the steps we9re about to describe outside. The last thing you want to do is go through the trouble of cleaning your computer and then let it pull in all that dust again.
  
  Once you9ve moved your computer, start by removing the side panels. Most modern cases allow you to do this without any tools, but you9ll need at least one screwdriver for most of the work we9ll detail in a moment. When it comes to most screws inside your computer, a 4-inch Phillips screwdriver should be all you need. Some components, such as your GPU, may include Torx screws and the like, but don9t worry about those for now since we won9t be taking them apart. If you don9t already own a decent set of screwdrivers and have something of a DIY streak in you, a driver kit from iFixit is your best bet. The 16, 32 and 62-bit kits it sells are an excellent starting point, and they9ll come in handy with more than just your computer.
  
  If your PC has any dust filters, remove those now and give them a rinse at the sink before setting them aside to dry. Depending on how long your computer has been collecting dust, you may want to remove some components such as the GPU to make it easier to clean everything. If that9s something you feel comfortable doing and it9s your first time removing any of the internals, use your phone to take photos of the interior. The images will help you put all the parts in their original place at the end. That9s important to do since there9s an optimal way to install many of the components in your computer. For instance, you always want to install your GPU in the fastest available PCIe lane. When it comes to removing any PCI cards, first unscrew its mounting bracket and then push the corresponding release on your motherboard before pulling the card out.
  Will Lipman Photography for Engadget
  Whether you decide to keep all your computer9s internals in place or not, you9ll need something to blow all that dust away. A can of compressed air is one option, but I like to use a Giottos Rocket Blower. It was designed for cleaning camera sensors and won9t damage any of your components. It9s also a one-time purchase. Whatever you have at hand, use it to blow away the dust that9s been building up on your computer9s internal components, fans and grills. Pay special attention to the heatsinks attached to your PC’s CPU, GPU, chipset and voltage regulators. They will likely have most of the hardest to remove dust in your system thanks to their tight fin stacks. What’s more, especially bad buildup can make them ineffective at cooling those components, which will, in turn, affect their performance.
  
  When cleaning any exposed PCB, use an antistatic brush (like this one from OXO) instead of a microfiber cloth. You9ll avoid damaging any of the sensitive components on the board. You can go over any non-electronic part with a dampened microfiber cloth.
  
  At this point, all you need to do is put everything back in its place. As one final tip, if there9s any way you can avoid leaving your desktop on the floor, you9ll end up spending less time cleaning it since it won9t be near all the dust and dander that collects there. If your desk setup or living space makes that not an option, a PC tower stand is a cheap but effective way to elevate your computer off the ground and help it pull in less debris.
  How to organize your PC’s storage drivesMacPaw
  If it9s been a while since you9ve done an audit of all the software you have installed on your computer, the best place to start is in the Task Manager. It9s here you can see how much of its resources your computer is devoting to specific processes. Since everyone will have different software installed on their PC, it9s hard to offer blanket recommendations, but using the Task Manager you can get a sense of the apps that may be slowing down your computer. For most people, there will be two main culprits: bloatware and antivirus software.
  
  If you bought your PC from a system integrator like Dell, it will almost certainly include software your computer doesn9t need to operate. So you can safely uninstall those apps to improve performance and save on space.
  
  This next tip may be contentious for some, but I believe as long as you avoid clicking on sketchy links and stay away from the dark corners of the internet, Windows Defender is all you need to protect your computer from the majority of malware that9s out there. While there are good antivirus programs like Bitdefender and Malwarebytes, the majority cost far too much for what they offer and will only slow down your computer. If you don9t feel comfortable uninstalling your antivirus software, then by all means, leave it on your computer.
  
  While you9re in the task manager, you9ll also want to click on the "Startup" tab to see what programs your computer is launching when you power it on. You can speed up that process simply by limiting that list to as few apps as possible. As for the actual process of deleting any software you don9t need, always uninstall programs from the Control Panel as this will leave the fewest leftovers when everything is said and done. If you9ve used Windows for a while, you9ll have errant files, folders and registry entries all over the place. It9s possible to cull those manually, but doing so can be time-consuming. So we recommend using a program like Iolo System Mechanic or CleanMy PC to complete a deep clean of your system.
  
  If you have any mechanical drives installed in your computer, it9s good to get into the habit of defragging them regularly. First, launch the built-in Defragment and Optimize Drives app and click the "Optimize" button. Depending on the size of your hard drive, this process may take a while. Don9t defrag your SSDs, as you9ll only shorten their lifespan for little to no performance improvement.
  How to organize your apps, tabs and other windowsymgerman via Getty Images
  Say what you will about Windows 10, but the fact is it comes with some of the best window management tools built right into an operating system. You don9t need to download any additional software to organize your desktop, but there are some settings you can tweak to get even more out of its signature Snap functionality.
  
  As you may already know, you can press the Windows and Tab keys at the same time to bring up the Task View pane. It9s here that you can add additional virtual desktops. If you9re not already using virtual desktops, they9re great for organizing your active windows so that you don9t have to constantly rearrange them when you9re trying to find a specific one. You can quickly press the Windows key, Ctrl and either the left or right arrow keys to move between desktops. But to make things even simpler, head to the Settings app and into the Multitasking section of the System menu. Under the "Virtual desktops" heading, switch both settings to "All desktops." You can now use the Alt-Tab shortcut or taskbar to switch to any app on any desktop.
  
  When it comes to wrangling your tabs, a lot of that will depend on the browser you use. But as a decent starting point, all the most popular ones include a feature that allows you to pin tabs. I use this to keep the websites I visit most frequently throughout a workday (in my case, Gmail, Trello and Google Drive) open at all times and at the top of my tab bar. In that way, those tabs never get lost among the countless other websites I might have open for a story I9m writing. What9s more, in the case of Brave, the browser I use, I can use a handful of keyboard shortcuts to jump to those tabs quickly.
  
  In closing, we want to highlight just how much customization Windows 10 offers you when it comes to the organization of your computer. As just one example, you can right-click on items located on the taskbar and start menu to put the apps and shortcuts you use most frequently within easy reach. However, if you want to really dig into all the options Windows 10 offers on that front, websites like Windows Central have detailed how-tos that are an excellent starting point.
  

• Best Buy's 'Black Friday in July' sale knocks hundreds off OLED TVs from Sony, LG
  While it9s a bit early to be thinking about the holidays, retailers jump on the opportunity to remind us that we9re six months out from the festivities. Black Friday in July sales have been ongoing this month, but Best Buy9s just began and will run through this weekend. A plethora of gadgets have been discounted across the site, but there are a number of sales on TVs that are worth highlighting. Best Buy slashed hundreds off TVs big and small, including some of the latest OLED sets from LG, Sony and Samsung. Amazon9s matching many of the deals, too, so you have options when it comes to where you spend your money. Here are the best smart TV deals we found in Best Buy9s Black Friday in July sale.
  55-inch LG A1 OLED 4K TVLG
  The latest LG OLED lineup just became available a few months ago and now you can grab the 55-inch A1 model for $1,300. The A1 series is the most affordable of the bunch, making these sets good options for anyone looking to upgrade to OLED while on a tight budget.
  
  Buy 55-inch LG A1 OLED at Best Buy - $1,300Buy 55-inch LG A1 OLED at Amazon - $1,300
  55-inch LG C1 OLED 4K TVLG
  The 55-inch, mid-tier LG C1 OLED TV is down to $1,500, or $300 off its normal price. It uses LG9s a9 Gen4 AI Processor 4K and supports HDMI 2.1, G-SYNC and FreeSync for gaming and voice commands using Alexa or the Google Assistant. 
  
  Buy 55-inch LG C1 OLED at Best Buy - $1,500Buy 55-inch LG C1 OLED at Amazon - $1,500
  48-inch Sony Bravia A9S OLED 4K TVSony
  Sony9s 48-inch Bravia A9S OLED TV has been discounted by $300, bringing it down to $1,500. It runs on the company9s Processor X1 Ultimate and supports HDR and Dolby Vision, Acoustic Surface Audio, X-Motion Clarity technology, AirPlay 2 and more.
  
  Buy 48-inch Sony Bravia A9S OLED at Best Buy - $1,500Buy 48-inch Sony Bravia A9S OLED at Amazon - $1,500
  55-inch LG GX OLED 4K TVLG
  Last year9s flagship LG GX OLED TV is on sale for $1,500 for the 55-inch mode, or $500 off its normal price. While the latest G1 flagship is also on sale (see below), it9ll set you back an additional $500. If you can deal with a slightly older processor and fewer bells and whistles, this remains a solid OLED set to invest in.
  
  Buy 55-inch LG GX OLED at Best Buy - $1,500Buy 55-inch LG GX OLED at Amazon - $1,500
  82-inch Samsung Q60T LED 4K TVSamsung
  This massive 82-inch Samsung Q60T smart TV is on sale for $1,580, or $420 off its regular price. You9re getting Quantum Dot technology here with HDR support, a refresh rate up to 60Hz, Game Enhancer for a better gaming experience and support for multiple voice assistants including Alexa and the Google Assistant.
  
  Buy 82-inch Samsung Q60T LED at Best Buy - $1,580
  55-inch Sony Bravia XR A80J OLED 4K TVSony
  One of Sony9s premium OLED TVs, the 55-inch Bravia XR A80J set, is down to $1,800 in this sale, or $500 off its normal price. It packs most of Sony9s best TV technology into one set, including the Cognitive Processor XR, HDMI 2.1 support, 4K upscaling, XR Motion Clarity and improved sound with Acoustic Surface Audio+ and built-in subwoofers. It also runs the Google TV operating system, so you can call upon the Assistant for all your entertainment needs.
  
  Buy 55-inch Sony Bravia XR A80J OLED at Best Buy - $1,800Buy 55-inch Sony Bravia XR A80J OLED at Amazon - $1,800
  65-inch Samsung The Frame LED 4K TVSamsung
  The 65-inch The Frame set from Samsung is down to $1,700, or $300 less than normal. This is the TV to get if you9d prefer to look at something more interesting than a black box when not actually watching a TV show or movie. Its art mode lets you select art to display on the screen whenever you want, and it also supports 4K AI upscaling and truer colors using Quantum Dot technology.
  
  Buy 65-inch Samsung The Frame LED at Best Buy - $1,700Buy 65-inch Samsung The Frame LED at Amazon - $1,700
  55-inch LG G1 OLED evo 4K TVLG
  A 55-inch LG G1 OLED TV will set you back $2,000 if you grab it during this sale, saving you $200 off its normal price. It9s part of the "gallery" series and it uses OLED evo panel technology, which provides better brightness and clearer whites than standard OLED displays. It also runs on LG9s a9 Gen4 AI Processor 4K and supports features like G-SYNC, FreeSync, OLED Motion Pro and voice commands via Alexa and the Google Assistant.
  
  Buy 55-inch LG G1 OLED at Best Buy - $2,000Buy 55-inch LG G1 OLED at Amazon - $2,000
  75-inch Samsung Q900TS 8K TVSamsung
  If you9re keen on investing in an 8K TV, this 75-inch Samsung Q900T QLED 8K set is $1,500 off, bringing it down to $3,000. It includes Quantum HDR 32X, precisely controlled LED backlights and 8K AI upscaling. Just keep in mind that there isn9t a ton of 8K content available just yet, so it may be a while before you experience the full benefits of this smart TV.
  
  Buy 75-inch Samsung Q900TS at Best Buy - $3,000
  
  Follow @EngadgetDeals on Twitter for the latest tech deals and buying advice.
  

• Women's soccer is coming to 'Football Manager,' but it will take a while
  Football Manager developer Sports Interactive has a history of inclusive gameplay, and that now extends to women. The company has revealed that it9s adding women9s soccer (aka football) to its management sim. This will likely be a "multi-year" project, SI warned, but this also isn9t a simple character model swap. The studio wants to offer the same kind of depth it has for men9s sport while accounting for the differences between players and leagues.
  
  There will be new models and databases, of course. However, SI noted that it also has to account for different league rules, gender differences in text translations (the most expensive part of the project) and tweaks to different player attribute systems. The company also has to decide whether or not it accounts for certain practical realities of women9s soccer, at least at first — does it factor in menstruation and pregnancy, for example?
  
  The team recently hired coach and research expert Tina Keech to lead its women9s soccer efforts, and there are already motion capture sessions underway.
  
  The expansion will likely prove costly. SI expects adding women will "cost millions," and it9s looking for sponsorship deals that could help fund the project. However, the company believes there9s a moral imperative to add women to the game — it wants to "smash" the glass ceiling for women9s soccer and help it get the same attention given to men9s leagues. In other words, Football Manager will be part of a larger sports equality campaign that includes better TV coverage of real-world matches.
  

• SQLite Extraction of Oracle Tables Tools, Methods and Pitfalls
  by Charles Fisher    Introduction
  The SQLite database is a wildly successful and ubiquitous software package that is mostly unknown to the larger IT community. Designed and coded by Dr. Richard Hipp, the third major revision of SQLite serves many users in market segments with critical requirements for software quality, which SQLite has met with compliance to the DO-178B avionics standard. In addition to a strong presence in aerospace and automotive, most major operating system vendors (including Oracle, Microsoft, Apple, Google, and RedHat) include SQLite as a core OS component.
  
  There are a few eccentricities that may trip up users from other RDBMS environments. SQLite is known as a “flexibly-typed��� database, unlike Oracle which rigidly enforces columnar datatypes; character values can be inserted into SQLite columns that are declared integer without error (although check constraints can strengthen SQLite type rigidity, if desired). While many concurrent processes are allowed to read from a SQLite database, only one process is allowed write privilege at any time (applications requiring concurrent writers should tread carefully with SQLite). There is no network interface, and all connections are made through a filesystem; SQLite does not implement a client-server model. There is no “point in time recovery,” and backup operations are basically an Oracle 7-style ALTER DATAFILE BEGIN BACKUP that makes a transaction-consistent copy of the whole database. GRANT and REVOKE are not implemented in SQLite, which uses filesystem permissions for all access control. There are no background processes, and newly-connecting clients may find themselves delayed and responsible for transaction recovery, statistics collection, or other administrative functions that are quietly performed in the background in this “zero-administration database.” Some history and architecture of SQLite can be found in audio and video records of Dr. Hipp's discussions.
      Go to Full Article          

• Vulnerability Detection and Patching: A Survey Of The Enterprise Environment
  by Joao Correia    Detecting vulnerabilities and managing the associated patching is challenging even in a small-scale Linux environment. Scale things up and the challenge becomes almost unsurmountable. There are approaches that help, but these approaches are unevenly applied.
  In our survey, State of Enterprise Vulnerability Detection and Patch Management, we set out to investigate how large organizations handle the dual, linked security concerns of vulnerability detection and patch management.
  The results produced interesting insights into the tools that organizations depend on to effectively deal with vulnerability and patch management at scale, how these tools are used, and which restrictions organizations face in their battle against threat actors. Download the copy of the report here.
  Vulnerability management is an enterprise responsibility  Before we dive into the results of our survey, let’s take a quick look at why vulnerability management operations matter so much in large organizations.
  Vulnerabilities are widespread and a major cybersecurity headache. In fact, vulnerabilities are such a critical problem that laws and regulations are in place to ensure that covered organizations adequately perform vulnerability management tasks – because the failure to do so can hurt a company’s customers.
  Each industry has different rules that apply to it – with organizations that handle personal data such as healthcare records and financial service firms operating under the strictest rules. It has an impact on day-to-day vulnerability management operations – some organizations must act much faster and more thoroughly than others.
  This is one of the points we explored in the survey, trying to understand how different industry compliance requirements affect vulnerability operations on the ground.
  The survey  Early in 2021, we kicked off a survey with the intention to study three key factors in vulnerability and patch management operations. We examined patch deployment practices, how maintenance windows are handled, and tried to get a view into the overall level of security awareness of the organizations that responded.
  The survey was advertised publicly to IT professionals around the world and it continues to run, even though we have published the initial results.
      Go to Full Article          

• Live Patching Requires Reproducible Builds – and Containers Are the Answer
  by Joao Correia    We know that live patching has real benefits because it significantly reduces the downtime associated with frequent patching. But live patching is relatively difficult to achieve without causing other problems and for that reason live patching is not implemented as frequently as it could be. After all, the last thing sysadmins want is a live patch that crashes a system.
  Reproducible builds are one of the tools that can help developers to implement live patching consistently and safely. In this article, I explain why reproducible builds matter for live patching, what exactly reproducible builds are, and how containers are coming to the rescue.
  Live patching: a key threat management tool  Patching is a critical part of systems maintenance because patching fixes faulty and buggy code. More importantly, security teams rely on patching to plug security holes, and there is a real urgency to it. Waiting for a convenient maintenance window to patch is risky because it leaves an opportunity for hackers to take advantage of an exploit.
  It creates a difficult conundrum: maintain high availability but run a security risk, or patch frequently but end up with frustrated stakeholders. Live patching bridges that gap. With live patching, the offending code is swapped out while a process is actively running, without restarting the application or service that depends on that process.
  Implementing live patching isn’t easy  Live patching is not that straightforward to accomplish – the drop-in code must “fit” in a like-for-like manner, or all sorts of unwanted things can happen. Get it wrong, and the application – or entire server – will crash.
  The code behind a running process usually comes from a binary executable file – a machine-readable block of code compiled from source code. A kernel, for example, has thousands of source files all compiled into a few binaries.
  With live patching, the live patch code must fit in at an exact level. Yes, the binary file containing the patch code will be different from the binary file containing the bad code. Nonetheless, the new code must slot into place precisely and must depend on the same version of imported libraries. The live patch code must also be compiled using the same compiler options and flags. Bit endianness matters too – the binary file must be ordered in exactly the same way.
  In principle, all this is achievable – but in practice, it is a challenge. For example, day-to-day system updates often impact libraries. These libraries could be slightly different, in turn producing binaries that are slightly different when compiling code.
      Go to Full Article          

• An Abridged Guide to the Enterprise Linux Landscape
  by Rod Cope    Whether you are welcoming CentOS Stream or looking for alternatives, the recent decision from the CentOS community to focus on CentOS Stream has forced a lot of technical leaders to rethink their Enterprise Linux strategy.  Beneath that decision, the business landscape involving Linux has shifted and expanded since its enterprise debut in the late 90s, when IBM would invest $1 billion in its development.
  Today, Linux comes in every shape and size imaginable — with the kernel running on tiny low power computers and IoT devices, mobile phones, tablets, laptops all the way up to midrange and high-power mainframe servers.
  Cutting through that expansive selection to understand which Linux distributions truly align with the needs of a business can lead to more frictionless deployments and successful execution while minimizing waste in maintenance cycles and optimizing overall cost.
  This abridged guide to the Enterprise Linux landscape can give businesses an overview of which flavor (or flavors) of Linux will most adequately match their use cases.
  For those looking for a more comprehensive guide, be sure to check out the Decision Maker’s Guide to Enterprise Linux.
  Finding the Right Linux Flavor  Committing to a flavor can introduce many concerns. Beyond managing the deployments host-by-host, administrators must also consider the ecosystem components available to support the implementation at scale.
  What mechanisms will be available for automatic patching? Can you optimize bandwidth by mirroring the distributions repository? Is remote desktop a concern?  What about the kernel version requirements? Linux Kernel 4 contains optimizations that lead directly to dollars saved on cloud deployments, can you take advantage of that?
  Are you looking at a container strategy, thinking of deploying your apps into Kubernetes, or other multi-cloud strategies? What about options for embedded Linux
  Nowadays there’s a preferred flavor of Linux for each of these concerns. A single flavor of Linux is really the Linux kernel surrounded by a curated suite of other free software. That other free software is what makes one flavor of Linux distinct from another.
      Go to Full Article          

• Systemd Service Hardening
  by Alessio Greggi    Introduction
  In an age where hacker attacks are a daily occurrence, it is of fundamental importance to minimize the attack surface. Containerization is probably the best way to isolate a service provided for the public, but this is not always possible for several reasons. For example, think of a legacy system application developed on systemd. This could make the most of the capabilities provided by a systemd-based operative system and it could be managed via a systemd unit, or it could automatically pull updates using a systemd timer, and so on.
  
  For this reason, we are going to explain how to improve the security of a systemd service. But first, we need to step back for a moment.  With the latest releases systemd has implemented some interesting features relating to security, especially sandboxing. In this article we are going to show step-by-step how to strengthen services using specific directives, and how to check them with the provided systemd suite.
  Debugging
  Systemd provided an interesting tool named systemd-analyze. This command analyzes the security and the sandboxing settings of one or more specified services. The command checks for various security-related service settings, assigning each a numeric "exposure level" value, depending on how important the setting is. It then calculates an overall exposure level for the whole unit through an estimation in the range 0.0…10.0, which tells us how exposed a service is security-wise.
  
   
  
  This allows us to check the improvements applied to our systemd service step-by-step. As you can see, several services are now marked as UNSAFE, this is probably due to the fact that not all of the applications are applying the features provided by systemd.
  Getting Started
  Let's start from a basic example. We want to create a systemd unit to start the command python3 -m http.server as a service:
   [Unit] Description=Simple Http Server Documentation=https://docs.python.org/3/library/http.server.html  [Service] Type=simple ExecStart=/usr/bin/python3 -m http.server ExecStop=/bin/kill -9 $MAINPID  [Install] WantedBy=multi-user.target
  Save the file and place it under the specific systemd directory of yor distribution.
  
  By checking the security exposure through systemd-analyze security we get the following result:
      Go to Full Article          

• eBPF for Advanced Linux Infrastructure Monitoring
  by Odysseas Lamztidis   
  A year has passed since the pandemic left us spending the better part of our days sheltering inside our homes. It has been a challenging time for developers, Sysadmins, and entire IT teams for that matter who began to juggle the task of monitoring and troubleshooting an influx of data within their systems and infrastructures as the world was forced online. To do their job properly, free, open-source technologies like Linux have become increasingly attractive, especially amongst Ops professionals and Sysadmins in charge of maintaining growing and complex environments. Engineers, as well, are using more open-source technologies largely due to the flexibility and openness they have to offer, versus commercial offerings that are accompanied by high-cost pricing and stringent feature lock-ins.
  
  One emerging technology in particular - eBPF - has made its appearance in multiple projects, including commercial and open-source offerings. Before discussing more about the community surrounding eBPF and its growth during the pandemic, it’s important to understand what it is and how it’s being utilized. eBPF, or extended Berkley packet filtering, was originally introduced as BPF back in 1992 in a paper by Lawrence Berkeley Laboratory researchers as a rule-based mechanism to filter and capture network packets. Filters would be implemented to run inside a register-based Virtual Machine (VM), which itself would exist inside the Linux Kernel. After several years of non-activity, BPF was extended to eBPF, featuring a full-blown VM to run small programs inside the Linux Kernel. Since these programs run from inside the Kernel, they can be attached to a particular code path and be executed when it is traversed, making them perfect to create applications for packet filtering and performance analysis and monitoring.
  
  Originally, it was not easy to create eBPF programs, as the programmer needed to know an extremely low-level language. However, the community around that technology has evolved considerably through their creation of tools and libraries to simplify and speed up the process of developing and loading an eBPF program inside the Kernel. This was crucial for creating a large number of tools that can trace system and application activity down to a very granular level. The image that follows demonstrates this, showing the sheer number of tools that exist to trace various parts of the Linux stack.
      Go to Full Article          

• How to set up a CrowdSec multi-server installation
  by Manuel Sabban    Introduction  CrowdSec is an open-source & collaborative security solution built to secure Internet-exposed Linux services, servers, containers, or virtual machines with a server-side agent. It is a modernized version of Fail2ban which was a great source of inspiration to the project founders.
  CrowdSec is free (under an MIT License) and its source code available on GitHub. The solution is leveraging a log-based IP behavior analysis engine to detect attacks. When the CrowdSec agent detects any aggression, it offers different types of remediation to deal with the IP behind it (access prohibition, captcha, 2FA authentication etc.). The report is curated by the platform and, if legitimate, shared across the CrowdSec community so users can also protect their assets from this IP address.
  A few months ago, we added some interesting features to CrowdSec when releasing v1.0.x. One of the most exciting ones is the ability of the CrowdSec agent to act as an HTTP rest API to collect signals from other CrowdSec agents. Thus, it is the responsibility of this special agent to store and share the collected signals. We will call this special agent the LAPI server from now on.
  Another worth noting feature, is that mitigation no longer has to take place on the same server as detection. Mitigation is done using bouncers. Bouncers rely on the HTTP REST API served by the LAPI server.
  Goals  In this article we’ll describe how to deploy CrowdSec in a multi-server setup with one server sharing signal.
  Both server-2 and server-3 are meant to host services. You can take a look on our Hub to know which services CrowdSec can help you secure. Last but not least, server-1 is meant to host the following local services:
    the local API needed by bouncers
      the database fed by both the three local CrowdSec agents and the online CrowdSec blocklist service.  As server-1 is serving the local API, we will call it the LAPI server.
   We choose to use a postgresql backend for CrowdSec database in order to allow high availability. This topic will be covered in future posts. If you are ok with no high availability, you can skip step 2.
      Go to Full Article          

• Develop a Linux command-line Tool to Track and Plot Covid-19 Stats
  by Nawaz Abbasi    It’s been over a year and we are still fighting with the pandemic at almost every aspect of our life. Thanks to technology, we have various tools and mechanisms to track Covid-19 related metrics which help us make informed decisions. This introductory-level tutorial discusses developing one such tool at just Linux command-line, from scratch.
  We will start with introducing the most important parts of the tool – the APIs and the commands. We will be using 2 APIs for our tool - COVID19 API and Quickchart API and 2 key commands – curl and jq. In simple terms, curl command is used for data transfer and jq command to process JSON data.
  The complete tool can be broken down into 2 keys steps:
  
  1. Fetching (GET request) data from the COVID19 API and piping the JSON output to jq so as to process out only global data (or similarly, country specific data).
   $ curl -s --location --request GET 'https://api.covid19api.com/summary' | jq -r '.Global'  {   "NewConfirmed": 561661,   "TotalConfirmed": 136069313,   "NewDeaths": 8077,   "TotalDeaths": 2937292,   "NewRecovered": 487901,   "TotalRecovered": 77585186,   "Date": "2021-04-13T02:28:22.158Z"  } 
  2. Storing the output of step 1 in variables and calling the Quickchart API using those variables, to plot a chart. Subsequently piping the JSON output to jq so as to filter only the link to our chart.
   $ curl -s -X POST \   -H 'Content-Type: application/json' \   -d '{"chart": {"type": "bar", "data": {"labels": ["NewConfirmed (${newConf})", "TotalConfirmed (${totConf})", "NewDeaths (${newDeath})", "TotalDeaths (${totDeath})", "NewRecovered (${newRecover})", "TotalRecovered (${totRecover})"], "datasets": [{"label": "Global Covid-19 Stats (${datetime})", "data": [${newConf}, ${totConf}, ${newDeath}, ${totDeath}, ${newRecover}, ${totRecover}]}]}}}' \   https://quickchart.io/chart/create | jq -r '.url'  https://quickchart.io/chart/render/zf-be27ef29-4495-4e9a-9180-dbf76f485eaf    That’s it! Now we have our data plotted out in a chart:
  
      Go to Full Article          

• FSF’s LibrePlanet 2021 Free Software Conference Is Next Weekend, Online Only
  by George Whittaker    On Saturday and Sunday, March 20th and 21st, 2021, free software supporters from all over the world will log in to share knowledge and experiences, and to socialize with others within the free software community. This year’s theme is “Empowering Users,” and keynotes will be Julia Reda, Nathan Freitas, and Nadya Peek. Free Software Foundation (FSF) associate members and students attend gratis at the Supporter level. 
  You can see the schedule and learn more about the conference at https://libreplanet.org/2021/, and participants are encouraged to register in advance at https://u.fsf.org/lp21-sp. 
  The conference will also include workshops, community-submitted five-minute Lightning Talks, Birds of a Feather (BoF) sessions, and an interactive “exhibitor hall” and “hallway” for socializing.
      Go to Full Article          

• Review: The New weLees Visual LVM, a new style of LVM management, has been released
  by George Whittaker    Maintenance of the storage system is a daily job for system administrators. Linux provides users with a wealth of storage capabilities, and powerful built-in maintenance tools. However, these tools are hardly friendly to system administrators while generally considerable effort is required for mastery.
  As a Linux built-in storage model, LVM provides users with plenty flexible management modes to fit various needs. For users who can fully utilize its functions, LVM could meet almost all needs. But the premise is thorough understanding of the LVM model, dozens of commands as well as accompanying parameters.
  The graphical interface would dramatically simplify both learning curve and operation with LVM, in a similar approach as partition tools that are widely used on Windows/Linux platforms. Although scripts with commands are suitable for daily, automatic tasks, the script could not handle all functions in LVM. For instance, manual calculation and processing are still required by many tasks.
  Significant effort had been spent on this problem. Nowadays, several graphical LVM management tools are already available on the Internet, some of them are built-in with Linux distributions and others are developed by third parties. But there remains a critical problem: desire for remote machines or headless servers are completely ignored.
  This is now solved by Visual LVM Remote. Front end of this tool is developed based on the HTTP protocol. With any smart device that can connect to the storage server, Users can perform management operations.
  Visual LVM is developed by weLees Corporation and supports all Linux distributions. In addition to working with remote/headless servers, it also supports more advanced features of LVM compared with various on-shelf graphic LVM management tools.
  Dependences of Visual LVM Remote  Visual LVM Remote can work on any Linux distribution that including two components below:
    LVM2
      Libstdc++.so
   UI of Visual LVM Remote  With a concise UI, partitions/physical volumes/logical volumes are displayed by disk layout. With a glance, disk/volume group information can be obtained immediately. In addition, detailed relevant information of the object will be displayed in the information bar below with the mouse hover on the concerned object.
      Go to Full Article