After all these years, what's made us stick with Linux? Plus the commitment just made by the GNOME team, and some new tools that are changing our game.

First up, in our Wanderings, Mike shreds a new axe, I’m more and more impressed by Proton, Joe has frozen joints, Moss is going to be rich someday, Tony Hughes gets immunities, and Josh panics with a crowbar.  Then, in the News, so much controversy, Linux on Mars, VLC on the moon, Mint and mintCast make the cut, and more

The startup, one of Istio's top contributors, has also launched an online community for Istio and Envoy enthusiasts to surface problems, brainstorm solutions.

Hello there, I would like to announce a new service that I have just configured for Debian: https://debuginfod.debian.net. debuginfod is a new-ish project whose purpose is to serve ELF/DWARF/source-code information over HTTP.  It is developed under the elfutils umbrella.  You can find more information about it here:   https://sourceware.org/elfutils/Debuginfod.html In a nutshell, by using a debuginfod service you will not need to install debuginfo (a.k.a. dbgsym) files anymore; the symbols will be served to GDB (or any other debuginfo consumer that supports debuginfod) over the network.  Ultimately, this makes the debugging experience much smoother (I myself never remember the full URL of our debuginfo repository when I need it). If you would like to use the service, and if the service supports the Debian distribution you are using (see below), all you have to do is make sure that the following environment variable is set in your shell:   DEBUGINFOD_URLS="https://debuginfod.debian.net"; Currently, the elfutils and GDB packages in unstable and testing have native support for using debuginfod.  I will soon propose a change to the elfutils package in order to make it be configured with our debuginfod instance by default, so that users will be able to use the service transparently. For now, debuginfod.debian.net is serving debug information symbols for the following Debian distributions:   - unstable   - testing   - testing-proposed-updates   - stable   - stable-backports   - proposed-updates In the near future I intend to expand this list and include the debuginfo stored at snapshot.debian.org as well. Setting up a debuginfod service for Debian has been on my TODO list for some time now, and I finally got enough time & resources to do it.  I would like to thank a few people for their feedback and help:   - Héctor Orón (zumbi)   - Jonathan Carter (highvoltage)   - Paul Wise (pabs) Last, but not least, you can find a wiki page about our service here:   https://wiki.debian.org/Debuginfod Thanks,

Debian is the latest major Linux distribution deploying a Debuginfod web server so that ELF/DWARF/source-code information can be supplied via HTTP to clients on-demand when debugging.  Introduced last year was Debuginfod with GNU Binutils 2.34 for distributing debugging information / source code on demand. Readelf and objdump utilities can query connected Debuginfod servers for source files / data based on a build ID. Debuginfod support was later integrated into the GNU Debugger too (GDB 10.1). The effort was led by Red Hat engineers while now Debian is getting in on this practical feature too. 

In this commit, David Gwynne (dlg@) adds a new veb(4) driver to the tree. David's goal is to replace the old bridge(4) driver: [...]

GNU poke (http://www.jemarch.net/poke) is an interactive, extensible editor for binary data.  Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them. 

By creating a NULL MX RECORD for a domain name which isn't meant to receive email, the domain will clearly state that it doesn't accept any email, period. Anyone attempting to send email to that domain will then immediately received a notification saying you cannot send email to that domain.

If you do not want a domain to receive any mail, there is a way to be at last somewhat civil about it. There's a different DNS trick for that.

Coding is (of course) about building things to help others. However, creating programs and software has more to do with automating repetitive or complex tasks than anything else. Python’s while loop lets you repeat suites of code to automate many actions at once. In this post, we show you how to use Python’s while loop. First, let’s talk about what the while loop does and where it’s best used.

The ever helpful raiph wished for RakuAST in an answer to a question about pattern matching like it is done in Haskell. It was proposed to use MMD to solve this problem. Doing so and getting a fall-through default was unsolved. Since dispatch simply is pattern matching we just need to do some extra work. In a nutshell, the dispatcher gets a list of functions and a list with arguments. The first function that takes all arguments wins.

Pop open the champagne as the in-development Linux 5.12 kernel will be able to support link-time optimizations (LTO) in conjunction with the LLVM Clang compiler on not only AArch64 (64-bit ARM) but also x86_64. Last week I noted that Clang LTO support had been submitted but at the time was not clear if Linus Torvalds was willing to land it given his past comments around LTO'ing the kernel. With that pull request it was also just for AArch64 with the x86_64 support not yet squared away. Years ago Linus Torvalds was unconvinced by GCC LTO support for the kernel and that code ultimately was never mainlined. With Clang the benefits are much the same in allowing for potentially greater performance by allowing the code compiler to apply optimization passes at link-time on the entire kernel rather than being limited on a per source file basis. LTO also has the possibility of providing greater space savings too. Plus in the case of Clang, LTO for the kernel is also needed to support Control Flow Integrity (CFI) for the kernel.

This is the first version of the complete patch for the new security feature for GCC: Initialize automatic variables with new first class option -ftrivial-auto-var-init=[uninitialized|pattern|zero] and a new variable attribute “uninitialized” to exclude some variables from automatical initialization to Control runtime overhead.

An Oracle engineer has proposed introducing a new "-ftrivial-auto-var-init=" option for the GCC compiler that would allowing initializing automatic variables with either a pattern or zeroes in the name of security. In trying to fight security issues stemming from uninitialized memory disclosure, the suggested -ftrivial-auto-var-init==zero would initialize automatic variables with zeroes unless the new "uninitialized" variable attribute was used on a particular variable for overriding the behavior.

A couple of weeks ago, I got bored and decided to come up with a list of things that have bothered me when trying to run software to get things done. These might be reliability concerns, or development issues, or really anything else that bothered me at the time. This was actually pretty illuminating.

I would actually recommend other people try it with their own annoyances and see how things stack up. It was interesting to look at the rows to see which choices were particularly bad because they hit so many of them, and then to look at the columns to see how often they showed up regardless of the language or environment.

OpenSSH 8.5p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release.

Datasets sometimes contain perfectly well-formed items that really don't belong with the other items in their field. In my data auditing work, anomalous items are typically out of range, out of place, out of match or out of date. Below are some real-world examples.

You might want to have more than one JDK on your Mac and run different programs with different JDK versions as it is with me. The easiest and safest way I’ve found is as follows.

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely.

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The [attack] gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including U.S. government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

It was a huge attack, with major implications for U.S. national security. The Senate Intelligence Committee is scheduled to hold a hearing on the breach on Tuesday. Who is at fault?

If you have a new M1 Mac, you probably think it's going to last for years and years, but some new troubling data suggests that might not be the case. More than a few users are reporting that SSDs on Apple’s M1 Macs are possibly being overused by the system, which could cause them to wear out earlier than usual.

NurseryCam, the remote video monitoring service for parents with young children at nurseries that was dogged with claims of troubling security issues last week, has suffered a data breach.

The firm said that a "loophole" in its systems had been used to obtain data from parents' viewing accounts including: [...]

LinkedIn is back up after a worldwide outage affecting users on both mobile and desktop. The Microsoft-owned social network first started experiencing issues around 2PM ET, and LinkedIn confirmed things were back to normal at 4:21PM ET.

It's no secret that in the year and a half since Google launched its video game streaming platform, Stadia, things haven't gone particularly well. Game developers were wary at the onset that Google, as it has with projects like this in the past, might simply one day shut the whole thing down if it thinks the venture is a loser. The launch of Stadia itself was mostly met with meager interest, due to scant games available on the platform. Even then, the rollout was a mix of chaos and glitch, critiques of its promise for true 4k game streaming, very low adoption rates, and some at the company appearing to want to go to war with game-streamers.

Five years or so ago, frustration at John Deere's draconian tractor DRM helped birth a grassroots tech movement dubbed "right to repair." The company's crackdown on "unauthorized repairs" turned countless ordinary citizens into technology policy activists, after DRM (and the company's EULA) prohibited the lion's share of repair or modification of tractors customers thought they owned. These restrictions only worked to drive up costs for owners, who faced either paying significantly more money for "authorized" repair (which for many owners involved hauling their tractors hundreds of unnecessary miles), or toying around with pirated firmware just to ensure the products they owned actually worked.

During the 90-minute event, the company rattled through a series of announcements. It detailed a slew of new podcasts, including one featuring former President Barack Obama and rockstar Bruce Springsteen as co-hosts, as well as a full universe of DC Comics programming. It debuted an expanded podcast ad marketplace, bolstered by its Megaphone acquisition and Streaming Ad Insertion technology, along with a Hi-Fi subscription tier. And it teased new tools for podcasters to engage with their audiences and make money through subscriptions. Spotify obviously intends to make podcasting a real revenue driver.

But none of the announcements were groundbreaking for people in the industry. If anything, they demonstrated how far Spotify has yet to go. Crucially, Spotify announced that 7,500 musicians are making at least $100,000 per year through its platform, which isn’t much considering the service is available in 93 markets. Now, Spotify is trying to make the same pitch to podcasters as it did to musicians — that they’re all on the same side and share the same goals.