Last week of the Month of LibreOffice, May 2022!

So far, 233 sticker packs have been awarded in the Month of LibreOffice, May 2022. But there’s still one more week to go – so if your name (or username) isn’t on the list, join in, help to make LibreOffice even better, and get some cool swag! We’ll have 10 bonus pieces of merchandise to give away, to 10 lucky people…

Firefox Nightly: These Weeks in Firefox: Issue 116

Mobiot is a system that lets anyone automate everyday objects

So many tasks within a house can be reduced to a series of somewhat simple movements that are repeated each time that task is done, thus making it a prime target for automation. To make this process far easier than the traditional one of designing a robot by hand, writing some code and doing thorough testing, a team of researchers from UCLA and Texas A&M has created the Mobiot toolkit, which aims to combine each of these steps into a very straightforward application that takes care of the heavy lifting automatically.

Canonical at ISC High Performance 2022 | Ubuntu

With ISC High Performance 2022 just around the corner, now is a great time to get in touch with Canonical on all things HPC ISC High Performance is one of the main events on High Performance Computing (HPC) and Supercomputing and all relevant topics in that space such as High Performance Data Analytics (HPDA), Artificial Intelligence and Machine Learning (AI/ML). It’s held in Germany each year, this time in Hamburg starting 30th of May and ending on the 1st of June

Access JFR data faster with Cryostat 2.1's new download APIs

Cryostat is a tool for managing JDK Flight Recorder data on Kubernetes. This article explains how new download APIs based on JSON Web Tokens (JWTs) help facilitate a more responsive and efficient download workflow in the Cryostat 2.1 web client.

DrKonqi ❤️ coredumpd

Since Plasma 5.24 DrKonqi, Plasma’s infamous crash reporter, has gained support to route crashes through coredumpd and it is amazing – albeit a bit unused. That is why I’m telling you about it now because it’s matured a bit and is even more amazing – albeit still unused, I hope that will change. To explain what any of this does I have to explain some basics first, so we are on the same page… Most applications made by KDE will generally rely on KCrash, a KDE framework that implements crash handling, to, well, handle crashes. The way this works depends a bit on the operating system but one way or another when an application encounters a fault it first stops to think for a moment, about the meaning of life and whatever else, we call that “catching the crash”, during that time frame we can apply further diagnostics to help later figure out what went wrong. On POSIX systems specifically, we generate a backtrace and send that off to our bugzilla for handling by a developer – that is in essence the job of DrKonqi.

Dirk Eddelbuettel: RcppAPT 0.0.9: Minor Update

A new version of the RcppAPT package with the R interface to the C++ library behind the awesome apt, apt-get, apt-cache, … commands and their cache powering Debian, Ubuntu and the like arrived on CRAN earlier today. RcppAPT allows you to query the (Debian or Ubuntu) package dependency graph at will, with build-dependencies (if you have deb-src entries), reverse dependencies, and all other goodies. See the vignette and examples for illustrations.

Botonic: An open-source React framework for building Conversational apps

ReacType: Open-source tool to Prototype your React project

OpenFeature to Bring Open Source Standard to Feature Flags

Feature flags are an important part of software development, and with the new open source OpenFeature effort they could become even easier to use.

gfldex: Reducing sets

What's In That String?

One of the steps of debugging Perl can be to find out what is actually in a string. There are a number of more-or-less informative ways to do this, and I thought I would compare them. For this I used two short strings. The first was just the concatenation of the characters whose ordinals are 24 through 39; that is, 16 ASCII characters straddling the divide between control characters and printable characters. The second was a small variation on the first, made by removing the last character and appending "\N{U+100}" (a.k.a. "\N{LATIN CAPITAL A WITH MACRON}") to force the string's internal representation to be upgraded. The results given below include the version of the module used, the actual code snippet that generated the output, the output itself, and any comments I thought relevant. All subroutines used to dump strings are exportable except for those called as methods. The sample code makes fully-qualified calls because of duplication of subroutine names between different modules.

Security updates for Wednesday

Security updates have been issued by Debian (lrzip and puma), Fedora (plantuml and plib), Oracle (kernel and kernel-container), Red Hat (firefox, kernel, kpatch-patch, subversion:1.14, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (kernel-firmware, libxml2, pcre2, and postgresql13), and Ubuntu (accountsservice, postgresql-10, postgresql-12, postgresql-13, postgresql-14, and rsyslog).

The Linux Foundation's "security mobilization plan" [Ed: Making up numbers for a FUD campaign led by proprietary software companies that make back doors for the NSA]

The Linux Foundation has posted an "Open Source Software Security Mobilization Plan" that aims to address a number of perceived security problems with the expenditure of nearly $140 million over two years.

Our build and release infrastructure, and upcoming updates | F-Droid - Free and Open Source Android App Repository

Behind the scenes of F-Droid is a giant pile of automation to manage the process of building thousands of apps from source. This means checking out thousands of source repos, checking them all for updates, building and new releases, and securely signing them en masse. All builds are run in a fresh virtual machine guest instance known as the buildserver. All Gradle binaries and Android SDK packages are verified against our public logs of observed SHA-256 checksums. The transparency log processes also verify against upstream’s public checksums. Our setup runs on Debian almost exclusively. Debian is a leader in free software, rock solid servers, and reproducible builds. That makes it a natural home for F-Droid. We also work to ensure we maintain the packages we use, and build our processes on top of Debian packages. That means we share the maintenance with anything that uses Debian. It may seem like more work to give back, but our experience is that it pays off in the long run. The F-Droid community is able to maintain many things with a small team. Another example of this is this website itself: it is built using Jekyll packages that are all in Debian.

F-Droid: Our build and release infrastructure, and upcoming updates

Here's an update from F-Droid regarding upcoming changes to its build and distribution infrastructure.

Tails 5.0 Linux users warned against using it "for sensitive information" [Ed: Microsoft-connected site shedding doubt on "Linux"]

Tails developers have warned users to stop using the portable Debian-based Linux distro until the next release if they're entering or accessing sensitive information using the bundled Tor Browser application.

CISA Adds 34 Known Exploited Vulnerabilities to Catalog [Ed: Lots and lots of Microsoft. Actively exploited.]

CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.

Google Releases Security Updates for Chrome

Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

Stable Channel Update for Desktop

Google has been DDoSing SourceHut for over a year

Just now, I took a look at the HTTP logs on git.sr.ht. Of the past 100,000 HTTP requests received by git.sr.ht (representing about 2½ hours of logs), 4,774 have been requested by GoModuleProxy — 5% of all traffic. And their requests are not cheap: every one is a complete git clone. They come in bursts, so every few minutes we get a big spike from Go, along with a constant murmur of Go traffic. This has been ongoing since around the release of Go 1.16, which came with some changes to how Go uses modules. Since this release, following a gradual ramp-up in traffic as the release was rolled out to users, git.sr.ht has had a constant floor of I/O and network load for which the majority can be attributed to Go. I started to suspect that something strange was going on when our I/O alarms started going off in February 2021 (we eventually had to tune these alarms up above the floor of I/O noise generated by Go), correlated with lots of activity from a Go user agent. I was able to narrow it down with some effort, but to the credit of the Go team they did change their User-Agent to make more apparent what was going on. Ultimately, this proved to be the end of the Go team’s helpfulness in this matter.