Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • [OpenMandriva] Additional desktop environments updated once again!

    I am pleased to announce that all currently the most popular desktops are available in the OpenMandriva repository and have been updated to the latest releases.

    So, if you don’t like the default Plasma 5, then you have option to use a different environment like Gnome, Cinnamon, Mate, Xfce, IceWM or i3. In addition @fedya has prepared Sway, and in the repository we can also find under the tutelage of @bero the LXQT and Lumina - both QT based environments. All desktop you can find in Cooker, Rolling* and in upcoming stable release Rock 4.1.

    [...]

    GNOME environment was updated to latest stable 3.34.3 along with most components that fall into this gtk stack.

  • Ubuntu Weekly Newsletter Issue 613

    Welcome to the Ubuntu Weekly Newsletter, Issue 613 for the week of January 5 – 11, 2020. The full version of this issue is available here.

  • UVM gets $1 million from Google for open source research

    The school says the aim of the project is to broaden understanding of how people, teams and organizations thrive in technology-rich settings, particularly in open-source projects and communities.

  • Creative Commons and USAID Collaborate on Guide to Open Licensing

    Over the past two years, we’ve been working with USAID, the Global Book Alliance, the Global Digital Library, and the Global Reading Network on early childhood reading programs, with a focus on helping these programs to recognize the potential of open licensing to increase the reach and efficacy of resources that promote youth literacy. In the course of doing that work, we all realized that additional materials needed to be created for grantees of the programs to not only understand the open license grant requirements, but to undertake the practical steps of implementing open licenses. To respond to that need, we collaborated with USAID and the Global Reading Network to write and co-publish Open Licensing of Primary Grade Reading Materials: Considerations and Recommendations, a guide to open licenses that includes an introduction to the basics of copyright, an overview of the benefits of open licensing, and suggestions for choosing and implementing open licenses.

  • German Lawyer Niklas Plutte shares OSS tips

    Under the title « Open Source Software Recht: Große FAQ mit vielen Praxistipps” (in German language) the German lawyer Niklas Plutte (Rechtsanwalt) summarises the main questions related to open source licensing.

    In particular, the paper analyse how far open licences will produce a reciprocal (or copyleft) effect, meaning that in case or re-distribution of the program (as is, modified or in combination with other software) the copy, the modified or derivative work must be provided under the same licence and made available to the public in source code form, which could be shared and reused by anyone.

  • Cryptic Rumblings Ahead of First 2020 Patch Tuesday [iophk: why is Canonical not utilizing this already? Do they have too many microsofters inside the perimeter now?]

    According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

    A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

    Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.

  • Facebook Shares Its 2019 Year in Review for Open Source

    Facebook said it released 170 new open-source projects in 2019, bringing its total portfolio to 579 active repositories.

    Open-source developer advocate Dmitry Vinnik said in a blog post that the social network’s internal engineers contributed more than 82,000 commits in 2019, while some 2,500 external contributors committed over 32,000 changes.

    He added that almost 93,000 new people starred Facebook’s open-source projects last year.

  • Amazon accused of 'strip mining' open source software

    ust before the start of the festive season shut-down in mid-December, the New York Times published a long article accusing one of the world’s largest technology companies – Amazon – of nefarious business practices.

    Amazon reacted strongly, with Andi Gutmans, VP of Analytics and ElastiCache at Amazon Web Services (AWS) calling the NY Times article “skewed and misleading” as well as “silly and off-base”.

    Referring to open source companies that it said had complained about Amazon’s business practices, which included benefiting by integrating open source software pioneered by others into its own products, the NYTimes wrote: “Some of the companies have a phrase for what Amazon is doing: strip-mining software. By lifting other people’s innovations, trying to poach their engineers and profiting off what they made, Amazon is choking off the growth of would-be competitors and forcing them to reorient how they do business.”

  • Financial Services Firms Must Contribute More Software Repos, to Retain Staff and Stay Relevant [Ed: This article promotes the fiction that only code Microsoft controls counts as FOSS. It is a hostile and malicious takeover.]

    Does this tell us anything ? Overall, I was quite encouraged, but felt financial services firms in particular have more to do.

    My first observation regards firms not featuring on the list. Many Financial Services companies - banks, asset managers and other open source-consuming tier 1 hedge funds - are notable by their absence on Github, though in fairness some host repos elsewhere. While Goldman Sachs, for a long time active with Java, and JP Morgan are readily findable, many of their rivals sadly barely register. Kudos to those that have contributed, particularly the likes of Two Sigma and Man AHL, who have truly put money, time and effort where their mouths are.

    Vendors like Bloomberg and Thomson Reuters have found repos to be useful for promoting APIs to their databases, not unlike some internet services firm submissions represented in the list. They're doing well.

    Particularly pleasing for me were two "proprietary" software firms active in Financial Services, MathWorks and SAS, both releasing significant numbers of high calibre code repos, not least because I worked many years for one of them. Predictably, most repos from my former company are in their own proprietary though openly-viewable and editable language, MATLAB. For SAS, somewhat less predictably to my mind at least, more code submissions were in Python and JavaScript than SAS code itself. Kudos therefore to my former competitors at SAS ! It seems they understand the programming languages preferred by their staff's children and grandchildren, a bit like my using DuckDuckGo, chatting with gamers on Discord and shouting "boomer" at anyone over the age of 33.

  • Spotify Accidentally Leaks Details on Its Home Thing Smart Speaker

    A leak may have revealed Spotify’s upcoming foray into smart home speakers. New setup images for something called ‘Spotify Home Thing’ have appeared online.

  • Bay Staters Continue to Lead in Right to Repair, and EFF Is There to Help

    Massachusetts has long been a leader in the Right to Repair movement, thanks to a combination of principled lawmakers and a motivated citizenry that refuses to back down when well-heeled lobbyists subvert the legislative process.

    In 2012, Massachusetts became the first US state to enact Right to Repair legislation, with an automotive law that protected the right of drivers to get their cars repaired by independent mechanics if they preferred them to the manufacturers' service depots. Though wildly popular, it took the threat of a ballot initiative to get the legislature to act, an initiative that ultimately garnered 86% of the vote. The initiative led to strong protections for independent repair in Massachusetts and set the stage for a compromise agreement leading to better access to repair information for most of the country.

  • Enjoy this peaceful 4 hour long trailer for THE LONGING, a game that takes 400 days to beat

    A curious one this, a game that has a clock that counts down from 400 days as soon as you start it and you don't even need to play it to get to the ending, as time continues when you're not playing. I've played some slow games before but this is an all new kind of sloth.

    It's called THE LONGING and you play as Shade, the last lonely servant of a King who once ruled an underground kingdom. The King's powers have faded and he sleeps for 400 days to regain strength and you're supposed to stick around until he awakens. Announced today, Studio Seufz have now given it a release date of March 5 and you can see the wonderful four hour long trailer below. The trailer is obviously a joke, at how you can just sit around and do nothing.

  • Feral Interactive are asking what you want ported to Linux again

    Feral Interactive, the porting studio behind a lot of great games available on Linux are asking for some feedback again on where they should go next.

    In the past, they've teased how they feed port requests into "THE REQUESTINATOR". Looks like my number three from when they asked in November 2018 turned out okay with Shadow of the Tomb Raider. As always though, we want additional ports to buy and more varied titles to play through.

  • OpenStack’s Complicated Kubernetes Relationship

    2020 may be the year the OpenStack community comes to terms with Kubernetes

    As the open source community heads into 2020, loyalties between OpenStack and Kubernetes are likely to become increasingly divided. Contributors to open source projects are trying to determine where to prioritize their efforts, while IT organizations are wondering to what degree they will need a framework such as OpenStack to deploy Kubernetes.

    Most Kubernetes deployments thus far have been on top of open source virtual machines or commercial platforms from VMware. Most of those decisions have been driven by the need to isolate Kubernetes environments sharing the same infrastructure. In addition, many IT organizations lacked the tools or expertise required to manage Kubernetes natively, so it became easier to simply extend existing tools to manage Kubernetes as an extension of a virtual machine-based platform.

    The debate now is to what degree that approach will continue as organizations become first more familiar with native Kubernetes toolsets and alternative approaches to isolating workloads using lighter-weight virtual machines emerge.

    Lighter-weight alternatives to OpenStack and VMware for deploying Kubernetes clusters already exist, notes Rob Hirschfeld, CEO of RackN, a provider of an infrastructure automation platform based on open source Digital Rebar software.

    At the same time, managed service providers such as Mirantis have begun rolling out highly distributed services based on Kubernetes that make no use of OpenStack at all.

More in Tux Machines

New in Linux 5.12

  • Linux 5.12 To Allow Voltage/Temperature Reporting On Some ASRock Motherboards - Phoronix

    Voltage, temperature, and fan speed reporting among desktop motherboards under Linux remains one of the unfortunate areas even in 2021... Many SIO ICs remain publicly undocumented and the Linux driver support is often left up to the community and usually through reverse-engineering. Thus the mainline Linux kernel support is left to suffer especially among newer desktop motherboards.

  • [Older] F2FS With Linux 5.12 To Allow Configuring Compression Level

    While the Flash-Friendly File-System (F2FS) allows selecting between your choice of optional compression algorithms like LZO, LZ4, and Zstd -- plus even specifying specific file extensions to optionally limit the transparent file-system compression to -- it doesn't allow easily specifying a compression level. That is fortunately set to change with the Linux 5.12 kernel this spring. Queued now into the F2FS "dev" tree ahead of the Linux 5.12 merge window is a patch that's been floating around for some weeks to allow easily configuring the compression level. The compress_algorithm mount option is expanded to allow also specifying a level, such that the format supported is [algorithm]:[level] should you want to override any level preference like with the LZ4 and Zstd compression algorithms.

Security and Proprietary Software

  • diffoscope 165 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 165. This version includes the following changes:

    [ Dimitrios Apostolou ]
    * Introduce the --no-acl and --no-xattr arguments [later collapsed to
      --extended-filesystem-attributes] to improve performance.
    * Avoid calling the external stat command.
    
    [ Chris Lamb ]
    * Collapse --acl and --xattr into --extended-filesystem-attributes to cover
      all of these extended attributes, defaulting the new option to false (ie.
      to not check these very expensive external calls).
    
    [ Mattia Rizzolo ]
    * Override several lintian warnings regarding prebuilt binaries in the
    * source.
    * Add a pytest.ini file to explicitly use Junit's xunit2 format.
    * Ignore the Python DeprecationWarning message regarding the `imp` module
      deprecation as it comes from a third-party library.
    * debian/rules: filter the content of the d/*.substvars files

  • SonicWall hardware VPNs hit by worst-case 0-zero-day-exploit attacks

    “…have information about hacking of a well-known firewall vendor and other security products by this they are silent and do not release press releases for their clients who are under attack due to several 0 days in particular very large companies are vulnerable technology companies,” BleepingComputer was told via email.

  • Cyber Firm SonicWall Says It Was Victim of ‘Sophisticated’ Hack

    The Silicon Valley-based company said in a statement that the two products compromised provide users with remote access to internal resources.

    The attackers exploited so-called “zero days” -- a newly discovered software flaw -- on certain SonicWall remote access products, the company said in a statement.

  • Former manager of Microsoft Taiwan investigated for fraud

    A former manager at the Taiwanese branch of software giant Microsoft was questioned Friday (Jan. 22) about an alleged fraud scam directed against the company.

    In 2016 and 2017, Chang Ming-fang (張銘芳) allegedly colluded with managers of other companies to forge orders to obtain discounts and products at lower prices, UDN reported.

  • School laptops sent by government arrive loaded with malware [iophk: Windows TCO]

    A number of the devices were found to be infected with a "self-propagating network worm", according to the forum, and they also appeared to be contacting Russian servers, one teacher wrote. The Windows-based laptops were specifically infected with Gamarue.1, a worm Microsoft identified in 2012.

  • Ransomware provides the perfect cover

    Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple organizations due to the costs of downtime, recovery, regulatory penalties, and lost revenue. Unfortunately, cybercriminals have added an extra sting to these attacks: they are using ransomware as a smokescreen to divert security teams from other clandestine activities behind the scenes.

    Attackers are using the noise of ransomware to their advantage as it provides the perfect cover to distract attention so they can take aim at their real target: exfiltrating IP [sic], research, and other valuable data from the corporate network.

  • Global ransom DDoS extortionists are retargeting companies

    According to Radware, companies that received this letter also received threats in August and September 2020. Security researchers’ analysis of this new wave of ransom letters suggested that the same threat actors from the middle of 2020 are behind these malicious communications.

    When the DDoS extortion campaign started in August of 2020, a single Bitcoin was worth approximately $10,000. It’s now worth roughly $30,000. The attackers cited this in the latest round of ransom letters, and it represents the impact the rising price of Bitcoin is having on the threat landscape.

    A few hours after receiving the message, organizations were hit by DDoS attacks that exceeded 200 Gbps and lasted over nine hours without slowdown or interruption. A maximum attack size of 237 Gbps was reached with a total duration of nearly 10 hours, the alert warned.

  • Boeing 737 MAX is a reminder of the REAL problem with software | Stop at Zona-M

    And that problem almost never is software.

7 Linux Distros to Look Forward in 2021

Here is a list of most anticipated Linux distributions you should keep an eye on in the year 2021. Read more

Games Leftovers

  • Gaming Like It's 1925: Last Week To Join The Public Domain Game Jam!

    Sign up for the Public Domain Game Jam on itch.io »

  • ujoy(4) added to -current

    With the following commit, Thomas Frohwein (thfr@) added a joystick/gamecontroller driver to -current: [...]

  • The First Online Conference Is Happening Today For The Godot Game Engine - Phoronix

    For those interested in Godot as the premiere open-source 2D/3D game engine or just looking for some interesting technical talks to enjoy this weekend, the first GodotCon Online is today. GodotCon 2021 is the open-source game engine's first entirely online conference for developers, users, and other contributors to this promising open-source project. The YouTube-based event has been running from 8:45 UTC today until 16:00 UTC, but fear not if you missed out as you can already go back and listen to the prior talks in the stream. The recordings will remain available for those wanting to enjoy it in the days ahead. All of the content is free of charge.