today's leftovers

• Installation And First Look At Mageia 8

  Mageia is a GNU/Linux distribution that is a community project begin life as Mandrake, which then became Mandriva, which then became Mageia. This is a rpm-based distro that uses a static release model and is known for stability.

• OpenShot: Windows Movie Maker Of Linux - YouTube

  OpenShot is one of those video editors that everyone tries at least once, and I feel like it should stay at only once. While it's not unusable you could get some work done with it, it has some serious limitations as a video editor that take all the fun out of making videos.

• Google Patches Actively-Exploited Flaw in Chrome Browser

  A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.

  Google has fixed a high-severity vulnerability in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the flaw.

  The vulnerability is one of 47 security fixes that the tech giant rolled out on Tuesday in Chrome 89.0.4389.72, including patches for eight high-severity flaws.

• GOGGLES: Democracy dies in darkness, and so does the Web

  This paper proposes an open and collaborative system by which a community, or a single user, can create sets of rules and filters,called Goggles, to define the space which a search engine can pull results from. Instead of a single ranking algorithm, we could have as many as needed, overcoming the biases that a single actor (the search engine) embeds into the results. Transparency and openness, all desirable qualities, will become accessible through the deep re-ranking capabilities Goggles would enable. Such system would be made possible by the availability of a host search engine, providing the index and infrastructure, which are unlikely to be replicated without major development and infrastructure costs. Besides the system proposal and the definition of the Goggle language, we also provide an extensive evaluation of the performance to demonstrate the feasibility of the approach. Last but not the least, we commit the upcoming Brave search engine to this effort and encourage other xsearch engine providers to join the proposal.

• hipSYCL Sees Work-In-Progress Support For Intel oneAPI Level Zero Backend

  hipSYCL, the innovative implementation of Khronos' SYCL for targeting CPUs and GPUs by integrating with existing toolchains, is seeing work on supporting Intel oneAPI Level Zero for running directly off Intel graphics hardware. The open-source hipSYCL project already supports SYCL CPU-based execution via OpenMP, targeting NVIDIA GPUs using CUDA, and targeting AMD Radeon graphics using HIP/ROCm. Now with a new work-in-progress back-end is support for Intel graphics using Level Zero. The hipSYCL project is one of several SYCL implementations aiming to support various CPUs and GPUs/accelerators while so far it's been one of the most diverse. The hipSYCL project supports most of SYCL 2020 at present.

• The Apache News Round-up: week ending 5 March 2021 : The Apache Software Foundation Blog

  Welcome, March! We've had a great week within the Apache community.

• Is your Cloud infrastructure securely configured?

  The trend toward deploying security as part of the DevOps process has been shifting left the security and compliance processes. The DevSecOps practices have introduced processes to inspect application-code, Docker, and Kubernetes. These practices have allowed teams to detect and fix security issues faster and provide high-quality and compliant code. Still, many admins of Cloud accounts are securing account configuration by configuring an account via a UI, running a configuration assessment scan, and then fixing any issues found. While this might lead eventually to a securely configured account, they are essentially experimenting with an account until it becomes secure.

• Delivering more flexible and tailored cloud-native management with the latest version of Red Hat Advanced Cluster Management for Kubernetes

  Today, we’re pleased to announce the general availability of Red Hat Advanced Cluster Management for Kubernetes 2.2, which delivers even greater integration and customization to how enterprises manage cloud-native workloads and environments. This latest release simplifies and streamlines operations and captures additional performance metrics to ensure optimization of Red Hat OpenShift clusters. Introduced in the summer of 2020, Advanced Cluster Management for Kubernetes enables organizations to manage multiple Kubernetes clusters and automate multi-cluster application deployments across the hybrid cloud. As the industry’s leading enterprise Kubernetes platform, Red Hat OpenShift is a crucial component in how organizations build a more agile hybrid cloud, and Advanced Cluster Management for Kubernetes helps these enterprises get the most out of these deployments by extending and scaling Red Hat OpenShift clusters.

• OpenBSD/loongson on the Lemote Fuloong

  This machine uses the same CPU than the Yeeloong, a Loongson 2F which is a single-core MIPS-III 64-bit processor running at 800/900 MHz.

  As hinted in my previous article, contrarily to the Yeeloong, the Fuloong is less strict with the type of RAM it accepts, and my device is happily running with a Kingston 2GB DDR2 SO-DIMM module (ASU256X64D2S800C6), replacing the original 512MB module.

• waylandmar21

  While struggling with Pfizer second dose side effects yesterday, with little ability to do anything serious – so surreal to have a fever yet also certainty you’re not actually ill[1] – I thought I’d try building the branch of Emacs with native Wayland support, and try starting up Sway instead of i3. I recently upgraded my laptop to Debian bullseye, as I usually do at this stage of our pre-release freeze, and was wondering whether bullseye would be the release which would enable me to switch to Wayland. Why might I want to do this? I don’t care about screen tearing and don’t have any fancy monitors with absurd numbers of pixels. Previously, I had been hoping to cling on to my X11 setup for as long as possible, and switch to Wayland only once things I want to use started working worse on X11, because all the developers of those things have stopped using X11. But then after upgrading to bullseye, I found I had to forward-port an old patch to xfce4-session to prevent it from resetting SSH_AUTH_SOCK to the wrong value, and I thought to myself, maybe I could cut out some of the layers here, and maybe it’ll be a bit less annoying. I have a pile of little scripts trying to glue together xfce4 and i3 to get all the functionality I need, but since there have been people who use their computers for similar purposes to me trying to make Sway useful for quite some time now, maybe there are more integrated solutions available. I have also been getting tired of things which have only ever half-worked under X, like toggling autolock off when there isn’t fullscreen video playing (when I’m video conferencing on another device, I often want to prevent my laptop’s screen from locking, and it works most of the time, but sometimes still locks, sigh). I have a “normalise desktop” keybinding which tries to fix recurrent issues by doing things like restarting ibus, and it would be nice to drop something so hackish.

• Robert Kaiser: Mozilla History Talk @ FOSDEM

  The FOSDEM conference in Brussels has become a bit of a ritual for me. Ever since 2002, there has only been a single year of the conference that I missed, and any time I was there, I did take part in the Mozilla devroom - most years also with a talk, as you can see on my slides page. This year, things were a bit different as for obvious reasons the conference couldn't bring together thousands of developers in Brussels but almost a month ago, in its usual spot, the conference took place in a virtual setting instead. The team did an incredibly good job of hosting this huge conference in a setting completely run on Free and Open Source Software, backed by Matrix (as explained in a great talk by Matthew Hodgson) and Jitsi (see talk by Saúl Ibarra Corretgé).

• An Introduction to WebAssembly

  WebAssembly, also called Wasm, is a Web-optimized code format and API (Application Programming Interface) that can greatly improve the performances and capabilities of websites. Version 1.0 of WebAssembly, was released in 2017, and became an official W3C standard in 2019. The standard is actively supported by all major browser suppliers, for obvious reasons: the official list of “inside the browser” use cases mentions, among other things, video editing, 3D games, virtual and augmented reality, p2p services, and scientific simulations. Besides making browsers much more powerful than JavaScript could, this standard may even extend the lifespan of websites: for example, it is WebAssembly that powers the continued support of Flash animations and games at the Internet Archive. WebAssembly isn’t just for browsers though; it is currently being used in mobile and edge based environments with such products as Cloudflare Workers. [...] There are more and more programming language communities that are supporting compiling to Wasm directly, we recommend looking at the introductory guides from webassembly.org as a starting point depending what language you work with. Note that not all programming languages have the same level of Wasm support, so your mileage may vary.

• NXP i.MX 9 processors to integrate Arm Ethos U-65 microNPU, EdgeLock secure enclave

  NXP i.MX 6 and i.MX 8 processors are widely used in industrial boards and systems-on-module, and the company has now teased a new family with i.MX 9 processors integrating Arm Ethos-U65 1 TOPS microNPU, as well as the company’s EdgeLock secure enclave for increased security. The company did not provide that many technical details, so we still don’t know which CPU cores, GPU, and exact peripherals will be found in the processor. But we do know the i.MX 9 processors will be manufactured with a 16/12nm FinFET class of process technology optimized for low power, and features the “Energy Flex” architecture that combines “heterogeneous domain processing (independent applications processor and real-time domains with a separate low-power multi-media domain), design techniques, and process technology to maximize performance efficiency”. That means most blocks of the processor can be turned off for low power audio or CAN networking use cases, and other industrial applications requiring fast boot, defined as sub-100 milliseconds boot time.

Programming Leftovers

• How to Use bulk_create() in Django? – Linux Hint

  Django framework can be used to create a web application with a database by writing script in models.py and views.py files of the Django app. The data can be inserted into the database tables by using Django Administration Dashboard or by writing a script in the views.py file. Django Administration Dashboard requires a login for an authenticated user to access the tables of the database. Single or multiple records can be inserted into the database tables by writing a script. bulk_create() method is one of the ways to insert multiple records in the database table. How the bulk_create() method is used to insert the multiple data in a Django database table will be shown in this tutorial.

• How to Use Django Channel – Linux Hint

  Django is a popular Python framework used to develop web apps using the WGSI (Web Server Gateway Interface) and ASGI (Asynchronous Server Gateway Interface) server specifications. WGSI is used for developing synchronous Python apps, and AGSI is used for developing asynchronous and synchronous web apps. Channel is a useful feature of Django that is used to handle WebSocket, chat protocol, etc. alongside the HTTP protocol. Channel is built on the ASGI server specifications. A two-way interactive communication session between the user’s browser and the server can be opened using a WebSocket. The client initiates the WebSocket connection and the server responds with an accept or close message. The WebSocket messages are pushed into the channel using producers and sent to the consumers that are listening on the channel. This tutorial shows you how to use channels to handle WebSocket messages.

• Python range() Explained: What It Is and How to Use It - Make Tech Easier

  One aspect of programming that many tutorials don’t tell you upfront is the amount of looping and counting you’ll have to do. As such, any programming language worth its salt will offer ways to enumerate numbers in a repeated way. The Python range sequence type is one of those methods.

• Monthly Report - February

  Apology for the delay in monthly report, usually I get it released on first day of the month. Last month was the shortest month of the year as you all know, so getting things done became relatively harder. What is in store this time? Well, there were two things that took away all the attentions.

• PHP version 7.4.16 and 8.0.3 - Remi's RPM repository - Blog

  RPMs of PHP version 8.0.3 are available in remi-php80 repository for Fedora 31-33 and Enterprise Linux (RHEL, CentOS). RPMs of PHP version 7.4.16 are available in remi repository for Fedora 32-33 and remi-php74 repository for Fedora 31 and Enterprise Linux (RHEL, CentOS).

• Deno 1.8: Node.js alternative gets 'out of the box GPU accelerated machine learning' [Ed: Microsoft Tim is now promoting Deno, as Deno supports Microsoft monopoly on many levels. The Register is not what it once was...]

  The Deno project has released version 1.8, including experimental support for the WebGPU API enabling "out-of-the-box GPU accelerated machine learning." [...] There is also a new language server, used to support smart features in code editors, that works with both Visual Studio Code and other editors. The TypeScript version in Deno 1.8 has been upgraded to the latest 4.2.

• Planning the Rust 2021 Edition

  The Rust 2021 Edition working group is happy to announce that the next edition of Rust, Rust 2021, is scheduled for release later this year. While the RFC formally introducing this edition is still open, we expect it to be merged soon. Planning and preparation have already begun, and we're on schedule! If you're curious what features Rust 2021 will introduce or what the timeline for getting the edition released on stable is, keep reading!

Proprietary Software and Security Issues: Microsoft Serving Malware, Ransomware, and FUD

• Development on Windows is Painful

  Overall, I think I can at least tolerate this development experience. It's not really the most ideal setup, but it does work and I can get things done with it. It makes me miss NixOS though. NixOS really does ruin your expectations of what a desktop operating system should be. It leaves you with kind of impossible standards, and it can be a bit hard to unlearn them.

  A lot of the software I use is closed source proprietary software. I've tried to fight that battle before. I've given up. When it works, Linux on the desktop is a fantastic experience. Everything works together there. The system is a lot more cohesive compared to the "download random programs and hope for the best" strategy that you end up taking with Windows systems. It's hard to do the "download random programs and hope for the best" strategy with Linux on the desktop because there really isn't one Linux platform to target. There's 20 or something. This is an advantage sometimes, but is a huge pain other times.

  The conclusion here is that there is no conclusion.

• Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

  Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information.

  The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.

  Internal developer projects typically use standard, trusted code dependencies that are housed in private repositories. Birsan decided to see what would happen if he created “copycat” packages to be housed instead in public repositories like npm, with the same names as the private legitimate code dependencies.

• Ryuk ransomware develops worm-like capabilities, France warns

  A new sample of Ryuk ransomware appears to have worm-like capabilities, according to an analysis from the French National Agency for the Security of Information Systems (ANSSI), France’s national cybersecurity agency.

• FireEye finds evidence Chinese [crackers] exploited Microsoft email app flaw since January [iophk: Windows TCO]

  Cybersecurity group FireEye on Thursday night announced it had found evidence that [crackers] had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors.

  [...]

  Since then, FireEye found evidence that the hackers had gone after an array of victims, including “US-based retailers, local governments, a university, and an engineering firm,” along with a Southeast Asian government and a Central Asian telecom.

• Does Linux Need Antivirus? [Ed: Avast: Let's badmouth GNU/Linux to make proprietary software sales, with back doors in them, based on the supposition that crap on top of poor practices will somehow yield better results]