today's leftovers

• Distro Delights, New Release Mania, Forking KDE, Windows in a Bottle

  If you are looking for a really cool Linux computing platform with lots of extras and a twist on traditional desktop design, check out Modicia OS Ultimate. Italy-based Modicia Web Design and Development Company recently released its latest upgrade — Modicia O.S. 22. You probably won’t stumble on this gem in hiding if you distro hop or browse through traditional outlets for Linux operating systems; but it is definitely a discovery worth finding. It is one of the easiest Linux offerings I have used. Modicia Ultimate installs without hassles and has no learning curve to get started. It is a great platform for personal and small business use as well. Get it here. The popular CentOS alternative, AlmaLinux, is now available on Oracle Cloud. AlmaLinux OS Foundation on May 5 announced its availability on the Oracle Cloud Infrastructure marketplace, continuing AlmaLinux’s penetration into the cloud.

• The Linux Foundation and Fintech Open Source Foundation Announce the Schedule for Open Source in Finance Forum London 2022, July 13

• OSI to the European Commission: make space for patent-free standards too

  One of the biggest hidden challenges facing the software and technology world is the evolving conflict between old electronics vendors and the new software-defined universe. It’s arising because of patents embedded within international standards. We think it needs fixing because it especially affects Open Source. It may come as a surprise to find that some supposedly “open“ standards – including those ratified by standards development organizations (SDOs) like ISO, CEN and ETSI – can’t be implemented without going cap-in-hand to the world’s largest companies to buy a license. This is because both the SDOs and regulators allow so-called SEPs – “standard-essential patents” – to be tolerated due to the legacy approach of standards in hardware contexts.

Programming Leftovers

• Interacting with the Pootle Bot on Gerrit

  Have you received “A polite ping, still working on this bug?” message on one of your Gerrit submissions? You can simply send an arbitrary reply to avoid the patch being abandoned within a month. Here we discuss more about Pootle bot, which is one of the QA (Quality Assurance) tools for the LibreOffice QA team to manage old submissions.

• Optimizing your QML application for compilation to C++

  This is the start of a series of posts where I'm going to share some insights on how to adjust a QML application to get the most out of qmlsc, the QML Script Compiler. In contrast to previous posts, I won't talk about the abstract architecture or the high level picture.

• Compiling QML to C++: Annotating JavaScript functions

  This is the second installment in the series on how to adjust your QML application to take the maximum advantage of qmlsc. In the first post we've set up the environment and taken an initial measurement. I highly recommend reading that one first.

• PaloAlto init-cfg.txt Bootstrap Config file Layout with Examples

  When you install and configure the PaloAlto firewall, when the firewall boots up for the first time, it does the bootstrapping process. PaloAlto uses the settings defined in the bootstrap files, including the init-cfg.txt and bootstrap.xml under the config folder to configure the initial state of the firewall.

• $30 compact multi-sensor board works with any microcontroller with I2C (Crowdfunding) - CNX Software

  SENSE is a compact multi-sensor board supporting measurement of air quality, sound, light intensity, temperature, proximity, etc… and designed by Zack Seifert, a seventeen-year-old electronics enthusiast and president of his school’s robotics team.

• I will just quickly do a blog post...

  I got ”inspired” by my writing of the previous blog post, and wrote in a channel about my experience some time ago. So why not also do a blog post about doing a blog post :) So… I was planning to use GitLab’s Pages feature via my Hugo fork as usual to push it through. So like, concentrate on writing and do a publish, right, like in good old times? I did so, but all I got both locally and in remote pipeline was stuff like…

• Rust: A Critical Retrospective

  Since I was unable to travel for a couple of years during the pandemic, I decided to take my new-found time and really lean into Rust. After writing over 100k lines of Rust code, I think I am starting to get a feel for the language and like every cranky engineer I have developed opinions and because this is the Internet I’m going to share them. The reason I learned Rust was to flesh out parts of the Xous OS written by Xobs. Xous is a microkernel message-passing OS written in pure Rust. Its closest relative is probably QNX. Xous is written for lightweight (IoT/embedded scale) security-first platforms like Precursor that support an MMU for hardware-enforced, page-level memory protection. In the past year, we’ve managed to add a lot of features to the OS: networking (TCP/UDP/DNS), middleware graphics abstractions for modals and multi-lingual text, storage (in the form of an encrypted, plausibly deniable database called the PDDB), trusted boot, and a key management library with self-provisioning and sealing properties. One of the reasons why we decided to write our own OS instead of using an existing implementation such as SeL4, Tock, QNX, or Linux, was we wanted to really understand what every line of code was doing in our device. For Linux in particular, its source code base is so huge and so dynamic that even though it is open source, you can’t possibly audit every line in the kernel. Code changes are happening at a pace faster than any individual can audit. Thus, in addition to being home-grown, Xous is also very narrowly scoped to support just our platform, to keep as much unnecessary complexity out of the kernel as possible.

• Huang: Rust: A Critical Retrospective

  Andrew 'bunnie' Huang has posted an extensive review of the Rust language derived from the experience of writing "over 100k lines" of code.

• This Week In Rust: This Week in Rust 443

• Caolán McNamara: Dark Style Preference with GTK

  Added something to track the org.freedesktop.appearance.color-scheme property as used by the GNOME 42 Dark Style Preference setting. Screencast recorded with the new iteration of GNOME's screen built-in recorder which is quite snazzy.

Security Leftovers

• Security updates for Thursday [LWN.net]

  Security updates have been issued by Fedora (microcode_ctl, rubygem-nokogiri, and vim), Mageia (htmldoc, python-django, and python-oslo-utils), Red Hat (container-tools:2.0, kernel, kernel-rt, kpatch-patch, and pcs), SUSE (ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud, autotrace, curl, firefox, libslirp, php7, poppler, slurm_20_11, and ucode-intel), and Ubuntu (bind9, gnome-control-center, and libxrandr).

• Apple Safari, Microsoft Windows 11 & Teams, Hacked During $800,000 0-Day Fest [Ed: Microsoft puts back doors in its things, so security is never the goal, nor is it accomplished]

• Red Hat Kubernetes security report finds people are the problem

  Kubernetes, despite being widely regarded as an important technology by IT leaders, continues to pose problems for those deploying it. And the problem, apparently, is us. The open source container orchestration software, being used or evaluated by 96 per cent of organizations surveyed [PDF] last year by the Cloud Native Computing Foundation, has a reputation for complexity. Witness the sarcasm: "Kubernetes is so easy to use that a company devoted solely to troubleshooting issues with it has raised $67 million," quipped Corey Quinn, chief cloud economist at IT consultancy The Duckbill Group, in a Twitter post on Monday referencing investment in a startup called Komodor. And the consequences of the software's complication can be seen in the difficulties reported by those using it.

• CISA Releases Analysis of FY21 Risk and Vulnerability Assessments | CISA

  CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments (RVAs) conducted across multiple sectors in Fiscal Year 2021 (FY21).

• ISC Releases Security Advisory for BIND

  The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

• CVE-2022-1183: Destroying a TLS session early causes assertion failure

  An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.