• Security updates for Friday [LWN.net]

  Security updates have been issued by Gentoo (freetype), openSUSE (mailman), Red Hat (firefox, java-11-openjdk, OpenShift Container Platform 3.11.306 jenkins, and rh-maven35-jackson-databind), SUSE (kernel, mercurial, openldap2, python-pip, and xen), and Ubuntu (firefox, netty-3.9, and python-pip).

• An Analysis of 5 Million OpenPGP Keys

  In July I finished my Bachelor’s Degree in IT Security at the University of Applied Sciences in St. Poelten. During the studies I did some elective courses, one of which was about Data Analysis using Python, Pandas and Jupyter Notebooks. I found it very interesting to do calculations on different data sets and to visualize them. Towards the end of the Bachelor I had to find a topic for my Bachelor Thesis and as a long time user of OpenPGP I thought it would be interesting to do an analysis of the collection of OpenPGP keys that are available on the keyservers of the SKS keyserver network.

  So in June 2019 I fetched a copy of one of the key dumps of the one of the keyservers (some keyserver publish these copies of their key database so people who want to join the SKS keyserver network can do an initial import). At that time the copy of the key database contained 5,499,675 keys and was around 12GB. Using the hockeypuck keyserver software I imported the keys into an PostgreSQL database. Hockeypuck uses a table called keys to store the keys and in there the column doc stores the OpenPGP keys in JSON format (always with a data field containing the original unparsed data).

  For the thesis I split the analysis in three parts, first looking at the Public Key packets, then analysing the User ID packets and finally studying the Signature Packets. To analyse the respective packets I used SQL to export the data to CSV files and then used the pandas read_csv method to create a dataframe of the values. In a couple of cases I did some parsing before converting to a DataFrame to make the analysis step faster. The parsing was done using the pgpdump python library.

  Together with my advisor I decided to submit the thesis for a journal, so we revised and compressed the whole paper and the outcome was now

• Exploring 8chan's hosting infrastructure | Netcraft News

  In a recent post, Brian Krebs discussed a technique for disrupting 8chan, a controversial message board. Ron Guilmette, a security researcher, spotted that N.T. Technology, the hosting company owned by 8chan’s current operator, no longer has the right to transact business as it is in the “administrative hold” state. ARIN, the Internet registry N.T. Technology obtained its IP address allocation from, would be within its rights to reclaim the IP address space.

  Ron Guilmette is an expert in this type of analysis - last year he discovered the theft of $50 million worth of IP addresses in AFRINIC’s service region.

  However, taking down 8chan is unlikely to be as simple as requesting that ARIN deallocates its IP adddress space. After deallocation, the IP addresses may continue to be advertised as fullbogons - netblocks that are used on the Internet despite not being assigned to an end user. While some Internet service providers do block fullbogons, this is by no means universal.

• 23 Extensions to Enhance your Security and Privacy on Google Chrome and Chromium-based Browser

  According to a statistical report published by Statista in July 2020, Google Chrome accounted for 69% of the global desktop web-browser market share by June 2020, with 11% increase from the last year.

  Google Chrome is mostly based on Chromium which is an open-source web-browser released and maintained by Google. Chromium itself is the base for a dozen other browsers that are compatible with Google Chrome Web store.

  In this article we will guide you through the best privacy and security browser extensions for Google Chrome and Chromium-based web browsers that support Google Chrome Web store.

• Ahmad Haghighi: GitLab blocked Iranians’ access.

  On 3rd Oct. 2020 GitLab blocked Iranians’ access (based on IP) without any prior notice! and five days later (8th Oct.) my friend’s account blocked and still he doesn’t have any access to his projects! even after creating a ticket and asks for a temporary access to only export his projects! GitLab refused to unblock him! (screenshot in appendix). My friend is not the only one who blocked by GitLab, with a simple search on the web you can find a growing list of blocked accounts.
  So I decided to move from GtiLab and EVERY Free Software based/hosted/managed on/in USA.

  When it comes to USA policies, Free Software is a Joke

  GitLab is not the only actor in this discrimination against Persian/Iranian people, we also blocked by GitHub, Docker, NPM, Google Developer, Android, AWS, Go, Kubernetes and etc.

• ‘youtube-dl’ downloading software removed from GitHub by RIAA takedown notice

  This takedown notice does not necessarily spell the permanent end of youtube-dl. GitHub always immediately takes down any source code project that receives a DMCA notice like this, but the project’s creators will have an opportunity to file a counterclaim in the hopes of restoring youtube-dl’s status on GitHub. We’ll be keeping an eye on the situation as it develops.

• RIAA DMCAs GitHub into nuking popular YouTube video download tool, says it can be used to slurp music

  YouTube-DL is pretty simple to use: you give the command-line program the URL of any YouTube video, and it will fetch the material and save it to your computer for future playback.

• Recording Industry Association of America Gets Youtube-dl Kicked Off GitHub

  Microsoft GitHub has removed all traces of the very useful youtube-dl utility for downloading videos from YouTube and other websites, including this one, following a questionable DMCA request from the Recording Industry Association of America.

  youtube-dl is a simple command-line utility that lets you easily download audio adn videos from just about any website with a file file embedded in it. It works on sites like this one. A lot of software, including the popular video player mpv, can use it to download video fragments on the fly so videos embedded in web pages can be opened and played as if they were local files.

  The Recording Industry Association of America submitted a DMCA request to Microsoft GitHub demanding that youtube-dl gets removed from the Internet on October 23rd, 2020. The complaint contains this rather misleading claim: [...]

• How to install NotepadQQ on Linux

  NotepadQQ is an exciting application that attempts to bring Linux users what Notepad++ does on Windows: an impressive, Microsoft Notepad-like text editor that supports various programming languages and other useful features. Here’s how to get it installed on your Linux system.

• How to Install and Configure Squid Proxy on Ubuntu 20.04 | Linuxize

  Squid is a full-featured caching proxy supporting popular network protocols like HTTP, HTTPS, FTP, and more. It can be used to improve the web server’s performance by caching repeated requests, filter web traffic, and access geo-restricted content.

  This tutorial explains how to set up a Squid Proxy on Ubuntu 20.04 and configure Firefox and Google Chrome web browsers to use it.

• How to set up the Jellyfin media server on Linux

  The Jellyfin developers offer up a myriad of ways to install the media server on the Linux platform. From Docker to downloadable DEBs and custom packages in the Arch Linux AUR.

  In this guide, we’ll focus on downloadable packages. However, if you are an advanced Linux user and know how to use Docker, click here to get your hands on it.

  To start installing Jellyfin on your Linux server, open up a terminal window via SSH or by physically sitting in front of it. After that, follow the command-line installation instructions outlined below.

• libtraceevent>=5.9-1 update requires manual intervention

  The libtraceevent package prior to version 5.9-1 was missing a soname link. This has been fixed in 5.9-1, so the upgrade will need to overwrite the untracked files created by ldconfig.

• Parabola GNU/Linux-libre: [From Arch] libtraceevent>=5.9-1 update requires manual intervention

• How to Install and Configure FreeNAS 11.3 U5 Storage on VMware Workstation - SysAdmin

  This video tutorial shows how to install and configure FreeNAS 11.3 U5 Storage on VMware Workstation step by step.

• How to check the sshd Logs on Linux? – Linux Hint

  sshd stands for Secure SHell Daemon. It is a hidden process that silently listens to all the authentication and login attempts of the Linux operating system. It is especially helpful if you are trying to figure out any unauthorized login attempts to your system. In this article, how to check the sshd Logs on Linux is explained.

• How to Check If a Port Is in Use in Linux – Linux Hint

  At any single instance, multiple ports can be open in your system, so it can be useful to determine which ports are open. This article shows you four possible methods to use to check whether a port is in use in Linux.

• Best Books for Learning Linux – Linux Hint [Ed: Caution for spammy links in the referrer spam sense]

  Books are important learning resources for both beginners and experts, but with all the books available on the market, it may be difficult to choose just one. Here, we review five books on Linux to help you choose.

• How to change Chrome profile name

  Chrome has support for multiple profiles. What differentiates one profile from the other is the Google account that is (or isn’t) connected to a profile.

  Users can create a new Chrome profile and sync it with their Google account, or they can skip adding an account and keep everything local. What a user cannot do is create a profile that has no name.

• Google Needs Help to Fix the Latest Android Auto Version

• Humax debuts Aura Android 4k Freeview Play PVR

• Huawei announces its latest Android phones – technology – smart devices

• How to get free Diamonds in Free Fire: Step-by-step guide for Android devices

• Download the iPhone 12 wallpapers here (They work for Android, too!)

• 2 Settings You Need to Enable on Android 11 for Better Notifications

• Best Android phones at Xfinity Mobile

• These 21 Android apps contain adware and can steal your data Delete them now

• Noodlings | Inspiration Is Around You – CubicleNate's Techpad

  This is the 21st hot-pocket-sized podcast that won’t scorch roof of your mouth.

  I have a small collection of vintage or near vintage gaming consoles. I lean mostly in the Nintendo party as I think they have a great grasp on what is fun. I don’t always agree with many of their business practices but the entertainment they have provided is multi-generationally successful. In order to lower the wasted time of hooking these systems up to enjoy and better organize their presentation, I built a Gaming Rack that was inspired by watching a YouTube channel called Retro Recipes. Seeing how nicely laid out and easily enjoyed they were set up, I made the decision that I must adapt this idea to my little world.

• Episode #204 Take the PSF survey and Will & Carlton drop by - [Python Bytes Podcast]

  Python Bytes podcast delivers headlines directly to your earbuds.

• Going Linux #398

  In our second of two parts on editing and managing photos on Linux we describe a few additional applications for you to try. We share what they do but the trying is up to you! We also reveal what we are doing for our 400th episode.

• LHS Episode #374: The Weekender LVIV | Linux in the Ham Shack

  It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

• Hackaday Podcast 090: DIY Linux SBC, HDMI CEC, Fake Bluepills, And SCARA Arms | Hackaday

  Hackaday editors Elliot Williams and Mike Szczys chat about our favourite hacks from the past week. We start off with a bit of news of the Bennu asteroid and the new Raspberry Pi Compute Module. We drive ourselves crazy trying to understand how bobbin holders on sewing machines work, all while drooling over the mechanical brilliance of a bobbin-winding build. SCARA is the belt and pulley champion of robot arms and this week’s example cleverly uses redundant bearings for better precision. And we wrap up the show looking in on longform articles about the peppering of microcontrollers found on the Bluepill and wondering what breakthroughs are left to be found for internal combustion.

The seven official flavors of Ubuntu 20.10 are now available with the latest builds and .iso images and ready for you - Kubuntu, Lubuntu, Xubuntu, Ubuntu Budgie, Ubuntu Kylin, Ubuntu MATE, and Ubuntu Studio - 20.10.

• Quibi apps arrive on Apple TV, Android TV, and Fire TV, but are they too late?

• How to maximise mobile revenue on Android

• Global Redmi Note 7 users have finally received MIUI 12 based on Android 10

• PS5 DualSense unboxing reveals Android and PC support

• OnePlus 8T Smartphone Review: A Supercharged, Gimmick-Free, Android Experience

• Android Auto “Frankenstein” Has a Cooler and Heatsinks, Does Its Job Perfectly

• The Sony PlayStation 5’s DualSense controller works with Android devices and PCs

• Embrace, Extend, and Extensions: Two New Reasons to Delete GitHub, Which Microsoft Ruined for Everyone (Except the Copyright Cartel and Other Censors)
• [Meme] When EPO Staff Claims to be 'Ill' or 'Sick'... During a Pandemic's European Peak
• The EPO Has Relegated or Lowered Itself to Extremely Poor Standards
• Links 23/10/2020: Turing Pi 2, GNU Parallel 20201022
• IRC Proceedings: Thursday, October 22, 2020
• Links 23/10/2020: 'Groovy Gorilla' Everywhere in the News
• For Better 'Tech Rights' in the United States (and the World at Large) the 'Orange Man' Needs to Go

   

• Arduino Blog » Driving a mini RC bumper car with a Nintendo Wii Balance Board

  Taking inspiration from Colin Furze’s 600cc bumper car constructed a few years ago, Henry Forsyth decided to build his own RC miniature version. His device features a 3D-printed and nicely-painted body, along with a laser-cut chassis that holds the electrical components.

  The vehicle is driven by a single gearmotor and a pair of 3D-printed wheels, with another caster-style wheel that’s turned left and right by a servo steering. An Arduino Uno and Bluetooth shield are used for overall control with a motor driver.

  The Bluetooth functionality allows for user interface via a PS4 controller, or even (after a bit of programming) a Wii Balance Board. In the end, the PS4 remote seems to be the better control option, but who knows where else this type of balance technique could be employed?

• Intel Elkhart Lake COM’s offer up to 3x 2.5GbE, SIL2 functional safety

• E3K all-in-one wireless bio-sensing platform supports EMG, ECG, and EEG sensors (Crowdfunding)

  Over the year, The maker community has designed several platforms to monitor vital signs with boards like Healthy Pi v4 or HeartyPatch both of which are powered by an ESP32 WiFi & Bluetooth wireless SoC. WallySci has designed another all-in-one wireless bio-sensing platform, called E3K, that also happens to be powered by Espressif Systems ESP32 chip, and can be connected to an electromyography (EMG) sensor to capture muscle movements, an electrocardiography (ECG) sensor to measure heart activity, and/or an electroencephalography (EEG) sensor to capture brain activity. The board also has an extra connector to connect a 9-axis IMU to capture motion.

• Coffee Lake system can expand via M.2, mini-PCIe, PCIe, and Xpansion

  MiTac’s fanless, rugged “MX1-10FEP” embedded computer has an 8th or 9th Gen Coffee Lake Core or Xeon CPU plus 3x SATA bays, 4x USB 3.1 Gen 2, 2x M.2, 2x mini-PCIe, and optional PCIe x16 and x1.

  MiTac recently introduced a Coffee Lake based MX1-10FEP computer that is also being distributed by ICP Germany. This month, ICP announced that the MX1-10FEP-D model with PCIe x16 and PCIe x1 slots has been tested and classified by Nvidia as “NGC Ready” for Nvidia GPU Cloud graphics boards such as the Nvidia T4 and Tesla P4.

  [...]

  The MX1-10FEP has an Intel C246 chipset and defaults to Windows 10 with Linux on request.

The Wine development release 5.20 is now available.

What's new in this release (see below for details):
  - More work on the DSS cryptographic provider.
  - A number of fixes for windowless RichEdit.
  - Support for FLS callbacks.
  - Window resizing in the new console host.
  - Various bug fixes.

The source is available from the following locations:

  https://dl.winehq.org/wine/source/5.x/wine-5.20.tar.xz
  http://mirrors.ibiblio.org/wine/source/5.x/wine-5.20.tar.xz

Binary packages for various distributions will be available from:

  https://www.winehq.org/download

You will find documentation on https://www.winehq.org/documentation

You can also get the current source directly from the git
repository. Check https://www.winehq.org/git for details.

Wine is available thanks to the work of many people. See the file
AUTHORS in the distribution for the complete list.

Also: Wine 5.20 Released With Various Improvements For Running Windows Software On Linux

When the PinePhone postmarketOS Community Edition smartphone began shipping to customers in September it came with a version of the operating system with one important feature missing: HDMI output.

So when my phone arrived a few weeks ago I was able to spend some time familiarizing myself with the operating system and I could plug in the included Convergence Dock to use USB accessories including a keyboard, mouse, and storage. But I wasn’t able to connect an external display.

Now I can.

• How To Install Ubuntu 20.10 Groovy Gorilla

  This tutorial explains Ubuntu 20.10 Groovy Gorilla computer installation. You will prepare at least two disk partitions, finishing it all in about twenty minutes, and enjoy! Let's start right now.

• How to install Ubuntu 20.10 - YouTube

  In this video, I am going to show how to install Ubuntu 20.10.

• How To Install Webmin on Ubuntu 20.04 LTS - idroot

  In this tutorial we will show you how to install Webmin on Ubuntu 20.04 LTS, as well as some extra required packages by Webmin control panel

• Running Ironic Standalone on RHEL | Adam Young’s Web Log

  This is only going to work if you have access to the OpenStack code. If you are not an OpenStack customer, you are going to need an evaluation entitlement. That is beyond the scope of this article.

• Introduction to Ironic

  The sheer number of projects and problem domains covered by OpenStack was overwhelming. I never learned several of the other projects under the big tent. One project that is getting relevant to my day job is Ironic, the bare metal provisioning service. Here are my notes from spelunking the code.

• Adding Nodes to Ironic

  TheJulia was kind enough to update the docs for Ironic to show me how to include IPMI information when creating nodes.

• Secure NTP with NTS

  Many computers use the Network Time Protocol (NTP) to synchronize their system clocks over the internet. NTP is one of the few unsecured internet protocols still in common use. An attacker that can observe network traffic between a client and server can feed the client with bogus data and, depending on the client’s implementation and configuration, force it to set its system clock to any time and date. Some programs and services might not work if the client’s system clock is not accurate. For example, a web browser will not work correctly if the web servers’ certificates appear to be expired according to the client’s system clock. Use Network Time Security (NTS) to secure NTP.

  Fedora 331 is the first Fedora release to support NTS. NTS is a new authentication mechanism for NTP. It enables clients to verify that the packets they receive from the server have not been modified while in transit. The only thing an attacker can do when NTS is enabled is drop or delay packets. See RFC8915 for further details about NTS.

  NTP can be secured well with symmetric keys. Unfortunately, the server has to have a different key for each client and the keys have to be securely distributed. That might be practical with a private server on a local network, but it does not scale to a public server with millions of clients.

  NTS includes a Key Establishment (NTS-KE) protocol that automatically creates the encryption keys used between the server and its clients. It uses Transport Layer Security (TLS) on TCP port 4460. It is designed to scale to very large numbers of clients with a minimal impact on accuracy. The server does not need to keep any client-specific state. It provides clients with cookies, which are encrypted and contain the keys needed to authenticate the NTP packets. Privacy is one of the goals of NTS. The client gets a new cookie with each server response, so it doesn’t have to reuse cookies. This prevents passive observers from tracking clients migrating between networks.

• Comfortable Motion: Absolutely Cursed Vim Scrolling - YouTube

  Have you ever felt like Vim was too useful and thought hey let's change that, well that's what this dev thought and now we have a plugin called comfortable motion that's adds physics based scrolling into vim, what's physics based scrolling you ask. Well it's scrolling that occurs based on how long you hold down the scroll key.

• Running Cassandra on Fedora 32 | Adam Young’s Web Log

  This is not a tutorial. These are my running notes from getting Cassandra to run on Fedora 32. The debugging steps are interesting in their own right. I’ll provide a summary at the end for any sane enough not to read through the rest.

• Recovering Audio off an Old Tape Using Audacity | Adam Young’s Web Log

  One of my fiorends wrote a bunch of music back in high school. The only remainig recordings are on a casette tape that he produced. Time has not been kind to the recordings, but they are audible…barely. He has a device that produces MP3s from the tape. My job has been to try and get them so that we can understand them well enough to recover the original songs.

  I have the combined recording on a single MP3. I’ve gone through and noted the times where each song starts and stops. I am going to go through the steps I’ve been using to go from that single long MP3 to an individual recording.

• Role of Training and Certification at the Linux Foundation

  Open source allows anyone to dip their toes in the code, read up on the documentation, and learn everything on their own. That’s how most of us did it, but that’s just the first step. Those who want to have successful careers in building, maintaining, and managing IT infrastructures of companies need more structured hands-on learning with real-life experience. That’s where Linux Foundation’s Training and Certification unit enters the picture. It helps not only greenhorn developers but also members of the ecosystem who seek highly trained and certified engineers to manage their infrastructure. Swapnil Bhartiya sat down with Clyde Seepersad, SVP and GM of Training and Certification at the Linux Foundation, to learn more about the Foundation’s efforts to create a generation of qualified professionals.

• Hetzner build machine

  This is part of a series of posts on compiling a custom version of Qt5 in order to develop for both amd64 and a Raspberry Pi.

  Building Qt5 takes a long time. The build server I was using had CPUs and RAM, but was very slow on I/O. I was very frustrated by that, and I started evaluating alternatives. I ended up setting up scripts to automatically provision a throwaway cloud server at Hetzner.

• Integer Scaling To Come With Linux 5.11 For Intel Graphics Driver - Phoronix

  Going back more than a year there have been Intel "i915" kernel graphics driver patches implementing integer mode scaling support while finally for Linux 5.11 in early 2021 the support will have landed.

  Intel added integer mode scaling to their Windows graphics driver back in 2019 to provide better clarity when upscaling games (particularly pixel art type content) and other software. The Linux patches materialized in September 2019 for nearest-neighbor integer mode scaling and then seemingly forgotten about. The capability works with Gen11 / Ice Lake and newer.

• Linux Support for Variable Refresh Rates On Gen12+ Intel GPUs Is On The Way - LinuxReviews

  Intel developer Manasi Navare has submitted a series of patches for the Linux kernel that brings support for variable refresh rates on Intel's latest graphics chips to the Linux kernels i915 driver. The feature is only enabled on Tiger Lake, Sapphire Rapids and newer Intel graphics chips.

  [...]

  You do not need a special "Freesync" monitor to use adaptive vertical synchronization, Freesync is just a marketing term used by AMD. The DisplayPort specification has included variable refresh rate (VRR) as an option feature since DP 1.4 and there are many monitors with support for it that are not marketed as "Freesync" or "gaming" monitors. Monitors that are marketed as "Freesync" support the standard DisplayPort VRR protocol so you don't need to use a AMD graphics card to get the benefits of a Freesync monitor. You will soon be able to use one of the very latest Intel CPU's with integrated graphics or one of Intel's upcoming dedicated graphics cards with Freesync monitors on Linux.

• Salsa updated to GitLab 13.5

  Today, GitLab released the version 13.5 with several new features. Also Salsa got some changes applied to it.

  [...]

  It's been way over two years since we started to use Google Compute Engine (GCE) for Salsa. Since then, all the jobs running on the shared runners run within a n1-standard-1 instance, providing a fresh set of one vCPU and 3.75GB of RAM for each and every build.

  GCE supports several new instance types, featuring better and faster CPUs, including current AMD EPICs. However, as it turns out, GCE does not support any single vCPU instances for any of those types. So jobs in the future will use n2d-standard-2 for the time being, provinding two vCPUs and 8GB of RAM..

• Social Media Regulation and Journalism

  Doc Searls, Katherine Druckman, and Petros Koutoupis talk social media regulation and its relationship to journalism and the threat to Section 230.

• Automation Entropy Factor | Self-Hosted 30

  Chris gets left out in the cold after a Home Assistant glitch, and Alex puts a big batch of USB hard drives to the test

  Plus a great pick for you pack rats, feedback, and more.

• Tribalism and Toxicity in the Linux Community - YouTube

  Gatekeeping, tribalism and toxicity in the Linux community. We're tired of it and it's time to silence it. But WHY does it happen, and HOW do we DEAL with it?

• Oracle Linux 8 Password Aging and Su

• Oracle Linux 8 System Monitoring iostat utility

• ABRT Analytics 2.3.0 released

  A new version of ABRT Analytics (formerly known as FAF) has just been released. From the user’s point of view, you will probably find the following changes the most noticable...

• [Older] Ben Williams: F32-20201016 Updated isos Released

• [Older] Ben Williams: F32-20201001 updated-isos Released

• [Older] OSBuild Project: Release of cockpit-composer 25

• [Older] Release of osbuild 21

• First release of koji-osbuild

• Release of osbuild 22

• Release of osbuild-composer 22

• Introducing RPMrepo

• Resiliency in Banking : A ‘must have’ for continuity in the new reality (Part 2)

  As cited previously, a new business operating environment - whether from an increasingly demanding customer ecosystem or as a result of external events - has necessitated new approaches to understand challenges, adapt, focus, and formulate the new normal. In addition to shifts in the ways consumers interact with banks, internal cultural reluctance to change can be an obstacle. Banking organizations have recognized the need for new operational approaches, but also have often been cautious in light of inherent risks - especially when combining a cloud, data center and on-premises model.

• What's new in Smart Management with Satellite 6.8 - YouTube

• Justin W. Flory: Hacktoberfest 2020 with TeleIRC

  October is here! If you contribute to Open Source projects, you might know that October is the month of Hacktoberfest. DigitalOcean teams up with different partners each year to send a t-shirt (or plant a tree on your behalf) for anyone who makes four GitHub Pull Requests in October. And guess what? TeleIRC is a participating project for you to get your Hacktoberfest t-shirt or tree!

  This post identifies specific tasks the TeleIRC team identified as “good first issues” for Hacktoberfest hackers. They are in order of least difficult to most difficult. Golang developers especially are encouraged to participate!

• Open Source Summit Europe & ELCE 2020

  Following a great virtual ELC & Open Source Summit North America last June/July, Collabora will be attending their European counterparts, Open Source Summit Europe & Embedded Linux Conference Europe, which take place next week, from October 26 to October 29.

  "The 4-day event is dedicated to everything open source and will showcase a program of 250+ talks (conference session, tutorials, BoFs and keynotes) across tracks covering Linux Systems, IoT, AI, Cloud & Cloud Native, OS Dependability, OS Databases, Diversity & Inclusion, OS Leadership, Open Source Program Office Management (TODO) and the Embedded Linux Conference."

  Collaborans will once again be actively participating in the week's activities with no less than 8 presentations on topics including fuzzing Linux drivers with syzkaller, efficient syscall emulation on Linux, demystifying Linux kernel initcalls, creating Debian-based embedded systems in the Cloud using debos, simplifying and reusing your driver's code with regmaps, the new Futux2() system call, and the state of Linux gaming. You can find the details for all of these presentations below.

• [Old] Mozilla WebThings To Become An Independent Open Source Project

  Mozilla has announced that Mozilla WebThings is being “spun out” as an independent open source project. It means that WebThings is no longer going to be a direct project from Mozilla.

  The company says that it’s winding down its direct investment in WebThings. This transition will happen to stabilize the WebThings gateways around the world. Now, WebThings is getting an independent domain and will work on the web of things, independent of Mozilla.

• Firefox on Fedora with OpenH264 – Martin Stransky's Blog

  Firefox on Fedora which sits in the updates [F32][F31] right now comes with enabled OpenH264 Cisco decoder for video playback and fdk-aac-free used for audio decoding.

  It’s implemented by GMP (Gecko Media Plugin) API so the OpenH264 is not used through ffmpeg library but Firefox sandboxed interface, the same as Firefox uses for Widevine CDM plugin.

  The OpenH264 GMP video playback is a fallback solution when system ffmpeg is missing and internal ffvpx library can’t decode the stream, so ffmpeg from RPM Fusion is always a better alternative if you can install it.

  The video streams are decoded by system wide OpenH264 2.1.1 which is shipped by Fedora as mozilla-openh264 rpm package. Even if Mozilla OpenH264 (1.8.1) plugin is installed in your profile and claimed at about:plugins page, the Fedora system one is used.

• GNU Parallel - News: GNU Parallel 20201022 ('Samuel Paty') [Savannah]

  GNU Parallel 20201022 ('Samuel Paty') has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/

  Please help spreading GNU Parallel by making a testimonial video like Juan Sierra Pons: http://www.elsotanillo.net/wp-content/uploads/GnuParallel_JuanSierraPons.mp4 It does not have to be as detailed as Juan's. It is perfectly fine if you just say your name, and what field you are using GNU Parallel for.

 

•  
  

  Psychotherapy centre's database [cracked], patient info held ransom

                   
  

                     

  The Helsinki-based company said that the [crackers] who [copied] the data made attempts to extort money in exchange for its return.

• EU imposes sanctions on GRU officers over ‘Fancy Bear’ cyberattacks

  The Council of the European Union has imposed sanctions on two Russian citizens and a military intelligence center due to cyberattacks targeting Germany’s parliament in 2015 and the Organization for the Prohibition of Chemical Weapons (OPCW) in 2018. This was announced in the latest volume of the Official Journal of the European Union. The United Kingdom announced plans to enforce these sanctions, as well. 

• Open Education and Artificial Scarcity in Hard Times

  The sudden move to remote education by universities this year has forced the inevitable: the move to an online education. While most universities won’t be fully remote, having course materials online was already becoming the norm before the COVID-19 pandemic, and this year it has become mandatory for millions of educators and students. As academia recovers from this crisis, and hopefully prepares for the next one, the choices we make will send us down one of two paths. We can move towards a future of online education which replicates the artificial scarcity of traditional publishing, or take a path which fosters an abundance of free materials by embracing the principles of open access and open education.

  The well-worn, hefty, out-of-date textbook you may have bought some years ago was likely obsolete the moment you had a reliable computer and an Internet connection. Traditional textbook publishers already know this, and tout that they have embraced the digital era and have ebooks and e-rentals available—sometimes even at a discount. Despite some state laws discouraging the practice, publishers try to bundle their digital textbooks into “online learning systems,” often at the expense of the student. However, the costs and time needed to copy and send thousands of the digital textbooks themselves is trivial compared to their physical equivalent. 

• Hybrid open access risks limiting researchers’ publishing options

  In the case of the 34 Nature-branded journals, the first step is a “read and publish” deal with Germany’s Max Planck institutes, allowing affiliated researchers to both access the journals and to publish in them open access. The OA fee that Max Planck will pay is based on a cost of €9,500 (£8,600) per article. The publisher, Springer Nature, says that it is in discussions to allow authors worldwide to publish open access in Nature journals from next year.

  The UK alone spends more than £25 million on OA journal publishing annually, but the proportion that goes to large commercial publishers for OA in hybrid journals has increased year-on-year. The average cost for publishing in hybrid journals also continues to increase steadily.

  This trend has been evident since Springer Nature launched its leading OA journals, Nature Communications and Scientific Reports. In 2018 alone, these journals received more than £1.6 million from 30 UK research-intensive institutions. In 2019, Elsevier launched 100 new OA journals and the humanities publisher IEEE launched 13.

• Cloud Foundry Is A Developer Experience For Kubernetes | Chip Childers

• OpenStack Foundation Rebrands as Open Infrastructure Foundation

  Also announced at the Open Infrastructure Summit was the OpenStack Victoria open source cloud platform, with improved integration with Kubernetes and enhanced IPv6 support. / In a keynote at the event, Thierry Carrez, vice president of engineering at the Open Infrastructure Foundation, said his personal definition for cloud native is applications designed to run on programmable infrastructure. "Cloud native requires programmable infrastructure, and open infrastructure provides an open source solution for that," Carrez said. "So cloud native and open infrastructure really go together like bread and butter."

• OpenStack Foundation transforms into the Open Infrastructure Foundation

  The writing was on the wall two years ago. The OpenStack Foundation was going to cover more than just the OpenStack Infrastructure-as-a-Service (IaaS) cloud. Today, that metamorphosis is complete. The Foundation now covers a wide variety of open-source cloud and container technologies as the Open Infrastructure Foundation.

• LLVM Clang 12 Adds Support For Vectorization Using Glibc's Vector Math Library - Phoronix

  Upstream LLVM/Clang now supports making use of the vector math library found within the GNU C Library.

  Clang 12 will allow for vectorization using libmvec via the -fvec-lib=libmvec compiler option.

• Notes to self on frama-c | Richard WM Jones

  Frama-C is a giant modular system for writing formal proofs of C code. For months I’ve been on-and-off trying to see if we could use it to do useful proofs for any parts of the projects we write, like qemu, libvirt, libguestfs, nbdkit etc. I got side-tracked at first with this frama-c tutorial which is fine, but I got stuck trying to make the GUI work.

• Why I Dislike Switch Statements

  Of course this is a contrived example, but readers will hopefully agree it's representative of the construct.

• Setup - Full Stack Tracing Part 2 - KDAB

  If you’ve read the first article in this series, you’ll know what full stack tracing is and why you definitely want it. This time, we’ll show you how to setup full stack tracing on your Linux system. There are two steps – first get everything configured to capture a trace, and then view and interpret the trace.

  Setup full stack tracing with a bit of kernel help

  To capture a trace, we’ll be using LTTng (Linux tracing toolkit next generation) in our examples. LTTng captures tracepoints with minimal overhead. This is something you definitely want, as too much extra CPU introduced by tracing can change the system’s behavior, even causing it to fail unpredictably. Another factor in LTTng’s favor is that it’s well supported by the open source community.

  LTTng was designed to record kernel level events. However, you’ll also want to use its user space tracepoints to capture application level events. That will give you consistent visibility, regardless of where execution moves throughout the software stack. User space tracepoints is critical to the setup of full stack tracing as it lets you integrate application, Qt, and kernel tracepoints together in a single view.

• Mariuz's Blog: Firebird 3.0.7 sub-release is available

  Firebird Project is happy to announce general availability of Firebird 3.0.7 — the latest point release in the Firebird 3.0 series.This sub-release offers many bug fixes and also adds a few improvements, please refer to the Release Notes for the full list of changes.Binary kits for Windows, Linux, Mac OS and Android platforms are immediately available for download.All users of Firebird v3.0.6 are

• Use of self or $this in PHP – Linux Hint

  In PHP object-oriented programming, we have the self keyword and $this variable that is used for different purposes. The self keyword represents current and static members of the class. While the $this variable represents current object and non-static members of the class. More about these are discussed in this article.

• 4 C programming courses for every skill level

  Even with so many other system-level languages to choose from, C remains the popular choice. Many key projects—such as the Linux kernel and the Python runtime—still use C, and they will likely do so indefinitely. For some fields of computing, like embedded programming, C is a must.
  And there has never been a better time to learn C. Resources abound, from books to guided courses. Here we’ll look at four major online course offerings for learning C programming, each aimed at different levels of user and offering different approaches. For instance, one combines learning C with learning Linux, while another teaches C and C++ together.

• rand() Function in C Language – Linux Hint

  In the C language, the rand() function is used for Pseudo Number Generator(PRNG). The random numbers generated by the rand() function are not truly random. It is a sequence that repeats periodically, but the period is so large that we can ignore it. The rand() function works by remembering a seed value that is used to compute the next random number and the next new seed. In this article, we are going to discuss in detail how random numbers can be generated using the rand() function. So, let’s get started!

• A bug by any other name – Open Source Security

  This tweet from Jim Manico really has me thinking about why we like to consider security bugs special. There are a lot of tools on the market today to scan your github repos, containers, operating systems, web pages … pick something, for security vulnerabilities. I’ve written a very very long series about these scanners and why they’re generally terrible today but will get better, but only if we demand it. I’m now wondering why we want to consider security special. Why do we have an entire industry focused just on security bugs?

  Let’s change the conversation a little bit. Rather than focus on security bugs, let’s ask the question: Which bugs in a given project should we care about?

  There are of course bugs an attacker could use to compromise your system. There are also bugs that could result in data loss. Or bugs that could bring everything down. What about a bug that uses 10% more CPU? Every piece of software has bugs. All bugs are equal, but some bugs are more equal than others.

  We are at a time in software history where we have decided security bugs are more equal than other bugs. This has created entire industries around scanning just for security problems. Unfortunately the end goal isn’t always to fix problems, the goal is often to find problems, so problems are found (a LOT of problems). I think this is a pretty typical case of perverse incentives. You will always find what you measure. The pendulum will swing back in time, maybe we can help it swing a little faster.

• Why you should use ppport.h in your XS code modules | Karl Williamson [blogs.perl.org]

  
  
  
  
  The answer comes down to two words: Security and Reliability.
  As a bonus, less work on your part.
  
  
  
  
  It's surprising to find that there are modules on CPAN that aren't using
  ppport.h that could stand to benefit from it.
  
  
  
  
  ppport.h is a file that is part of the Devel::PPPort distribution. As you
  know, Perl has evolved over the years, adding new features, and new API for XS
  writers to use. Some of that is to support the new features, and some to make
  tasks easier to accomplish. ppport.h implements portions of the API that
  people have found desirable to have when a module gets installed in a Perl that
  was released before that API element was created. You can write your module
  using the latest API, and have it automatically work on old Perls, simply by
  #including ppport.h in your XS code. ppport.h generally provides support for
  an API element as is reasonably practicable, with many supported to 5.03007.
  
  
  
  
  Importantly, but often overlooked, ppport.h can override buggy early Perl
  implementations of an API element. By using it, you get fixed, proper
  behavior. That sure beats trying to reproduce a reported problem in your
  module that only happens in some ancient Perl, and then try to come up with a
  workaround in an area you aren't familiar with.
  
  
  
  
  This is especially important if your XS code interacts with Unicode in any way.
  Early versions of the Unicode standard and early Perls allowed things that we
  now know are potential attack vectors. Right now, someone could be using your
  module to hack into systems, so you are actually being negligent if you don't
  use ppport.h.
  
  
  
  
  If your XS code has preprocessor #if statements that check for the existence of
  functions, macros, etc, that are only in later perls, you can generally avoid
  that by simply using ppport.h
  

LibreOffice 7.1 is being developed by our worldwide community, and is due to be released in early February 2021 -- see the release notes describing the new features here.

In order to find, report and triage bugs, the LibreOffice QA team is organizing the first Bug Hunting Session for LibreOffice 7.1 on Monday October 26 , 20 20 . Tests will be performed on the first Alpha version. Builds will be available for Linux (DEB and RPM), macOS and Windows, and can be installed and run in parallel along with the production version.

Also: Camera Rotation Improvement - LibreOffice / Collabora Office

• openSUSE Tumbleweed – Review of the week 2020/43 – Dominique a.k.a. DimStar (Dim*)

  During this week, we have only released 3 snapshots (1019, 1021, and 1022). a bunch of snapshots has been tested and discarded due to some bugs we, and surely either you, did not want to see on your machines. But as usual; lesser snapshots do not mean less change, as things just cumulate until we feel confident to send a snapshot out again.

• Introducing the Open Build Service Connector [Ed: SUSE sucking up to Microsoft's openwashed proprietary software as usual]

  That’s right. The Open Build Service Connector is built around bookmarks of packages and projects. Bookmarks can be used to browse a project, its packages and its files. Additionally, you can view the configured repositories and adjust project paths and architectures.

  Individual packages or whole projects can be checked out directly from within Visual Studio Code to the file system similarly as one would do via osc. OBS’ version control is seamlessly integrated into Visual Studio Code’s Source Control module and can be used in a comparable fashion to the git extension.

• Richard Brown: MicroOS Desktop, The Road to Daily Driving - LinuxReviews

  openSUSE Chairman and MicroOS Release Engineer Richard Brown presented OpenSUSE's minimal MicroOS Linux distribution as a potential desktop operating system at the openSUSE+LibreOffice Virtual Conference 2020 last week in a half an hour long presentation. MicroOS is a minimal Linux distribution primarily made for cloud services, IoT devices, containers and those types of use-cases. It could potentially also be used as a light desktop system similar to ChromeOS and an alpha version of MicroOS for Desktop is available. There are some problems to be solved on the road to a stable release as Richard Brown explains.

• Laptop Touchpad Improvements, New Joystick Driver For Linux 5.10 - Phoronix

  The Linux 5.10 merge window is closing this weekend but there still is new code landing for this last complete kernel series of 2020.

  The input subsystem updates were sent in on Friday morning and include some new drivers and other work. As previously reported, there is better support for newer Synaptics laptop touchpads with this kernel. There is Synaptics RMI4 F3A support for buttons on newer touchpads helping the likes of the ThinkPad X1 Extreme Gen1 and P1 Gen2. There is also InterTouch now enabled for the ThinkPad P1/X1E Gen2 devices.

• Sensor Fusion Hub Driver For AMD Laptops With Gyroscopes Is Coming To Linux 5.11 - LinuxReviews

  It's been a long and hard road to acceptance for AMD's Sensor Fusion Hub Linux driver. The first revision was submitted to the Linux kernel Mailing List in January 2020. It took eight revisions and a lot of effort before Jiří Kosina finally accepted it into the hid.git#for-5.11 tree, almost guaranteeing that it will become a part of Linux 5.11.

  [...]

  Sandeep Singh didn't give up. He submitted a fourth revision with fingers crossed on February 12th, 2020. Intel's Linux driver engineer Andy Shevchenko rejected it on the grounds that it had long list of issues and concluded that it would need "a bit of work".

  Sandeep Singh sent a firth revision to the Linux Kernel Mailing List on the May 29th. Intel's Andy Shevchenko several additional objections and Sandeep Singh had to go back to the drawing-board.

• AMD SFH Driver To Land With Linux 5.11 For Better Ryzen Laptop Handling In 2021 - Phoronix

  It was sadly too late for squeezing into the current Linux 5.10 merge window but it looks like for Linux 5.11 in early 2021 the AMD Sensor Fusion Hub "SFH" driver will make its long awaited debut.

  The AMD SFH driver is similar to the long-standing Intel ISH driver for supporting the sensor hub on modern laptops. The AMD SFH support is needed for laptops bearing gyroscopic sensors and other capabilities.

  Back in January AMD finally published the Sensor Fusion Hub Linux driver for supporting the Ryzen laptops of recent years. With time the driver was revised to address various feedback but wasn't quick to get picked up for mainline and at times several weeks passing between code revisions.

• Intel Sends Linux Kernel Patches For VRR / Adaptive-Sync Enablement - Phoronix

  For months now Intel's open-source Linux driver stack has been preparing for VRR support with Gen11/Gen12 graphics. We've seen user-space patches by Intel around VRR while now they are finally sending out their key Linux kernel driver patches with the i915 DRM code.

  This kernel code is what's needed for actually enabling DisplayPort 1.4 Adaptive-Sync / Variable Refresh Rate on capable Intel graphics hardware with capable displays. The 11 patches add just under 300 lines of new code to their kernel driver in making the necessary VRR preparations and handling for this display feature.

• Episode 32: Our New "Python Basics" Book & Filling the Gaps in Your Learning Path

  Do you have gaps in your Python learning path? If you're like me, you may have followed a completely random route to learn Python. This week on the show, David Amos is here to talk about the release of the Real Python book, "Python Basics: A Practical Introduction to Python 3". The book is designed not only to get beginners up to speed but also to help fill in the gaps many intermediate learners may still have.

• Sentiment Analysis in Python With TextBlob

  In this article, we will take a look at how we can use the TextBlob library for sentiment analysis. We will also go through an example of how to analyze tweet sentiments.

• Levene's & Bartlett's Test of Equality (Homogeneity) of Variance in Python

  Here you will learn how to carry out two tests for equality of variances in Python: Bartlett's test and Levene's Test

• Python Code to Delete a File – Linux Hint

  We can use Python for performing various operations on file and directories, i.e., check the existence of files, verify the existence of directories, and remove the files and directories. Python provides a built-in operating system (OS) module for this purpose. By using the OS module, we can access the system files, directories, and we can delete them as well. Therefore, to perform any operation on file or directory, first, we need to import the OS module. In this article, we will learn to delete the file by using Python.

• Check If File Exists in Python – Linux Hint

  Python provides a built-in operating system (OS) module that can be used to access OS files and directories. Any computer user often finds the need to check whether a file exists in a system. For example, suppose you are working on a file system and want to make sure that a file is available before performing any major operations on it. If you attempt to navigate or open a non-existent file, then this would cause an error. This article shows you how to use various Python file-checking mechanisms.