Language Selection

English French German Italian Portuguese Spanish

June 2020

Firefox 78 Available for Download with New Minimal Linux System Requirements

Filed under
Moz/FF

That’s right, Firefox 78 is an ESR (Extended Support Release), which is perfect for enterprises that want to provide their users with a very stable and well-tested Firefox release. ESR branches are usually supported for 12 months.

It replaces the Firefox 68.0 ESR series. This means that GNU/Linux distributions shipping Firefox ESR, such as Debian GNU/Linux, can now upgrade to the latest 78.0 ESR version to offer their users a newer Firefox release with modern features.

Read more

The Linux Foundation's Latest Announcements

Filed under
OSS
  • The Linux Foundation Brings Together IT and Finance Teams to Advance Cloud Financial Management and Education
  • 500 Inspiring Individuals Around the World Receive IT Training & Certification Scholarships from The Linux Foundation
  • The Linux Foundation Brings Together IT and Finance Teams to Advance Cloud Financial Management and Education

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the intent to host the FinOps Foundation to advance the discipline of FinOps through best practices, education, and standards.

    The FinOps Foundation includes 1,500 individual members across the globe, representing more than 500 companies with more than $1 billion in revenue each. In the same way that DevOps revolutionized development by breaking down silos and increasing agility, FinOps increases the business value of cloud by bringing together technology, business and finance professionals with a new cultural set, knowledge skills and technical processes. Companies represented among membership include Atlassian, Autodesk, Bill.com, HERE Technologies, LiveRamp, Just Eat, Nationwide, Neustar, Nike, and Spotify, among others. To become a member and contribute to this work, please visit: https://www.finops.org/

    “Where there is technology disruption, there is opportunity for business transformation. FinOps is exactly this and represents a shift in operations strategy, process, and culture,” said Mike Dolan, vice president and general manager, Linux Foundation Projects. “This type of disruption and transformation is also where community and industry-wide collaboration play critical roles in enabling a whole new market opportunity. We’re pleased to be the place where that work can happen.”

  • SPDX Specification Becomes the Second ISO/IEC JTC 1 Submission From JDF

    Last month, the Joint Development Foundation (JDF), which became part of the Linux Foundation family in 2019, was recognized as an ISO/IEC JTC 1 PAS (“Publicly Available Specification”) submitter. With that recognition, Linux Foundation can put forward specifications to JTC 1 for national body approval and international recognition. Once JTC 1 approves a PAS submission, it becomes an international standard. Also in May, the JDF announced that The OpenChain Specification was the first specification submitted for JTC 1 review for recognition as an international standard.

    The Linux Foundation today announced that the latest SPDX release (version 2.2) is the second specification to be submitted through the JDF to ISO/IEC JTC 1 for approval. In brief, the Software Package Data Exchange (SPDX) is an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance. The first version of the SPDX specification was 10 years ago, and it has continued to improve and evolve to support the automation of more software bill of materials information over the years.

  • Accelerating Open Standards development with Community Specifications

    In an earlier post back in May, the Linux Foundation and Joint Development Foundation (JDF) announced its ability to propose international standards by being recognized as an ISO/IEC JTC1 PAS submitter and that it had submitted its first standard, OpenChain, for international review. We also discussed why Open Standards were essential to the Linux Foundation’s efforts, just as Open Source projects are.

    Today, we’re announcing a new way for communities to create Open Standards. We call it the Community Specification, and it allows communities to develop standards and specifications using the tools and approaches that are inspired and proven by open source developers. It’s standards development explicitly designed for Git-based workflows. The Community Specification brings the frictionless approach of open source collaborations to standards development.

    It’s flexible, enabling small and large standards collaborations. And it’s built for growth. When or if the time is right, Community Specification projects can move to the Joint Development Foundation or another standards body. From there, the Joint Development Foundation can provide a path to international standardization.

  • SODA Foundation Gains New Investments, Expands Charter to Address Increasing Need for Data Autonomy

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the SODA Foundation, previously OpenSDS, is expanding to include both open source software and standards to support the increasing need for data autonomy. SODA Foundation hosts an open source, unified and autonomous data management framework for data mobility from edge to core to cloud.

    Premiere members include China Unicom, Fujitsu, Huawei, NTT Communications and Toyota Motor Corporation. Other members include China Construction Bank Fintech, Click2Cloud, GMO Pepabo, IIJ, MayaData, LinBit, Scality, Sony, Wipro and Yahoo Japan.

GnuCash 4.0 Released

Filed under
GNU

Version 4.0 of the GnuCash finance manager is out. Significant changes include a command-line tool for performing a number of functions outside of the graphical interface, explicit support for accounts payable and accounts receivable, translation improvements, and more.

Read more

Ubuntu 20.04 LTS (Focal Fossa) review

Filed under
Reviews
Ubuntu

Canonical’s latest Ubuntu release, “Focal Fossa”, hit the mirrors at the end of April. So by the time you read this thousands of people will have downloaded it, installed it, and (we’ll wager) been downright impressed with what it has to offer. If you haven’t yet tried it, then you’re in for a treat. Buckle up and we’ll show you what’s new and what you can do with Canonical’s finest.

If you’ve never tried Linux before, Ubuntu 20.04 is a great place to start. You can try it right now (well in the time it takes you to download and write it to a USB stick) without interfering with your current set up.

Read more

A decidedly non-Linux distro walkthrough: Haiku R1/beta2

Filed under
OS
OSS

Earlier this month, the Haiku project released the second beta of its namesake operating system, Haiku.

Haiku is the reimagining of a particularly ambitious, forward-looking operating system from 1995—Be, Inc.'s BeOS. BeOS was developed to take advantage of Symmetrical Multi-Processing (SMP) hardware using techniques we take for granted today—kernel-scheduled pre-emptive multitasking, ubiquitous multithreading, and BFS—a 64-bit journaling filesystem of its very own.

Read more

Linux Cybersecurity: What You Need to Know

Filed under
Linux
Security

More people than ever use Linux. While Windows and macOS still capture most of the market, nearly 2% of all computers use the operating system. While that may not seem like a lot, the usage share has grown immensely over the last few years.

While only 2% of desktop computers use the operating systems, 96.5% of the world’s top million domains are powered by Linux servers. That’s because there’s a lot to love about Linux.

But is Linux safer than macOS and Windows?

Read more

What is End of Life in Ubuntu? Everything You Should Know About it

Filed under
Ubuntu

If you have been following It’s FOSS for some time, you might have noticed that I publish news articles like Ubuntu XYZ version has reached end of life (EoL).

This end of life is one of those essential concepts that every Ubuntu user should be aware of.

This is why I decided to write this detailed guide to explain what does an Ubuntu release reaching end of life means, why it matters to you and how to check when your Ubuntu install has reaches end of life.

Read more

MontaVista adds continuous integration support

Filed under
Hardware

MontaVista announced v3.1 of its Carrier Grade eXpress 3.1 embedded Linux distro based on Linux 5.4 LTS and Yocto 3.1 LTS. CGX 3.1 improves support for CI/CD and is more closely aligned with the Yocto Project.

MontaVista Software has upgraded its Yocto Project based Carrier Grade eXpress to version 3.1 with a focus on Continuous Integration and Continuous Deployment (CI/CD) support. The pioneering embedded Linux firm also announced greater alignment with the Yocto Project development model and vowed increased support for MontaVista’s free, completely open source OpenCGX version.

Read more

Also: Tiny NanoPi NEO3 SBC Targets Networked Storage with GbE and USB 3.0

Games: Shallow Space, Crusader Kings III and Lots More

Filed under
Gaming
  • Shallow Space development resumes, moved to Godot Engine

    Shallow Space, a 3D sci-fi RTS from 2015 that was initially very promising but ultimately ended up in development hell appears to be alive again.

    Writing on Steam, the developer made a post back in May titled "What happened here?" and briefly went over some of the issues. Things like limited resources, things not implemented properly, a publisher backed out on them and a key reseller got hold of a bunch of keys which apparently dried up their sales too.

    The developer went onto mention that since then they've continued learning, becoming a better developer and they've decided they're actually going to give it another go and finish Shallow Space. They've been tinkering behind the scenes for a few months now and have begun talking a little more about their plan.

  • Keep up with Crusader Kings III dev in another explainer video

    Inching ever closer to release on September 1, Crusader Kings III sounds very exciting and the latest developer video diary is out going over decision-making, how to cope with stress, changes made to events, and more.

    The decision system especially sounds like it will make a lot of interesting stories, how you're always working towards something but there's tons of smaller decisions you will be making often to affect characters.

  • Short-form narrative game 'We should talk.' arrives July 16

    It's not what you say, it's how you say it. We should talk. is an upcoming short-form narrative game about having a chat and it looks delightful.

    After a successful Kickstarter campaign, which didn't actually list Linux as a platform, it's confirmed to be releasing with Linux support on July 16. The idea is that it will make you think carefully about the words you choose. Using a 'unique' narrative choice mechanic, you'll craft sentences in response to the in-game characters in We should talk.

  • Monthly Games I've Played In Linux | June 2020

    Show your support and drop a like guys! Showcasing games I've been putting time to within the month, whether they're new or old!

  • Train Valley 2 hits over 1,000 maps on the Steam Workshop

    Need more from Train Valley 2? Well, if you have it on Steam there's an absolute ton of extra community-made content available in the Steam Workshop.

    Train Valley 2 is a train tycoon-style strategy puzzle game. You build tracks to deliver people across a map to different industries, to then deliver products to somewhere else. Build tracks, upgrade your locomotives, keep them constantly moving without letting any crash. It's good fun and some of the included levels are quite a challenge. What about when you've finished though?

    Including a built-in level editor can seriously help the longevity of a game, as there's obviously only so much a developer can directly make. Thankfully, Train Valley 2 has one and it's pretty easy to use which is likely why they've recently hit over 1,000 extra levels for players to play through.

  • Celestial Command adds 3D space physics and a new battle mode

    Celestial Command, a spaceship crafting survival sandbox game that's currently in Early Access doesn't get a lot of attention but it's quietly getting impressive.

    Released into Early Access back in 2014, it's been steadily going a while now. I completely forgot about it in fact, only recently was the first time I actually properly took a look at it. As a huge fan of space games, especially where there's a lot of customization and ship crafting, I'm a bit of a sucker for them and Celestial Command now feels truly promising.

  • Beyond a Steel Sky to release for Linux PC during July

    Beyond a Steel Sky, the exciting looking upcoming game from Revolution Software recently hit Apple Arcade and it appears the Steam release is soon too.

    Confirmed to be launching with Linux support, Beyond a Steel Sky is the long awaited sequel to Beneath a Steel Sky. Revolution Software actually are the original developer of Beneath a Steel Sky, plus Broken Sword: The Shadow of the Templars, Broken Sword II: The Smoking Mirror and more. With the Apple Arcade release out, they mentioned on Twitter that "July will not go by without you being able to play the game on Steam".

More in Tux Machines

Why We Can't Teach Cybersecurity

By Dr. Andy Farnell

I teach cybersecurity. It's something I really believe in, but it's hard work for all the wrong reasons. First day homework for students is watching Brazil, No Country for Old Men, Chinatown, The Empire Strikes Back, or any other film where evil triumphs and the bad guys win. This establishes the right mindset - like the medics at the Omaha beach landing in Saving Private Ryan. Not to be pessimistic, but cybersecurity is a lost cause, at least as things stand today. If we define computer security to be the combination of confidentiality, integrity, and availability for data, and as resilience, reliability and safety for systems, then we are failing terribly on all points.

As a "proof" after a fashion, my students use a combination of Blotto analysis from military game theory, and Lubarsky's law ("there's always one more bug"). It is a dispiriting exercise to see how logic stacks up against the defenders, according to which "the terrorists always win". Fortunately, game theory frequently fails to explain a reality where we are not all psychopathically selfish Bayesian utility maximisers (unlike corporations which are programmed to be). Occasionally hope, compassion, gratitude, and neighbourly love win out.

Could things be worse than having mathematics against you? Actually yes. You could live in a duplicitous culture antithetical to security but favouring a profitable facsimile of it. Perhaps that's a means for obsolete power hierarchies to preserve themselves, or because we don't really understand what "security" is yet. Regardless, that's the culture we have, and it's a more serious problem than you might think, much more so than software complexity or the simple greed of criminals.

My optimism is that if we can face up to facts, we can start to change and progress. It is in the nature of teachers, doctors and drill instructors that we must believe people can change. So I'll try to explore here how this mess happened, how Linux, BSD and free open source software with transparent standards are a plausible even necessary way out of the present computer security crisis, and why the cybersecurity courses at most universities are not helping.

We have to keep faith that complexity, bad language design and reckless software engineering practices are surmountable by smart people. Maybe one day we'll build computers that are 99.9% secure. But that is unlikely to happen for reasons recently explained by Edward Snowden, who describes an Insecurity Industry. Indeed, I was a little disappointed by Snowden's essay which does not go nearly far enough in my opinion.

For me, the Insecurity Industry is not located in a few commercial black-hat operations like Israel's NSO Group, but within the attitudes and practices running through every vein of mainstream computing. As with its leaders, a society gets the technology it deserves. As we revel in cheap imported goods, surveillance capitalism, greed, convenience, manipulation, and disempowerment of users, we reap the security we deserve.

Blaming the cyber-arms trade, the NSO or NSA for answering the demands of cops and criminals alike, is distracting. Without doubt what they are doing is wrong and harmful to everyone, but we can't have secure computing while those who want it are an educated minority. That situation will not change so long as powerful and fundamentally untrustworthy corporations with business models founded on ignorance dominate our digital lives.

Projects of digital literacy started in the nineteen eighties. They kick-started Western tech economies, but faltered in the mid nineties. Programming and "computer studies" which attempted to explain technological tools were replaced by training in Microsoft Word and Excel spreadsheets. Innovation tailed-off. A generation taught to be dependent on tech, not masters of it, are fit only for what David Graeber described as Bullshit Jobs Graeber18.

Into this vacuum rushed "Silicon Valley values" of rent seeking, piggybacking upon established standards and protocols. With a bit of spit, polish, and aggressive marketing, old lamps could be foisted upon consumers. Twenty years later we have a culture of depressed, addicted, but disenfranchised technology users Lanier11.

We have moved from "It's more fun to compute" to "If you've nothing to fear you've nothing to hide". In other words, we've transformed digital technology from a personally empowering choice into systems of near-mandatory social command and control (see Neil Postman's Technopoly postman93). What advantage would any group have in securing their own chains and the weapons ranged against them? A sentiment only half-disguised in young people today is utter ambivalence toward tech.

As states move to reclaim control from social media platforms, public debate has been framed around whether Facebook and suchlike are threats to democracy and ought to be regulated. But this is merely a fragment of a larger problem and of a discussion that has never been properly widened to examine the general dangers of information technology in all its manifest forms, in the hands of governments, businesses, rogue groups and individuals alike.

For me, an elephant in the room is the colossal distance between what we teach and what we practice. Twice convicted monopolists Microsoft set back computing by decades, and in particular their impact on security has been devastating. Yet their substandard wares are still pushed into schools, hospitals and safety-critical transport roles. Even as embarrassing new holes in their products are exposed daily, lobbying and aggressive misinformation from Microsoft and other Big-Tech companies, all of which suffer from appalling privacy and security faults, continues unabated.

Big-tech corporations are insinuating themselves into our public education and health systems without any proper discussion around their place. It is left to well educated individuals to opt-out, reject their systems, and insist on secure, interoperable choices. Advisories like the European Interoperability Framework (EIF is part of Communication COM134 of the European Commission March 2017) recognise that tech is set to become a socially divisive equality issue. The technical poverty of the future will not separate into "haves and have-nots", but "will and the will-nots", those who will trade their privacy and freedom for access and those who eschew convenience for digital dignity.

As the word "infrastructure" (really vertical superstructure) has slyly replaced ICT (a horizontal service) battles have raged between tech monopolies and champions of open standards for control of government, education and health. The idea of public code (see the commentary of David A Wheeler and Richard Stalman) as the foundation of an interoperable technological society, has been vigorously attacked by tech giants. Germany fought Microsoft tooth and nail to replace Windows systems with 20,000 Linux PCs in 2015, only to have Microsoft lobby their way back in, replacing 30,000 desktops with Windows 10 in 2017. Now the Germans seem poised to switch again, this time taking back all public services by mandating support for LibreOffice.

In the UK, several institutions at which I teach are 'Microsoft customers'. I pause to use the term "Microsoft Universities", but they may as well be. Entirely in the pocket of a single corporation, all email, storage networks, and "Teams" communication are supplied by the giant. Due to de-skilling of the sector, the ICT staff, while nice enough people, lack advanced IT skills. They can use off-the-shelf corporate tools, but anything outside lockstep conformity allowed by check-box webmin interfaces is both terrifying and "not supported". I met a secondary school headmaster who seemed proud to tell me that they were not in the pockets of Microsoft, because they had "become a Google Academy". I responded that "as a Linux child", my daughter woudn't be using any of that rubbish either.

Here's a problem; I don't use Microsoft or Google products. At one level it's an ethical decision, not to enrich aggressive bullies who won't pay proper taxes in my country. It's also a well informed technical position based on my knowledge of computer security. For me to teach Microsoft to cybersecurity students would bring professional disgrace. I won't be the first or last person to lose work for putting professional integrity first. They say "Nobody ever got fired for choosing Microsoft". At some institutions that is not merely advice, it's a threat. Security in the shadow of Big-Tech now means job-security, as in the iron rice bowl from which the compliant may feed, but educated independent thinkers must abstain.

A more serious problem is not just that companies like Google and Microsoft are an expensive, controlling foreign corporations supplying buggy software, or that university administrators have given away control of our networks and systems, it's that commercial products are increasingly incompatible with teaching and research. They inject inbuilt censorship and ideological micromanagement into academies and schools.

Another is that "choice" is something of an illusion. Whatever the appearance of competition between, say, Apple and Facebook, Big-Tech companies collude to maintain interlocking systems of controls that enforce each others shared values including sabotage of interoperability, security and inviting regulation upon themselves to better keep down smaller competitors. Big-Tech comes with its own value system that it imposes on our culture. It restricts the learning opportunities of our kids, limits workplace innovation and diversity, and intrudes into our private activities of commerce and health.

In such a hostile environment for teaching cybersecurity (which is to teach empowering knowledge, and why we call it "Ethical Hacking" 1) one may employ two possible methods. First, we can buy in teaching packages reliant entirely on off-site resources. These are the "official" versions of what computer security is. Two commonly available versions come from Cisco and the EC Council. Though slickly presented these resources suffer the same problems as textbooks in fast-changing disciplines. They very quickly go out of date. They only cover elementary material of the "Cyber Essentials" flavour, which ultimately is more about assurance than reality. And they are partial, perhaps even parochial versions of the subject arrived at by committee.

Online courses also suffer link-rot and patchy VM service that breaks lessons. Unlike in-house setups, professors or students cannot debug or change the system, itself an important opportunity for learning. Besides, the track record of Cisco with respect to backdoors no longer inspires much confidence.

The other method is to create "suitcase data-centres". A box of Raspberry Pi single board computers saves the day! The Raspberry Pi Foundation, perhaps modelled after the early digital literacy drives of Acorn/BBC has done more for British education than any dozen edu-tech companies by promoting (as much as it can) openness of hardware and GNU/Linux/Unix software.

Junk laptops running Debian (Parrot Linux) and SBCs make a great teaching setup because a tangle of real network cables, wifi antennas and flashing lights helps visualise real hacking scenarios. Professors often have to supply this equipment using our own money. I rescued a pile of 1.2GHz Intel Atom netbooks from the garbage. Because we are not allowed to connect to university networks, 3/4G hotspots are necessary, again using bandwidth paid for out of my own pocket in order to run classes. Teaching cybersecurity feels like a "forbidden" activity that we sneakily have to do despite, not because of, university support.

Teaching cybersecurity reflects a cultural battle going on right inside our classrooms. It is a battle between two version of a technological society, two different futures. One an empowering vision of technology, the other a dystopian trap of managed dependency. Dan Geer, speaking in 2014 described cybersecurity as a manifestation of Realpolitik. Nowhere does the issue come so clearly to a head as in the schism between camps of Snowden or Assange supporters and the US State, each of which can legitimately claim the other a "traitor" to some ideal of "security".

At the everyday level there is a tension between what we might call real versus fake security. The latter is a festival of form over function, a circus of phones, apps and gizmos where appearance triumphs over reality. It's a racket of productised solutionism, assurance, certification and compliance that's fast supplanting actual security efforts. By contrast, the former is a quiet anathema to "security industry" razzle. It urges thoughtful, modest simplicity, slow and cautious change. It's about what you don't do.

So, in our second lesson we analyse the word "security" itself. Security is both a reality and a feeling. There are perhaps masculine and feminine flavours of security, one following a military metaphor of perimeters, penetration and targets, the other, as Eve Ensler Ensler06 and Brene Brown Brown12 allude, an inner security that includes the right to be insecure and be free from patrician security impositions "for your own good". Finally, there is the uncomfortable truth that security is often a zero-sum affair - your security means my insecurity. While "good" security is a tide that raises all ships, some people misuse security as a euphemism for wielding power.

None of these social and psychological realities fit well into the lacklustre, two dimensional models of textbook computer security. Fortunately a mature discipline of Security Engineering which does not dodge social and political factors has emerged in the UK. Ross Anderson Anderson08 is part of a team leading such work at the Cambridge Cybercrime Centre. One take-away from lesson two is that the word "security" may not be used as a bare, abstract noun. One must ask; security for who? Security from who or what? Security to what end?

Once we begin to examine the deeper issues around device ownership, implied (but infirm) trust models, forced updates, security theatre, and conflicting cyber-laws, we see that in every important respect tech is anarchy. It's a de facto "might is right" free-for-all where much of what passes for "security" for our smartphones, online banking and personal information is "ignorant bullshit" (in the strict academic sense of bullshit according to Harry Frankfurt; that vendors and politicians don't know that they do not know what they are talking about - and care even less Frankfurt05).

Consequently, much of what we teach; the canonical script of "recon, fingerprinting, vulnerability analysis, vector and payload, clean-up, pivoting, escalation, keeping root…", and the corresponding canon of blue team defence (backup, intrusion detection, defence in depth, etc…) - has no context or connection to a bigger picture. It is ephemeral pop that will evaporate as technology changes leaving students with no deeper understanding of what we are trying to do by testing, protecting and repairing systems and data, or why that even matters.

We create more guards for the castles of tech-feudalism - obedient, unthinking security guards employed to carry out the whims of the management class. Leveraged by the unspoken carrot of preferential technical privilege and enforced by the stick of threatened removal of their "security status", they become administrators of new forms of political force. Challenges to grey-area behaviours beyond the legal remit of managers. are proclaimed "security breaches" unless pursued through intractable administrative routes or through appeals that can be deflected with allusions to "policy" or the abstract "security" of unseen authorities. Some of our smartest people are ultimately paid well to shut up and never to think for themselves.

There is a very serious concern that our "Ethical Hacking" courses (which contain no study of ethics whatsoever) are just creating fresh cyber-criminals. Despite the narrative that "we are desperately short of cybersecurity graduates and there are great jobs for everyone", the reality is that students graduate into an extremely competitive environment where recruitment is often hostile and arbitrary. It doesn't take them long to figure that their newfound skills are valuable elsewhere.

Years ago, it became clear to me that we must switch to a model of "Civic Cyber Security". I became interested in the work of Bruce Schneier not as a cryptographer but as an advocate of Technology In The Public Interest. National security is nothing more than the sum-total of individual earned and learned security. That means teaching children as young as five foundational attitudes that would horrify industry.

There is no room to lie back and hope Apple or Google can protect us. Organisations like the UK's National Cyber Security Centre, or US National Security Agency, which have conflicted remits, might wish to be seen as benevolent guardians. Their output has been likened by comedian Stuart Lee to "Mr Fox's guide to hen-house security". Cybersecurity can never be magically granted by those who have a deep and lasting interest in withholding it.

The business of "personal computing" has become ugly. Cybersecurity, in as much as it exists, is a conflicted and unreliable story we tell ourselves about power and tribal allegiances. We can't put on a "good guys" hat and beat "cyber-criminals" so long as we are competing with them for the same thing, exploitable clueless users.

The only questions are whether they are to be sucked dry by ransomware, "legitimate" advertising, or manipulated for political ends. If we are to engage in sincere, truthful education, then we have to call-out Big-Tech for what it is; more a part of the problem than a solution. Those of us who want to explore and teach must still circumvent, improvise and overcome within institutions that pay only lip service to authentic cybersecurity because they are captured by giant corporations

Bibliography

Bibliography

  • [Graeber18] David Graeber, Bullshit Jobs: A Theory, Simon and Schuster (2018).
  • [Lanier11] Jaron Lanier, You Are Not a Gadget, Vintage (2011).
  • [postman93] Neil Postman, Technopoly: The Surrender of Culture to Technology, Vintage Books. N.Y. (1993).
  • [Ensler06] Ensler, Insecure at last, Villard (2006).
  • [Brown12] Bren\'e Brown, The Power of Vulnerability: Teachings on Authenticity, Connection and Courage, Sounds True (2012).
  • [Anderson08] Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley (2008).
  • [Frankfurt05] Harry Frankfurt, On Bullshit, Princeton University Press (2005).

Footnotes:

1

A term made up to attract young students to cybersecurity while assuring parents and politicians.


About the author Dr. Andy Farnell is a computer scientist, author and visiting professor in signals, systems and cybersecurity at a range of European universities. His recent book "Digital Vegan" uses a dietary metaphor to examine technology dependency and over-consumption.

toiday's leftovers

  • Linux Weekly Roundup #158

    Welcome to this week's Linux Roundup. It was a full week of Linux releases with Endless OS 4.0.0 and Deepin 20.3. We hope that you had a good week and may the be a great one ahead!

  • Putting the Open back into Open Source

    Agility has never been more important than it is in today’s disrupted digital world. Leaders in every industry are trying to find a balance between the stability that allows them to plan for the future, while creating highly agile organisations that can quickly respond to new challenges and opportunities. This agility only comes from the ability to innovate at speed, which is why open source communities are as vital as ever. According to SUSE’s recently commissioned Insight Avenue report, Why Today’s IT Leaders are Choosing Open, 84% now see open source as a way to cost-effectively drive this innovation.

  • How To Install Snap on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install Snap on Ubuntu 20.04 LTS. For those of you who didn’t know, Snap also known as Snappy is an alternative package management tool and program package format developed by Canonical, the company behind Ubuntu Linux. All the snaps are usually stored in a central repository called Snap Store from where snaps can be downloaded and installed using the snap command. Snaps work across a range of Linux distributions, which makes them a distro-agnostic upstream software deployment solution. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Snap Package Manager on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • The European Commission To Force Apple To Allow App Sideloading (NASDAQ:AAPL) | Seeking Alpha [Ed: It is NOT called SIDELOADING… it’s called INSTALLING!]

    Investors are ignoring significant regulatory developments for Apple while distracted by Apple Car speculation.

  • Unboxing Busybox: Claroty and JFrog uncovers 14 vulnerabilities

    Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep, and others. You’re also likely to find many OT and IoT devices running BusyBox, including popular programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs)—many of which now run on Linux. As part of our commitment to improving open-source software security, Claroty’s Team82 and JFrog collaborated on a vulnerability research project examining BusyBox. Using static and dynamic techniques, Claroty’s Team82 and JFrog discovered 14 vulnerabilities affecting the latest version of BusyBox. In most cases, the expected impact of these issues is denial of service (DoS). However, in rarer cases, these issues can also lead to information leaks and possibly remote code execution.

  • Perl Weekly Challenge 140: Multiplication Tables
  • Leaky Rakudo

    Yesterday the discord-bridge-bot refused to perform its 2nd job: EVAL All The Things! The EVALing is done via shell-out and requires a fair bit of RAM (Rakudo is equally slim then Santa). After about 3 weeks the fairly simple bot had grown from about halve a GB to one and a halve – while mostly waiting for the intertubes to deliver small pieces of text. I complained on IRC and was advised to take heap snapshots. Since I didn’t know how to make heaps of snapshots, I had to take timo’s directions towards use Telemetry. As snap(:heap) wasn’t willing to surrender the filename of the snapshot (I want to compress the file, it is going to get big over time) I had a look at the source. I also requested a change to Rakudo so I don’t have to hunt down the filename, which was fulfilled by lizmat 22 minutes later. Since you may not have a very recent Rakudo, the following snipped might be useful.

  • Nemiver debugger now in devx SFS

    Mike (mikewalsh) responded with a great link that lists lots of Linux debugger/trace tools. The EasyOS devx SFS already has the 'gdb' CLI utility, and I saw on that link, there are 'ddd' and 'nemiver' GUI frontends for gdb. I went for nemiver and compiled it. The project seems to be almost dead, but then, if it works, perhaps no need for more commits to the git repository. I chose version 0.8.2, not the latest, but it suited me to stay with a gtk+2 based app rather than gtk+3. Two dependencies, 'gtkmm' and 'libgtop', are compiled in OpenEmbedded. I compiled 'libgtksourceviewmm' and 'nemiver' in a running EasyOS and made them into PETs.

Kernel and Graphics: Linux Stuff and GPUs

  • Facebook/Meta Tackling Transparent Page Placement For Tiered-Memory Linux Systems - Phoronix

    Back during the Linux 5.15 cycle Intel contributed an improvement for tiered memory systems where less used memory pages could be demoted to slower tiers of memory storage. But once demoted that kernel infrastructure didn't have a means of promoting those demoted pages back to the faster memory tiers should they become hot again, though now Facebook/Meta engineers have been working on such functionality.  Prior to the Linux 5.15 kernel, during the memory reclaim process when the system RAM was under memory pressure was to simply toss out cold pages. However, with Linux 5.15 came the ability to shift those cold pages to any slower memory tiers. In particular, modern and forthcoming servers with Optane DC persistent memory or CXL-enabled memory, etc. Therefore the pages are still accessible if needed but not occupying precious system DRAM if they aren't being used and to avoid just flushing them out or swapping to disk. 

  • Linux 5.17 To Boast Latency Optimization For AF_UNIX Sockets - Phoronix

    Net-next has been queuing a number of enticing performance optimizations ahead of the Linux 5.17 merge window kicking off around the start of the new year. Covered already was a big TCP optimization and a big improvement for csum_partial() that is used in the network code for checksum computation. The latest optimization is improving the AF_UNIX code path for those using AF_UNIX sockets for local inter-process communication.  A new patch series was queued up on Friday in net-next for improving the AF_UNIX code. That patch series by Kuniyuki Iwashima of Amazon Japan is ultimately about replacing AF_UNIX sockets' single big lock with per-hash locks. The series replaces the AF_UNIX big lock and also as part of the series has a speed-up to the autobind behavior. 

  • Nvidia Pascal GPU, DX12 and VKD3D: Slideshow time! - Boiling Steam

    So Horizon Zero Dawn had a sale recently on Fanatical, and I thought… OK I’ll grab it! It’s time. I first installed it on my workstation that only has a GTX1060 3GB GPU – not a workhorse but a decent card nonetheless for low-to-medium end gaming. I knew very well that Horizon Zero Dawn is a DX12 game and that Pascal architecture (Nvidia 10xx basically) and earlier versions do not play very well with DX12 games running through vkd3d-proton, the DX12 to Vulkan translation layer. Still, I could imagine getting somewhere around 30 FPS on low-to-medium settings, and use FSR if necessary to get to better framerates. Nothing prepared me for the performance I was about to experience.

Linux 5.16-rc3

So rc3 is usually a bit larger than rc2 just because people had some
time to start finding things.

So too this time, although it's not like this is a particularly big
rc3. Possibly partly due to the past week having been Thanksgiving
week here in the US. But the size is well within the normal range, so
if that's a factor, it's not been a big one.

The diff for rc3 is mostly drivers, although part of that is just
because of the removal of a left-over MIPS Netlogic driver which makes
the stats look a bit wonky, and is over a third of the whole diff just
in itself.

If you ignore that part, the statistics look a bit more normal, but
drivers still dominate (network drivers, sound and gpu are the big
ones, but there is noise all over). Other than that there's once again
a fair amount of selftest (mostly networking), along with core
networking, some arch updates - the bulk of it from a single arm64
uaccess patch, although that's mostly because it's all pretty small -
and random other changes.

Full shortlog below.

Please test,

             Linus
Read more Also: Linux 5.16-rc3 Released With Alder Lake ITMT Fix, Other Driver Fixes - Phoronix