today's leftovers
2021 is the year everyone can blast off with Linux! There’s the ageing meme – it’s the year of the Linux desktop! – that’s supposedly a call to arms for mainstream consumer Linux adoption. The irony, of course, is that it hasn’t happened, even though Linux is now running pretty much everything else in the world: from your Android phone and tablets, to the fastest supercomputers and large chunks of the internet. The last holdout is the consumer desktop.
There are very good reasons why Linux hasn’t had a look-in here. The Microsoft Windows monopoly ensures consumers only ever get to see Windows pre-installed on systems they buy and, of course, there’s human laziness to factor in. You might not like it but Windows works well, and has all the software and games people need. So why would the average punter or even business exert any effort to switch?
The Linux power user is a celebrated breed, and one that does not simply burst fully-formed from the earth. All newbies must toil long and hard with their Linux installations before they can describe themselves as one.
As the merge window for the upcoming Mesa release looms, Erik and I have decided on a new strategy for development: we’re just going to stop merging patches.
At this point in time, we have no regressions as compared to the last release, so we’re just doing a full stop until after the branch point in order to save ourselves time potentially tracking down any issues in further feature additions.
It has been a while since I had to write anything about myself. And I do not like starting articles with my name in the first sentence. It’s my not-so-subtle way of rebelling against many English essays I had to write in primary school that began with “My Name Is.” So here we are. My name is Kofi Oghenerukevwe, but everyone I know calls me Rukky. I am a software developer living and working in Delta State, Nigeria, and I am excited about spending the next twelve weeks as an intern with the FSF tech team.
[...]
I have used proprietary software for most of my life, and never thought to question it. While I am sure I have used a ton of other free software in some way or another without knowing it, as a user, my conscious experience with free software is restricted to my preference for Mozilla’s Firefox browser and my use of Wordpress blogs for some purpose or the other in the past. As a developer though, a lot of the tools I love to use -- and a lot of times have to use -- are the free ones. GNU/Linux and MySQL come easily to my mind.
About a year ago, I began thinking about becoming a contributor to the Firefox project because I really love Firefox. For that, I needed to learn C++, and it did not take long for me to realize that C++ is difficult and I maybe did not want to learn C++… yet. I will eventually have to get into it, seeing as I still hope to make games at some point in the future. Firefox was way over my head, but I still wanted to get started contributing something, and so I kept searching for projects to contribute to and somehow, I got to learn about Outreachy. I had done some volunteer work with PHP in the past, so I applied to intern with the FSF through Outreachy because they had a PHP project for the December 2020 through March 2021 cohort of the internship.
As a creative way to “pop the question,” Redditor lmjd14 proposed to his girlfriend using a sequence of Arduino-based puzzle boxes.
As seen here, the first box opens when one inputs a series of codes on a keypad, which relate to important relationship dates, while the second responds to holding down the correct buttons. The third involves a set of colored coins, and the fourth is activated with some RFID-enabled statues from the other boxes.
The final box was unlocked with lmjd14’s now-fiance’s thumbprint, using a GPS module that allows it to be opened only in the correct location. As she said yes, it’s a hack that they will both certainly cherish, and something that will be a great story to tell others in the future!
PureScript is a small strongly, statically typed programming language with expressive types, written in and inspired by Haskell, and compiling to JavaScript. It can be used to develop web applications, server side apps, and also desktop applications with use of Electron.
We have an experimental fix for making v3 onion services work, both client-side and service-side, even while the network is in a degraded state.
There's a new release candidate available for download. If you build Tor from source, you can download the source code for 0.4.5.4-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release in 3-4 days.
We're getting closer and closer to stable here, so I hope that people will try this one out and report any bugs they find.
Microsoft-owned GitHub is facing an employee backlash after it reportedly terminated a Jewish worker for warning in a corporate Slack channel that there were “nazis” present at the U.S. Capitol riot.
Oracle and IBM/Red Hat Leftovers
CloudLinux has named the free CentOS replacement AlmaLinux, which will be available in the first quarter this year. Previously, it was code-named Project Lenix.
CloudLinux announced the drop-in CentOS alternative last month, committing $1 million annually in development.
“The demise of the CentOS stable release left a very large gap in the Linux community which prompted CloudLinux to step in and launch a CentOS alternative,” said Igor Seletskiy, CEO and founder of CloudLinux Inc. “For CloudLinux it was an obvious move: the Linux community was in need, and the CloudLinux OS is a CentOS clone with significant pedigree – including over 200,000 active server instances. AlmaLinux is built with CloudLinux expertise but will be owned and governed by the community. We intend to deliver this forever-free Linux distribution this quarter.”
Last week, Red Hat announced that it’s acquiring StackRox, a California-based Kubernetes security company founded in 2014.
This is one of the most strategic acquisitions for Red Hat, which is squarely focused on increasing the enterprise infrastructure market share. StackRox complements Red Hat’s current portfolio by bringing critical security capabilities missing from its infrastructure and platform offerings.
The founders of StackRox, Ali Goshan and Wei Lien Dang, have a strong security background. Ali worked at Microsoft and PwC as a security researcher while Wei led secure product initiatives at CoreOS, AWS, Splunk, and Bracket Computing. In 2018, StackRox appointed Kamal Shah, an industry veteran, and an investor, as the president and CEO.
Security Leftovers
Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.
Attackers who claim they are responsible for the supply chain attack on the Texas firm SolarWinds, say they have data from their exploits which they wish to sell.
Cyber security solutions provider Bitdefender has released a decryption tool for the DarkSide ransomware, a malware entity that made its appearance in August last year, and one that can attack only Microsoft's Windows operating system.
New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers.
Email security provider Mimecast says it has been informed by Microsoft that a certificate it issued for authentication of Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised.
If you hadn't noticed yet, the internet of things is a security and privacy shit show. Millions of poorly secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids' Barbie doll can now be used as a surveillance tool, and your "smart" tea kettle can now open your wireless network to attack.
Android Leftovers
