Meet the Ubuntu 21.04 "Hirsute Hippo" Artwork by Sylvia Ritter, Made with Krita
Meet the Hirsute Hippo artwork by Sylvia Ritter, made with the powerful, open-source and cross-platform Krita digital painting and raster graphics software. The artwork is inspired by Ubuntu 21.04‘s codename “Hirsute Hippo” and I believe it shows a mama hippo with her cute baby hippo.
Undoubtedly this is yet another masterpiece from Sylvia Ritter, and this time the artwork is made in a format suitable for your mobile phones and tablets since PinePhone has become such a very popular device among Linux fans.
Programming: Mozilla:, GNU C Library, Perl and More
Shortly after posting my usual update on Firefox on POWER, I started to notice odd occasional tab crashes in Fx85 that weren't happening in Firefox 84. Dan Horák independently E-mailed me to report the same thing. After some digging, it turned out that our fix way back when for Firefox 70 was incomplete: although it renovated the glue that allows scripts to call native functions and fixed a lot of problems, it had an undiagnosed edge case where if we had a whole lot of float arguments we would spill parameters to the wrong place in the stack frame. Guess what type of function was now getting newly called?
The addons.mozilla.org (AMO) external API can be used by users and developers to get information about add-ons available on AMO, and to submit new add-on versions for signing. It’s also used by Firefox for recommendations, among other things, by the web-ext tool, and internally within the addons.mozilla.org website.
We plan to shut down Version 3 (v3) of the AMO API on December 31, 2021. If you have any personal scripts that rely on v3 of the API, or if you interact with the API through other means, we recommend that you switch to the stable v4. You don’t need to take any action if you don’t use the AMO API directly. The AMO API v3 is entirely unconnected to manifest v3 for the WebExtensions API, which is the umbrella project for major changes to the extensions platform itself.
The GNU C Library 2.33 release is out today as expected. Exciting with this libc update is HWCAPS in making it easier to load optimized libraries for modern CPUs.
See that linked article from last week for more details but Glibc 2.33 but basically it allows the dynamic linker to load optimized versions of libraries within a glibc-hwcaps directory on the library search path. The HWCAPS correspond to the new x86_64 microarchitecture feature levels and there is similar support for POWER and s390x as well. This is exciting, pending sufficient adoption and usage of this HWCAPS functionality by software vendors to allow for more optimized libraries to automatically get picked up on modern processors without restricting the support for running on older CPUs as well. Red Hat has been working on the x86_64 microarchitecture feature levels and Glibc-HWCAPS over the past year with part of the motivation around allowing more AMD Zen optimizations.
A long time ago, when I was but a budding computer programmer, we used to work in large batches. We were each assigned a programming task, and then we'd go away and hide in our cubicles and bang on the keyboard. I remember my team members spending hours upon hours in isolation, each of us in our own cubicle, wrestling with challenges to create defect-free apps. The theory was, the larger the batch, the better the evidence that we're awesome problem solvers.
Python can be used to generate from simple to very complex graphs. In this segment, we’ll learn how to graph using python.
Please welcome David Wood to the compiler team and Jack Huey to the compiler-contributors group!
David Wood (@davidtwco) has been a frequent contributor to Rust in many different parts of the compiler. Much of David's recent work has been focused on polymorphisation which allows rustc to reduce the number of duplicated generic functions in certain situations and on adding split DWARF support to the LLVM backend. Previously, David has worked on numerous diagnostic improvements, internal compiler error fixes and the non-lexical lifetimes initiative.
The big news of the week is that perl.com was hijacked. According to what I have read the solution seem to be already on its way to recover the domain. If you are using a perl.com host for your CPAN mirror you should use www.cpan.org instead (See this post.) You can also find the content of perl.com on perldotcom.perl.org. Ask brian d foy ([...]) for further details. (See also on Reddit.)
Network Solutions is working with Tom Christiansen, the rightful registrant, on the recovery of the Perl.com domain. There is no estimated timeline for its recovery but the process is underway. The Perl.com site is temporarily at perldotcom.perl.org. Anyone using a perl.com host for their CPAN mirror should use www.cpan.org instead. Please direct all inquiries to brian d foy ([...]).
JJ Merelo has taken the initiative (again, so kudos!) to set up a list of Google Summer of Code proposals for the Raku Programming Language.
Proprietary Software Leftovers
In a recent paper, researchers at the University of Skövde in Sweden ask the question: “How do, and by which strategies should, public sector organisations address lock-in effects before use of commercial SaaS solutions?”. This analysis plays into one of the most relevant debates related to open source in the public sector.
Public sector lock-in to proprietary solutions has been central in arguments put forward by advocates for more use of open source software by public institutions. This research follows earlier academic findings showing how lock-in effects can impose many different types of technical, legal, economic and societal challenges for public sector organisations. But this latest paper analyses the awareness of these risks in the processes of public sector procurement of cloud services.
The authors find that municipalities adopt and use cloud solutions from large global suppliers “under potentially problematic contract terms”. The main example given is the City of Gothenburg, who entered into an agreement with Microsoft for adopting Office365. The City uses Office365 for large scale data processing but has not carried out an impact assessment outlining the jurisdictions in which data can be, and has been, processed.
The study shows a widespread practice amongst PSOs to adopt and use a widely deployed SaaS solution from a global supplier under potentially problematic contract terms. The City of Gothenburg and most other PSOs use their adopted SaaS solution to process data on a large scale with users that are in a position of dependence without having carried out an impact assessment, despite the fact that PSOs are unaware of in which jurisdictions data can be, and have been, processed. Some PSOs identified prior to their adoption and use of their SaaS solution that the terms allow for data processing in several third countries. None of the organisations present any evidence to suggest that they have tried to obtain all necessary patent licences for the ITU-T H.265 standard from third parties which would allow for use of the adopted SaaS solution. Since these licences, in addition to licences for a large number of other standards, would also be needed to allow for implementation of the closed file format standards in software that can be provided by other suppliers it follows that organisations are potentially exposed to significant risks of losing control over their own digital assets.
Findings from the study also show that none of the investigated organisations present any strategy that would allow them to cease using the SaaS solution in a way that exported digital assets can be used and reused by other software applications in the future. The study shows that amongst the few PSOs that present some documented risk analysis there is strong faith that their current supplier will assist in a potential future situation if the PSO decides to abandon their current supplier.
Further, findings show that recommendations presented in the literature for how to maintain digital assets during their entire life-cycle have been ignored by all investigated PSOs. Before adoption of a SaaS solution, none of the organisations had investigated whether digital assets created and maintained in the SaaS solution can be exported in open file formats and open standards to allow use and reuse after exit. Further, none of the investigated PSOs have presented any analysis which addresses how to obtain all licences they require when, and after, the adopted SaaS solution is used. Hence, it is unclear if any of the organisations will be able to interpret their own files without support from their current supplier in a potential future situation when they have ceased to use the SaaS solution.
In summary, all investigated PSOs have failed successfully to address critical issues that need to be considered before adoption and use of a SaaS solution.
One set of petitions challenged WhatsApp’s new privacy policy even when pleas questioning its earlier privacy policy are still pending adjudication. A second set of petitions, including one by Rajya Sabha MP Binoy Viswam, has questioned the steps taken by payment apps run by multinationals like Google, Amazon and Facebook and raised the issue of Pegasus spyware targeting WhatsApp users.
In October 2019, Microsoft won the Defense Department JEDI cloud contract worth up to $10 billion over a period of 10 years, beating out market leader Amazon.
In the paper, DoD says: “Regardless of the JEDI Cloud litigation outcome, the Department continues to have an urgent, unmet requirement. Specifically, the Department’s need for an enterprise-wide, commercial cloud services for all three classification levels, extending from the homefront to the tactical edge, at scale.”
The Department clarified that work on JEDI Cloud would “continue to be paused until the litigation process is complete, and DISA/CCPO remains ready to resume management of the JEDI Cloud work if/when the entire set of litigation is resolved in the Government’s favor.”
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “SMS Bandits,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.
Microsoft is Openwashing Its Proprietary Software and Linux Foundation Uses Lots of Proprietary Software (Including Microsoft's)
