today's leftovers

Misc
  • Snapcraft Clinic Successes

    On Thursday I mentioned we were restarting the Snapcraft Clinic. Basically we stand up a regular video call with engineers from the snap and snapcraft team & us from Snap Advocacy. Developers of applications and publishers of snaps are invited to join to troubleshoot.

    There was nothing especially secret or private discussed, but as we don’t record or stream the calls, and I don’t have direct permission to mention the applications or people involved, so I’ll keep this a little vague. In future I think we should ask permission and record the outcomes of the calls.

    We had a few productive discussions. One developer brought an application which they’d requested classic confinement for, and wished to discuss the options for confinement. We had a rather lengthy open discussion about the appropriateness of the available options. The developer was offered some choices, including making changes to their application to accomodate confinement, and another was (as always) not to snap the application. They appreciated our openness in terms of accepting that there are limitations with all software, and not everything always makes sense to be packaged as a snap, at the moment.

    We also had a productive discusison with a representative of a group responsible for publishing multiple snaps. They had difficulties with a graphical snapped application once it had been updated to use core20. The application would launch and almost immediately segfault. As the application was already published in the Snap Store, in a non-stable channel, we were all able to install it to test on our own systems.

  • Kraft Version 0.96

    Ich freue mich, heute das Release Version 0.96 von Kraft herauszugeben. Die neue Version kann über die Homepage heruntergeladen werden.

  • A new data format has landed in the upcoming GTG 0.5

    Diego’s changes are major, invasive technological changes, and they would benefit from extensive testing by everybody with “real data” before 0.5 happens (very soon). I’ve done some pretty extensive testing & bug reporting in the last few months; Diego fixed all the issues I’ve reported so far, so I’ve pretty much run out of serious bugs now, as only a few remain targetted to the 0.5 milestone… But I’m only human, and it is possible that issues might remain, even after my troll-testing.

    Grab GTG’s git version ASAP, with a copy of your real data (for extra caution, and also because we want you to test with real data); see the instructions in the README, including the “Where is my user data and config stored?” section.

    Please torture-test it to make sure everything is working properly, and report issues you may find (if any). Look for anything that might seem broken “compared to 0.4”, incorrect task parenting/associations, incorrect tagging, broken content, etc.

  • MAS ‘Ocean strainer’ technology to be open source

    Inspired by the success of its ‘Ocean Strainer’ floating trash trap, a pilot project launched in the Dehiwala Canal last year, MAS Holdings will make the ‘Ocean Strainer’ technology available to interested parties, to replicate and scale up the solution.

  • Notes on Addressing Supply Chain Vulnerabilities

    One of the unsung achievements of modern software development is the degree to which it has become componentized: not that long ago, when you wanted to write a piece of software you had to write pretty much the whole thing using whatever tools were provided by the language you were writing in, maybe with a few specialized libraries like OpenSSL. No longer. The combination of newer languages, Open Source development and easy-to-use package management systems like JavaScript’s npm or Rust’s Cargo/crates.io has revolutionized how people write software, making it standard practice to pull in third party libraries even for the simplest tasks; it’s not at all uncommon for programs to depend on hundreds or thousands of third party packages.

    [...]

    Even packages which are well maintained and have good development practices routinely have vulnerabilities. For example, Firefox recently released a new version that fixed a vulnerability in the popular ANGLE graphics engine, which is maintained by Google. Both Mozilla and Google follow the practices that this blog post recommends, but it’s just the case that people make mistakes. To (possibly mis)quote Steve Bellovin, “Software has bugs. Security-relevant software has security-relevant bugs”. So, while these practices are important to reduce the risk of vulnerabilities, we know they can’t eliminate them.

    Of course this applies to inadvertant vulnerabilities, but what about malicious actors (though note that Brewer et al. observe that “Taking a step back, although supply-chain attacks are a risk, the vast majority of vulnerabilities are mundane and unintentional—honest errors made by well-intentioned developers.”)? It’s possible that some of their proposed changes (in particular forbidding anonymous authors) might have an impact here, but it’s really hard to see how this is actionable. What’s the standard for not being anonymous? That you have an e-mail address? A Web page? A DUNS number?[3] None of these seem particularly difficult for a dedicated attacker to fake and of course the more strict you make the requirements the more it’s a burden for the (vast majority) of legitimate developers.

    I do want to acknowledge at this point that Brewer et al. clearly state that multiple layers of protection needed and that it’s necessary to have robust mechanisms for handling vulnerability defenses. I agree with all that, I’m just less certain about this particular piece.

  • 26 Firefox Quantum About:Config Tricks You Need to Learn - Make Tech Easier

    “Here be dragons,” reads the ominous disclaimer when you type about:config into Firefox’s URL bar, warning you that tweaking things in this area is largely experimental and can cause instability to your browser.

    Sounds exciting, right? And even though it sounds a little scary, the fact is you will almost certainly be okay when you start playing around in this area and can actually use the features here to improve and speed up your browser. These are Make Tech Easier’s favorite Firefox about:config tricks, freshly updated for Firefox Quantum.

  • Attackers collaborate to exploit CVE-2021-21972 and CVE-2021-21973 - Blueliv
today's howtos

  • How to Install Papirus Icon Theme on Linux Mint 20 – Linux Hint

    Papirus is a popular and eye-catching icon theme. The Papirus icon theme works with various desktop environments, i.e., Cinnamon, GNOME, Unity, etc., and is available in multiple variants. It can be installed on Linux Mint from the PPA repository, installer script, and Debian package.

  • How to Setup Synology NAS? – Linux Hint

    Synology specializes in Network Attached Storage (NAS) devices and software. Synology NAS devices are easy to use and configure. Its built-in DSM (DiskStation Manager) web app allows you to access and configure the NAS from a web browser. Synology’s management web interface, the DSM web app, is one of the best NAS management tools out there. The DSM web app differentiates the Synology NAS from its competitors.

  • How to Install WireGuard VPN on CentOS 8 – Linux Hint

    WireGuard is a popular point-to-point open-source communication protocol that is used to create a secure and fast Virtual Private Network tunnel. This VPN was designed for use in the Linux Kernel. WireGuard is a lightweight VPN that provides extremely fast speeds to users. This article shows you how to install and set up WireGuard on your CentOS 8 system. The installation and setup of WireGuard are much easier than the already-existing VPNs, like OpenVPN, and this is a major reason behind its growing popularity in the Linux community.

  • How to Install Yarn on Linux Mint 20 – Linux Hint

    Yarn is a JavaScript package and dependency management tool that helps users to automate the tasks of installing, updating, removing, and configuring NPM packages. Yarn is an open-source package manager that saves a lot of time for JavaScript programmers because it creates a cache of downloaded packages. Using Yarn, a programmer can easily access and re-use a package without re-downloading it every time. This article shows you how to install Yarn on Linux Mint 20.

  • Linux List All IP Addresses on the Interface – Linux Hint

    All the people who belong to the networking background know that an IP address acts as a unique identifier of the devices within a network. Therefore, we must know the IP addresses of the devices within a network to enable smooth network communication. Today’s article will focus on the different methods of listing all the IP addresses on the Interface in Linux Mint 20.

  • Running Docker Containers on Synology NAS – Linux Hint

    Docker is a containerization platform. Docker is used to running lightweight containers on your computer. Synology NAS has official support for Docker. Docker can be an alternative to virtual machines. If you don’t have enough memory to run virtual machines on your Synology NAS, you can run Docker containers instead. Docker containers require a very little amount of memory and system resources to run. In this article, I will show you how to install and use Docker on Synology NAS. So, let’s get started.

  • How to Enable Automatic Login on Ubuntu 20.04? – Linux Hint

    For Ubuntu’s latest versions, users can enable automatic login for the ease of users. If enabled, then users do not need to type the password whenever they try logging in. If you are the only user of your system, then it is a very useful method for easy access to relevant files. In this article, we will analyze the methods of enabling the automatic login on the Ubuntu 20.04 system.

Databases: MySQL and PostgreSQL Technical Manuals (New)

  • How to Install MySQL on Linux Mint 20 and Ubuntu 20.04?

    MySQL is an open-source, simple, and relational database that uses SQL (Structured Query Language) to manage and manipulate the data.

  • MySQL Add a Column to Existing Table

    MySQL Database System is a highly scalable database service for creating cloud-native applications. Therefore we have to perform different operations while working on it. The ALTER TABLE declaration is being cast-off to add, remove, or alter columns while working on an already existing table in any schema of MySQL. We’ll teach you exactly how to declare a column to an existing table utilizing the MySQL ADD COLUMN expression in this guide.

  • MySQL Count Matching Records With COUNT

    Data redundancy occurs for a lot of reasons. Several of the complicated duties you should cope with while working with database systems is trying to discover duplicate values. For this purpose, We will be using the COUNT() aggregate method. The COUNT() method returns the sum of rows residing in a specific table. The COUNT() function permits you to sum all rows or only rows matching the condition defined. In this guide, You’ll get to know how to identify duplicate values for one or maybe more MySQL columns using COUNT().

  • MYSQL Import Data from CSV File – Linux Hint

    A CSV or comma-separated value document is a delineated text document that distinguishes values from a comma. Every line is its information record. Each data, parted by commas, comprises one or extra fields. The origin of the title for this document layout is the usage of the comma as a field divider. For sharing information between various programs, such documents are used. For instance, Database and contact administrators also endorse CSV files. The theory is that from one program to a CSV document, you may transfer complex information and afterward import the information in that CSV document to some other program. In this tutorial, we will learn how to import data from a CSV file into MySQL workbench. Let’s get started.

  • MYSQL Find Matching Records with LIKE – Linux Hint

    The MySQL LIKE operator tests if a particular character string resembles the pattern mentioned. We will match a portion of the overall data present in a segment that doesn’t need to match precisely. We will cup tie our keyword with the sequence of the information available in columns by using wildcard query in various combinations. MySQL Wildcards are symbols that help match difficult criteria with search results and have been used in combination with a compare operator called LIKE or a contrast operator called NOT LIKE.

  • MySQL Limit Results Returned With LIMIT – Linux Hint

    You eventually hit the stage where data volume greatly increases when we start to deal with DBMS like MySQL. It is difficult for us to manage and use. MySQL has built-in capabilities that make it easy to handle. In MySQL, the LIMIT clause is being used to cut down the number of rows throughout the result set using the SELECT expression. We will discover how to use the MySQL LIMIT clause in this guide to restrict the number of rows that a query returns.

  • MySQL Sort Results with ORDER BY Statement – Linux Hint

    While working with MySQL queries, the results are obtained in the same sequence as the records inserted into the schema utilizing the SELECT command. It’s the standard order for sorting. You would be aiming at how we might arrange our query result. Sorting is re-arranging the outputs of our query in a defined manner. Sorting may be done on one field or more than one field. The ORDER BY statement is being used to arrange the query results in an ascending or descending order in MySQL. The ORDER BY statement organizes data by default in go-up order if ASC or DESC is not specified. The DESC term is being used to organize the data in descending way.

  • MySQL Subqueries – Linux Hint

    A subquery is a SQL query within a greater query that is recursive, or a subquery is considered an internal query. In contrast, an outer query is termed as the query that includes the subquery. A MySQL subquery can be embedded in the queries, including SELECT, INSERT, UPDATE, or DELETE. Furthermore, within another subquery, a subquery may be nestled. The phrase subquery should be closed in brackets wherever it is used. We’ll teach you how and when to use MySQL subquery to compose complicated queries and describe the idea of the associated subquery. Open the command-line shell from your desktop and write your password to start using it. Press Enter and continue.

  • PostgreSQL FAQs – Linux Hint

    According to StackOverflow’s 2020 Annual Developer Survey, PostgreSQL is the second most popular database management system available, and this is not without good reason. Since its initial release in 1996, PostgreSQL, or Postgres, has improved considerably, adding several useful features, including user-defined types, table inheritance, multi-version concurrency control, and more. PostgreSQL is also very lightweight, easy to set up, and can be installed on several platforms, such as containers, VMs, or physical systems. Besides its default GUI, pgAdmin, Postgres also supports over 50 other IDEs, a third of which are free to use. This article will cover some of the most frequently asked questions (FAQs) about PostgreSQL.

9to5Linux Weekly Roundup: February 28th, 2021

This has been a great week of Linux news and releases. We saw lots of goodies, including Kali Linux’s first ISO release in 2021 with the latest Xfce 4.16 desktop environment, a new Firefox release, a new Nitrux release, Xfce’s apps update for February, and more good things from the upcoming GNOME 40 desktop environment. If you missed this week’s most important Linux news, distro and software releases, you can catch up with what’s new in the 9to5Linux Weekly Roundup for February 28th below. Read more

Roman Gilg: Curious Child

Last week we studied window children on X11 and Wayland at a high level. With this general knowledge acquired, we will quickly go through the recent changes to window children in KWinFT's new version. Read more

