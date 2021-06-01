Language Selection

today's leftovers

Submitted by Roy Schestowitz on Thursday 24th of June 2021 07:13:09 PM Filed under
Misc
  • Cockpit Project: Cockpit 247

    Cockpit is the modern Linux admin interface. We release regularly.

    Here are the release notes from Cockpit version 247 and Cockpit Machines version 246.

  • Audacity gets a CLA

    The Audacity multi-track audio editor and recorder got its start in the previous century; it is a popular application that is available for multiple platforms, and it is licensed under the GPLv2 or later. But Audacity has been acquired by a newly formed organization called Muse Group; that event has caused something of an uproar in its community. The problem, at least in part, is the new Contributor License Agreement (CLA) required to contribute to Audacity.

    The acquisition of the project was announced in an early-May YouTube video posted by Martin Keary ("Tantacrul"); that news was subsequently confirmed on the Audacity web site.

  • This Week in Rust 396
  • Mozilla Racial Justice Commitments: One Year In

    One year ago, we made a set of commitments to make diversity and inclusion more than a catchphrase or hot button topic. We decided to roll up our sleeves and get busy establishing significant goals, putting resources behind them and making sure that everyone, including our company leadership, was taking action to create a more diverse and equitable place at Mozilla and in society.

    We have taken steps to address the issue of anti-Black racism and the lack of diversity and inclusion in our company, and hopefully, in society, through programming and people initiatives. We have seen a significant increase in participation in diversity and inclusion initiatives, and perhaps, equally important, in our engagement survey results and in particular the increased scores on diversity and inclusion questions by people of color and women. While we have made strides on many of the goals established on June 18, 2020, we recognize this progress is the “First Step Toward Lasting Change.” We continue to be committed through our actions and resources to improve Mozilla as a place to work for people of color and the internet for all.

  • DejaGnu 1.6.3 released

    DejaGnu 1.6.3 was released on 16 June 2021. Many bugs are fixed in this release and active development is resuming, though perhaps at a slow pace.

  • Fedora and supply-chain attacks

    The specter of more events like the SolarWinds supply-chain attacks is something that concerns many in our communities—and beyond. Linux distributions provide a supply chain that obviously needs to be protected against attackers injecting malicious code into the update stream. This problem recently came up on the Fedora devel mailing list, which led to a discussion covering a few different topics. For the most part, Fedora users are protected against such attacks, which is not to say there is nothing more to be done, of course.

    The SolarWinds attacks subverted the normal update mechanism of various tools to install malware on systems throughout much of the US government; the malware then exploited other flaws to get access to email and other data. Huzaifa Sidhpurwala posted a message to the mailing list on June 11 wondering whether the rekor tool might be useful in helping to prevent similar attacks against Fedora. Rekor comes from the sigstore project that was announced by the Linux Foundation back in March.

    Sigstore is meant as a mechanism to securely record cryptographic signatures of binaries, packages, container images, and similar build artifacts in a tamper-proof ledger. The project was founded by Red Hat, Google, Purdue University, and the Linux Foundation.

  • Linux Foundation Launches GitOps Training Courses

    The Linux Foundation has joined hands with the Cloud Native Computing Foundation (CNCF) and Continuous Delivery Foundation (CDF) to announce the immediate availability of two new, online training courses focused on GitOps, or operation by pull request, a powerful developer workflow that enables organizations to unlock the promise of cloud native continuous delivery.

    Introduction to GitOps (LFS169) is a free introductory course providing foundational knowledge about key GitOps principles, tools and practices, to help build an operational framework for cloud native applications primarily running on Kubernetes. The course explains how to set up and automate a continuous delivery pipeline to Kubernetes, leading to increased productivity and efficiency for tech roles.

Programming Leftovers

  • Dirk Eddelbuettel, R, C++, Rcpp

    Release 0.3.9 of the RcppGSL package arrived at CRAN today, pretty much exactly one year since the last upload. The RcppGSL package provides an interface from R to the GNU GSL by relying on the Rcpp package. This release brings some small documentation and CI polish, and enables builds on the newer (and still experimental) windows ‘UCRT’ flavor (which will bring native utf-8 chars to Windows, see this and this write-up) thanks to a PR by Jeroen.

  • View statistics about your code with Tokei

    This addition is helpful, but what if you want to know the same information about projects in your local repository? That's where Tokei comes in handy. It's a tool that tells you code statistics about a project, which is especially useful when you want to build a project with people who are proficient in different languages.

  • William Lachance: Mini-sabbatical and introducing Irydium

    Approaching my 10-year moz-iversary in July, I’ve decided it’s time to take a bit of a mini-sabbatical: I’ll be out (and trying as hard as possible not to check bugmail) from Friday, June 25th until August 9th. During this time, I’ll be doing a batch at the Recurse Centre (something like a writer’s retreat for programmers), exploring some of my interests around data visualization and analysis that don’t quite fit into my role as a Data Engineer here at Mozilla. In particular, I’m planning to work a bunch on a project tentatively called “Irydium”, which pursues some of the ideas I sketched out last year in my Iodide retrospective and a few more besides. I’ve been steadily working on it in my off hours, but it’s become clear that some of the things I want to pursue would benefit from more dedicated attention and the broader perspective that I’m hoping the Recurse community will be able to provide.

  • Security engineering and machine learning

    I describe a number of new attacks and defences that we’ve discovered in the past three years, including the Taboo Trap, sponge attacks, data ordering attacks and markpainting. I argue that we will usualsly have to think of defences at the system level, rather than at the level of individual components; and that situational awareness is likely to play an important role.

    Here now is the video of my talk.

  • Lens vs. List Learning

    The concept is this: There are two main ways we learn—passively and actively. Or as I put it before, via osmosis or via algorithm.

    Here’s another way to look at it.

  • Automating rule-based services with Java and Kogito | Red Hat Developer

    Business automation today is a constant and critical task for organizations that seek to formalize policies and ensure that they can be executed, maintained, monitored, and applied during daily operations. This article demonstrates how to use the Kogito engine to automate business rules by implementing them in the Drools Rules Language (DRL). DRL is common in Drools-based projects. To start using it with Kogito, you need to understand the concept of rule units. You'll learn how to work with rule units in practice by writing a Java service that automates a piece of business logic with rule units and minimal coding. These capabilities are now part of Red Hat Process Automation Manager 7.11.x, released on June 17.

Digital Restrictions (DRM) Leftovers

  • You Don't Own What You've Bought: Peloton Treadmill Edition

    We've written so many stories about how you don't own what you've bought any more due to software controls, DRM, and ridiculous contracts, and it keeps getting worse. The latest such example involves Peloton, which is most known for its extremely expensive stationary bikes with video screens, so that you can take classes (usually on a monthly subscription). I will admit that I don't quite understand the attraction to them, but so many people swear by them. The company also has branched out into extremely expensive treadmills with the same basic concept, but that product has been in the news for all the wrong reasons lately, after a six year old child died in an accident with the device (for what it's worth, that article links to a page on the Peloton site where the article says Peloton posted an open letter to its customers about the accident, but the letter is no longer at that link).

  • Spielberg's Production Company Inks Multi-Film Deal With Netflix, I Guess To Win A Bunch Of Emmys Instead Of Oscars

    Way back in the ancient history of 2019, famed director Steven Spielberg became something of the front man for the aging Hollywood crowd that sees streaming services as somehow deficient when he announced plans to push the Academy to disallow Oscar nominations for films that appeared first on streaming services, arguing they should instead be considered for Emmys. Spielberg's plans were for naught, however, as the Academy refused to ban stream-first films from nominations. This led to Spielberg, directly and through mouthpieces, walking back his very clear intentions so as to pretend that he felt differently than was the reality. I'll stress again that all of this occurred all of two years ago.

  • Peloton Treadmill Safety Update Requires $40 a Month Subscription

    Peloton’s Treadmills cost between $2,500 and $4,000. They’ve also injured 70 people and killed one child. Peloton issued a recall on the treadmills after an investigation by the U.S. Consumer Product Safety Commission (CPSC). Those who kept the Tread+ got a nasty shock in their inbox recently: After the treadmill downloaded an update Peloton said was designed to make the device safer, users reported they could no longer run on it without paying Peloton a $39.99 per month subscription fee.

  • NBCUniversal, Amazon Reach Deal to Bring Peacock to Fire TV Devices

    The deal with Amazon, whose Fire TV devices have over 50 million active users, could help NBCUniversal’s one-year-old streaming service boost its subscriber base as it competes in a heavily saturated streaming market. Though Comcast said in late April that 42 million users had signed up for the service, the Wall Street Journal reported on Wednesday that fewer than 10 million have paid for the service, which starts at $4.99 a month for an ad-supported subscription tier.

Sparky 2021.06

Sparky 2021.06, the semi-rolling release which is based on Debian testing “Bullseye” is out. Debian Bullseye is hard frozen now, and is going to Full Freeze soon, so it is perfect time to give Sparky 6 a try before become stable. Read more

