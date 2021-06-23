Language Selection

Free Software and 'Open Source' Leftovers

Submitted by Roy Schestowitz on Thursday 22nd of July 2021 06:06:28 PM
Software
  • Syncing all the things

    Computing devices are wonderful; they surely must be, since so many of us have so many of them. The proliferation of computers leads directly to a familiar problem, though: the files we want are always on the wrong machine. One solution is synchronization services that keep a set of files up to date across a multitude of machines; a number of companies have created successful commercial offerings based on such services. Some of us, though, are stubbornly resistant to the idea of placing our data in the hands of corporations and their proprietary systems. For those of us who would rather stay in control of our data, systems like Syncthing offer a possible solution.

    The core idea behind synchronization systems is essentially the same for all of them: given a list of directories and a list of systems, ensure that those directories have the same contents on each system. If a file is added on one, it is copied out to the rest; modifications and deletions are (usually) propagated as well. The trouble is always in the details, though; from fiddly setup procedures to data corruption and security problems, there are a lot of ways in which synchronization can go wrong. So users have to put a lot of trust in these systems; open source code is an important step toward that goal, but it is also necessary to believe that the developers involved have thought carefully through the issues.

  • New pg_validate_extupgrade tool available

    I'm pleased to announce the release of pg_validate_extugprade, version 1.0.0 beta.

  • How to manage feedback on your open project | Opensource.com

    People who let open principles guide their leadership practices in open organizations inevitably find themselves fielding feedback. Lots of feedback.

    That's by design. Open leaders invite comment and critique on just about anything they can.

    But it also poses a regular challenge: How to sift through, manage, evaluate, and address that feedback in authentic and useful ways?

    Members of the Open Organization project got a taste of this process recently. Working on the Open Leadership Definition—a robust, collaborative description of the specific mindsets and behaviors associated with open styles of leadership—collaborators solicited community-wide feedback on a multi-hundred-word draft document. The results were impressive—even if a bit intimidating.

  • Do you own a connected device? Here’s why you should be wary of the Peloton lock issue.

    A growing number of us have connected devices in our homes, offices, driveways and even our bodies. The convenience and fun of integrating a device with daily life is real, but there haven’t been nearly enough conversations about who owns that data and how much consumers are letting big companies into their lives in unexpected ways. A current example: Peloton.

    By now, nearly everyone has heard of Peloton exercise bikes, from the viral ad when they first launched to questions about the security on President Biden’s bike. Peloton’s popularity is largely tied to its design as a connected device with an extensive online community. Peloton also makes treadmills. Tragically, a 6-year old was recently killed in an accident on one of these treadmills. Due to safety concerns, Peloton issued a recall and added a feature called Tread Lock that requires a four-digit passcode to keep their treadmills from starting up for anyone without authorized access.

  • In a complete non-surprise, Mozilla hammers final nail in FTP's coffin by removing it from Firefox

    Mozilla has finally expunged File Transfer Protocol (FTP) from the Firefox browser – an action already taken by other major browsers like Chrome and Edge, making Firefox 89.0 the last bastion of the protocol.

    The company explained yesterday that it will end FTP support in Firefox 90 as part of its drive to a browser that's all HTTPS, all the time.

    Mozilla announced its FTP-flaying intentions way back in 2015, and said the change was necessary because the protocol lacked proper encryption. The resulting transfer of files in the clear represented an obvious security issue, as it meant miscreants could easily download, steal and even transmit modified data.

  • The Linux Foundation Announces Conference Schedule for Open Source Summit + Embedded Linux Conference 2021 [Ed: The so-called 'Linux' Foundation has once again sold a keynote slot to people from Microsoft. They will promote proprietary software in an "Open Source" event. The so-called ‘Linux’ Foundation: We don’t use Linux, we don’t promote Linux, we just use the name…]
  • The Linux Foundation Announces Conference Schedule for Open Source Summit + Embedded Linux Conference 2021
Programming Leftovers

  • Is GitHub a derivative work of GPL'd software?

    GitHub recently announced a tool called Copilot, a tool which uses machine learning to provide code suggestions, inciting no small degree of controversy. One particular facet of the ensuing discussion piques my curiosity: what happens if the model was trained using software licensed with the GNU General Public License?

  • This Week In Rust: This Week in Rust 400
  • Random Thought: Exposure of Perl in the Academic Circles

    Today I have wandered on the famous academic paper archive and suddenly a thought popped into my mind - use Perl as the keyword in searching.

  • Write your first JavaScript code | Opensource.com

    JavaScript is a programming language full of pleasant surprises. Many people first encounter JavaScript as a language for the web. There's a JavaScript engine in all the major browsers, there are popular frameworks such as JQuery, Cash, and Bootstrap to help make web design easier, and there are even programming environments written in JavaScript. It seems to be everywhere on the internet, but it turns out that it's also a useful language for projects like Electron, an open source toolkit for building cross-platform desktop apps with JavaScript.

  • RcppSpdlog 0.0.6 on CRAN: New upstream

    A new version 0.0.6 of RcppSpdlog is now on CRAN. It contains releases 1.9.0 of spdlog which in turn contains an updated version of fmt. RcppSpdlog bundles spdlog, a wonderful header-only C++ logging library with all the bells and whistles you would want that was written by Gabi Melman, and also includes fmt by Victor Zverovich. No R package-side changes were needed or made.

Android Leftovers

Proprietary Software and Security

  • Now Salesforce officially owns Slack

    Cloud computing giant Salesforce has completed its acquisition of Slack, a $27.7 billion dollar deal that adds the messaging app to its suite of enterprise software without immediately changing Slack’s functionality, branding, or leadership.

  • Kaseya ransomware attack highlights cyber vulnerabilities of small businesses [iophk: Windows TCO]

    The recent ransomware attack on software group Kaseya hit small businesses especially hard, targeting companies that often have few resources to defend themselves and highlighting long-standing vulnerabilities.

    The attack has been made worse during the pandemic when cyber threats against small businesses have multiplied, and companies have scrambled to stay afloat.

  • A case against security nihilism

    This week a group of global newspapers is running a series of articles detailing abuses of NSO Group’s Pegasus spyware. If you haven’t seen any of these articles, they’re worth reading — and likely will continue to be so as more revelations leak out. The impetus for the stories is a leak comprising more than 50,000 phone numbers that are allegedly the targets of NSO’s advanced iPhone/Android malware.

    Notably, these targets include journalists and members of various nations’ political opposition parties — in other words, precisely the people who every thinking person worried would be the target of the mass-exploitation software that NSO sells. And indeed, that should be the biggest lesson of these stories: the bad thing everyone said would happen now has.

    This is a technical blog, so I won’t advocate for, say, sanctioning NSO Group or demanding answers from the luminaries on NSO’s “governance and compliance” committee. Instead I want to talk a bit about some of the technical lessons we’ve learned from these leaks — and even more at a high level, precisely what’s wrong with shrugging these attacks away.

  • Security updates for Thursday

    Security updates have been issued by Debian (pillow and redis), Fedora (kernel-headers, kernel-tools, kernelshark, libbpf, libtraceevent, libtracefs, nextcloud, and trace-cmd), Gentoo (chromium and singularity), Mageia (kernel, kernel-linus, and systemd), openSUSE (caribou, chromium, curl, and qemu), Oracle (java-1.8.0-openjdk, java-11-openjdk, kernel, and systemd), Slackware (curl), SUSE (curl, kernel, linuxptp, python-pip, and qemu), and Ubuntu (ruby2.3, ruby2.5, ruby2.7).

today's howtos

  • Change ‘Activities’, App Menu, Data & Time Position in Ubuntu 21.10 via Extension | UbuntuHandbook

    Want to change the position of top-bar items, e.g., Activities button, app menu, date and time, and system tray icons? A Top Bar Organizer extension now is available for Ubuntu 21.04 Gnome 40. With it, you can drag and drop to re-order top panel items as you prefer. For example, moving the Activities button or date & time clock menu to right corner.

  • [Solved] Flatpak Install Error: No Remote Ref Found

    So, I just installed Fedora. Installing my favorite applications was among the list of things to do after installing Fedora.

  • How To Install DBeaver on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install DBeaver on Ubuntu 20.04 LTS. For those of you who didn’t know, DBeaver is a client for database managers, which allows managing in a comfortable way the data and options of the database instance. DBeaver supports any database which has JDBC driver – MySQL/MariaDB, PostgreSQL, Oracle, DB2 LUW, Google BigQuery, Exasol, SQL Server, Sybase/SAP ASE, SQLite, Firebird, H2, HSQLDB, Derby, Teradata, Vertica, Netezza, Informix, etc. If you need support for non-JDBC data sources such as WMI, MongoDB, Cassandra, Redis, then consider using DBeaver Enterprise Edition. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the DBeaver on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • How To Setup Firewall With Gufw On Linux Desktop - OSTechNix

    A few days ago, we have shown you how to install, configure and setup firewall with UFW on various Linux distributions. As you already know, UFW is a command line firewall application. Some of you may not be comfortable with command line mode. Fortunately, there is a graphical front-end for UFW available. In this guide, we will see what is Gufw and how to setup firewall with Gufw on Linux desktop operating systems.

  • How to Recursively Change File Permissions in Linux - Make Tech Easier

    Because Linux is a multi-user operating system, it has a mechanism that sets and manages file permissions to ensure that only authorized processes and users can access various directories and files. As you use Linux, you may encounter various instances where you can’t edit files or directories because of the “Permission denied” error, indicating you do not have the required privileges. This tutorial will show you how to recursively change file permissions in Linux to ensure that your permission settings apply to sub-folders and files.

  • How to record your Linux desktop in Wayland

    Wayland is a new desktop protocol for Linux desktops. It has been in development for quite a while, and it is a modern alternative to the most used desktop protocol on Linux: X11 Server. Wayland has tons of excellent modern features, however, a lot of apps still rely on the old X11 ways of doing things. As a result, users using Wayland might be frustrated in trying to do things that come easy on X11 desktops. One such thing that is easy to do on X11 but tough to accomplish on Wayland is screen recording. Thankfully, Blue Recorder exists and makes recording Wayland desktops a little easier.

  • Install HandBrake 1.4.0 In Ubuntu 20.04 / LinuxMint | Tips On UNIX

    HandBrake is an open-source, multiplatform video transcoder and is available for Linux,macOS X, and windows. This tutorial will be helpful for beginners to install Handbrake 1.4.0 in Ubuntu 20.04, Ubuntu 19.10, and Linux Mint

  • Install the latest version of the Docker engine to avoid vulnerabilities - TechRepublic

    Ubuntu is a great Linux for numerous purposes. For the desktop, for servers, for production, for operations, for development and for deploying Docker containers. But there's one thing you must know about Ubuntu. Although it's a rock-solid, incredibly user-friendly operating system, the available software isn't always the latest-greatest. You might even find, in some instances, that software is a few releases behind. Why? Because the developers want to ensure your experience is always the best it can be. Take, for instance, my Pop!_OS (based on Ubuntu 21.04) version of Docker is 20.10.2. The most recent Docker release, however, is 20.10.7 (released June 6, 2021). Now that point release may or may not contain bold new features, but it will certainly include bug fixes and various patches. In certain circumstances, it might behoove you to always have the latest version of Docker installed (especially given the mercurial nature of container security.

  • Automate performance metrics collection and visualization with RHEL System Roles

    One of the main challenges that system administrators, developers, and others face when running workloads on Red Hat Enterprise Linux (RHEL) is how to optimize performance by properly sizing systems, understanding utilization, and addressing issues that arise. In order to make data-driven decisions about these topics, performance metrics must be recorded and accessible by the administrator or developer. Performance metric tracking with Performance Co-Pilot (PCP) and Grafana can be useful in almost any RHEL environment. However, the process to get it set up across a large number of hosts might seem daunting at first. This is why Red Hat introduced a Metrics System Role, which automates the configuration of performance metrics. I’ll show you how in this post.

