today's leftovers
-
GNOME-focused Ubuntu desktop developer Daniel Van Vugt of Canonical has proposed an optimization that could help with running NVIDIA graphics on high refresh rate displays.
For those using a high refresh rate display with NVIDIA graphics on GNOME, especially with today's 240Hz or even 360Hz displays, better handling is on the way to allow more time for rendering each frame to complete before GNOME's Mutter falls back to a slower frame interval.
-
Öppna skolplattformen was developed out of the frustration of some parents in Stockholm when they noticed some irregularities and security issues in the proprietary school platform provided by the city. The original app cost the city one billion Swedish krona (around €100 million) and it turned out to be badly flawed.
[...]
Over the last four years, the Free Software Foundation Europe (FSFE) has been advocating for more software freedom in the public sector in the framework of the Public Money? Public Code! initiative. It requires that publicly financed software developed for the public sector should be made publicly available under Free Software licenses. The arguments for this demand are based on the benefits that Free Software can foster, such as saving long-term costs, promotion and support of the local economy, transparency, interoperability, and more.
-
This is the 97th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
-
In this is guide i will explain how to create a Kubernetes Cluster on Digitalocean using Terraform, then i will deploy the Harbor on Cluster as a internal container registry
-
The pgAdmin Development Team is pleased to announce pgAdmin 4 version 6.3. This release of pgAdmin 4 includes 31 bug fixes and new features. For more details please see the release notes.
pgAdmin is the leading Open Source graphical management tool for PostgreSQL. For more information, please see the website.
-
When it comes to the Radeon ROCm GPU software support AMD only officially supports it on SUSE Linux Enterprise Server, RHEL / CentOS, and Ubuntu LTS releases. But Arch Linux already makes it fairly easy to deploy with their third-party packages and now Fedora and Debian have developers also eyeing possible packaging of the Radeon Open eCosystem software for more easily deploying on those distributions.
If you are on Ubuntu, RHEL/CentOS, or SUSE as the supported enterprise Linux distributions, AMD has an installation guide and packages available for setting up their open-source GPU compute software. But for those on other distributions, your mileage may vary with no universal installer and rather complicated build steps in rolling your own ROCm binaries.
-
Every month we review the work funded by Freexian’s Debian LTS offering. Please find the report for November below.
[...]
We continue to looking forward to hearing about Debian project proposals from various Debian stakeholders. This month has seen work on a survey that will go out to Debian Developers to gather feedback on what they think should be the priorities for funding in the project.
-
This was the birth of our beloved openSUSE BAR! Since then, the BAR has been a place for contributions, for fixing things together and just hanging out.
The BAR evolved into an important part of our community that helps people get to know each other in the project. It has on-boarded new contributors, strengthened old friendships, brought fixes for various issues on the way and was the place for historical events, such as probably the oldest openSUSE User (89 y.o.) meeting the youngest openSUSE Member (16 y.o.).
During the online openSUSE Leap 15.3 release party, which was aimed to last for 24 hours, the bar passed the marks of a 50+ guests and a 100-hour-BAR session on June 6, 2021, which was followed by reaching a mark of a 200-hour-BAR session on June 10, 2021.
Linux Hardware and Open Hardware/Modding
-
it ain’t fast, but it is fast enough, to run a web stack and serve the http://mycpu.eu/ website, absolutely amazing!
-
AAEON has unveiled a new single board computer and edge system from the “UP bridge the gap” family with UP Squared 6000 equipped with Intel Atom x6000, Celeron, or Pentium Elkhart Lake processor, up to 8GB DDR4, 64GB eMMC flash, two Gigabit Ethernet ports, DisplayPort 1.2, HDMI 2.0b, eDP video interfaces, SATA and M.2 storage, and more.
The UP Squared 6000 is available in four different SKUs with notably an industrial SKU powered by the Intel Atom x6425RE optimized for automation, robotics, and industrial applications with support for Intel Time Coordinated Computing (TCC), Time-Sensitive Networking (TSN) via its 2.5GbE port.
-
We had most Rockchip RK3588 specifications so far for the long-awaited Cortex-A76/Cortex-A55 processor, but at today’s Rockchip Developer Conference 2021, more information surfaces with impressive CPU and GPU benchmarks, and the Rockchip RK3588 datasheet has just dropped from the sky directly into my laptop, as such document usually does. At least two single board computers are expected to soon follow from Radxa and Pine64.
-
Elecia starts out with the map file from a “hello world” program, but it’s a hello world running on an RTOS, so already there’s enough meat to dig into. She starts out with the top-level overview: flash for the code and RAM for the program to use. In flash, the code lives in .text and .const, and RAM has sections that should be familiar to you like .heap and .stack, but also .data and .bss. The memory map file also follows this structure: first an overview, then the section markers, and then the details of what’s inside each section.
If you get a crash, for instance, and you know where the numerical value of program counter when it went all pear-shaped, the .text section lists the function name where that happened. The section with global variable definitions, listed alphabetically? You can probably just scroll on by that — there’s a lot of redundancy in the map file, sometimes sorted by memory address, sometimes sorted alphabetically. You don’t want to read a map file, you just want to dip in, get what you need, and get out. Got a variable that you think is getting overwritten? Find it in the section listed by address, and look at its neighbors — one of them might be overrunning.
-
As part of their city’s beach restoration project, Instructables users Kousheek Chalraborty and Satya Schiavvina, who go by the team name Technovation, needed to construct a small and cheap boat that could assist in mapping the depth of the sea floor at various locations. The design they were able to come up with achieved this goal and even went beyond it by incorporating an autonomous navigation system into their watercraft.
The hull of the boat was made from a leftover Tupperware container and discarded water bottles, therefore reducing the cost significantly and integrating recycled materials. After the pontoons were attached to the bottom, a pair of brushless DC motors were screwed into place at the top, along with an 11.1v LiPo battery and dual 30-amp ESC modules.
-
Inspired by Katniss Everdeen’s burning dress from the Hunger Games series, Cindy Li set out to create her own version that uses fabric-attached LEDs to both simulate fire when movement is detected and illuminate in other ways when a certain button is pressed.
This light-up dress was based around two development boards: a Circuit Playground Bluefruit from Adafruit that handles the lights and an Arduino Nano RP2040 Connect, which connects to a sensor, some buttons, and a speaker for extra functionality. Li started building this project by sewing the Circuit Playground onto he fabric and then running a strip of individually addressable LEDs in an arch shape, with conductive thread tying it all together. Next, the Nano RP2040 Connect was wired to the speaker, buttons, and APDS-9960 sensor and placed within a custom-cut acrylic enclosure. Finally, another string of LEDs was wrapped around the bottom of the dress to act as the “fire” component.
Programming Leftovers
-
Subscriber and Subscription Management (SSM) is the system that funnels orders for IBM SaaS offerings offered through IBM and third-party marketplaces to the appropriate endpoints. This provisions orders for the customers and manages their entire subscriber and subscription lifecycle. It handles about 2,000 requests per hour.
SSM is a legacy monolith app. However, dealing with such a mission-critical application with millions of lines of code can be a nightmare. Making it more complex is the transaction handling implemented at every smallest service layer unit. To support high-end business use cases, there are dozens of composite APIs that SSM supports. These composite APIs internally make calls to the smallest-unit APIs, holding multiple DB connections for a single composite API request.
-
Boost is a very large and comprehensive set of (peer-reviewed) libraries for the C++ programming language, containing well over 100 individual libraries. The BH package provides a sizeable subset of header-only libraries for (easier, no linking required) use by R. It is fairly widely used: the (partial) CRAN mirror logs (aggregated from the cloud mirrors) show over 40 million package downloads.
-
Racket is a general-purpose, object-oriented, multi-paradigm, functional, imperative, logic based programming language based on the Scheme dialect of Lisp. It’s designed to be a platform for programming language design and implementation.
Racket is also used to refer to the family of Racket programming languages and the set of tools supporting development on and with Racket. It has a powerful cross-platform GUI library built in.
Racket’s core language includes macros, modules, lexical closures, tail calls, delimited continuations, parameters (fluid variables), software contracts, green and OS threads, and more. The language also comes with primitives, such as eventspaces and custodians, which control resource management and enables the language to act like an operating system for loading and managing other programs.
Racket is often used for scripting, computer science education, and research. It’s an open-source project (Apache/MIT).
-
We are happy to announce the release of Qt Creator 6.0.1!
-
Warnings category syntax contains a number of sub-categories representing possibly-problematic syntax. These include ambiguous syntax, problematic bareword usage, invalid printf conversions, and more. But there are also syntax diagnostics that do not fall under any of the sub-categories. These tend to be a miscellaneous group, and a normal-sized blog post can do no more than to give a sample.
Security Leftovers
-
Security updates have been issued by Debian (apache-log4j2 and mediawiki), Fedora (libmysofa, libolm, and vim), Oracle (httpd), Red Hat (go-toolset:rhel8), and Ubuntu (apache-log4j2 and mumble).
-
Access Now, Committee to Protect Journalists, Freedom House, and Human Rights First applaud the U.S. Congress for passing legislation that directs the U.S. State Department to develop a list of spyware purveyors with whom the Department should avoid doing business because of their poor human rights records. Included in the National Defense Authorization Act, this provision could provide greater transparency on invasive surveillance technologies, such as NSO Group’s Pegasus spyware, that are used against activists and journalists.
The law mandates that the State Department submit the spyware company list annually to Congress for a period of five years. This report should inform inter-agency coordination, especially to ensure that the Commerce Department continues to add human rights-violating spyware firms to the Entity List. (In November, the Department added NSO Group and Candiru to the List.) It also sends a strong message to the spyware industry and their investors that their days of operating in the shadows with impunity are over.
“For over a decade, the U.S. State Department has trumpeted internet freedom and human rights online, all while U.S. companies sold powerful surveillance technologies to the enemies of those cherished ideals,” said Jennifer Brody, U.S. Advocacy Manager at Access Now. “If leveraged to its full potential, the Department’s new spyware report will help to protect at-risk activists and journalists and safeguard freedom of expression in the most repressive environments. The U.S. must finally own its role in the global trade of these cyber weapons.”
-
On December 5th, someone by the IRC nickname of [ubuntu] joined the Pine64 Discord’s #pinephone channel through an IRC bridge. In the spirit of December gift-giving traditions, they have presented their fellow PinePhone users with an offering – a “Snake” game. What [ubuntu] supposedly designed had the potential to become a stock, out-of-the-box-installed application with a small but dedicated community of fans, modders and speedrunners.
Unfortunately, that would not be the alternate universe we live in, and all was not well with the package being shared along with a cheerful “hei gaiz I make snake gaem here is link www2-pinephnoe-games-com-tz replace dash with dot kthxbai” announcement. Shockingly, it was a trojan! Beneath layers of Base64 and Bashfuscator we’d encounter shell code that could be in the “example usage” section of a modern-day thesaurus entry for the word “yeet“.
[...]
That’s true for a lot of places – GitHub and GitLab releases, DockerHub, NPM, RubyGems, browser extension stores, PyPi, and even some supposedly safe Linux repositories, like F-droid, are vulnerable. Providing sourcecode along a malicious package adds legitimacy, and takes away incentives for skilled people to check the binary in the first place – hey, the code’s there to see already! If [ubuntu] did just that, perhaps we’d be talking about this incident a few days later and in a more somber tone. Supply-chain attacks are the new hotness in 2020 and 2021.
[...]
The PinePhone community has implemented some new rules, some channeling into the “automation” territory. This will possibly help a specific kind of problem to be less impactful in the future – though I’d argue that institutional memory should play a larger part in this. Beware of Greeks bearing gifts… until they learn how to work around your Discord bot’s heuristics? I already have, for instance. This is a monumental topic with roots beyond the Great PinePhone Snake Malware of 2021, and this article isn’t even about that as much as it’s about helping you understand what’s up with important aspects of Linux security, or maybe even the security of all open source software.
-
At the time of writing, we believe that Cytrox’s CEO is Ivo Malinkovksi, as stated on his LinkedIn page. Notably, Malinkovksi’s now-private Instagram account includes a 2019 image of him in front of the Pyramids of Giza in Egypt.
A 2019 report in Forbes states that Cytrox was “rescued” by Tal Dilian, a former Israel Defence Forces (IDF) Unit 81 commander, whose company WiSpear (which appears to have been renamed Passitora Ltd.) is based in Limassol, Cyprus and reportedly acquired Cytrox in 2018 according to the Atooro Fund. Dilian is also known as the founder of Circles, a prominent cellular network surveillance company. In December 2020, the Citizen Lab published an investigation into Circles’ government clients. Dilian is also the founder and CEO of Intellexa.
