• Malicious Office 365 Apps Are the Ultimate Insiders [Ed: Office 360 itself is malicious]

• Biden administration, Congress unite in effort to tackle ransomware attacks [iophk: Windows TCO]

  Congress has also been paying greater attention to the threats from ransomware, with members on both sides of the aisle citing attacks in their districts on schools, governments, libraries and hospitals as key motivating factors in taking action.

• Changing role of the board on cybersecurity

  While it is the network security team that is responsible for preventing such a breach, increasingly, the company’s board is being examined in such cases more often than before. So, how can the board be ready if such an unforeseen event unfolds and how the direction to take corrective measures can come right from the top?

  In our latest report we delve into the changing role of the board on cybersecurity to outline the following recommendations: [...]

• They Told Their Therapists Everything. [Crackers] Leaked It All [iophk: Windows TCO]

  Vastaamo ran the largest network of private mental-health providers in Finland. In a country of just 5.5 million—about the same as the state of Minnesota—it was the “McDonald’s of psychotherapy,” one Finnish journalist told me. And because of that, the attack on the company rocked all of Finland. Around 30,000 people are believed to have received the ransom demand; some 25,000 reported it to the police. On October 29, a headline in the Helsinki Times read: “Vastaamo [Cracking] Could Turn Into Largest Criminal Case in Finnish History.” That prediction seems to have come true.

• RTF Report: Combatting Ransomware

  2. The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.

• Tesla Car [Cracked] Remotely From Drone via Zero-Click Exploit

  The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. An attacker can exploit these flaws to take full control of the infotainment system of a Tesla without any user interaction.

• Kubestriker: A security auditing tool for Kubernetes clusters

  It performs a variety of checks on a range of services and open ports on the Kubernetes platform, helps safeguard against potential attacks on Kubernetes clusters by continuously scanning, monitoring and alerting of any anomalies, allows users to see components of the Kubernetes infrastructure, and visualizes attack paths (how hackers can advance their attacks by chaining misconfigured components in the Kubernetes cluster).

  “Kubernetes has become a popular open-source platform for containerized workflows and a key building block for modern technology infrastructure. According to Gartner, by 2025 more than 85% of global organizations will be running containerized applications in production. This widespread popularity and lack of solid security measures in place have made Kubernetes the perfect target for attackers,” Kubestriker’s creator Vasant Chinnipilli, a security architect and DevSecOps practitioner, told Help Net Security.

• Check the status of Tor services with status.torproject.org

  The Tor Project now has a status page which shows the state of our major services.

  You can check status.torproject for news about major outages in Tor services, including v3 and v2 onion services, directory authorities, our website (torproject.org), and the check.torproject.org tool. The status page also displays outages related to Tor internal services, like our GitLab instance.

• Firefox's slow takeover of the address bar's space

  In the current Firefox 88, and I believe in the next version as well (currently Firefox Beta), part of the address bar is a '...' menu for "Page actions". Through using the right button on items in this menu, or on the icons on the right side of the address bar, you can add or remove certain icons from the right side, things like the "Bookmark this page" star. If you start up a current Firefox Nightly, you will discover the three dots of the Page Actions menu are gone, as is your ability to remove any icons from the address bar, including both the "Bookmark this page" star and any that may be put there by some of your addons.

• It's possible for Firefox to forget about:config preferences you've set

  Firefox has a user preferences system, exposed through its 'Settings' or 'Preferences' system (also known as about:preferences) and also through the more low-level configuration editor (aka about:config). As is mentioned there and covered in somewhat more detail in what information is in your profile, these configuration settings (and also your preferences settings) are stored in your profile's prefs.js file.

  You might think that once you manually set something in about:config, your setting will be in prefs.js for all time until you go back into about:config and change or reset it. However, there's a way that Firefox can quietly drop your setting. If you've set something in about:config and your setting later becomes Firefox's default, Firefox will normally omit your manual setting from your prefs.js at some point. For example, if you manually enable HTTP/3 by setting network.http.http3.enabled to true and then Firefox later makes enabling HTTP/3 the default (as it plans to), your prefs.js will wind up with no setting for it.

• Mozilla Explains: What are deceptive design patterns?

  Deceptive design patterns are tricks used by websites and apps to get you to do things you might not otherwise do, like buy things, sign up for services or switch your settings. Another word used to describe deceptive design patterns is dark patterns*, which was originally coined in 2010 by user experience specialist Harry Brignall, drawing attention to this practice and building momentum around calling it out. Brignall regularly tweets some of the worst examples of deceptive designs online and hands out kudos for honest user experiences.

  Deceptive design patterns show up as tricky color schemes, frustrating mazes, sneaky designs and confusing language. Websites use these techniques to influence your behavior into a direction that benefits them more than it benefits you. Here are examples of deceptive or manipulative designs you might run into.

• Beautiful 3D Print time-lapses with my Nikon D700 and Octolapse

  What I wanted was a stable and sharp timelapse of the entire process with high enough resolution to use in HD videos I produce for my YouTube channel.

  So how did I get it working with my old but trusty Nikon D700? Read on...

• How to keep files and directories synchronized across different devices using syncthing on Linux

  Syncthing is defined as a continuous file synchronization program: it can be used to keep files and directories synchronized across different devices or “nodes”. The application uses TLS as encryption method, and it is, together with its protocol, free and open source software. When using Syncthing, our data remains on our device, and is transferred directly to the destination without relaying on a central server (peer to peer). In this tutorial we will see how to install, configure and use Syncthing on Linux.

• The different types of modern (2021) SSH keys (and some opinions)

  Back in 2014 I wrote about what I knew about the then-current different types of SSH keys. Things have changed around a bit since then, so it's time for an update.

  Modern versions of SSH support three different types of public key cryptography for common use; RSA, ECDSA, and Ed25519. Both ECDSA and Ed25519 use elliptic curve cryptography, while RSA is based on integer factorization. SSH once supported DSA public key cryptography, but it has been deprecated since the 7.0 release of OpenSSH in 2017 (search for 'ssh-dss'). OpenSSH supports FIDO/U2F hardware authenticators with ECDSA and Ed25519 keys since OpenSSH 8.2, and supports SSH key certificates for all key types.

• Stopping cron sending email alert for Linux/Unix jobs

  How do I to disable the email alert send by crontab? When my job is executed and the jobs cannot run normally it will sent an email to root. Why do I receive e-mails to my root account from cron? How can I prevent this? How can I disable email alert sent by cron jobs on a Linux or Unix-like systems?

  The crontab command is used to maintain crontab files for individual users. By default the output of a command or a script (if any produced), will be email to your local email account. To stop receiving email output from crontab you need to append following strings at the end of crontab entry.

Our future issue is that having a lot of 18.04 machines (some of them very critical ones) means that when Ubuntu 22.04 comes out next April, we'll have a lot of machines to upgrade in less than a year (since 18.04 will stop being supported at the end of April 2023). This is probably more unique machines than we've ever had to upgrade in one cycle, even if we assume that the machines users log in to are mostly simple to rebuild. Some of the machines, such as our fileservers, will take extensive testing all on their own.

 

• Some 5.12 development statistics

  By the time the 5.12 kernel was finally released, some 13,015 non-merge changesets had been pulled into the mainline repository for this development cycle. That makes 5.12 the slowest development cycle since 5.6, which was released at the end of March 2020. Still, there was plenty of work done for 5.12. Read on for our traditional look at where that work came from and how it got into the kernel.

  Patches were contributed to 5.12 by 1,873 developers, 262 of whom were first-time contributors; those are typical numbers, especially given the (relatively) small size of this cycle. 

 

• Preventing information leaks from ext4 filesystems

  A filesystem's role is to store information and retrieve it in its original form on request. But filesystems are also expected to prevent the retrieval of information by people who should not see it. That requirement extends to data that has been deleted; users expect that data to be truly gone and will not welcome its reappearance in surprising places. Some work being done with ext4 shows the kind of measures that are required to live up to that expectation.

  In early April, Leah Rumancik posted a two-patch series making a couple of small changes to the ext4 filesystem implementation. The first of those caused the filesystem to, after a file is deleted, overwrite the space (on disk) where that file's name was stored. In response to a question about why this was needed, ext4 maintainer Ted Ts'o explained that it was meant to deal with the case where users were storing personally identifiable information (PII) in the names of files. When a file of that nature is removed, the user would like to be sure that the PII is no longer stored on the disk; that means wiping out the file names as well.

 

• Avoiding unintended connection failures with SO_REUSEPORT

  Many of us think that we operate busy web servers; LWN's server, for example, sweats hard when keeping up with the comment stream that accompanies any article mentioning the Rust programming language. But some organizations run truly busy servers and have to take some extraordinary measures to keep up with levels of traffic that even language advocates cannot create. The SO_REUSEPORT socket option is one of many features that have been added to the network stack to help these use cases. SO_REUSEPORT suffers from an implementation problem that can cause connections to fail, though. Kuniyuki Iwashima has posted a patch set addressing this problem, but there is some doubt as to whether it takes the right approach.

  In normal usage, only one process is allowed to bind to any given TCP port to accept incoming connections. On busy systems, that process can become a bottleneck, even if all it does is pass accepted connections off to other processes for handling. The SO_REUSEPORT socket option, which was added to the 3.9 kernel in 2013, was meant to address that bottleneck. This option allows multiple processes to accept connections on the same port; whenever a connection request comes in, the kernel will pick one of the listening processes as the recipient. Systems using SO_REUSEPORT can dispense with the dispatcher process, improving scalability overall.

  SO_REUSEPORT does its work when the initial SYN packet (the connection request) is received; at that time, a provisional new socket is created and assigned to one of the listening processes. The new connection will first wait for the handshake to complete, after which it will sit in a queue until the selected process calls accept() to accept the connection and begin the session. On busy servers, there may be a fair number of connections awaiting acceptance; the maximum length of that queue is specified with the listen() system call.

 

• Toward signed BPF programs

  The kernel's BPF virtual machine is versatile; it is possible to load BPF programs into the kernel to carry out a large (and growing) set of tasks. The growing body of BPF code can reasonably be thought of as kernel code in its own right. But, while the kernel can check signatures on loadable modules and prevent the loading of modules that are not properly signed, there is no such mechanism for BPF programs; any sufficiently privileged process can load any program that will pass the verifier. One might think that adding this checking for BPF would be straightforward, but that subsystem has some unique characteristics that make things more challenging than one might expect. There may be a solution in the works, though; fittingly, it works by loading yet another BPF program.

  Loadable kernel modules are stored as executable images in the ELF format. When one is loaded, the kernel parses that format and does the work needed to enable the module to run within the kernel; this work includes allocating memory for variables, performing relocations, resolving symbols, and more. All of the necessary information exists within the ELF file. Applying a signature to that file is simply a matter of checksumming the relevant sections and signing the result.

  BPF programs have similar needs, but the organization of the requisite information is a bit more, for lack of a better word, messy. The code itself is compiled as an executable section that is then linked into a loader program that runs in user space and invokes the bpf() system call to load the BPF program into memory. But BPF programs, too, need to have data areas allocated in the form of BPF maps, and they need relocations (of a sort) applied to be able to cope with different structure layouts on different systems. The necessary maps are "declared" as special ELF sections in the loader program; the libbpf library finds those sections and turns them into more bpf() calls. The BPF program itself is then modified (before loading into the kernel) so that it can find its maps when it runs.

  This structure poses a challenge for anybody wanting to implement signed BPF programs. The maps are a part of the program itself; if they are not established as intended, a BPF program might misbehave in interesting ways. But the kernel has no way to enforce any specific map configuration, and thus cannot ensure that a signed BPF program has been properly set up. Additionally, the need to modify the BPF program itself will break signature verification; after all, modifications to BPF programs are just the sort of thing this mechanism is expected to prevent. So, somehow, the kernel has to take a more active role in the loading of BPF programs.

WiFi & Bluetooth are the most popular wireless protocols for home automation, alternatives like Zigbee and Z-wave have also been widely adopted, at least in some countries.

And if you are interested in the latter, Aeotec has just introduced the Z-Pi 7 gateway development kit that lets you add Z-Wave connectivity to Raspberry Pi boards or Orange Pi Zero SBC with an expansion board connected over UART through the GPIO header.

Ubuntu Touch OTA-17 is the next major software update for Ubuntu Phone devices, promising support for NFC hardware on various devices, including the Google Pixel 3a and Volla Phone. Besides the obvious benefits, NFC support will also enable developers to add the ability to read or write NFC tags in their apps.

While UBports devs continue their transition for Ubuntu Touch to the Ubuntu 20.04 LTS (Focal Fossa) base, they added various enhancements to the Ubuntu Touch OTA-17 release. Among these, improved battery life and notifications for the Google Pixel 3a phone, a Macedonian keyboard layout, and automatic screen brightness on the Volla Phone.

The kernel's Device Mapper (DM) code with Linux 5.13 has some improvements worth mentioning this cycle.

DM-Integrity, which via emulating a block device allows for storing additional integrity information, TRIM/DISCARD is now used to avoid needlessly rewriting of metadata. Additionally, DISCARD is also used to improve hash re-calculation.

• Dates for Virtual Linux Plumbers now 20-24 September

  We took a look at all the events that were announced at the same time as OSS, including KVM Forum. The dates 20-24 September still seem to be clear of conference overlaps so we thought we’d grab them for Plumbers before someone else does. We also thought the timezone last year (Atlantic, 1h ahead of US Eastern and 5h behind central European) worked well, so we’ll plan to hold the conference mostly in that timezone (Although Microconference sessions can vary this if participants need. Our conference architecture will be available 24h)

• Containers and Checkpoint/Restore Microconference Accepted into 2021 Linux Plumbers Conference – Linux Plumbers Conference 2021

  We are pleased to announce that the Containers and Checkpoint/Restore Microconference has been accepted into the 2021 Linux Plumbers Conference! The Containers and Checkpoint/Restore micro-conference brings together kernel developers, runtime maintainers, and developers working on container- and sandboxing related technologies in general to discuss current problems and agree on new features.

• Linux Plumbers Goes Fully Virtual – Linux Plumbers Conference 2021

  You may have noticed that the Linux Foundation has announced moving OSS+ELC from Dublin to Seattle, WA due to survey results and vaccination rates in Europe. Since we agreed to co-locate with OSS+ELC this year, we’ve been debating following suit or going virtual. Unfortunately, the safety protocols imposed by event venues in the US require masks and social distancing, making it impossible to hold the interactive part of Plumbers (the Microconferences). Since Microconferences are a differentiating feature of plumbers, we felt that rather than lose such an essential element we’d move the entire conference on-line and hope to be back in-person next year.

• Open Source and IoT

  Here is a companion article to my upcoming PLI talk on the special risks and rewards of open source and standards in IoT. It was published on PLI PLUS, the online research database of PLI.

• LibreOffice QA/Dev Report: April 2021

  LibreOffice 7.1.2 was released on April 1st

• Announcing Mozilla Rally – Data@Mozilla

  We wrote recently about how difficult it is to understand the data companies collect from you, and what they’re doing with it. These companies determine how your data is used and who benefits. Cutting people out of decisions about their data is an inequity that harms not only individuals, but also society and the internet. We believe that you should determine who benefits from your data. Today, we’re taking a step in that direction with the alpha release of Mozilla Rally. Rally is now available for desktop Firefox users age 19 and older in the USA.

  Rally is aimed at rebuilding your equity in your data. We allow you to choose how to contribute your data and for what purpose. We’re building a community to help understand some of the biggest problems of the internet, and we want you to join us.

  [...]

  We started Rally as an innovation program, building on earlier experiments with trusted research institutions. We are exploring new products and public interest projects that return equity to communities in the coming months. We are data optimists and want to change the way the data economy works for both people and day-to-day business. We are committed to putting our users first every step of the way, and building a community together.

• Aborted attempt to run FatDog in container

  I converted FatDog64 version 811 to run in a container. Get a desktop, looks OK, tested a couple of apps, such as Geany and LibreOffice, OK.

• EasyOS 2.7.3 detects SSD in HP14 laptop

  Ramachandra reported that the SSD in his new HP14 laptop was not detect by EasyOS.

• Arch: FOSS Activities in April 2021

  Hope people have had a lovely spring. This month has passed quickly! I have put off writing the monthly post because I was busy with a weekend project.

  My master thesis was about how to apply transparency logs and reproducible builds to give package rebuilders the ability to produce tamper evident logs. This is handy since any one package build can easily be proven to be part of the log, and you can very easily fill inn the history from one point in time to another by hashing files in the correct order.

  These days transparency logs has seen a larger adoption with projects like sigstore and trustix. What’s interesting is that kernel.org publishes a transparency log of all the git push operations.

• 12 of the Best Free Graphic Design Software [Ed: Covers Inkscape and GIMP; also here]

  According to Inkscape’s website, the software was created for designers of all kinds including those in marketing and branding, engineering/CAD, web graphics, cartooning and for individual uses. You can get started by downloading the software to your Linux, Windows or macOS device.

  When I first downloaded Inkscape, the interface reminded me of Microsoft Paint. This made it really intuitive to use, and all of the features are available for free. According to the website, those features include object creation, object manipulation, fill and stroke features, operations on paths, text support, rendering and a variety of file formats.

  There are tons of resources available on Inkscape's website under the "Learn" tab including an FAQ section, tutorials, books/manuals and a guide to how to use Inkscape for animation. Users also have access to Inkscape's community which includes user support and discussions in the form of chat, forums and more.

  [...]

  If you're looking for a free alternative to Photoshop, GIMP is a graphic design software worth checking out. While you can't use the software online, it can be downloaded to Linux, OS X or Windows computers.

  GIMP stands for GNU Image Manipulation Program. It's a free software that was designed for photo retouching, image composition and image authoring, according to the website. The interface is really similar to Adobe's Photoshop, so if you're already familiar with the tools and shortcuts, using GIMP will be easy.

  You can get started by checking out the tutorials online which include beginner basics, photo editing tips, painting guides and more. If you're ready to try out the software yourself, you can download it here.

• Mesa 21.1 Released With RADV Variable Rate Shading, More Intel Vulkan Improvements - Phoronix

  Mesa 21.1 is available today as the latest quarterly feature release to this collection of open-source OpenGL and Vulkan drivers. There are many features to show with this new release and it even managed to release on-schedule.

  Mesa 21.1 brings a wide assortment of improvements to the many contained open-source user-space drivers, but as usual are dominated by enhancements to the Intel and Radeon driver components, especially the Vulkan drivers given the mature state of the OpenGL drivers these days.

• New Ambassador Developer Control Plane Accelerates Kubernetes Adoption Across Entire Cloud Native Software Development Lifecycle

  As development teams adopt Kubernetes, they are challenged not only by a growing list of complex technologies but also an expanded role that now includes shipping and operating the systems they build. Built on major open source Cloud Native Computing Foundation projects including Envoy, Emissary-ingress, Argo, and Telepresence, the Ambassador Developer Control Plane is an integrated solution that manages the cloud native infrastructure that developers use to code, ship, and run applications for Kubernetes environments. Ambassador DCP unlocks developer productivity for local and remote environments, enables rapid human-centric service discovery across organizations, and lets entire teams safely deploy and manage applications for production.

• Perl Weekly Challenge 111: Search Matrix and Ordered Letters

• Understanding DDoS Attacks and How to Prevent Them

  DDoS cyberattacks can happen anytime and devastate any business, but by understanding how they occur and how to prevent them, you can continue to surf the web safely.

  A distributed denial of service (DDoS) attack is a type of cyberattack that hackers often use to breach a network and overload it with unwanted traffic to disrupt services. Once the system is strained to its limit, it no longer accepts legitimate traffic, and services start to fail.

  Think of a DDoS attack as a crowd blocking the way into your favorite coffee shop: It's tough for you to get in, and it makes it difficult for that business to distinguish a real customer from the rest of the crowd. Because of that confusion, it's tough for businesses that are targeted by a DDoS attack to serve their customers and distinguish who's real and who's not.

• Identifying the Differences Between VPN Protocols

• macOS bugs causing sporadic browsing issues with Safari, Firefox, others

  According to user reports on the Apple Support Communities, the Safari 14.1 update breaks functionality on popular websites like eBay. The issue appears to predominantly affect Safari 14.1 on macOS Catalina and macOS Mojave.

  There are reports from developers about ongoing problems with the latest versions of Apple's browser, too. Google Chrome developer advocate Jake Archibald reports that localStorage in Safari 14.1 is broken, causing tabs with use the same localStorage for text boxes.

• Pyston v2.2: faster and open source

  We are proud to announce Pyston v2.2, the latest version of our faster implementation of the Python programming language. This version is significantly faster than previous ones, and importantly is now open source.

• Pyston 2.2 Released For A Faster Python While Facebook Releases Cinder - Phoronix

  Pyston 2.2 is out today as the latest version of this performant Python implementation. Separately, Facebook has introduced Cinder as a new incubator project providing a speedy Python JIT implementation.

  Pyston 2.2 is out today as the new version of this alternative Python implementation. With Pyston 2.2 the developers claim their implementation is 30% faster now than the stock Python for web server benchmarks. Speed-ups this time around include work on their JIT and attribute cache mechanisms.

• Python 3.8.10, 3.9.5, and 3.10.0b1 are now available

  This has been a very busy day for releases and on behalf of the Python development community we’re happy to announce the availability of three new Python releases.

• < programming language: These three new releases just arrived

  Three new versions of the Python programming language have been released, one of which is a beta release of the upcoming Python version 3.10.

  It what the Python release team called "a very busy day for releases", Monday, 3 May saw the release of Python 3.8.10, 3.9.5 and 3.10.0b1.

• Humble Bundle plan to put the much loved sliders back on bundle pages

  After a bit of an uproar from customers, Humble Bundle have decided to ditch their idea of replacing sliders that let people customize where their money goes.

  In their original blog post, they mentioned the sliders that let you adjust the amount you give to Humble, Developers, Charity and Partners would be replaced with a static two-tier system that was giving a lot more to Developers and Humble. Now though, in a fresh blog post they're backtracking.

 

• Don't Starve Together season finale out in Return of Them: Eye of The Storm plus big sale

  Return of Them: Eye of The Storm is the final update of the season for Don't Starve Together and so it's going off with quite a big bang along with a good discount too.

  "With the three lunar altars now complete, the truth at the center of this ancient mystery will finally come to light...
  They've been here all along. Don't Starve Together: Return of Them - Eye of the Storm is now available for all players. With this conclusion of the Return of them Story Arc, worlds collide as old threats and familiar faces make themselves known."

  [...]

  A fantastic time to get into a thoroughly enjoyable co-op survival game, from Klei Entertainment who have been a very Linux-friendly developer.

  

• The Quest to Build a Portable Steam Machine - Boiling Steam

  There’s something about having a portable Steam machine that fascinates me. Being able to play desktop, non-mobile games on the go is a concept that few seemed to have accomplish. The Smach Zero held a lot of promise, but I haven’t heard anything from the team in a long time, and who knows if the poor backers of the project will ever get their hands on it. There’s the GPD Win, and it looks great, but the thing is just too darn expensive. Finally, while the Aya Neo looks fantastic as well, it’s another big-budget gadget that I personally don’t want to spend that much on.

  I’ve looked into making tablets/gaming handhelds in times past, but often transforming that project into reality requires a lot of tinkering. A lot of tools that need to be used that I don’t have. Soldering, splicing, 3D printing, scripting, hot gluing…the list goes on. Another problem that I had was, while the electronics market is littered with ARM-powered SBCs, especially from the likes of the Raspberry Pi, exploring into the x86 world was relatively untouched, as far as handhelds go. I wasn’t content playing retro games by means of emulation. I didn’t like the fact that I couldn’t play my games on Steam on native hardware; it had to be done through streaming. I wanted something more, and I knew the only way I could do that was use an x86-based computer.

• Wayland Is The Future Of Linux, What About Now?

  There's always some chatter about Wayland but what even is it and what makes it so different from Xorg which the vast majority of people on Linux are still running.

• Pacstall Is An "AUR" For Ubuntu

  What if you could run Ubuntu but also had access to a community software repository similar to the AUR? Pacstall attempts to become the "AUR" Ubuntu wishes it had.

• LHS Episode #409: JS8Call Deep Dive

  Hello and welcome to the 409th installment of Linux in the Ham Shack. In this episode, we have an interview with Jordan Sherer, KN4CRD, the creator and developer of JS8Call, an amateur radio weak-signal application for having complete QSOs during poor band conditions. Jordan is also the winner of the 2021 Amateur Radio Software Award so we have the board of ARSA on the show discuss Jordan's achievement and the efforts of the ARSA board to promote free, open-source software in the amateur radio space. We hope you enjoy!

• FLOSS Weekly 628: Digital Sovereignty - Dr. Andre Kudra

  Dr. Andre Kudra of esatus.com discusses SSI, or Self-Sovereign Identity. It's a hot and fast-moving topic with a growing base of hackers, companies, nonprofits, and whole states, provinces and countries. Aaron Newcomb and Doc Searls probe Andre for lots of great intelligence about how SSI puts individuals in full charge of how they present minimized ID credentials safely, and inside a whole new framework. They also talk with Andre about his involvement with the demoscene and retro computing, which are especially huge in Europe. It's a great discussion on this episode of FLOSS Weekly.

Oracle Linux users in North America are gathering online tomorrow (Thurs. May 6, 10am PT) for the latest edition of the State of the Penguin. Wim Coekaerts, Oracle Software Development SVP and Linux Foundation Vice Chairman, will be leading what promises to be an enlightening conversation about the industry landscape, customer use cases, and the latest Oracle Linux technologies, including containers, KVM, open-source contributions, and developer tools, all to help Penguinistas "explore possibilities and update your plans."

Coekaerts' co-host for the event will be Sergio Leunissen, VP in Oracle’s infrastructure engineering team. Leunissen currently leads initiatives to deliver solutions for developers on Oracle’s operating system and Oracle Infrastructure Cloud, and he’s responsible for Oracle’s presence on GitHub.

I had the opportunity to talk with Coekaerts about the event last week. He's widely described as an "industry luminary," an appellation I found to be something of an understatement. He led the last online State of the Penguin, held six months ago.

More from the Microsoft-connected publisher: 2.5GbE Networking on Linux

• Everything about Daemons in Linux

  Since the Linux operating system is characterized as a multitasking operating system, a daemon is, by definition, a program that continuously executes as a background process. In short, the execution of this process is not dependent on an active user’s system interaction. A normal system user cannot control the periodic execution of a daemon process.

  The naming convention that defines most daemon processes is the one letter ‘suffix’ d. This naming convention makes it possible to differentiate between normal system processes and daemon-powered processes. For example, sshd is a daemon process responsible for the management of incoming SSH connections. Another daemon process example is syslogd. It is responsible for the Linux system logging facility.

  In a Linux environment, the launch of daemons is at boot time. Since the Linux system is a perfect Unix clone, an init process qualifies as the parent process to a daemon. To start and stop daemons on your Linux operating system, you first need to access the /etc/init.d scripts directory on your OS.

• How to install Wizard101 on a Chromebook with Crossover 20 in 2021

  Today we are looking at how to install Wizard101 on a Chromebook with Crossover 20. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.

• How to install LibreOffice on Deepin 20.2

  In this video, we are looking at how to install LibreOffice on Deepin 20.2.

• How to upgrade ZFS storage pools version on FreeBSD

  hen we update FreeBSD from 12 to 13, we get an updated version of ZFS. FreeBSD 13 released with OpenZFS support with various performance boosts. Sometimes OS patching and minor FreeBSD upgrade can also offer an updated zpool version. In any case, we need to upgrade the ZFS storage pools version to get newer functionality and bug fixes. This page explains how to update the ZFS storage pools version on FreeBSD.

• How to set up Plex on a Raspberry Pi | Android Central

  The Raspberry Pi's convenience, versatility, and usefulness simply cannot be understated. With just a few clicks, you can set up just about everything, including the ability to set up Plex on a Raspberry Pi. After you've finished loading up your library of movies, TV shows, and even music, you can then download the Plex app on any of your devices and enjoy your favorite content from anywhere. Today, we're going to show you how you can get everything set up.

• Manage AWS SQS Queues using aws-cli

  You can perform operations on SQS like list, create, delete Queues and send messages, receive messages from your terminal using aws-cli. In this article, we will see the commands to perform these kinds of operations. Before we proceed, it is assumed that you are familiar with AWS SQS Queue.

  To know in detail about options available for aws-cli, visit the official documentation here.

• Antoine Beaupré: Building a status page service with Hugo

  The Tor Project now has a status page which shows the state of our major services.

  You can check status.torprojet.org for news about major outages in Tor services, including v3 and v2 onion services, directory authorities, our website (torproject.org), and the check.torproject.org tool. The status page also displays outages related to Tor internal services, like our GitLab instance.

  This post documents why we launched status.torproject.org, how the service was built, and how it works.

Dynamic Kernel Module Support (DKMS) is a framework that is mostly used to build and install external kernel modules. However, it can also be used to install a specif patch to the modules of the current kernel, for example, to apply a specific fix.

For example, when PipeWire 0.3.20 was released earlied this year, it brought support for the mSBC codec which I had added, and which works natively or through the external programs oFono or hsphfpd, when connected to a Bluetooth Headset through the HFP profile.

Unfortunately, for kernels 5.8, 5.9 and 5.10, this support does not work with USB Bluetooth chipsets from vendors other than Intel.

While the fix was simple and has since been backported to the LTS kernels, if you are like me and are running a Linux distribution based on a non-LTS kernel, for example Ubuntu 20.04 with kernel 5.8, you will not be able to benefit from this fix. That is, unless you use DKMS to patch the kernel's Bluetooth module.

The UBPorts team is set to roll out the next update to Ubuntu Touch on May 12th. While Ubuntu Touch OTA-17 won’t have as many user-facing changes as some previous builds of the operating system, there are still some goodies baked in, particularly for folks with a couple of specific devices.

For example, Ubuntu Touch OTA-17 is the first version to support NFC hardware. The feature only works on certain devices, including the Google Pixel 3a and Volla Phone, but it should allow developers to create Ubuntu Touch apps that make use of NFC to read or write NFC tags or communicate with other NFC-enabled hardware like wireless earbuds.

NASA’s Perseverance rover is equipped with a Linux-driven, Atom-based CompuLab COMEX-IE38 module designed to compress images. The rover also has a Qualcomm 801 Linux system like its Ingenuity copter, which is embarking on a new scouting mission.

As LinuxGizmos and many other sites reported in February, NASA’s semi-autonomous Ingenuity drone copter is equipped with an embedded Linux computer based on the Qualcomm 801 (formerly Snapdragon 801). Ingenuity, which has since run several successful test flights on Mars, making it the first craft to fly in the atmosphere of an extra-terrestrial planet, uses the Qualcomm 801 via the Qualcomm Flight platform for navigation and camera control and processing.

• 5 Easy Tweaks to increase your Linux Server's Security

  In the second episode of my Enterprise Linux Security series, I'll show you 5 easy tweaks you can make to enhance the security of your Linux server. Ubuntu Server will be shown as the example distribution, but most of these tweaks can be done on any distro with some modifications to the syntax as necessary.

• Why I Said NO To A Job With Dell's Linux Team

  A new Linux hardware partnership with @TUXEDO Computers, a story about turning down a job with Dell's Project Sputnik, a new interview with System76, a new Matrix room... There's a LOT going on as Linux For Everyone gets ready to kick out a bunch of new content. Pull up a chair for this quick channel update!

• GCC, GNU Toolchain Finally Working To Establish CI/CD For Better Reliability - Phoronix

  For a project as large and complex as the GNU Compiler Collection (GCC) one would reasonably have assumed that it would have setup continuous integration / continuous delivery support years ago for helping to ensure the reliability of this widely-used open-source compiler and the GNU Toolchain at large. But that's actually only happening now in 2021.

  Thanks to Red Hat engineers working on it, the GNU toolchain is working towards CI/CD support for helping to ensure the quality of the toolchain and hopefully catching any regressions immediately compared to the status quo.

• Jussi Pakkanen: Is the space increase caused by static linking a problem?

  Most recent programming languages want to link all of their dependencies statically rather than using shared libraries. This has many implications, but for now we'll only focus on one: executable size. It is generally accepted that executables created in this way are bigger than when static linking. The question is how much and whether it even mattesr. Proponents of static linking say the increase is irrelevant given current computers and gigabit networks. Opponents are of the, well, opposite opinion. Unfortunately there is very little real world measurements around for this.

  Instead of arguing about hypotheticals, let's try to find some actual facts. Can we find a case where, within the last year or so, a major proponent of static linking has voluntarily switched to shared linking due to issues such as bandwidth savings. If such a case can be found, then it would indicate that, yes, the binary size increase caused by static linking is a real issue.

• 7 Reasons to Use Git for Your Solo Projects

  Recently I had a conversation with someone who was shocked to learn I use Gitit for everything. "What? Even projects where you're working alone? Why on earth would you do something like that?!" As alarmed as they were that I use Git for solo projects, I was just as surprised to hear that they didn't and suddenly found myself feeling very self-conscious and questioning my choices. Is it weird to use version control for solo projects? And why do it at all? Some introspection and asking around on Twitter revealed the answers I was looking for: Not only is it not weird, there are lots of great reasons to use version control for your solo projects.

• Running Rust on Android

  For one of my current clients, we decided to use Rust as our main programming language. There were several reasons behind this decision; apart from the technical merits, there's also the undisputable fact that Rust is still a relatively new language, fancy and hip – and when you're a startup, using any technology that came out in the previous decade is just setting yourself up to fail. I mean, it's logical – how can you innovate without using innovative tech? The fastest way to success is aboard the hype train.

  As one of the product's selling point was supposed to be "you own your data", it couldn't be a purely browser-accessible service, but rather something we'd distribute to the users to run on their own devices. We already had some headless instances running internally, and with a trivial amount of work, were able to make redistributable packages for Windows and Linux. But we knew that being desktop-only would be a serious blocker against adoption – if we wanted this to take off, we'd need mobile versions of the app. This meant we had to figure out how to get our stuff running on Android and, later, on iOS. Seeing how I already had some experience with cross-compiling and build automation, I volunteered to delve into the topic.