Manjaro or Arch Linux? If Manjaro is based on Arch, how come is it different from Arch? Read how Arch and Manjaro are different in this comparison article.

• Dark Sky Alternatives on Android: Overdrop, Today, and Appy Weather

• Google adds biometric credit card authentication, touch-to-fill support for Android

• The long-awaited Android Auto update for BMWs is now available

• Android malware posing as Covid-19 contact tracing apps

• Stadia Achievements can now be viewed on iOS and Android

In June, Linux Mint 20 “Ulyana” came in three editions: Cinnamon, MATE, and Xfce, along with many new features. Subsequently, it received a lot of feedback, including both good and bad.

You can check out our review of Linux Mint 20 with features scoring good ratings. Nonetheless, according to the latest popularity statistics revealed in the July month blog, Linux Mint 19.3 “Tricia” is currently the most popular point release compared to any other Mint version.

As you can see in the graph, more than 50% of Linux Mint users use Linux Mint 19.x series. This is even more than combining both the old Mint 18.x and the brand new Mint 20, which represents about 20% of the user base.

We are pleased to announce the launch of Nitrux 1.3.1. This new version brings together the latest software updates, bug fixes, performance improvements, and ready-to-use hardware support.

Nitrux 1.3.1 is available for immediate download.

• Google has a new plan to make online transactions safe for Android smartphone users

• This is the first Android app to cross 10 billion downloads

• Global stable Android 10 upgrade extended for the Xiaomi Redmi Note 7

• Pixel 4a to launch w/ Android 10 as Google prepares to drop support for Pixel 2

• Potential privacy threat to Android owners using COVID exposure notification app won't be fixed until 'later in the third quarter'

• Android malware posing as Covid-19 contact tracing apps

• Today’s Android game/app deals + freebies: 911 Operator, OTTTD, and many more

• Android Circuit: New Galaxy S21 Specs, Three Nokia Surprises, Samsung Loses To Huawei

• Polestar 2 technology review: Android Automotive makes its debut

• Netflix will allow you to change playback speed on Android devices

• YouTube is testing a more prominent upload button on Android

• How to Use an Android Device to Write Raspberry Pi SD cards

New Plasma5 packages for Slackware-current are ready for download & installation. I skipped July (holiday season) and so here is KDE-5_20.08 aka my August 2020 release. Be sure to read the upgrade instructions very carefully to prevent breakage, because starting with my June batch the goal is to remove Slackware’s ConsoleKit2 and replace it with elogind!.

It would not harm if you (re-)read my previous blog article about Plasma5, “Replacing ConsoleKit2 with elogind – first steps“. It has a lot more detail about the reasons for this move as well as guidance on using the Wayland Window Manager (as a test) instead of regular X.Org. Note that Wayland sessions still need a lot of maturing and X.Org will remain Slackware’s default choice.

• Intel Brings IBM POWER CPU Support To Their Deep Neural Network Library

  Besides the code itself to Intel's oneAPI being open-source, the company is being surprisingly open about its support even for areas of usage outside of x86_64 CPUs.

  In addition to the likes of getting Intel oneAPI / Data Parallel C++ on NVIDIA GPUs and other "open" efforts around APIs, they have shown willingness to see different oneAPI components working on non-x86_64 architectures.

• Fedora program update: 2020-31

  Here’s your report of what has happened in Fedora this week. The mass rebuild is underway.

• Build secure applications with OpenShift 4.3 on public cloud

• Ben Hutchings: Debian LTS work, July 2020

  I was assigned 20 hours of work by Freexian's Debian LTS initiative, but only worked 5 hours this month and returned the remainder to the pool.

  Now that Debian 9 'stretch' has entered LTS, the stretch-backports suite will be closed and no longer updated. However, some stretch users rely on the newer kernel version provided there. I prepared to add Linux 4.19 to the stretch-security suite, alongside the standard package of Linux 4.9. I also prepared to update the firmware-nonfree package so that firmware needed by drivers in Linux 4.19 will also be available in stretch's non-free section. Both these updates will be based on the packages in stretch-backports, but needed some changes to avoid conflicts or regressions for users that continue using Linux 4.9 or older non-Debian kernel versions. I will upload these after the Debian 10 'buster' point release.

       

• Chris Lamb: Free software activities in July 2020

  As part of being on the board of directors of the Open Source Initiative and Software in the Public Interest I attended their respective monthly meetings and participated in various licensing and other discussions occurring on the internet, as well as the usual internal discussions regarding logistics and policy etc. This month, it was SPI's Annual General Meeting and the OSI has been running a number of remote strategy sessions for the board.

       

• Jonathan Carter: Free Software Activities for 2020-07

  Here are my uploads for the month of July, which is just a part of my free software activities, I’ll try to catch up on the rest in upcoming posts. I haven’t indulged in online conferences much over the last few months, but this month I attended the virtual editions of Guadec 2020 and HOPE 2020. HOPE isn’t something I knew about before and I enjoyed it a lot, you can find their videos on archive.org.

• The ln Command in Linux: Create Soft and Hard Links

• 4 FAQs to help master KVM management

• Data Manipulation Using Python Pandas On Bash Command Line

• NPM Permissions Are Broken On Linux: Here's The Fix

• Bulk File Transfer with the FTP Adapter

• 5 ways to convert audio files on Linux

If you have ever used two-factor authentication before, then you have probably heard of tools like Google Authenticator. To make use of many of these services, you’ll have to have your phone near you. Luckily, there are desktop authenticator apps that can provide you with the secret key you need to log in to your account. Below are the best authenticator apps for the Linux desktop.

[...]

Yubico works with a hardware security token known as the Yubikey. You can store your credentials on this as opposed to on your device. This hardware security token can even be further secured by choosing to unlock it with either FaceID or TouchID.

With Yubico, you will also be able to easily transition between devices, even after upgrading. The Yubico app lets you generate multiple secrets across devices, making it simple for you to switch.

I have to admit that the security offered by a physical token like the Yubikey is great. However, users must bear in mind that they must have the key with them if they wish to use two-factor authentication. I know you may argue and say this is no better than having to carry a phone with you. However, you can’t put your phone on a keychain! Additionally, it’s tough to crack a hardware token. Someone would have to steal it from you if they wanted to access your data. Even after doing that, they still won’t know any of your passwords or anything else of the sort.

With Yubico Authenticator, you first have to insert your key before you can add services to the app. After inserting your key, you can then add a security token from a service you want to enable two-factor authentication for. This is an app more for a power user due to the steps that must be taken to get it set up.

• oneAPI compatibility with all openSUSE

  As leader of the openSUSE Innovator initiative, openSUSE member and official oneAPI innovator, I tested the new release of the tool on openSUSE Leap 15.1, 15.2 and Tumbleweed. With the total success of the work, I made available in the SDB an article on how to install this solution on the openSUSE platform. More information here: https://en.opensuse.org/SDB:Install_oneAPI.

  oneAPI is an Unified, Standards-Based Programming Model. Modern workload diversity necessitates the need for architectural diversity; no single architecture is best for every workload. XPUs, including CPUs, GPUs, FPGAs, and other accelerators, are required to extract high performance.

  This technology have the tools needed to deploy applications and solutions across these architectures. Its set of complementary toolkits—a base kit and specialty add-ons—simplify programming and help developers improve efficiency and innovation. The core Intel oneAPI DPC++ Compiler and libraries implement the oneAPI industry specifications available at https://www.oneapi.com/open-source/.

• openSUSE Tumbleweed – Review of the week 2020/31

  Week 31 has seen a steady flow of snapshots. The biggest snapshot was 0721, for which we had to do a full rebuild due to changes in the krb5 package, that moved some files around. In order for all packages to keep up with this change, the full rebuild was needed. The week in total has seen 7 snapshots being published (0721, 0724, 0726, 0727, 0728, 0729 and 0730)

• Does Your Organization Need an Open Source Program Office?

  Every modern enterprise uses some open source software, or at the very least uses software that has open-source components. In an enterprise setting, the number of different open source projects an organization might use could easily be in the hundreds of thousands, and there could also easily be just as many engineers using those open source projects.

  While the reality is that enterprises use open source software, open source communities have a completely different culture — one focused on collaboration in a way that is foreign to most standard business environments.

  “As a business, it’s a culture change,” explained Jeff McAffer, who ran Microsoft’s Open Source Program Office for years and now is a director of product at GitHub focused on promoting open source in enterprises. “Many companies, they’re not used to collaboration. They’re not used to engaging with teams outside of their company.”

  What exactly are Open Source Program Offices (OSPOs)? What do they do, who needs them and why? We spoke with a couple of people who lead open source program offices to learn more.

       

• 50 Open Badges awarded for top LibreOffice translators!

  A few months ago, we announced Open Badges for LibreOffice contributors. These are custom images with embedded metadata, awarded to our most active community members to say thanks for their great work!

  The metadata describes the contributor’s work, and the badge can be verified using an external service. Open Badges are used by other free software projects, such as Fedora.

• Ordering Browser Tabs Chronologically to Support Task Continuity

  Product teams working on Firefox at Mozilla have long been interested in helping people get things done, whether that’s completing homework for school, shopping for a pair of shoes, or doing one’s taxes. We are deeply invested in how we can support task continuity, the various steps that people take in getting things done, in our browser products. And we know that in our browsers, tabs play an important role for people carrying out tasks.

  [...]

  Fast forward to this year and the team working on Firefox for iOS was interested in how we might support task continuity involving leaving tabs open. We continued to see in user research the important role that tabs play in task continuity, and we wanted to explore how to make tab retrieval and overall tab management easier.

  In most web browsers on smartphones, tabs are ordered based on when a person first opened them, with the oldest tabs on one end of the interface (top, bottom, left, or right) and the newest tabs stacking to the opposite end of the interface. This ordering logic gets more complex if a new tab is prompted to open when someone taps on a link in an existing tab. A site may be designed to launch links in new tabs or a person may choose to open new tabs for links. The new tab, in that case, typically will open immediately next to the tab where the link was tapped, pushing all other later tabs toward the other end of the interface. All of this gets even trickier when managing more than just a few tabs. This brief demonstration illustrates tab ordering logic in Firefox for iOS before chronological tabs using the example of someone shopping for a good processor.

• Tor’s Bug Smash Fund: Year Two!

  The Bug Smash Fund is back for its second year! In 2019, we launched Tor’s Bug Smash Fund to find and fix bugs in our software and conduct routine maintenance. Maintenance isn’t a flashy new feature, and that makes it less interesting to many traditional funders, but it’s what keeps the reliable stuff working--and with your support, we were able to close 77 tickets as a result.

  These bugs and issues ranged from maintenance on mechanisms for sending bridges via email and collecting metrics data to improving tor padding, testing, onion services, documentation, Tor Browser UX, and tooling for development. This work keeps Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.

• Say hello to the Linux Terminal 2.0 for Chrome OS

  Back in March, prior to the Chrome OS release calendar getting out of whack, the Linux terminal for Chrome OS was undergoing a major facelift that looked to be slated for the release of version 82. Since I generally live in the Canary channel, I was unaware that the update had not taken place. Instead, the refreshed Linux terminal actually arrived in the latest update to Chrome OS 84. Some of you reading this may be thinking “what the heck is a Linux terminal?” and that’s okay. Here’s a quick history lesson.

       

• Linux Mint Monthly News – July 2020

  I’d like to thank you all for your support. Donations are usually quite high after a release and Linux Mint 20 is no exception. We received 924 donations in a single month! That’s quite an impressive number and it makes us feel really proud, both as a project and a community.

  Linux Mint 20 was well received but it introduced new challenges, both as a release and an upgrade. We’ll be focused on tackling these challenges for the next two years as well as implementing exciting refinements and new features in the upcoming point releases. Some of these are already listed on our Trello boards and roadmaps. I’d rather talk about them once they’re implemented and ready to be shipped though. Hopefully this time next month we’ll be able to give you a preview of some of them.

  In last month’s feedback we noted some users would like Linux Mint to package Chromium. We also observed confusion and lack of empowerment when it comes to dealing with foreign packages during the upgrade. These are two areas we’re looking into at the moment.

  LMDE 4 received many updates lately, including the new features from Linux Mint 20 and Cinnamon 4.6.

  A study on the popularity of Linux Mint releases showed some interested results and comforted some of the perception we had of our user base. 

       

• Charmed OSM Release EIGHT available from Canonical

  Canonical is proud to announce the general availability of OSM release EIGHT images in it’s Charmed OSM distribution. As of Release SEVEN, OSM is able to orchestrate containerised network functions (CNFs) leveraging Kubernetes as the underlying infrastructure for next-generation 5G services. Release EIGHT follows the same direction and brings new features that allow for the orchestration of a broader range of network functions and production environments.

  Open Source MANO (OSM) Release EIGHT is the result of great community work in a project that drives the most complete open source network function virtualisation (NFV) orchestrator in the market.

• Full Circle Magazine #159

  This month:
  * Command & Conquer
  * How-To : Python, Podcast Production, and Rawtherapee
  * Graphics : Inkscape
  * Graphics : Krita for Old Photos
  * Linux Loopback
  * Everyday Ubuntu
  * Ubports Touch
  * Review : Ubuntu Unity 20.04
  * Ubuntu Games : Mable And The Wood
  plus: News, My Opinion, The Daily Waddle, Q&A, and more.

• Amazing science from the winners of Astro Pi Mission Space Lab 2019–20

• What is an IoT-Ready PC?

  Can your PC or laptop handle IoT applications? This means it should have the ruggedness and extra connectivity support for IoT devices such as Arduino or Raspberry Pi, while supporting OS such as Windows 10 IoT Core.

• The PongMate CyberCannon Mark III is a surefire way to never lose at beer pong

  If you participate in beer pong, and your skills aren’t up to the challenge, you might be in for a rough time. While “practice makes perfect,” if you’d rather shortcut this process then engineers Nils Opgenorth and Grant Galloway have just the solution with their Arduino-powered PongMate CyberCannon Mark III.

  This wrist-mounted launcher uses a time-of-flight sensor, along with an inertial measurement unit to calculate the vertical and horizontal distance to the red Solo cup, marked with a small laser. Bubble levels help users fix the device in the horizontal direction and five programmable RGB LEDs indicate when it’s ready to shoot.

• BCM MX4305UE Industrial Mini-ITX Motherboard Features Intel Celeron 4305UE Processor

  The board supports both Windows 10 and Linux distributions.

• Apollo Lake industrial mini-PC supports Linux

  Vecow’s Linux-ready, -40 to 75°C tolerant “SPC-4010C” industrial mini-PC is built around a dual-core Apollo Lake SoC with up to 8GB RAM, 2x GbE, SATA, HDMI, 4x USB, and 2x mini-PCIe with SIM card and mSATA.

  Vecow announced a minor revision to its Apollo Lake based SPC-4010 mini-PC called the SPC-4010C. If you already know about the SPC-4010, all you need to do is read the following paragraph. However, if like us, you are new to the SPC-4000 series, you may be interested in joining us for a brief tour of all six Apollo Lake based SPC-4000 models below. The fanless systems supports Linux and Win 10 for machine vision, robot control, infotainment, factory automation, intelligent control, and other compact AIoT applications.

• New Tax Collection Tech Replaces 50-Year-Old System

  Fried said recent updates to the old system had fallen mainly to a single employee who had worked for the office for most of the five decades the system had been in place - and finding another programmer with similar skills would have been challenging. The old system used the COBOL programming language and a traditional mainframe computer, whereas the new system is cloud-based and can be managed entirely remotely.

• Call for Code Daily: tech for the disabled, chatbots, and the final push to submission close

• Godot Release candidate: 3.2.3 RC 3

  Godot 3.2.2 was released on June 26 with over 3 months' worth of development, including many bugfixes and a handful of features. Some regressions were noticed after the release though, so we decided that Godot 3.2.3 would focus mainly on fixing those new bugs to ensure that all Godot users can have the most stable experience possible.

  Here's a third Release Candidate for the upcoming Godot 3.2.3 release. Please help us test it to ensure that no new regressions have slipped through code review and testing.

  Note: The previous 3.2.3 RC 2 was actually not built from the intended commit, and reflected the same changeset as RC 1. Tests made on RC 2 are still valid and useful, but did not help validate the very latest commits, hence this third release candidate. The changes new in this build are thus the ones made between RC 1 and RC 3.

• What Is Fuzz Testing? A Guide.

  Not all software testing techniques have origin stories, but fuzz testing does: On a stormy evening in 1988, Barton Miller, a computer science professor at the University of Wisconsin-Madison, was using a dial-up connection to work remotely on a Unix computer from his apartment. He was attempting to feed input information into a computer program, only to see the program repeatedly crash.

  He knew that the electrical noise from the thunderstorm was distorting his inputs into the program as they traveled through the phone line. The distorted inputs were different from what the software needed from the user, resulting in errors. But as he describes in his book, Fuzzing for Software Security Testing and Quality Assurance, Miller was surprised that even programs he considered robust were crashing as a result of the unexpected input, instead of gracefully handling the error and asking for input again.

  [...]

  Miller’s concern about what he saw during his thunderstorm experience extended beyond the annoyance of having applications crash unexpectedly. Applications that are not able to handle unexpected input also pose security concerns. Errors that aren’t handled by the program are vulnerabilities that attackers can exploit to hack into systems.

  In fact, attackers often use fuzz testing tools to locate vulnerabilities in applications, according to Jared DeMott, the CEO of VDA Labs security testing company and the instructor of several Pluralsight courses on testing.

  “If you follow what we call a secure development lifecycle… fuzzing is one piece of the lifecycle that relates to the testing portion of it,” DeMott said.

• [Old] Infinite scrolling on the web is complexity layered on top of complexity layered on top of complexity

  Does all that stuff sound hard? Sorry, but it’s worse.

• Implementing Recently Played Collection in GNOME Games

  In my previous blog post, I talked about how I added a Favorites Collection to Games. Favorites Collection lists all the games that’s marked as favorite. In this post I’ll talk about what went into adding a Recently Played Collection, which helps you get to recently played games more quickly.

  Since most of the ground work for supporting non-user collections are already done as part of introducing Favorites Collection, it required much less work to add another non-user collection. For Recently Played collection, the main differences from Favorites Collection in terms of implementation are...

• Core Defense offers up a different kind of Tower Defense with deck-building

  Core Defense is a Tower Defense game at it's core but it's quite unusual in how it sprinkles in the content and it's out now with full Linux support. After being in Early Access on itch.io for a few months, it's looking good.

  It takes the usual wave-based approach from your typical TD game but instead of giving you set tower types and specific placements, it's a little more open-ended. As you progress through the waves, you build up your defences based on what cards you pick as rewards, a little like a deck-builder and you use these unlocks to gradually build through the blank canvas of a map you're given.

• 4 ways to back up Steam games on Linux

  Are you a Linux gamer? Do you play a lot of Steam video games? Trying to figure out how to back up your games so you don’t have to keep re-downloading them? If so, this list is for you! Follow along as we talk about 4 ways to back up Steam games on Linux!

• Monster Crown has a new adult take on Pokemon and it's now in Early Access

  With a darker tone, a setting aimed at adults and creatures that might give a few pixelated nightmares, Monster Crown has entered Early Access as a new breed in the genre of monster catching.

  Monster Crown definitely captures some of the spirit of early Pokemon games, with a new and unique take on it. Instead of throwing a magical ball to capture creatures and force them to your will, Monster Crown gets you to offer them a contract and see if they want to join you. It's a little odd but an interesting spin.

• 2020-07-31 | Linux Headlines

  Mitigating the BootHole vulnerability is proving difficult for several major Linux distributions, KDE’s Ark tool issues a security advisory, Cloudflare reduces perceived delays in worker process startup time, and Tor brings back its Bug Smash Fund for a second year.

       

• Free As In Freedom Friday - LIVE

  Just another random GNU/Linux-y live stream. I will converse with the YouTube chat so feel free to post freedom-respecting questions and comments.

       

• Ubuntu Podcast from the UK LoCo: S13E19 – Three manholes

  This week we’ve been going retro; making an Ubuntu Retro Remix and playing ET:Legacy. We discuss the new release of digiKam, Intel GPU driver tweaks, Ubuntu Web Remix, Thunderbird 78 and Mir 2.0! We also round up our picks from the tech news.

       

• Kubernetes from cloud to edge: a workshop for the US

       

• Reproducible Builds (diffoscope): diffoscope 154 released

  The diffoscope maintainers are pleased to announce the release of diffoscope version 154. This version includes the following changes:

  [ Chris Lamb ]
  
  
  
  
  * Add support for F2FS filesystems.
    (Closes: reproducible-builds/diffoscope#207)
  * Allow "--profile" as a synonym for "--profile=-".
  * Add an add_comment helper method so don't mess with our _comments list
    directly.
  * Add missing bullet point in a previous changelog entry.
  * Use "human-readable" over unhyphenated version.
  * Add a bit more debugging around launching guestfs.
  * Profile the launch of guestfs filesystems.
  * Correct adding a comment when we cannot extract a filesystem due to missing
    guestfs module.
  

• BootHole fixes causing boot problems across multiple Linux distros

       

• Red Hat Security Update Renders Systems Unbootable

  Update, shared by PAjamian: Red Hat is now recommending that users do not apply grub2, fwupd, fwupdate or shim updates until new packages are available.

• Red Hat and CentOS systems aren’t booting due to BootHole patches

  Early this morning, an urgent bug showed up at Red Hat's bugzilla bug tracker—a user discovered that the RHSA_2020:3216 grub2 security update and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clean minimal install of Red Hat Enterprise Linux 8.2.

• Bug in widely used bootloader opens Windows, Linux devices to persistent compromise

  CVE-2020-10713, named “BootHole” by the researchers who discovered it, can be used to install persistent and stealthy bootkits or malicious bootloaders that will operate even when the Secure Boot protection mechanism is enabled and functioning.

  “The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected,” the researchers explained.

  “In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.”

  The researchers have done a good job explaining in detail why the why, where and how of the vulnerability, and so did Kelly Shortridge, the VP of Product Management and Product Strategy at Capsule8. The problem effectively lies in the fact that a GRUB2 configuration file can be modified by attackers to make sure that their own malicious code runs before the OS is loaded.

• Security updates for Friday

  Security updates have been issued by Debian (grub2 and mercurial), Fedora (chromium, firefox, and freerdp), Oracle (firefox and kernel), Red Hat (firefox), Scientific Linux (firefox, grub2, and kernel), and SUSE (ghostscript and targetcli-fb). 

 

• Linux warning: TrickBot malware is now infecting your systems [Ed: "Linux warning" is alarmism because it does not do anything on its own, it's just exploiting already-compromised servers, e.g. weak password and misconfiguration]

• Beware! TrickBot Malware Is Now Infecting Linux Devices

• Eight Great Features Of Linux 5.8

  If all goes well the Linux 5.8 kernel will be released as stable this weekend. Linus Torvalds last weekend expressed some uncertainty whether an extra release candidate would be required, but so far this week the kernel Git activity is light, thus for the moment at least is looking like 5.8 will be christened on Sunday. 

  In any case, Linux 5.8 stable should be out either this Sunday or the following weekend on 9 August. After the 5.8 merge window in June we wrote the Linux 5.8 feature overview, but if you forgot about those changes, here is a shorter list looking at eight of the most prominent new features of this kernel...

         

• Intel PMT Framework + Tiger Lake Telemetry Support Updated For Linux

  Back in May I wrote about Intel working on Platform Monitoring Technology or hardware telemetry capabilities that are coming with Tiger Lake. The Linux support continues to be worked on for this "PMT" functionality although it looks like the work won't be ready in time for the imminent Linux 5.9 kernel merge window.

         

• "Speakup" Promoted Out Of Staging For Linux 5.9

  The Speakup screen reader that is built into the kernel and allows for speaking all text printed to the text console from boot-up to shutdown for assisting blind individuals is now being promoted out of staging with Linux 5.9. 

  Speakup has been around for more than a decade so blind users can interact with the video console / VT. There are a number of speech synthesizers supported and has been organized via Linux-Speakup.org as "basically a bunch of blind people who like messing around with Linux and writing cool and, hopefully useful, software." 

• weston 8.0.91

  This is the alpha release for Weston 9.0.0. This release cycle has been
  pretty quiet, with just a few new features:
  
  
  
  
  - A new kiosk shell allows to display regular desktop apps in an
    always-fullscreen mode
  - Improved testing infrastructure: the test harness has been
    redesigned, DRM tests are now supported, DRM and OpenGL tests are now
    enabled in our CI
  - DRM panel orientation property support
  
  
  
  
  As always, a number of bug fixes are included as well.
  
  
  
  
  Thanks to all contributors!
  
  
  
  
  Full commit history below.
  

       

• Wayland's Weston 9.0 Reaches Alpha

  Weston 9.0 release preparations are getting underway. At least compared to the original Weston 9.0 release plans, this Wayland compositor is running about a month behind those plans but in any case the release is now making its way to reality. 

  On Thursday shortly after the Weston kiosk/full-screen shell was merged, Weston 9.0 Alpha was tagged in getting the release process moving forward. Simor Ser is again serving as release manager. 

• RFC: libei - emulated input in Wayland compositors

  I've been working on a new approach for allowing emulated input devices in
  Wayland. Or in short - how can we make xdotool and synergy work? And
  eventually replace them.
  
  
  
  
  The proposal I have is a library for Emulated Input, in short libei.
    https://gitlab.freedesktop.org/whot/libei/
  
  
  
  
  libei has two parts, the client side (libei) for applications and
  a server side (libeis) for the compositor. The two libraries communicate
  with each other (how? doesn't matter, it's an implementation detail) to
  negotiate input devices.
  
  
  
  
  The process is roughly:
  - the libei client connects and says "I am org.freedesktop.SomeApplication
    and I want a pointer and a keyboard device"
  - the libeis server says "ok, you can have a pointer device and a keyboard
    device"
  - the libei client says 'move the pointer by 1/1', etc. and the server does
    just that. or not, depending on context.
  
  
  
  
  There are more details, see the README in the repo and the libei.h and
  libeis.h header files that describe the API.
  
  
  
  
  The sticking point here is: emulated input comes via a separate channel.
  The server a) knows it's emulated input, b) knows who it is coming from and
  c) has complete control over the input.
  
  
  
  
  a) is interesting because you can differ between the events internally. The
  API right now is very similar to libinput's events so integrating it into a
  compositor should be trivial.
  
  
  
  
  b) is somewhat handwavy if an application runs outside a sandbox - any
  information will be unreliable. Flatpak gives you an app-id though and
  with that we can (eventually) do things like storing the allow/deny
  decisions of the user in the portal implementation.
  
  
  
  
  c) allows you to e.g. suspend the client when convenient or just ignore
  certain sequences altogether. The two made-up examples are: suspend EI
  during a password prompt, or allow EI from the software yubikey *only*
  during a password prompt.
  
  
  
  
  Now, the next question is: how do they *start* talking to each other?
  libei provides multiple backends for the initial connection negotiation. My
  goal is to have this work with flatpak portals so an application running
  within the sandbox can be restricted accordingly. Alternatives to this could
  be public DBus interfaces, simple fd passing or (as is implemented right
  now) a named unix socket.
  
  
  
  
  The aim is that a client can simply iterate through all of the options until
  finds a connection. Once that's found, the actual code for emulating input is
  always the same so it's trivial to implement a client that works on any
  compositor that supports some backend of libeis.
  The server part only needs to care about the negotiation mechanisms it
  allows, i.e. GNOME will only have dbus/portal, sway will only have... dunno,
  fd exchange maybe?
  
  
  
  
  Next: because we have a separate channel for emulated input we can hook up
  XTEST to use libei to talk to a compositor. I have a PoC implementation for
  weston and Xwayland:
    https://gitlab.freedesktop.org/whot/weston/-/commits/wip/eis
    https://gitlab.freedesktop.org/whot/xserver/-/commits/wip/xwayland-eis
  With that xdotool can move the pointer. Note this is truly the most minimal
  code just to illustrate the point but you can fill in the blanks and do
  things like the compositor preventing XTEST or not, etc.
  
  
  
  
  This is all in very early stages with very little error checking so things
  will probably crash or disconnect unexpectedly. I've tried to document the
  API to make the intentions clear but there are still some very handwavy
  bits.
  
  
  
  
  Do let me know if you have any questions or suggestions please though.
  
  
  
  
  Cheers,
    Peter
  
  
  
  
  

• LIBEI Yields New Effort For Emulating Input Devices In Wayland

  Red Hat's input expert Peter Hutterer has started writing another library to help the Linux input ecosystem: LIBEI. This new library is focused on offering emulated input device support for Wayland in order to support use-cases like xdotool for automating input events. 

  The LIBEI library is working to support emulated input use-cases on Wayland to offer functionality akin to X11's xdotool automation software or the Synergy software for sharing keyboard/mouse setups between systems. LIBEI consists of a client library for applications and then a server-side library (LIBEIS) for the Wayland compositor integration. These two libraries communicate with each other for negotiating the emulated input events.

• Alejandro Piñeiro: v3dv status update 2020-07-31

  Pipeline cache objects allow the result of pipeline construction to be reused. Usually (and specifically on our implementation) that means caching compiled shaders. Reuse can be achieved between pipelines creation during the same application run by passing the same pipeline cache object when creating multiple pipelines. Reuse across runs of an application is achieved by retrieving pipeline cache contents in one run of an application, saving the contents, and using them to preinitialize a pipeline cache on a subsequent run.

  Note that it can happens that a pipeline cache would not improve the performance of an application once that it starts to render. This is because application developers are encourage to create all the pipelines in advance, to avoid any hiccup during rendering. On that situation pipeline cache would help to reduce load times. In any case, that is not always avoidable. In that case the pipeline cache would allow to reduce the hiccup, as a cache hit is far faster than a shader recompilation.

  One specific detail about our implementation is that internally we keep a default pipeline cache, used if the user doesn’t provide a pipeline cache when creating a pipeline, and also to cache the custom shaders we use for internal operations. This allowed to simplify our code, discarding some custom caches that had alread implemented.

• Raspberry Pi 4 "V3DV" Vulkan Driver Begins Tackling MSAA, Other Improvements

  This month the Raspberry Pi Foundation funded "V3DV" open-source Vulkan driver for the Raspberry Pi 4 began being able to run vkQuake. In ending out July, the developers at consulting firm Igalia who are working on this driver for the Raspberry Pi Foundation shared some of their latest driver activity. 

        

• X.Org's Latest Security Woes Are Bugs In LibX11, Xserver

  The X.Org/X11 Server has been hit by many security vulnerabilities over the past decade as security researchers eye more open-source software. Some of these vulnerabilities date back to even the 80's and 90's given how X11 has built up over time. The X.Org Server security was previously characterized as being even worse than it looks while today the latest vulnerabilities have been made public. 

  CVE-2020-14344 is now public and covers multiple integer overflows and signed/unsigned comparison issues within the X Input Method implementation in the libX11 library. These issues can lead to heap corruption when handling malformed messages from an input method. 

• Python 3.8.5 : PyEphem astronomy library for Python - part 001.

• Creating multiple windows in PyQt5/PySide2

  In an earlier tutorial we've already covered how to open dialog windows. These are special windows which (by default) grab the focus of the user, and run their own event loop, effectively blocking the execution of the rest of your app.

  However, quite often you will want to open a second window in an application, without interrupting the main window -- for example, to show the output of some long-running process, or display graphs or other visualizations. Alternatively, you may want to create an application that allows you to work on multiple documents at once, in their own windows.

  It's relatively straightforward to open new windows but there are a few things to keep in mind to make sure they work well. In this tutorial we'll step through how to create a new window, and how to show and hide external windows on demand.

• Real Python Podcast Interview

  I am on the latest Real Python podcast where I talk about my ReportLab book, wxPython, and lots more.

  The podcast episode that I take part in is called Episode 20: Building PDFs in Python with ReportLab. Check it out and feel free to ask questions in the comments.

• Real Python Episode 20: Building PDFs in Python with ReportLab

  Have you wanted to generate advanced reports as PDFs using Python? Maybe you want to build documents with tables, images, or fillable forms. This week on the show we have Mike Driscoll to talk about his book “ReportLab - PDF Processing with Python.”

  Mike is an author of multiple books about Python, and has recently re-written his Python 101 book. He is also a member of the Real Python team and has written several articles for the site. Along with our discussion about ReportLab and PDFs, Mike talks about being a self-published author. We also talk briefly about his favorite Python GUI framework.

• Bring your Mycroft AI voice assistant skill to life with Python

  In the first two articles of this series on Mycroft, an open source, privacy-focused digital voice assistant, I covered the background behind voice assistants and some of Mycroft's core tenets. In Part 3, I started outlining the Python code required to provide some basic functionality to a skill that adds items to OurGroceries, a grocery list app. And in Part 4, I talked about the different types of intent parsers (and when to use each) and expanded the Python code so Mycroft could provide audible feedback while working through the skill.

  In this fifth article, I will walk through the remaining sections required to build this skill. I'll talk about project dependencies, logging output for debugging purposes, working with the Mycroft web UI for setting values (such as usernames and passwords), and how to get this information into your Python code.

• PSF GSoC students blogs: Week 5 Blog Post

• PSF GSoC students blogs: Week 8