• Links 28/10/2020: Linux Dropping WiMAX Support, Istio 1.7.4, Ubuntu is “Hirsute Hippo”
• Linux Foundation (Men for Monopolies) Once Again Hijacking Women's (and Minorities') Voices for Public Relations
• In a State of Flux Due to Maintenance and Improvements
• Links 28/10/2020: Torvalds on Succession, PyTorch 1.7.0
• [Meme] Stealing the Competition
• IRC Proceedings: Tuesday, October 27, 2020
• Links 28/10/2020: FreeBSD 12.2, NixOS 20.09 and WordPress 5.6 Beta 2

• Istio / Announcing Istio 1.7.4

  This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.7.3 and Istio 1.7.4

  

• Kubeflow operators: lifecycle management for the ML stack | Ubuntu

  Canonical, the publisher of Ubuntu, releases Charmed Kubeflow, a set of charm operators to deliver the 20+ applications that make up the latest version of Kubeflow, for easy consumption anywhere, from workstations to on-prem, public cloud, and edge.

  [...]

  Kubeflow provides the cloud-native interface between Kubernetes, the industry standard for software delivery and operations at scale, and data science tools: libraries, frameworks, pipelines, and notebooks.

  Machine learning pipelines on Kubernetes, with Kubeflow pipelines, enable factory-like processes for data science teams. Data scientists can experiment and build data pipelines on a single dashboard, while the underlying operations and infrastructure work are handled by Kubernetes administrators.

 

• Will Kahn-Greene: Everett v1.0.3 released!

  v1.0.3 released!

  This is a minor maintenance update that fixes a couple of minor bugs, addresses a Sphinx deprecation issue, drops support for Python 3.4 and 3.5, and adds support for Python 3.8 and 3.9 (largely adding those environments to the test suite).

  Why you should take a look at Everett

  At Mozilla, I'm using Everett for a variety of projects: Mozilla symbols server, Mozilla crash ingestion pipeline, and some other tooling. We use it in a bunch of other places at Mozilla, too.

  

• Extensions in Firefox 83 | Mozilla Add-ons Blog

  In addition to our brief update on extensions in Firefox 83, this post contains information about changes to the Firefox release calendar and a feature preview for Firefox 84.

  Thanks to a contribution from Richa Sharma, the error message logged when a tabs.sendMessage is passed an invalid tabID is now much easier to understand. It had regressed to a generic message due to a previous refactoring.

• Cryptographic Autonomy License (CAL-1.0): My first license review [Ed: Openwashing licences (i.e. faking 'Open Source' for proprietary software nonsense)]

  The bookmark was creeping on my browser’s toolbar for months. “Cryptographic Autonomy License” CAL-1.0 on the Open Source Initiative webpage. But today, I decided it was time to do my first amateur license review. This is a fun exercise (for me). Do not take this too seriously!

  The Cryptographic Autonomy License is one of newest Open Source licenses on the block. The Open Source Initiative approved it in February 2020. This license also made ripples when it came through. But the question I had, and could not find a clear answer to, was why is it so interesting?

  This blog post is my attempt to do a casual coffee-table review of the license. If you agree or disagree, I encourage you to leave a comment and share your opinion and why!

• Best Music Players for Linux in 2021 [Ed: Almost the whole list is just proprietary software that spies on the GNU/Linux user. This is crazy. Many so-called music players are nowadays just mental surveillance platforms.]

  Many people enjoy listening to music to pass time and destress, and some people even listen to music while working to stay motivated and focused. Studies have shown that soft music can help employees stay motivated and increase productivity.

  If you are a Linux user who enjoys listening to music while you are on your computer, then you are in luck, because there are variety of music players available for Linux. In this article, we are going to discuss the five best music players available for Linux.

• Embrace The Power of GUIs With Yet Another Dialog - YouTube

  Today we're looking at a really neat tool for building GTK dialogs from your terminal called yad otherwise as yet another dialog, this isn't the only tool of it's kind that exists but there is so much that you can do with it that I could just not do a video on it.

• Jill is Back! Plus Ubuntu 20.10, youtube-dl DMCA Takedown & More | Destination Linux 197

  This week we’re going to take a look at Cloud Migration & Backup Strategies and we ask the question what should your personal cloud strategy be. Then we’re going to take a look at Ubuntu 20.10 and see what new features are available in this latest release. Then we discuss the DMCA takedown of Youtube-dl tool and whether this puts other open source tools at risk or is fair game for protecting content creators revenue. In our gaming section we talk about streaming your PS4 games to Linux! Later in the show, we’ll give you our popular tips/tricks and software picks. Plus so much more, on this week’s episode of Destination Linux.

• Edging the Fox | Coder Radio 385

  Microsoft is making aggressive moves to court more and more developers. We put on our analyst hats and lay out the hard cold truth.

  Plus our trouble with Gnomes, your feedback, and martinis on the moon.

• Prepare To Re-Format If You Are Using An Older XFS Filesystem - LinuxReviews

  Linux 5.10 brings several new features to the XFS filesystem. It solves the year 2038 problem, it supports metadata checksumming and it has better metadata verification. There's also a new configuration option: CONFIG_XFS_SUPPORT_V4. Older XFS filesystems using the v4 layout are now deprecated and there is no upgrade path beyond "backup and re-format". The Linux kernel will support older XFS v4 filesystems by default until 2025 and optional support will remain available until 2030.

  A new CONFIG_XFS_SUPPORT_V4 option in Linux 5.10. In case you want to.. still be able to mount existing XFS filesystems if/when you upgrade to Linux 5.10.

  We previously reported that XFS patches for Linux 5.10 delay the 2038 problem to 2486. That's not the only new feature Linux 5.10 brings to the XFS filesystem when it is released early December: It supports metadata checksumming, it has better built-in metadata verification and there is a new CONFIG_XFS_SUPPORT_V4 configuration option. Make sure you don't accidentally say N to that one if you have an older XFS filesystem you'd like to keep using if/when you upgrade your kernel.

• The Linux Kernel Looks To Eventually Drop Support For WiMAX

  With the WiMAX 802.16 standard not being widely used outside of the Aeronautical Mobile Airport Communication System (AeroMACS) and usage in some developing nations, the Linux kernel may end up dropping its support for WiMAX but first there is a proposal to demote it to staging while seeing if any users remain.

  Longtime kernel developer Arnd Bergmann is proposing that the WiMAX Linux kernel infrastructure and the lone Intel 2400m driver be demoted from the networking subsystem to staging. In a future kernel release, the WiMAX support would be removed entirely if no active users are expressed.

  The Linux kernel WiMAX infrastructure is just used by the Intel 2400m driver for hardware with Sandy Bridge and prior, thus of limited relevance these days. That Intel WiMAX implementation doesn't support the frequencies that AeroMACS operates at and there are no other large known WiMAX deployments around the world making use of the frequencies supported by the 2400m implementation or users otherwise of this Linux kernel code.

• Linux Is Dropping WiMAX Support - LinuxReviews

  It's no loss. There is a reason why you have probably never seen a WiMAX device or heard of it, WiMAX was a wireless last-mile Internet solution mostly used in a few rural areas in a limited number of countries between 2005 and 2010. There is very little use for it today so it is almost natural that Linux is phasing out support for WiMAX and the one WiMAX device it supports.

  WiMAX is a wireless protocol, much like IP by Avian Carriers except that it has less bandwidth and significantly lower latency.

  WiMAX (Worldwide Interoperability for Microwave Access) is a set of wireless standards that were used to provide last-mile Internet connectivity where DSL and other solutions were unavailable. WiMAX can work over long distances (up to 50 km), something WiFi can't. The initial design could provide around 25 megabit/s downstream, which was competitive when WiMAX base-stations and modems become widely available around 2005. That changed around 2010 when 4G/LTE become widely available.

  The WiMAX Forum, who maintains the WiMAX standard, tried staying relevant with a updated standard called WiMAX 2 in 2011. Some equipment for it was made, but it never became a thing. WiMAX was pretty much dead by the time WiMAX 2 arrived.

  The standard NetworkManager utility GNU/Linux distributions come with supported WiMAX until 2015. The Linux kernel still supports it and exactly one WiMAX device from Intel as of Linux 5.9, but that's about to change.

• Fedora 33 elections nominations now open

  Candidates may self-nominate. If you nominate someone else, please check with them to ensure that they are willing to be nominated before submitting their name.

  The steering bodies are currently selecting interview questions for the candidates.

  Nominees submit their questionnaire answers via a private Pagure issue. The Election Wrangler or their backup will publish the interviews to the Community Blog before the start of the voting period. Fedora Podcast episodes will be recorded and published as well.

  Please note that the interview is mandatory for all nominees. Nominees not having their interview ready by end of the Interview period (2020-11-19) will be disqualified and removed from the election.

• 12 Tips for a migration and modernization project

  Sometimes migration/modernization projects are hard to execute because there are many technical challenges, like the structure of legacy code, customer environment, customer bureaucracy, network issues, and the most feared of all, production bugs. In this post I'm going to explain the 12-step migration / modernization procedure I follow as a consultant using a tip-based approach.

  I have some experience with this kind of situation because I’ve already passed by different kinds of projects with several kinds of problems. Over time you start to recognize patterns and get used to solving the hard problems.

  So, I thought: Wouldn't it be cool to create a procedure based on my experience, so that I can organize my daily work and give the transparency that the customers and managers want?

  To test this out, I did this for one customer in my hometown. They were facing a Red Hat JBoss EAP migration/modernization project. The results of the project were outstanding. The customer said they were even more satisfied with the transparency. The project manager seemed really comfortable knowing all about the details through the project and pleased with reducing the risk of unexpected news.

• Awards roll call: June 2020 to October 2020

  We are nearly at the end of 2020 and while the pace continues to increase, we want to take a moment to acknowledge and celebrate some of the successes of Red Hat's people and their work. In the last four months, several Red Hatters and Red Hat products are being recognized by leading industry publications and organizations for efforts in driving innovation.

• How developers can build the next generation of AI advertising technology – IBM Developer

  As we look across the most rapidly transforming industries like financial services, healthcare, retail – and now advertising, developers are putting open source technologies to work to deliver next-generation features. Our enterprise clients are looking for AI solutions that will scale with trust and transparency to solve business problems. At IBM®, I have the pleasure of focusing on equipping you, the developers, with the capabilities you need to meet the heightened expectations you face at work each day.

  We’re empowering open source developers to drive the critical transformation to AI in advertising. For instance, at the IBM Center for Open source Data and AI Technologies (CODAIT), enterprise developers can find open source starting points to tackle some of your thorniest challenges. We’re making it easy for developers to use and create open source AI models that can ultimately help brand marketers go deeper with AI to reach consumers more effectively.

• Qt 6 To Ship With Package Manager For Extra Libraries - Phoronix

  Adding to the list of changes coming with the Qt 6 toolkit, The Qt Company has now outlined their initial implementation of a package manager to provide additional Qt6 modules.

• Qt for MCUs 1.5 released

  A new release of Qt for MCUs is now available in the Qt Installer. If you are new to Qt for MCUs, you can try it out here. Version 1.5 introduces new platform APIs for easy integration of Qt for MCUs on any microcontroller, along with an in-depth porting guide to get you going. Additionally, it includes a set of C++ APIs to load new images at runtime into your QML GUI. As with every release, 1.5 also includes API improvements and bug fixes, enhancing usability and stability.

• KDDockWidgets v1.1 has been released! - KDAB - KDAB on Qt

  KDDockWidgets v1.1 is now available!

  Although I just wrote about v1.0 last month, the 1.1 release still managed to get a few big features.

• KDAB TV celebrates its first year - KDAB

  A year ago KDAB started a YouTube channel dedicated to software development with Qt, C++ and 3D technologies like OpenGL. We talked to Sabine Faure, who is in charge of the program, about how it worked out so far and what we can expect in the future.

• How to build a responsive contact form with PHP – Linux Hint

  Contact forms are commonly used in web applications because they allow the visitors of the website to communicate with the owner of the website. For most websites, responsive contact forms can be easily accessed from various types of devices such as desktops, laptops, tablets, and mobile phones.
  In this tutorial, a responsive contact form is implemented, and the submitted data is sent as an email using PHP.

• Applying JavaScript’s setTimeout Method

  With the evolution of the internet, JavaScript has grown in popularity as a programming language due to its many useful methods. For example, many websites use JavaScript’s built-in setTimeout method to delay tasks. The setTimeout method has many use cases, and it can be used for animations, notifications, and functional execution delays.Because JavaScript is a single-threaded, translative language, we can perform only one task at a time. However, by using call stacks, we can delay the execution of code using the setTimeout method. In this article, we are going to introduce the setTimeout method and discuss how we can use it to improve our code.

• Removing Characters from String in Bash – Linux Hint

  At times, you may need to remove characters from a string. Whatever the reason is, Linux provides you with various built-in, handy tools that allow you to remove characters from a string in Bash. This article shows you how to use those tools to remove characters from a string.

  [...]

  Sed is a powerful and handy utility used for editing streams of text. It is a non-interactive text editor that allows you to perform basic text manipulations on input streams. You can also use sed to remove unwanted characters from strings.

  For demonstration purposes, we will use a sample string and then pipe it to the sed command.

• Dissecting a Web stack - The Digital Cat

  Having recently worked with young web developers who were exposed for the first time to proper production infrastructure, I received many questions about the various components that one can find in the architecture of a "Web service". These questions clearly expressed the confusion (and sometimes the frustration) of developers who understand how to create endpoints in a high-level language such as Node.js or Python, but were never introduced to the complexity of what happens between the user's browser and their framework of choice. Most of the times they don't know why the framework itself is there in the first place.
  The challenge is clear if we just list (in random order), some of the words we use when we discuss (Python) Web development: HTTP, cookies, web server, Websockets, FTP, multi-threaded, reverse proxy, Django, nginx, static files, POST, certificates, framework, Flask, SSL, GET, WSGI, session management, TLS, load balancing, Apache.
  In this post, I want to review all the words mentioned above (and a couple more) trying to build a production-ready web service from the ground up. I hope this might help young developers to get the whole picture and to make sense of these "obscure" names that senior developers like me tend to drop in everyday conversations (sometimes arguably out of turn).
  As the focus of the post is the global architecture and the reasons behind the presence of specific components, the example service I will use will be a basic HTML web page. The reference language will be Python but the overall discussion applies to any language or framework.
  My approach will be that of first stating the rationale and then implementing a possible solution. After this, I will point out missing pieces or unresolved issues and move on with the next layer. At the end of the process, the reader should have a clear picture of why each component has been added to the system.

• Introducing AutoScraper: A Smart, Fast and Lightweight Web Scraper For Python | Codementor

  In the last few years, web scraping has been one of my day to day and frequently needed tasks. I was wondering if I can make it smart and automatic to save lots of time. So I made AutoScraper!

• django-render-block 0.8 (and 0.8.1) released!

  A couple of weeks ago I released version 0.8 of django-render-block, this was followed up with a 0.8.1 to fix a regression.

  django-render-block is a small library that allows you render a specific block from a Django (or Jinja) template, this is frequently used for emails when you want multiple pieces of an email together in a single template (e.g. the subject, HTML body, and text body), but they need to be rendered separately before sending.

• Pyston v2: 20% faster Python | The Pyston Blog

  We’re very excited to release Pyston v2, a faster and highly compatible implementation of the Python programming language. Version 2 is 20% faster than stock Python 3.8 on our macrobenchmarks. More importantly, it is likely to be faster on your code. Pyston v2 can reduce server costs, reduce user latencies, and improve developer productivity.

  Pyston v2 is easy to deploy, so if you’re looking for better Python performance, we encourage you to take five minutes and try Pyston. Doing so is one of the easiest ways to speed up your project.

• Pyston v2 Released As ~20% Faster Than Python 3.8 - Phoronix

  Version 2.0 of Pyston is now available, the Python implementation originally started by Dropbox that builds on LLVM JIT for offering faster Python performance.

  Pyston developers believe their new release is about 20% faster than the standard Python 3.8 and should be faster for most Python code-bases.

• Python int to string – Linux Hint

  Python is one of the universal languages that support various types of data types like integer, decimal point number, string, and complex number. We can convert one type of data type to another data type in Python. This data type conversion process is called typecasting. In Python, an integer value can easily be converted into a string by using the str() function. The str() function takes the integer value as a parameter and converts it into the string. The conversion of int to string is not only limited to the str() function. There are various other means of int to string conversion. This article explains the int to string conversion with various methods.

• Python isinstance() Function – Linux Hint

  Python is one of the best and efficient high-level programming languages. It has a very straightforward and simple syntax. It has very built-in modules and functions that help us to perform the basic tasks efficiently. The Python isinstance() function evaluates either the given object is an instance of the specified class or not.

• Sony Engineer Talks Up Using Flutter + Wayland For Their Embedded Interfaces - Phoronix

  A Sony engineer confirmed at this week's Embedded Linux Conference Europe that the company has begun using the Flutter toolkit atop Wayland as their means of developing user-interfaces on embedded systems.

  Hidenori Matsubayashi of Sony talked at ELCE 2020 about their evaluation of different GUI toolkits for embedded use and ultimately how they fell for Flutter and Wayland. They came to that decision when evaluating the likes of Electron, Qt, GTK, WebKit/Chromium with WebView, and the many other options out there.

  Their design requirements were needing to be able to make "beautiful" user interfaces, support easy development, exhibit low CPU and RAM requirements, work across display servers and software stacks, and the toolkit must allow use within proprietary software.

• Linux Support Expectations For The AMD Radeon RX 6000 Series

  Lisa Su is about to begin the presentation unveiling the much anticipated Radeon RX 6000 "Big Navi" (RDNA 2) graphics cards. This article will be updated live as the event progresses but first up let's recap the current Linux open-source driver state for these forthcoming graphics cards.

  Under the codename Sienna Cichlid, the Linux support for the next-generation Navi graphics cards have been underway going back to the middle of the year. There is initial support for the next-gen hardware within the recent released Linux 5.9 kernel and Mesa 20.2. This still puts it just out-of-reach for seeing out-of-the-box support in the likes of Ubuntu 20.10 given the 5.8 kernel so the user must manually move to the newer kernel. At least with the likes of Fedora Workstation 33 there will be Linux 5.9 as a stable release update. Also important to the driver equation is needing to be using LLVM 11.0+ for the GFX10.3 back-end target and also ensuring to have the latest linux-firmware for the binary microcode files needed for GPU initialization.

  So at least going into this launch it's great there is at least open-source driver support available but not necessarily easy reach for all users right now. By the time of the spring 2021 Linux distributions like Ubuntu 21.04 there should be nice out-of-the-box support for those wanting good support without any hassles. Or if you are on an enterprise distribution like RHEL/CentOS or SUSE Linux Enterprise or Ubuntu 20.04 LTS, AMD should be providing their usual Radeon Software for Linux packaged driver that ships updated user and kernel-space components for deploying their driver that way.

• Mesa 20.3 Supports Intel Alder Lake Gen12 Graphics - Phoronix

  Last week Intel open-source engineers began publishing Linux kernel patches for the "Alder Lake S" graphics support. That work should be found in the Linux 5.11 cycle being christened as stable in early 2021. In user-space, Alder Lake graphics patches also appeared for their OpenCL / oneAPI Level Zero compute stack and now merged into Mesa 20.3 as well for OpenGL / Vulkan support.

  Given that Alder Lake is using Intel Xe "Gen12" graphics as found already for Tiger Lake and Rocket Lake, the actual driver-side enablement is quite minimal thanks to employing the existing code paths. The Alder Lake "ADL-S" support was merged into Mesa on Tuesday and is just 20 lines of new code. That consists of just adding the new PCI IDs and then the family bits for the Alder Lake family and indicating they make use of Gen12 features.

• How to Boot Raspberry Pi 4 from USB SSD? – Linux Hint

  Raspberry Pi 4 firmware supports USB boot. You can easily boot your favorite operating system on your Raspberry Pi 4 from a USB HDD, SSD, or a USB thumb drive instead of the traditional microSD card.

  [...]

  In this section, I am going to show you how to enable USB boot on Raspberry Pi 4.

  Before you can enable USB boot on your Raspberry Pi 4, you must update all the existing packages of your Raspberry Pi OS. So that we can update the firmware and enable USB boot.

• Monitoring Temperature in Raspberry Pi – Linux Hint

  Monitoring temperatures may be a requirement in many of your Raspberry Pi projects. It is relatively easy to do in Raspberry Pi and the components required for this project are not too costly.This article shows you how to use the DS18B20 digital thermometer module to monitor temperature using Raspberry Pi. The article also demonstrates how to create a web app to display the temperature.

• Raspberry PI VPN Server with PiVPN - peppe8o

  Raspberry PI can provide a number of linux services able to easily solve problems to manage your home network with cheap solutions. Using an OS based on Debian, it can run Open Source software and drastically help you with your home ICT needs as well as small office needs.

  A common need for increasing networking security and access your home services from outside is having a VPN (Virtual Private Network) server which grants secure access from an external network to your internal services.

  A simple solution to implement OpenVPN or WireGuard (the 2 most widely known VPN open source serices) is using the convenient PiVPN setup tool.

  In this tutorial I’m going to show you how to setup a VPN server with a cheap Raspberry PI Zero Wusing PiVPN and send certificate via email. This guide applies also to newer Raspberry PI boards.

• Understanding YAML for Ansible | Enable Sysadmin

  If you write or use Ansible playbooks, then you're used to reading YAML configuration files. YAML can be deceptively simple and yet strangely overwhelming all at once, especially when you consider the endless possible Ansible modules at your disposal. It feels like it should be easy to jot down a few options in a YAML file and then run Ansible, but what options does your favorite module require? And why are some key-value pairs while others are lists?

  YAML for Ansible can get complex, so understanding how Ansible modules translate to YAML is an important part of getting better at both. Before you can understand how YAML works for Ansible modules, you must understand the basics of YAML.

  If you don't know the difference between a mapping block and a sequence block in YAML, read this quick introduction to the basics of YAML article.

• Using TRIM and DISCARD with SSDs attached to RAID controllers | Enable Sysadmin

  SSDs are now commonplace and have been the default choice for performance-oriented disks in the enterprise and consumer environments for the past few years. SSDs are cool and fast but most people on high-end machines face this dilemma: My SSD is behind a RAID controller which doesn't expose the device's DISCARD or TRIM capabilities. How do I discard the blocks to keep the best SSD performance? Here's a trick to do just that without having to disassemble your machine. Recent improvements in SSD firmware have made the need for the applications writing to SSDs less stringent to use DISCARD/TRIM.

  There are, however, some cases in which you may need to have the filesystem inform the drive of the blocks which it discarded. Perhaps you have TLC (3bits per cell) or QLC (4bits per cell) drives instead of the usually more expensive enterprise-class SLC or MLC drives (the latter are less susceptible to a performance drop since they put aside more extra blocks to help with overwrites when the drive is at capacity). Or maybe you once filled your SSD to 100%, and now you cannot get the original performance/IOPS back.

• How to play Among Us on Linux

  Among Us is incredibly popular, but, sadly, the game does not have a native port for Linux. Thankfully, with a little tweaking, it is possible to get Among Us working on the Linux platform!

• How to add file folders to the XFCE4 menu

  XFCE4 is an excellent Linux desktop environment, but one of its shortcomings is that users aren’t able to access folders directly from the menu like other modern desktops such as Gnome, KDE, Cinnamon, etc.

• How To Install Apache JMeter on Ubuntu 20.04 LTS - idroot

  In this tutorial, we will show you how to install Apache JMeter on Ubuntu 20.04 LTS. For those of you who didn’t know, The Apache JMeter application is open-source software, a 100% pure Java application designed to load test functional behavior and measure performance. It was originally designed for testing Web Applications but has since expanded to other test functions.

  This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of Apache JMeter on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian based distribution like Linux Mint.

• Security updates for Wednesday [LWN.net]

  Security updates have been issued by Debian (blueman), Fedora (nodejs), Gentoo (firefox), openSUSE (kleopatra), Oracle (java-1.8.0-openjdk), SUSE (apache2, binutils, firefox, pacemaker, sane-backends, spice, spice-gtk, tomcat, virt-bootstrap, xen, and zeromq), and Ubuntu (ca-certificates, mariadb-10.1, mariadb-10.3, netty, openjdk-8, openjdk-lts, perl, and tomcat6).

• Italian energy giant Enel hit by Windows NetWalker ransomware

  The Italian multinational energy giant Enel Group appears to have been hit by cyber criminals using the Windows NetWalker ransomware, and some screenshots of data stolen from the company has been posted on the dark web.

• What would you risk for free Honey? | Almost Secure

  Honey is a popular browser extension built by the PayPal subsidiary Honey Science LLC. It promises nothing less than preventing you from wasting money on your online purchases. Whenever possible, it will automatically apply promo codes to your shopping cart, thus saving your money without you lifting a finger. And it even runs a reward program that will give you some money back! Sounds great, what’s the catch?

  With such offers, the price you pay is usually your privacy. With Honey, it’s also security. The browser extension is highly reliant on instructions it receives from its server. I found at least four ways for this server to run arbitrary code on any website you visit. So the extension can mutate into spyware or malware at any time, for all users or only for a subset of them – without leaving any traces of the attack like a malicious extension release.

  [...]

  In the end, I found that the Honey browser extension gives its server very far reaching privileges, but I did not find any evidence of these privileges being misused. So is it all fine and nothing to worry about? Unfortunately, it’s not that easy.

  While the browser extension’s codebase is massive and I certainly didn’t see all of it, it’s possible to make definitive statements about the extension’s behavior. Unfortunately, the same isn’t true for a web server that one can only observe from outside. The fact that I only saw non-malicious responses doesn’t mean that it will stay the same way in future or that other people will make the same experience.

  In fact, if the server were to invade users’ privacy or do something outright malicious, it would likely try to avoid detection. One common way is to only do it for accounts that accumulated a certain amount of history. As security researchers like me usually use fairly new accounts, they won’t notice anything. Also, the server might decide to limit such functionality to countries where litigation is less likely. So somebody like me living in Europe with its strict privacy laws won’t see anything, whereas US citizens would have all of their data extracted.

  But let’s say that we really trust Honey Science LLC given its great track record. We even trust PayPal who happened to acquire Honey this year. Maybe they really only want to do the right thing, by any means possible. Even then there are still at least two scenarios for you to worry about.

  The Honey server infrastructure makes an extremely lucrative target for hackers. Whoever manages to gain control of it will gain control of the browsing experience for all Honey users. They will be able to extract valuable data like credit card numbers, impersonate users (e.g. to commit ad fraud), take over users’ accounts (e.g. to demand ransom) and more. Now think again how much you trust Honey to keep hackers out.

  But even if Honey had perfect security, they are also a US-based company. And that means that at any time a three letter agency can ask them for access, and they will have to grant it. That agency might be interested in a particular user, and Honey provides the perfect infrastructure for a targeted attack. Or the agency might want data from all users, something that they are also known to do occasionally. Honey can deliver that as well.

• Thought Apple's iPhone was always faster than Android? This news will make you think again

• Here's what's new with Android 11 on the Pixel 5

• Nokia 5.3 model running on Google's latest Android 11 OS hits Geekbench

• How to Fix YouTube Server Connection Error [400] on Android

• A New Ransomware Threat Kidnaps Android User Data

• This is the list of apps that Android users should avoid downloading

• The art of 4k android TV boxes

• Huawei Freebuds Pro Review: One of the BEST ANC wireless earbuds for Android

• Android Developer

• A Go program displays song lyrics line by line

• Teaching Three Times

• Christmas fun for makers

• Kernel News

• Quick and easy with PySimpleGUI

• Simple steps for securing your Linux system

• Cloning multiple computers with Clonezilla SE

• Rsync for website backup in a shared hosting environment Back End Backup

• This month in Linux Voice.

• Essential software tools for the working scientist

• KDE neon 5.20.0 and elementary OS 5.2

• The Glitter

  This month, the Wisconsin state government declined to pay the refundable tax subsidies to Foxconn, the Taiwanese conglomerate that arrived in Wisconsin in 2017 with the promise of a plant that would make LCD TVs and monitors and employ 13,000 people. It seems this "project" never did really get off the ground. The original vision of 13,000 workers soon scaled down to 5,200; then it plummeted still further as no one seemed to have a vision for what these people were going to do. After it became clear that it wouldn't be profitable to make LCD screens (something neither the company nor the state seriously investigated before announcing the deal), Foxconn searched for other uses of the gigantic space they had already built. Casting about for an endeavor that would allow them to hang onto the subsidies, they explored alternatives such as innovation services, fish farming, and storage. Eventually, they just started adding workers to hit the minimum target of 520 employees by the end of 2019, but the government concluded these last-minute employees, many of whom didn't have a clear job assignment, were not eligible to be counted under the terms of the contract. As of now, there is still no plan for what to do with the space, but it seems very unlikely that anyone will ever use it for LCD fabrication or any other high-tech manufacturing.

  It is always easy to point fingers after this kind of train wreck. The administration of former Wisconsin governor Scott Walker certainly deserves some heat for their naivetÈ. The national administration didn't help, declaring at the ground breaking that the Foxconn plant would be the "eighth wonder of the world." And, if you're one who believes that all Asian companies are scarily efficient and well run, the recent story of the Wisconsin project at The Verge [1] will surely disabuse you of this preconception with regard to Foxconn.

• A personal wiki for the command line

• Tips for securing your SSH server

• FOSSPicks

• A user-friendly Arch Linux derivative

• News

• Managing servers with the Cockpit admin tool

• Seven general-purpose Git utilities

• Measure system runtime with tuptime Stopwatch

• Asciidoctor: AsciiDoc with new functions Performance Enhanced

• Eureka!

• Building a database front end with Jam.py

• Distros with KDE Plasma support

• How to Build a New PC For Linux - Make Tech Easier

  Often times you will receive a recommendation that you should install Linux on an older PC. The thing is, Linux works extremely well on a new custom built PC, too. There are many users that are looking for a brand new Linux PC for home office use, workstation use, or other specialized uses. Here we walk you through how to build a new PC for Linux.

• Build and connect more subway systems in a free Mini Metro content update | GamingOnLinux

  Mini Metro, the wonderful subway train-track building sort-of puzzle game just recently had a nice free content upgrade with more on the way. It's something of a masterpiece, and very highly rated so it's awesome to see it expand.

  Across multiple maps you gradually build up and design a transport network that rapidly expands, the point is to get people across to the correct station as quickly as possible. It's a hard game to pin down to a particular genre too. Is it a puzzle game? Is it a strategy game? Well, both sort-of and it's also both relaxing and often a little stressful too but it's brilliant and many things more.

• Dying Light has a Left 4 Dead 2 crossover event and a free DLC | GamingOnLinux

  Love kicking ass and destroying Zombies? Check out the latest update to the excellent open-world parkour action in Dying Light with a new Left 4 Dead crossover event.

  The special experience is live now until October 29 18:00, which will see you battle the Viral Rush event which is meant to emulate the hordes that appear in Left 4 Dead. To make it a bit more interesting and unique Techland added in a "new type of shotgun ammo that gives the infected a taste of fire and brimstone". If you don't like it, you can turn off the special events like this in the menu.

• The Zone: Stalker Stories to offer a unique blend of exploration and deck-building | GamingOnLinux

  A thoroughly curious blend of genres this one with The Zone: Stalker Stories offering up exploration, deckbuilding, card battles and RPG elements. On top of that, you're also getting treated to a visual novel styled story that's being carefully crafted by industry veterans from Illuminated Games who worked on the likes of Mount&Blade, The Next World and more.

  Inspired by the likes of Slay the Spire, S.T.A.L.K.E.R and Darkest Dungeon it's not going to be a roguelike, instead their plan is to offer a richly detailed story experience with hand-crafted environments with plenty to explore and secrets to find.

• PS5 DualSense controller will support Android

• TCL 10 5G UW is an affordable next-gen Verizon Android smartphone

• YouTube update brings new controls to iPhone and Android: here's how to use them

• ColorOS 11 Beta based on Android 11 arrives for Reno 4 Pro 5G in UAE & Saudi Arabia

• Xiaomi Redmi Note 8 finally gets its MIUI 12 update with Android 10

• What Are the Best Casinos With Android Apps?

• This is the list of apps that Android users should avoid downloading

• Google Pixel 4a review: Impressive camera and Android experience

• Google’s Android Enterprise Recommended site now shows how long devices are supported for

• Android L Will Keep Your Secrets Safer

• Android TV: Inside Google's TV platform

• 30 of the scariest Android games that are perfect for Halloween 2020

• Surf the web more securely on Chrome for Android by activating Enhanced Safe Browsing

Aaeon’s -10 to 60°C tolerant “Boxer-8250AI” AI edge computer runs Linux on a Jetson Xavier NX along with 5x GbE ports for IP cameras plus 4x USB 3.0, 2x COM, and an HDMI port.

Aaeon has launched a $1,116 computer for embedded AI processing that combines the Nvidia Jetson Xavier NX module of its more compact Boxer-8251AI with a feature set like its Jetson Nano based Boxer-8220AI. The new Boxer-8250AI is larger than the Boxer-8220AI at 175.8 x 100 x 39mm and similarly provides 5x GbE ports for running IP cameras.

Orchard Audio has launched an $800 “PecanPi Streamer Ultra” that adds a 5-inch touchscreen to the Raspberry Pi 3-based audio streamer. Orchard is also prepping a “PecanPi USB/SPDIF” DAC and amp that overrides your computer or phone audio.

Last year, Orchard Audio found success with a well-reviewed PecanPi DAC Raspberry Pi add-on and PecanPi Streamer device based on it. Now, the company has returned with a PecanPi Streamer Ultra, a larger, 195 x 120 x 100mm variant of the Streamer with a 5-inch, 800 x 480-pixel touchscreen. Orchard Audio also teased a PecanPi USB/SPDIF (see farther below).

Following last week's Ubuntu 20.10 "Groovy Gorilla" release, Ubuntu 21.04 development is now getting underway as the Hirsute Hippo.

Succeeding the "GG" series is Ubuntu 21.04 the Hirsute (Hairy) Hippo in following their usual naming convention. This is now the third time of Ubuntu seeing a "HH" release following the Ubuntu 5.04 Hoary Hedgehog and Ubuntu 8.04 Hardy Heron releases.

The release schedule for Ubuntu 21.04 puts the official release on 22 April, the beta on 1 April, and the feature freeze on 25 February as the prominent dates of the cycle.

The Ubuntu 21.04 toolchain upload is beginning tomorrow and expect more Debian changes to begin flowing into the Ubuntu Hirsute archive shortly. Hirsute uploads can be monitored via Launchpad.

Also: Ubuntu 21.04 gets the codename ‘Hirsute Hippo'

The Ubuntu 21.04 Codename Revealed — It’s Hairy ‘n Huge!

And We’re Off: Ubuntu 21.04 Development Begins

When I first started using Linux in the late 1990s, getting Linux to successfully run on a laptop was the stuff of legends. You might be able to get a distribution installed, but having functional wireless connectivity or sound might well be beyond your skill level. Sometimes it'd mean compiling a custom kernel or installing/patching firmware. No matter what route you took, it required time and effort enough that when you did finally get everything working as it should, you felt like a rock star.

Those were the days.

These days, Linux just works. It's a rare occasion that I run into a piece of hardware that Linux cannot handle. Sure, you might have to install a driver now and then, but even those bits of software are readily available.

• Introduction to Blender for Beginners – Linux Hint

  If you are a 3D computer graphics or animation enthusiast and are in search of some 3D modeling software, then you have come to the right place. There are many 3D modeling software programs available, many are good and are doing their jobs quite well, but they all come with a hefty price tag and high subscription fees. There is no need to pay heavy subscription fees when you have a free and powerful 3D creation tool at your fingertips, known as a Blender. Blender is a popular and open-source 3D creation software that can be used in 3D printer designs. It is a robust program that supports the entire pipeline of 3D creation, which includes modeling, shading, rigging, animation, and rendering. There is no need to get any supplementary programs because Blender lets you make games and edit videos.

  Blender is quite easy to learn and has a great community to support you. This article introduces the basics of the Blender software to beginners. We will discuss the Blender user interface and some essential shortcut keys. If you are a beginner and want to start 3D modeling in Blender, then this article is for you.

• How To Install Wireguard on Ubuntu 20.04 LTS - idroot

  In this tutorial, we will show you how to install Wireguard on Ubuntu 20.04 LTS. For those of you who didn’t know, Wireguard is an open-source, dependable, advanced, VPN tunneling software you can install and use right now to create a secure, point-to-point connection to a server. It is cross-platform and can run almost anywhere, including Linux, Windows, Android, and macOS. Wireguard is a peer-to-peer VPN. it does not use the client-server model. Depending on its configuration, a peer can act as a traditional server or client.

  This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of Wireguard on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian based distribution like Linux Mint.

• How To Use Dockerfiles In Docker - Anto Online

  This post will explain how to use Dockerfiles in Docker. Learn how to launch Wordpress and MariaDB using your own Dockerfile.

• How To Install Wine on Linux Mint 20 - idroot

  In this tutorial we will show you how to install Wine on Linux Mint 20, as well as some extra required package by Wine

• How to Extract and Open a .gz File in Linux Command Line – Linux Hint

  We know that a file in a computer system can be as small as a few Bytes or as large as a thousand Gigabytes. When you want to transmit a file from one end to another, its size plays a very important role in deciding whether you want to send it as it is or compress it. The .gz file format is a very commonly used compressed file format for the Linux operating system. Today, we will explore the methods of extracting and opening a .gz file in Linux.

• How to Install and Configure an FTP server (vsftpd) with SSL/TLS on Ubuntu 20.04

  In this tutorial, we will learn how to install and configure an FTP Server using vsftpd on an Ubuntu 20.04 based server. We will also learn how to sec...

• How to Reset Forgotten Root Password in Ubuntu? – Linux Hint

  In any UNIX or Linux system, the root account is the top in the hierarchy. It holds the utmost power over the system. For any system change, the root has to grant permission. The root user can also override any user’s permission and read or write data. Because the root account holds so much power, it is important to protect it from unwanted access.In the case of Ubuntu, the root account is disabled by default. However, you can still perform system changes. To do so, you need to know the root password. The problem arises when you have forgotten the root password.

• Julius, the open source re-implementation of Caesar III has a new major release | GamingOnLinux

  Caesar III continues to live on and get improvements on modern systems thanks to open source, with the Julius game engine continuing to mature.

  On October 27, Julius 1.5.0 was released continuing to upgrade the experience. The current status is that it should be fully playable, with it largely focused on accuracy with the original game but with plenty of UI enhancements.

  

• Upcoming RPG 'Moonshell Island' will have you fight giant tomatoes with a whisk | GamingOnLinux

  You've faced monsters before aplenty but what about nomsters? Moonshell Island looks and sounds like a delightful and rather quirky upcoming RPG.

  Set on a whimsical island, Moonshell Island will feature a cast of charming characters, a "satisfying" action-battle system, plenty of mini-games and a "heartwarming tale of achieving dreams, supporting friends, and building a community". On a peaceful island these strange nomsters threaten the peace so "you must journey to find the source of the trouble and recruit the islanders to a safe haven, Crabby’s Cabana Club. As the club population grows, more services become available to aid you on your quest to uncover not only the secrets of the island, but also of yourself".

  

• The Last Relic is an upcoming RPG inspired by Earthbound and Chrono Trigger | GamingOnLinux

  Enjoyed classics like Earthbound and Chrono Trigger? Take a look at The Last Relic, an in-development RPG from developer Christopher Hall Guay.

  "The Last Relic follows the tale of a young girl named Ellie who is transported from her cozy, American life to a foreign realm of magic and monsters. Lost and alone, she wanders this new land aimlessly, wishing only to get back home. She's attacked by monsters only to be rescued by a young man named Dorian. It's here Ellie learns that she is far from Earth, in the land of Relics and Relic Hunters. Why was she brought here? And will she ever make it back home?"