• Is zero trust living up to expectations?

  Zero trust has been on my radar for almost a decade, as it was part of the environment that enabled network virtualization to take off. We’ve told that story briefly in our SDN book — the rise of microsegmentation as a widespread use case was arguably the critical step that took network virtualization from a niche technology to the mainstream. The term goes back at least to 2009, when it was coined by Forrester analyst John Kindervag and it is possible to draw a line back from there to the principle of least privilege as framed by Saltzer and Schroeder in 1975. That principle states:

  “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.”

• Analyzing pages in a particular state with Lighthouse

  Historically, Lighthouse has analyzed the cold pageload of a page only. Clicking the “Generate report” button reloads the page before Lighthouse runs its tests. This can be problematic when you want to run tests on parts of the UI that are only visible when the user interacts with it. For example, a fly-out navigation, a modal window, or the content in a disclosure widget.

  That has changed with Lighthouse v10. A new experimental feature in Chrome DevTools allows us now to analyze the page in a particular state. Here’s an example: [...]

• SPAs: theory versus practice

  I’ve been thinking a lot recently about Single-Page Apps (SPAs) and Multi-Page Apps (MPAs). I’ve been thinking about how MPAs have improved over the years, and where SPAs still have an edge. I’ve been thinking about how complexity creeps into software, and why a developer may choose a more complex but powerful technology at the expense of a simpler but less capable technology.

  I think this core dilemma – complexity vs simplicity, capability vs maintainability – is at the heart of a lot of the debates about web app architecture. Unfortunately, these debates are so often tied up in other factors (a kind of web dev culture war, Twitter-stoked conflicts, maybe even a generational gap) that it can be hard to see clearly what the debate is even about.

• Turns out gcc has imperative argument handling

  Everything in it has a reason, of course, but the end result is that you get a weird mix where the order matters for some args and not for others PLUS there are imperative arguments: [...]

• History of Version Control Systems: Part 2

  The second generation of version control systems introduced project-level concepts like repositories and new ways to collaborate – merging as an alternative to locking, branches, and networked file systems.

  Some of the most popular VCSs in the second generation were CVS, ClearCase, and Perforce.

• Small Tables

  The problem · As described in a (pretty short) previous episode of this Diary, Quamina matches Patterns to Events, which are flattened into field-name/value pairs for the purpose. We try to match field names and values from Events to those offered in a Pattern. Matching names is easy, they’re immutable strings both in Events and Patterns, and thus the following suffices.

read more

• Russian-backed [crackers] target Lithuanian websites [iophk: Windows TCO]

  Lithuania’s acting director of the National Cyber Security Centre, Jonas Skardinskas, said the disruption was an ongoing distributed denial of service (DDoS) attack that targeted the country’s Secure National Data Transfer as well as other governmental institutions and private companies.

• Russian hacking group takes responsibility for DDoS attacks on Lithuania [iophk: Windows TCO]

  The cyberattacks follow a decision by Lithuania to restrict the transit of steel and ferrous metals to Kaliningrad, a Russian exclave on the Baltic Sea that can only be accessed by land through Lithuania or Poland. Lithuania restricted the goods because of European Union sanctions, but the decision enraged the Kremlin, who denounced the move as unprecedented and unlawful.

• IT system disruptions cause passport issuance delays in Lithuania [iophk: Windows TCO]

  IT system disruptions have caused delays in passport issuance in Lithuania, Evelina Gudzinskaite, director of the Migration Department, confirmed to BNS on Monday.

  Some Lithuanian public agencies and companies have been the targets of cyber-attacks since last week.

  Gudzinskaite did not confirm to BNS that the disruption was due to an attack, but said that information about the incident had been sent to the Information Technology and Communications Department under the Interior Ministry.

• FabricScape: Microsoft patches Azure security flaw affecting only Linux workloads [Ed: Microsoft is now a prime source of anti-Linux FUD, serving to distract from vastly more urgent and critical (usually not even patched) holes in Windows]

  Like most cloud and local environments, Microsoft Azure also acts as an attack vector for malicious actors. Since a security flaw in Azure can potentially impact millions of consumers, it is essential that Microsoft patches such problems in a timely manner. Now, the company has revealed details about one such issue that it recently patched in Azure Service Fabric.

• [Old] I've locked myself out of my digital life

  Imagine…

  Last night, lightning struck our house and burned it down. I escaped wearing only my nightclothes.

  In an instant, everything was vaporised. Laptop? Cinders. Phone? Ashes. Home server? A smouldering wreck. Yubikey? A charred chunk of gristle.

  This presents something of a problem.

  In order to recover my digital life, I need to be able to log in to things. This means I need to know my usernames (easy) and my passwords (hard). All my passwords are stored in a Password Manager. I can remember the password to that. But logging in to the manager also requires a 2FA code. Which is generated by my phone.

• Microsoft promises official fix for Windows VPN issues, but you’ll have to wait

  The fixes for a number of VPN issues that have been plaguing some Windows versions since this month’s Patch Tuesday are coming. Microsoft has finally confirmed that last month’s Patch Tuesday introduced connectivity issues on servers with Routing and Remote Access Service (RRAS) enabled, noting that client endpoints could also struggle to connect to these servers, experiencing connection drops. The fixes will most probably be arriving as part of July’s Patch Tuesday, meaning affected users will need to exercise just a little more patience.

read more

HPLIP 3.22.6 is here exactly two months after the HPLIP 3.22.4 release, which only added support for the Manjaro Linux 21.2 distribution and several new printers, to add support for more recent distributions, including Ubuntu 22.04 LTS, Fedora Linux 36, and MX Linux 21.1.

This means that you can now use your HP printer or scanner device on any of these new Fedora, Ubuntu or MX Linux distributions if you install the HP Linux Imaging and Printing 3.22.6 version.

read more

Russian government agencies, too, are switching from Microsoft's Windows to the Linux operating system, the Moscow Times reported last Friday. Developers of Russian systems based on the Linux open source operating system are also seeing more demand, Kommersant reported.

read more

• Why You Need To Stop Closing Apps On Your Android Phone
• Erase Your Android Phone's Cookies and Cache to Get Rid of Excess Junk Files - CNET
• Here’s how to find Android 13’s emoji-filled Easter egg - The Verge
• Redmi Note 11 Receives Android 12 Update – Phandroid
• Tech Throwback: Remembering Nokia’s First-Ever Android Phone – Phandroid
• Pixel-exclusive safety features may be headed to other Android phones
• The Android clipboard enhancement you didn't know you needed | Computerworld

read more

Autodesk, Inc. is an American multinational software company that makes software products and services for the architecture, engineering, construction, product design, manufacturing, media, education, and entertainment industries. It bills itself as a “… leader in 3D design, engineering and entertainment software”.

The company was founded in 1982 by John Walker, who was a joint developer of the first versions of AutoCAD, the company’s best known software application. Autodesk is listed on the Nasdaq stock exchange, it has over 11,000 employees, and is headquartered in the San Francisco Bay Area.

While Autodesk develops many high quality applications they are proprietary software. And the vast majority of their products are not available for Linux. This series looks at the best free and open source alternatives.

read more

• Return to Monkey Island gets a first gameplay trailer

  Return to Monkey Island, the continuation of the story from he Secret of Monkey Island and Monkey Island 2: LeChuck’s Revenge now has a first gameplay trailer. With a return of series creator Ron Gilbert and developed in collaboration with Lucasfilm Games, it's certainly an exciting game to keep an eye on.

• Elementallis is an upcoming Zelda-like adventure with elemental magic gameplay

  Love your classic Zelda-like adventures? Elementallis looks like a great one to keep an eye on with some interesting elemental magic involved. Funded thanks to Kickstarter a while ago, it's coming to Linux with Native support and there's a demo available.

• Pocket Wheels looks like a fun toy-car playground that will support Linux

  Pocket Wheels looks like what you could imagine in your mind when playing with toy cars as a child and it's on the way to Linux with Native support.

• Onsen Master blends Overcooked with Spirited Away and releases soon

  Blending the frantic action from the Overcooked series with inspiration taken from Studio Ghibli film Spirited Away, the upcoming Linux Native game Onsen Master looks like fun.

• Fech The Ferret is an upcoming vibrant parkour rhythm-platformer

  Love your musical games and want to get into the rhythm? Fech The Ferret looks like a pretty clever blending of ideas.

• Steam Deck gets a set of nice bug fixes in a new client update

  A fresh Steam Deck Client Update is out now pulling in some rather useful sounding bug fixes. They've actually slowed down a little on the updates now, which is actually good to see so hopefully there's something a little bigger cooking in the Valve oven once again.

read more

AMD has released ROCm 5.2 as the newest version of its open-source GPU compute stack...

For consumer Radeon GPUs the "Radeon Software for Linux" packaged driver version has been on the 22.10 series since the end of March. For AMD Radeon PRO professional/workstation graphics the advertised "Radeon Pro Software for Enterprise on Linux" driver is still the 21.Q4 driver from last December. AMD appears to be finally prepping to release the "22.20" packaged driver as the next feature release to this packaged AMD Linux driver stack for those not relying just on the upstream kernel and Mesa...

The Microsoft Dozen "Dzn" code within Mesa that allows for the Vulkan API to be implemented atop Direct3D 12 for benefit on Windows now has a working pipeline cache implementation...

LLVM release manager Tom Stellard of Red Hat has laid out the planned LLVM/Clang 15.0 release schedule for this next major version of this open-source compiler stack...

• Is QT a THREAT to KDE?
• Linux Choice Is It A Bad Thing | Are There To Many Distros?
• 284: Accessibility Interview with Red Hat's Christian Schaller and Lukas Tyrychtr - Destination Linux - TuxDigital

  This week’s episode of Destination Linux, we’re going to be interviewing Christian Schaller and Lukas Tyrychtr about accessibility work being done in Linux. Then we will be discussing a new educational distro that would be perfect for your Chromebook. Plus, we have our tips/tricks and software picks. All this and more coming up right now on Destination Linux to keep those penguins marching!

read more

• How to install ntopng on Ubuntu 22.04?

  In this post, you will learn how to install ntopng in Ubuntu 22.04. This powerful network monitoring tool is a marvel that we can always install to take advantage of it.

• What is the /etc/aliases file – TecAdmin

  /etc/aliases is a text file used to store email aliases on a Linux system. Email aliases are basically nicknames for email addresses. They allow you to send emails to a group of people using a single address, or to redirect emails from one address to another.

  /etc/aliases are typically used to store aliases for the system’s mail server. However, it can also be used to store aliases for any other purpose.

  For example, you could use /etc/aliases to create an alias for your own email address. This file is stored in the /etc directory, which is the standard location for system-wide configuration files. /etc/aliases are usually managed by the system administrator. However, you can also edit /etc/aliases yourself if you need to add or change an alias.

• How to Install LXC to Create Linux Containers on RHEL/CentOS/Rocky Linux

  In this article, I will take you through the steps to install LXC (Linux containers) on RHEL/CentOS/Rocky Linux but before that let’s understand the first LXD. It is a free and open source next-generation system container and virtual machine manager. LXD provides a template that contains images of almost all the major Linux distributions. These images can be used to create Linux containers using the LXC utility. This is a CLI-based client utility provided by LXD. When running a virtual machine, LXD uses the hardware of the host system, but the kernel is provided by the virtual machine. Therefore, virtual machines can be used to run, for example, a different operating system.

• Finding Your Router’s IP Address (Default Gateway) in Ubuntu and Other Linux

  You probably already know how to get your system’s IP address in Linux.

  But how do you know the IP address of your router?

• Guide to Web Application Penetration Testing

  Web application penetration testing is a technique that aims at evaluating web applications and gathering information concerning the possible vulnerabilities and security flaws in the system. The technique involves a series of steps that include identifying vulnerabilities and gathering detailed information on how these vulnerabilities could compromise the web application and impact business.

• How to Cut, Copy and Paste Text in Nano editor?

  GNU Nano is an editor that has a minimal learning curve and hence is widely used for beginner-level guides.

  That doesn't mean that it is as easy to use for beginners as a graphical text editor. Why? because you still have to rely on the keyboard shortcuts to do the basic things such as save, undo, etc.

  How about cut, copy and paste in Nano? Does it require specific keyboard shortcuts too?

  Well, yes and no. You can use the mouse to copy-paste. There are also keyboard shortcuts for the same purpose. To cut, you must use shortcuts.

read more

• The History of RHEL (Red Hat Enterprise Linux) Distribution

  Developed by Red Hat, Red Hat Enterprise Linux, colloquially abbreviated as RHEL, is a commercial opensource Linux distribution tailored for the enterprise market. It is available for both server and desktop versions. For servers, it is available for x86-64, IBM Z, ARM64, and Power ISA. For the desktop version, it is avaiable for the x86-64 architecture.

  The Upstream project on which Red Hat Enterprise Linux major releases are based is Fedora Linux. This is where crucial OS innovations are introduced and thoroughly tested.

• IBM i PTF Guide, Volume 24, Number 26

  There have been some remediations for some issues with the MQSeries message queuing middleware for the IBM i platform, including IBM MQ Version 9.2.4 CD and IBM MQ Version 9.2.5 CD. You can find out more here. As for remediation or fixes, this issue was resolved under APAR IT40453. Upgrade to IBM MQ Version 9.3, there are no workarounds and mitigations.

• Infor Puts CM3 Project On Hold

  Infor is no longer developing an on-premise and containerized version of M3, its ERP system that’s popular with IBM i customers. While the CM3 project is apparently dead, the company is working to certify the latest release of the ERP system on IBM i version 7.5, IT Jungle has learned.

• PowerTech AV Automatically Detects Ransomware Activity [Ed: Fake security which instead of prevention does detection]

  IBM i shops that are concerned about ransomware attacks may be interested in a new release of PowerTech Antivirus from HelpSystems, which can automatically detect ransomware activity on the IBM i system and block it before it can cause damage. There’s also a nifty new “canary file” feature that will hopefully keep IBM i users from falling down the coal mine.

• IBM Mulls Using DataMigrator as Cloud Warehouse Pipeline

read more

While updating packages in your system, you might not want to allow specific packages from transactions, such as updates, for various reasons, such as bugs or instability in the latest release.

Packages such as Kernel, PHP, MySql, Apache, Nginx, Python, etc., are regularly used on the running server. Updating them into unstable releases might lead to a catastrophe event.

read more

Release highlights of open-source email client Thunderbird 102 which brings revamped UI, fresh icons, Matrix chat support and more.

read more

• Greece about to secure Router Freedom but leaves fiber out

  Greece is one step closer to securing Router Freedom, but regulators are excluding fiber (FTTH) connections from the legislation. A coalition of organisations, allies of the FSFE, is now requesting that lawmakers reconsider this and thus safeguard the freedom of all users.

  Since 2021, the regulatory process that defines the network termination point (the NTP) in Greece has been carried out by the Hellenic Telecommunications and Post Commission (EETT). Defining the NTP is necessary to determine whether users have the right to choose their own router and modem or if their Internet Service Providers (ISPs) have the final say over network equipment.

  In April 2022, we welcomed that the Greek regulator proposed legislation safeguarding Router Freedom for common networks, such as DSL and coaxial. This is a leap forward in safeguarding consumer rights. However, in the same proposal, EETT has explicitly excluded fiber connections (FTTH), a decision that has the potential of negatively impacting end-users’ rights. The proposed regulation sets the NTP for fiber connections in a position that would make the optical terminal equipment part of the ISPs’ networks, making home network access equipment the property of the ISP.

  The FSFE assisted a coalition of organisations to respond to the EETT’s public consultation, supporting the regulator to implement Router Freedom for all types of internet connection, including FTTH.

• Sentry: Why we support OSI

  Sentry is a developer-first application monitoring tool that allows development teams to holistically monitor their application health from frontend to backend. Used by 3.5 million developers and 85,000 organizations including some of the world’s best-known companies including GitHub, Peloton, Cloudflare and more.

• IBM’s AI-powered Mayflower ship crosses the Atlantic [Ed: This was a complete failure. It did not even reach its destination.]

  A groundbreaking AI-powered ship designed by IBM has successfully crossed the Atlantic, albeit not quite as planned.

  The Mayflower – named after the ship which carried Pilgrims from Plymouth, UK to Massachusetts, US in 1620 – is a 50-foot crewless vessel that relies on AI and edge computing to navigate the often harsh and unpredictable oceans.

• HPE Allies With Red Hat and SUSE on Containers - Container Journal

  At the HPE Discover 2022 conference, Hewlett-Packard Enterprise (HPE) today expanded its reach into container environments via separate alliances with Red Hat and SUSE.

  The Kubernetes-based Red Hat OpenShift platform along with Red Hat Enterprise Linux (RHEL) operating system and Red Hat Ansible automation platform will be made available via the HPE GreenLake managed service, HPE said.

• Bishop AI: A JavaScript-based Virtual Assistant With Natural Language Processing

  It was created in 2018, making it one of the newest open source software. And it is also released under the MIT license. The program is written in JavaScript, and built to handle Q/A style conversation.

  [...]

  Bishop AI is a MIT project; that’s why it is very likely that you will find it already packaged and available to install.

• AI Based Virtual Assistant in Python

  Many automation tools aims to help user in many fields in their life such as opening any application on the system, play and control music, solve mathematical expressions, getting weather details, and more.

read more

• Notes on running containers with bubblewrap

  Hello! About a year ago I got mad about Docker container startup time. This was because I was building an nginx playground where I was starting a new “container” on every HTTP request, and so for it to feel reasonably snappy, nginx needed to start quickly.

  Also, I was running this project on a pretty small cloud machine (256MB RAM), a small CPU, so I really wanted to avoid unnecessary overhead.

  I’ve been looking for a way to run containers faster since then, but I couldn’t find one until last week when I discovered bubblewrap!! It’s very fast and I think it’s super cool, but I also ran into a bunch of fun problems that I wanted to write down for my future self.

• Fix: Why Isn’t Linux Detecting My Wi-Fi Adapter?

  Historically, Linux has had a somewhat strained relationship with Wi-Fi cards. In recent years, the situation has changed considerably—and for the better—but it is still possible to boot into your new Linux installation and get that sinking feeling when you realize you’ve got no Wi-Fi.

  Installation routines are very good at identifying the various components of the target computer and configuring itself to work with that hardware. But problems can still happen.

  Troubleshooting hardware issues is difficult, especially if the only computer you have on hand is the broken device. Obviously, not everything presented here will be applicable to all cases. But hopefully, something below will either fix your issue or point you in the right direction.

• Open-sourced tool speeds up Linux scripts via parallelization | Network World

  MIT has open-sourced pa.sh (also called pash), a tool that can dramatically speed up Linux scripts by using parallelization, saving time and without risk of introducing errors.

  The process of parallelization first examines a script for code that can be run separately and independently, so not all scripts can benefit from the tool. But when pa.sh does find portions that can run independently, it runs them in parallel on separate CPUs. It also uses other techniques to get the code to run faster.

  Below is a demonstration I ran on my home Fedora box, first running a script on its own and then again using pa.sh. Note that this script was provided with the pa.sh tool and lends itself to parallelization. It’s not nearly as demanding as scripts that might process gigabytes of data in a scientific or artificial-intelligence lab, so the results are not dramatic.

• [GSoC 2022] ARM port and device tree support Phase 1

  The following will show how to compile haiku on osx and run it on qemu (my version: hrev56168)

• Building in Kubernetes Using Tekton

  Continuous integration/continuous delivery (CI/CD) principles offer multiple benefits to software organizations, including faster time to market, higher-quality code, and simpler and faster fault isolation. Applications built using CI/CD pipeline best practices tend to see a huge increase in users over time, necessitating a migration from a large codebase and low-scalability monolithic architecture to a more manageable and efficient microservice architecture.

  Kubernetes is one of the most popular platforms for automating the management, deployment, and scaling processes of microservice applications. Because Kubernetes is complex, though, a framework can help developers and operations teams use the platform to follow CI/CD practices in building applications. This is where Tekton comes in.

• Hetzner cloud and DragonFly

  When you are setting up a DragonFly machine on Hetzner, pay attention to this bug report for dhcp setup. The short answer is “use dhcpcd”.

read more

• Tencent admits to poisoned QR code attack on QQ account
• Sysdig Adds Ability to Make Container Runtimes Immutable - Container Journal

  Sysdig today added a Drift Control capability to its container security platform that makes it possible to lock down runtime environments.

  Daniella Pontes, senior manager for product marketing at Sysdig, says IT teams can now maintain immutable instances of runtimes in production environments that can’t be modified.

  At the same time, Sysdig says it is partnering with Proofpoint to make threat intelligence feeds available to IT teams that have deployed its container security platform.

  The Sysdig container platform is built on Falco, an open source container runtime security platform that is being advanced under the auspices of the Cloud Native Computing Foundation (CNCF).

• Best ways to incorporate security into the software development life cycle

  The software development life cycle is not a one-off process that software developers can implement in a linear form. Instead, there are phases of the SDLC that intertwine into many loops where thorough checks are carried out to ensure the proper outcome of the software.

  However, it’s not just enough to loop through the phases of SDLC without the proper integration of security checks in each phase. So, what, then, makes a secure software development life cycle?

• CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks [Ed: Well, CISA and the media also downplay all the actively-exploited holes in Windows]

  The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.

  The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by other Linux distributions.

  PwnKit has been described as a memory corruption issue that can be exploited for privilege escalation — it allows any unprivileged local user to elevate permissions to root.

read more

Restoring old hardware is always more fun when you can throw in a Raspberry Pi. This project, created by maker and developer David Silverman, does just that, using a Pi to power an old Vox guitar amplifier. Not only does it work as an amplifier, it also has a few special effects thrown in to create custom sounds.

This Pi-powered guitar amp system is housed inside the cabinet of an old Vox amplifier that, according to Silverman, is no longer working. A Pi 3B+ brings back the original functionality, with the help of a class D amplifier and some custom Python scripts created by Silverman himself. The case has been modified to house the Pi and features panels with port access, as well as knobs for the effects array.

Also: Lilbits: Anbernic Win600 (handheld gaming PC), PineNote (Linux-friendly E Ink tablet), Firefox 102 and Chrome OS 103 - Liliputing

read more