Language Selection

English French German Italian Portuguese Spanish

Security

Security: Microsoft Windows Strikes Again

Filed under
Microsoft
Security
  • U.S. Coast Guard Issues Alert After Ship Heading Into Port Of New York Hit By Cyberattack

    The U.S. Coast Guard has issued an official warning to owners of ships that cybersecurity at sea needs updating, and updating urgently. In the Marine Safety Alert published June 8, the Coast Guard "strongly encourages" that cybersecurity assessments are conducted to "better understand the extent of their cyber vulnerabilities." This follows an interagency investigation, led by the Coast Guard, into a "significant cyber incident" that had exposed critical control systems of a deep draft vessel bound for the Port of New York in February 2019 to what it called "significant vulnerabilities."

  • Malware on the High Seas: US Coast Guard Issues Alert [iophk: Windows TCO is not a laughing matter. Get rid of it.]

    The ship's network was mainly used for official business, including updating electronic charts, managing cargo data and communicating with shore-side facilities, pilots, agents and the Coast Guard, according to the report.

  • Eurofins Scientific: Forensic services firm paid ransom after cyber-attack [iophk: Windows TCO]

    BBC News has not been told how much money was involved in the ransom payment or when it was paid.

    The National Crime Agency (NCA) said it was a "matter for the victim" as to whether a ransom had been paid.

  • Eurofins Scientific Paid Up in Response to Ransomware Attack: Report [iophk: Windows TCO]

    Luxembourg-based laboratory testing services giant Eurofins Scientific reportedly paid the ransom demanded by cybercriminals following a successful ransomware attack that led to the company taking offline many of its systems and servers.

  • Eurofins Scientific forensics firm pays after hit with ransomware [iophk: Windows TCO]

    Eurofins didn’t disclose how much it paid to retrieve its information but the money was likely paid between June 10, when Eurofins issued a statement about the attack, and June 24 when it published an update saying it had “identified the variant of the malware used” in the attack and had strengthened its cybersecurity.

  • [Old] Combating WannaCry and Other Ransomware with OpenZFS Snapshots [iophk: use FreeBSD, OpenBSD, or GNU/Linux on the desktop to avoid ransomware and servers to avoid ransomware damage]

    OpenZFS is the powerful file system at the heart of every storage system that iXsystems sells and of its many features, snapshots can provide fast and effective recovery from ransomware attacks at both the individual user and enterprise level as I talked about in 2015. As a copy-on-write file system, OpenZFS provides efficient and consistent snapshots of your data at any given point in time. Each snapshot only includes the precise delta of changes between any two points in time and can be cloned to provide writable copies of any previous state without losing the original copy. Snapshots also provide the basis of OpenZFS replication or backing up of your data to local and remote systems. Because an OpenZFS snapshot takes place at the block level of the file system, it is immune to any file-level encryption by ransomware that occurs over it. A carefully-planned snapshot, replication, retention, and restoration strategy can provide the low-level isolation you need to enable your storage infrastructure to quickly recover from ransomware attacks.

Proprietary Software and Security Failures

Filed under
Security
  • Apple has pushed a silent Mac update to remove hidden Zoom web server

    Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

    The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

  • Microsoft denies it will move production out of China

    Nikkei had also previously reported in June that Apple is similarly considering moving between 15% and 30% of all iPhone production out of China and has asked its major suppliers to weigh up the costs.

  • Microsoft's reseller chief explains why it's angering some of its partners by taking away a key perk: 'We can't afford to run every single partner's organization for free anymore'

    Gavriella Schuster, corporate vice president and One Commercial Partner channel chief at Microsoft, says that while it cost the company practically nothing to provide partners with traditional software, it would be a significant expense for the company to provide cloud services like Office 365 for free.

  • KRP: At least 1,000 devices compromised in data breach in Lahti

    KRP on Tuesday revealed that its pre-trial investigation shows that the unauthorised access detected in the city’s data systems earlier this summer was an organised attack rather than an error by an individual user.

    The attacker or attackers managed to cause damage by actively spreading a malware, compromising at least a thousand devices.

  • GnuPG 2.2.17 released to mitigate attacks on keyservers

    gpg: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures. The old behaviour can be achieved by adding keyserver-options no-self-sigs-only,no-import-clean to your gpg.conf. [#4607]

  • Security updates for Thursday

    Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3).

  • What Is Zero Trust Architecture?

    Zero Trust architecture might be popular now, but that doesn’t necessarily mean it’s for you. If you find your needs are met by your current security, you may not want to switch. That said, keep in mind that waiting until you have a security breach isn’t an ideal way to evaluate your security.

  • OpenPGP certificate flooding

    A problem with the way that OpenPGP public-key certificates are handled by key servers and applications is wreaking some havoc, but not just for those who own the certificates (and keys)—anyone who has those keys on their keyring and does regular updates will be affected. It is effectively a denial of service attack, but one that propagates differently than most others. The mechanism of this "certificate flooding" is one that is normally used to add attestations to the key owner's identity (also known as "signing the key"), but because of the way most key servers work, it can be used to fill a certificate with "spam"—with far-reaching effects.

    The problems have been known for many years, but they were graphically illustrated by attacks on the keys of two well-known members of the OpenPGP community, Daniel Kahn Gillmor ("dkg") and Robert J. Hansen ("rjh"), in late June. Gillmor first reported the attack on his blog. It turned out that someone had added multiple bogus certifications (or attestations) to his public key in the SKS key server pool; an additional 55,000 certifications were added, bloating his key to 17MB in size. Hansen's key got spammed even worse, with nearly 150,000 certifications—the maximum number that the OpenPGP protocol will support.

    The idea behind these certifications is to support the "web of trust". If user Alice believes that a particular key for user Bob is valid (because, for example, they sat down over beers and verified that), Alice can so attest by adding a certification to Bob's key. Now if other users who trust Alice come across Bob's key, they can be reasonably sure that the key is Bob's because Alice (cryptographically) said so. That is the essence of the web of trust, though in practice, it is often not really used to do that kind of verification outside of highly technical communities. In addition, anyone can add a certification, whether they know the identity of the key holder or not.

  • FinSpy Malware ‘Returns’ To Steal Data On Both Android And iOS

    As per the researchers, the spyware was again active in 2018 and the latest activity was spotted in Myanmar in June 2019. These implants are capable of collecting personal information such as SMS, Emails, Calendars, Device Locations, Multimedia and even messages from some popular social media apps.

    If you are an iOS user, then the implant is only observed to work on jailbroken devices. If an iOS device is already jailbroken then this spyware can be remotely installed via different mediums like messaging, email, etc. However, the implants have not been observed on the latest version of iOS.

  • New FinSpy iOS and Android implants revealed ITW

    FinSpy is spyware made by the German company Gamma Group. Through its UK-based subsidiary Gamma International Gamma Group sells FinSpy to government and law enforcement organizations all over the world. FinSpy is used to collect a variety of private user information on various platforms. Its implants for desktop devices were first described in 2011 by Wikileaks and mobile implants were discovered in 2012. Since then Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019. Late in 2018, experts at Kaspersky looked at the functionally latest versions of FinSpy implants for iOS and Android, built in mid-2018. Mobile implants for iOS and Android have almost the same functionality. They are capable of collecting personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data from the most popular messengers.

AMD Defects, Linux Affected Also

Filed under
Linux
Hardware
Security
  • AMD's SEV tech that protects cloud VMs from rogue servers may as well stand for... Still Extremely Vulnerable

    Five boffins from four US universities have explored AMD's Secure Encrypted Virtualization (SEV) technology – and found its defenses can be, in certain circumstances, bypassed with a bit of effort.

    In a paper [PDF] presented Tuesday at the ACM Asia Conference on Computer and Communications Security in Auckland, New Zealand, computer scientists Jan Werner (UNC Chapel Hill), Joshua Mason (University of Illinois), Manos Antonakakis (Georgia Tech), Michalis Polychronakis (Stony Brook University), and Fabian Monrose (UNC Chapel Hill) detail two novel attacks that can undo the privacy of protected processor enclaves.

    The paper, "The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves," describes techniques that can be exploited by rogue cloud server administrators, or hypervisors hijacked by hackers, to figure out what applications are running within an SEV-protected guest virtual machine, even when its RAM is encrypted, and also extract or even inject data within those VMs.

  • AMD Ryzen 3000 is experiencing problems with some Linux distributions

    Ryzen 3000 seems to have boot problems with the most modern Linux distributions. The problem affects all operating systems using a 2019 Linux distribution with Linux 5.0/5.1/5.2 kernels.

    This problem is now known to be related to the RdRand command. Remember that the previous Ryzen processors were also not friendly when they used the RNG hardware command, which caused problems on the platform. However, now with Zen2, this is even worse supported, and AMD has not yet officially detected the problem.

  • AMD Posts New CPUFreq Driver For CPPC Support With Zen 2 CPUs

    AMD Zen 2 CPUs support ACPI's Collaborative Processor Performance Control (CPPC) for tuning the system to energy and/or performance requirements. AMD has now published a new CPUfreq driver for handling their CPPC implementation and the new controls found with their new processors.

    The AMD CPPC support with Zen 2 desktop/server/mobile CPUs can be optionally enabled and allows setting min/maximum performance along with desired performance and other knobs for tuning via sysfs.

Security: Patches, CVSS, DANE OPENPGPKEY for debian.org, and Windows Voting Machines

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by Debian (redis), Fedora (expat), Mageia (dosbox, irssi, microcode, and postgresql11), Red Hat (bind, dbus, openstack-ironic-inspector, openstack-tripleo-common, python-novajoin, and qemu-kvm-rhev), Scientific Linux (kernel), SUSE (kernel-firmware, libdlm, libqb, and libqb), and Ubuntu (apport).

  • Why CVSS does not equal risk: How to think about risk in your environment

    I’m going to come right out and say it: CVSS does NOT equal Risk (CVSS!=Risk). Anyone who thinks otherwise is mistaken and setting themselves up for more work, pain, and stress than they realistically should have to go through. A risk is a potential for loss or damage if a threat exploits a vulnerability (which is a weakness in hardware or software). We’ll talk more about all that momentarily.

    Common Vulnerability Scoring System (CVSS) is a toolset and methodology used by many of us in the industry (hardware/software manufacturers, maintainers, etc.) and security researchers to describe the relative severity of security vulnerabilities in a consistent, quantitative way. This data being represented results in a score ranging from lowest 0, to the highest of 10.

    Recently the FIRST CVSS SIG updated the released version 3.1 of the framework which is the point of reference for this post. I'd strongly encourage anyone that uses the framework, or is impacted by security flaws (typically documented with a Common Vulnerabilities and Exposures (CVE) entry) to read the updated procedures and guidance.

  • DANE OPENPGPKEY for debian.org

    I recently announced the publication of Web Key Directory for @debian.org e-mail addresses. This blog post announces another way to fetch OpenPGP certificates for @debian.org e-mail addresses, this time using only the DNS. These two mechanisms are complementary, not in competition. We want to make sure that whatever certificate lookup scheme your OpenPGP client supports, you will be able to find the appropriate certificate.

    The additional mechanism we're now supporting (since a few days ago) is DANE OPENPGPKEY, specified in RFC 7929.

  • Voting Machine Makers Claim The Names Of The Entities That Own Them Are Trade Secrets

    This seems like very basic information -- information the Board should know and should be able to pass on to the general public. After all, these are the makers of devices used by the public while electing their representatives. They should know who's running these companies and who their majority stakeholders are. If something goes wrong (and something always does), they should know who's ultimately responsible for the latest debacle.

    It's not like the state was asking the manufacturers to cough up code and machine schematics. All it wanted to know is the people behind the company nameplates. But the responses the board received indicate voting system manufacturers believe releasing any info about their companies' compositions will somehow compromise their market advantage.

    Hart Intercivic said letting the public know that the company is owned by H.I.G. Hart, LLC and Gregg L. Burt is a fact that would devalue the company if it were made public.

Security Leftovers

Filed under
Security
  • The Router's Obstacle-Strewn Route to Home IoT Security

    It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of Internet of Things security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device.

    IoT device owners aren't the only ones fed up, though. Right behind them is Eldridge Alexander, manager of Duo Labs at Duo Security. Even better, he has a plan, and the experience to lend it some credibility.

    Before assuming his current role at Duo Security, Alexander held various IT posts at Google and Cloudflare. For him, the through-line that ties together his past and present IT work is the security gains that accrue from aligning all of a network's security controls with the principle of zero-trust.

  • Zoom Will Fix the Flaw That Let Hackers Hijack Webcams

    "On the one hand it took over 100 days for them to actually take this seriously and it required public outcry," Leitschuh says. "On the other hand it's a really good thing to see that a company can apologize for their mistakes and be willing to work with the community and researchers. It's now on all of us to hold them accountable."

  • Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

    A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

Qubes OS 4.0.2-rc1 has been released!

Filed under
GNU
Linux
Security

A point release does not designate a separate, new version of Qubes OS. Rather, it designates its respective major or minor release (in this case, 4.0) inclusive of all updates up to a certain point. Installing Qubes 4.0 and fully updating it results in the same system as installing Qubes 4.0.2.

Read more

Security Leftovers

Filed under
Security
  • Matthew Garrett: Bug bounties and NDAs are an option, not the standard

    Zoom had a vulnerability that allowed users on MacOS to be connected to a video conference with their webcam active simply by visiting an appropriately crafted page. Zoom's response has largely been to argue that:

    a) There's a setting you can toggle to disable the webcam being on by default, so this isn't a big deal,
    b ) When Safari added a security feature requiring that users explicitly agree to launch Zoom, this created a poor user experience and so they were justified in working around this (and so introducing the vulnerability), and,
    c) The submitter asked whether Zoom would pay them for disclosing the bug, and when Zoom said they'd only do so if the submitter signed an NDA, they declined.

    (a) and (b ) are clearly ludicrous arguments, but (c) is the interesting one. Zoom go on to mention that they disagreed with the severity of the issue, and in the end decided not to change how their software worked. If the submitter had agreed to the terms of the NDA, then Zoom's decision that this was a low severity issue would have led to them being given a small amount of money and never being allowed to talk about the vulnerability. Since Zoom apparently have no intention of fixing it, we'd presumably never have heard about it. Users would have been less informed, and the world would have been a less secure place.

    [...]

    If your bug bounty requires people sign an NDA, you should think about why. If it's so you can control disclosure and delay things beyond 90 days (and potentially never disclose at all), look at whether the amount of money you're offering for that is anywhere near commensurate with the value the submitter could otherwise gain from the information and compare that to the reputational damage you'll take from people deciding that it's not worth it and just disclosing unilaterally. And, seriously, never ask for an NDA before you're committing to a specific $ amount - it's never reasonable to ask that someone sign away their rights without knowing exactly what they're getting in return.

  • Microsoft July 2019 Patch Tuesday fixes zero-day exploited by Russian hackers [Ed: Let's blame Russia instead of NSA back doors put there by Microsoft. More trash from CBS tabloid ZDNet.]

    Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobe and SAP have also published their respective security updates earlier today.

  • William Brown: I no longer recommend FreeIPA

    The FreeIPA project focused on Kerberos and SSSD, with enough other parts glued on to look like a complete IDM project. Now that’s fine, but it means that concerns in other parts of the project are largely ignored. It creates design decisions that are not scalable or robust.

    Due to these decisions IPA has stability issues and scaling issues that other products do not.

    To be clear: security systems like IDM or LDAP can never go down. That’s not acceptable.

  • Ubuntu Source code is Safe in the Canonical GitHub account hacking!

    The canonical Security is once again under questionable notice. The forum has been hacked thrice on different occasions. In July 2013, details of 1.82 Million users were stolen by hackers followed by the second hacking where 2 million users data were stolen in July 2016 and in July 2019, the Github account of Canonical limited has been hacked.

    This company works behind the distribution of Ubuntu Linux and was hacked on July 6th, 2019. The Security team accepted that the Canonical owned account on Github was compromised on credentials and was used to create disturbance and issues among other activities. Though the company has removed the account from the organization in Github, it is still working on checking out the breach. The company believes that the source code or PII was affected in any way.

  • Azure Sphere OS Built on a Compact, Secured Linux

Tails 3.15 is out

Filed under
GNU
Linux
Security
Debian

This release fixes many security vulnerabilities. You should upgrade as soon as possible.

Read more

GnuPG 2.2.17 released

Filed under
GNU
Security
Hello!

We are pleased to announce the availability of a new GnuPG release:
version 2.2.17.  This is maintenance release to mitigate the effects of
the denial-of-service attacks on the keyserver network.  See below for a
list changes.


About GnuPG
===========

The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation
of the OpenPGP and S/MIME standards.

GnuPG allows to encrypt and sign data and communication, features a
versatile key management system as well as access modules for public key
directories.  GnuPG itself is a command line tool with features for easy
integration with other applications.  The separate library GPGME provides
a uniform API to use the GnuPG engine by software written in common
programming languages.  A wealth of frontend applications and libraries
making use of GnuPG are available.  As an universal crypto engine GnuPG
provides support for S/MIME and Secure Shell in addition to OpenPGP.

GnuPG is Free Software (meaning that it respects your freedom).  It can
be freely used, modified and distributed under the terms of the GNU
General Public License.


Noteworthy changes in version 2.2.17
====================================

  * gpg: Ignore all key-signatures received from keyservers.  This
    change is required to mitigate a DoS due to keys flooded with
    faked key-signatures.  The old behaviour can be achieved by adding
      keyserver-options no-self-sigs-only,no-import-clean
    to your gpg.conf.  [#4607]

  * gpg: If an imported keyblocks is too large to be stored in the
    keybox (pubring.kbx) do not error out but fallback to an import
    using the options "self-sigs-only,import-clean".  [#4591]

  * gpg: New command --locate-external-key which can be used to
    refresh keys from the Web Key Directory or via other methods
    configured with --auto-key-locate.

  * gpg: New import option "self-sigs-only".

  * gpg: In --auto-key-retrieve prefer WKD over keyservers.  [#4595]

  * dirmngr: Support the "openpgpkey" subdomain feature from
    draft-koch-openpgp-webkey-service-07. [#4590].

  * dirmngr: Add an exception for the "openpgpkey" subdomain to the
    CSRF protection.  [#4603]

  * dirmngr: Fix endless loop due to http errors 503 and 504.  [#4600]

  * dirmngr: Fix TLS bug during redirection of HKP requests.  [#4566]

  * gpgconf: Fix a race condition when killing components.  [#4577]

  Release-info: https://dev.gnupg.org/T4606


Getting the Software
====================

Please follow the instructions found at https://gnupg.org/download/ or
read on:

GnuPG 2.2.17 may be downloaded from one of the GnuPG mirror sites or
direct from its primary FTP server.  The list of mirrors can be found at
https://gnupg.org/download/mirrors.html.  Note that GnuPG is not
available at ftp.gnu.org.

The GnuPG source code compressed using BZIP2 and its OpenPGP signature
are available here:

 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2 (6560k)
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2.sig

An installer for Windows without any graphical frontend except for a
very minimal Pinentry tool is available here:

 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.17_2019... (4185k)
 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.17_2019...

The source used to build the Windows installer can be found in the same
directory with a ".tar.xz" suffix.

A new version of Gpg4win incluing this version of GnuPG will be released
in a few days.


Read more

Security: Bug Doors, Samba, GitHub Cracks, Microsoft Entryism

Filed under
Security
  • Zoom.us flaw forces users onto video and audio calls

    The macOS client application for the popular audio and video conferencing service Zoom can be made to forcibly join users to calls, activating Mac microphones video cameras without users being asked for permission, a researcher has found.

  • Years late to the SMB1-killing party, Samba finally dumps the unsafe file-sharing protocol version by default

    Samba says its next release will switch off previously on-by-default support for the aging and easily subverted SMB1 protocol. It can be reenabled for those truly desperate to use the godforsaken deprecated protocol version.

    The open-source SMB toolkit's developers say the Samba 4.11 build, currently in preview, will by default set SMB2_02 as the earliest supported version of the Windows file-sharing protocol.

    "This means clients without support for SMB2 or SMB3 are no longer able to connect to smbd (by default)," the 4.11 release notes read.

    "It also means client tools like smbclient and others, as well as applications making use of libsmbclient are no longer able to connect to servers without SMB2 or SMB3 support (by default)."

    Admins will still have the option to allow SMB1 on their servers if they so choose, but support will be turned off by default.

  • The GitHub account of Canonical who developed popular Ubuntu Linux was hacked[Ed: GitHub is Microsoft's responsibility, so speak to Microsoft. Ubuntu needs to delete GitHub.]
  • GitHub account belonging to Ubuntu Linux maker Canonical hacked [Ed: The account belongs to Microsoft actually. The site is entirely owned by it.]

    “Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected,” the team said.

  • Microsoft to Join Linux Mailing List That Privately Discusses Unpatched Security Issues [Ed: It is pretty revealing that it is mostly Microsoft propaganda sites which push the "Microsoft loves Linux" lie.]

    Microsoft will become a member of the sought after Linux-distros mailing list, which privately discusses non-public security issues. To qualify for the membership, a member must have been submitting fixes for at least a year, with the tech giant’s anniversary and join date on August 5.

  • Microsoft set to join private Linux security mailing list [Ed: Microsoft entryism is progressing inside Linux and Windows promotion sites are pleased.]

    As it stands right now, there are representatives from ALT Linux, Amazon Linux AMI, Arch Linux, Chrome OS, CloudLinux, CoreOS, Debian, Gentoo, Openwall, Oracle, Red Hat, Slackware, SUSE, Ubuntu, and Wind River on the list. According to the list’s information page, issues disclosed here are subject to a maximum embargo period of 14 days but seven days are preferable.

Syndicate content

More in Tux Machines

First Release Candidate of Linux 5.3

  • Linux 5.3-rc1
    It's been two weeks, and the merge window is over, and Linux 5.3-rc1
    is tagged and pushed out.
    
    This is a pretty big release, judging by the commit count. Not the
    biggest ever (that honor still goes to 4.9-rc1, which was
    exceptionally big), and we've had a couple of comparable ones (4.12,
    4.15 and 4.19 were also big merge windows), but it's definitely up
    there.
    
    The merge window also started out pretty painfully, with me hitting a
    couple of bugs in the first couple of days. That's never a good sign,
    since I don't tend to do anything particularly odd, and if I hit bugs
    it means code wasn't tested well enough. In one case it was due to me
    using a simplified configuration that hadn't been tested, and caused
    an odd issue to show up - it happens. But in the other case, it really
    was code that was too recent and too rough and hadn't baked enough.
    The first got fixed, the second just got reverted.
    
    Anyway, despite the rocky start, and the big size, things mostly
    smoothed out towards the end of the merge window. And there's a lot to
    like in 5.3. Too much to do the shortlog with individual commits, of
    course, so appended is the usual "mergelog" of people I merged from
    and a one-liner very high-level "what got merged". For more detail,
    you should go check the git tree.
    
    As always: the people credited below are just the people I pull from,
    there's about 1600 individual developers (for 12500+ non-merge
    commits) in this merge window.
    
    Go test,
    
                Linus
    
  • Linux 5.3-rc1 Debuts As "A Pretty Big Release"

    Just as expected, Linus Torvalds this afternoon issued the first release candidate of the forthcoming Linux 5.3 kernel. It's just not us that have been quite eager for Linux 5.3 and its changes. Torvalds acknowledged in the 5.3-rc1 announcement that this kernel is indeed a big one: "This is a pretty big release, judging by the commit count. Not the biggest ever (that honor still goes to 4.9-rc1, which was exceptionally big), and we've had a couple of comparable ones (4.12, 4.15 and 4.19 were also big merge windows), but it's definitely up there."

  • The New Features & Improvements Of The Linux 5.3 Kernel

    The Linux 5.3 kernel merge window is expected to close today so here is our usual recap of all the changes that made it into the mainline tree over the past two weeks. There is a lot of changes to be excited about from Radeon RX 5700 Navi support to various CPU improvements and ongoing performance work to supporting newer Apple MacBook laptops and Intel Speed Select Technology enablement.

today's howtos and programming bits

  • How to fix Ubuntu live USB not booting
  • How to Create a User Account Without useradd Command in Linux?
  • Container use cases explained in depth
  • Containerization and orchestration concepts explained
  • Set_env.py

    A good practice when writing complicated software is to put in lots of debugging code. This might be extra logging, or special modes that tweak the behavior to be more understandable, or switches to turn off some aspect of your test suite so you can focus on the part you care about at the moment. But how do you control that debugging code? Where are the on/off switches? You don’t want to clutter your real UI with controls. A convenient option is environment variables: you can access them simply in the code, your shell has ways to turn them on and off at a variety of scopes, and they are invisible to your users. Though if they are invisible to your users, they are also invisible to you! How do you remember what exotic options you’ve coded into your program, and how do you easily see what is set, and change what is set?

  • RPushbullet 0.3.2

    A new release 0.3.2 of the RPushbullet package is now on CRAN. RPushbullet is interfacing the neat Pushbullet service for inter-device messaging, communication, and more. It lets you easily send alerts like the one to the left to your browser, phone, tablet, … – or all at once. This is the first new release in almost 2 1/2 years, and it once again benefits greatly from contributed pull requests by Colin (twice !) and Chan-Yub – see below for details.

  • A Makefile for your Go project (2019)

    My most loathed feature of Go was the mandatory use of GOPATH: I do not want to put my own code next to its dependencies. I was not alone and people devised tools or crafted their own Makefile to avoid organizing their code around GOPATH.

  • Writing sustainable Python scripts

    Python is a great language to write a standalone script. Getting to the result can be a matter of a dozen to a few hundred lines of code and, moments later, you can forget about it and focus on your next task. Six months later, a co-worker asks you why the script fails and you don’t have a clue: no documentation, hard-coded parameters, nothing logged during the execution and no sensible tests to figure out what may go wrong. Turning a “quick-and-dirty” Python script into a sustainable version, which will be easy to use, understand and support by your co-workers and your future self, only takes some moderate effort. 

  • Notes to self when using genRSS.py

The Status of Fractional Scaling (HiDPI) Between Windows & Linux

There’s a special type of displays commonly called “HiDPI“, which means that the number of pixels in the screen is doubled (vertically and horizontally), making everything drawn on the screen look sharper and better. One of the most common examples of HiDPI are Apple’s Retina displays, which do come with their desktops and laptops. However, one issue with HiDPI is that the default screen resolutions are too small to be displayed on them, so we need what’s called as “scaling”; Which is simply also doubling the drawn pixels from the OS side so that they can match that of the display. Otherwise, displaying a 400×400 program window on a 3840×2160 display will give a very horrible user experience, so the OS will need to scale that window (and everything) by a factor of 2x, to make it 800×800, which would make it better. Fractional scaling is the process of doing the previous work, but by using fractional scaling numbers (E.g 1.25, 1.4, 1.75.. etc), so that they can be customized better according to the user’s setup and needs. Now where’s the issue, you may ask? Windows operating system has been supporting such kind of displays natively for a very long time, but Linux distributions do lack a lot of things in this field. There are many drawbacks, issues and other things to consider. This article will take you in a tour about that. Read more Also: Vulkan 1.1.116 Published With Subgroup Size Control Extension

Android Leftovers