Ubuntu Weekly Newsletter Issue 637

Welcome to the Ubuntu Weekly Newsletter, Issue 637 for the week of June 21 – 27, 2020.

Firebird Project is happy to announce general availability of Firebird 3.0.6

Firebird Project is happy to announce general availability of Firebird 3.0.6 — the 6th point release in the Firebird 3.0 series.

This sub-release offers many bug fixes and also adds a few improvements, please refer to the Release Notes for the full list of changes.

MIXXX: powerful DJ-ing software

Mixxx is a powerful and free (open source) DJ program which allows you perform a live set with up to 4 virtual decks and optionally stream it to a broadcasting server. Common effects like echo, flanger, reverb, bitcrusher are available, and through its LV2 plugin interface you can use many more external effects to spice up your set.
Its master sync feature ensures that the music primed in all your decks stays locked to the beat. You can control pitch and key, or loop a stretch of audio. Quantize your cues and loops so that they start right on the beat all the time. And so on – and all of that with an attractive skinnable user interface.

You can plug in a MIDI controller and map its buttons/knobs/sliders to operate the Mixxx user interface so that you do not have to use your computer’s mouse & keyboard to cue, mangle and cross-fade the audio. There’s actually a lot of presets you can load for the most well-known MIDI controllers like the Novation LaunchPad Mini.

If the JACK daemon is running you can connect Mixxx to it, but it will perform just fine with ALSA as well.

Shoe Carnival Increases Security and Availability with Oracle Ksplice

In this article, we will discuss how Shoe Carnival increased their IT systems security and availability using Oracle Ksplice.

Shoe Carnival, Inc. is one of the nation’s largest family footwear retailers, offering a broad assortment of moderately priced dress, casual and athletic footwear for men, women and children with emphasis on national name brands. The company operates 390 stores in 35 states and Puerto Rico, and offers online shopping.

In keeping with the carnival spirit of rewarding surprises, Shoe Carnival offers their customers chances to win various coupons and discounts. Customers can spontaneously win while spinning the carnival wheel in the store or redeeming an a promotional offer. These specials encourage customers to make a purchase. Customers are also eligible to earn loyalty rewards via a “Shoe Perks” membership. This loyalty program allows them to earn points with each purchase and receive exclusive offers. Members can redeem points and awards either when in store or shopping online.

Can open, collaborative tactics help us crack COVID-19?

At least 109 organizations are currently working on treatment for COVID-19. But many researchers believe an approved, effective vaccine against the coronavirus will not be available in 2020.

Steinar H. Gunderson: Two Chinese video encoders

We looked at various SBCs coupled with video capture cards, but it didn't really work out; H.264 software encoding of 720p60/1080p60 (or even 1080i60 or 1080p30) is a tad too intensive for even the fastest ARM SoCs currently, USB3 is a pain on many of them, and the x86 SoCs are pretty expensive. Many of them have hardware encoding, but it's amazingly crappy quality-wise; borderline unusable even at 5 Mbit/sec. (Intel's Quick Sync is heaven compared to what the Raspberry Pi 4 has!)

So I started looking for all-in-one cheap encoder boxes; ideally with 4G or 802.11 out, but an Ethernet jack is OK to couple with a phone and an USB OTG adapter. I found three manufacturers that all make cheap gear, namely LinkPi, URayTech and Unisheen. Long story short, I ended up ordering one from each of the two former; namely their base HEVC models LinkPi ENC1 and URayTech's UHE265-1-Mini. (I wanted HEVC to offset some of the quality loss of going hardware encoding; my general sentiment is that the advantages of HEVC are somewhat more pronounced in cheap hardware than when realtime-encoding in software.)

The ENC1 is ostensibly 599 yuan (~$85, ~€75), but good luck actually getting it for that price. I spent an hour or so fiddling with their official store at Taobao (sort of like Aliexpress for Chinese domestic users), only to figure out in the very last step that they didn't ship from there outside of China. They have an international reselller, but they charge $130 plus shipping, on very shaky grounds (“we need to employ more people late at night to be able to respond to international support inquiries fast enough”). It's market segmentation, of course. There are supposedly companies that will help you buy from Taobao and bounce the goods on to you, but I didn't try them; I eventually went to eBay and got one for €120 (+VAT) with free (very slow!) shipping.

UHE265-1-Mini was pricier but easier; I bought one directly off of URayTech's Aliexpress store for $184.80, and it was shipped by FedEx in about five days.

Let’s learn about encryption with Digital Making at Home!

5+ Years Late: LLVM's AMD Excavator Target Was Missing Two Features

It took until 2020 for an Intel developer to land a patch providing support for two instructions supported by AMD "Excavator" CPUs but not exposed by the "bdver4" target.

It turns out LLVM's bdver4 target for Excavator CPUs was missing MOVBE and RDRND features. RDRND is for the RdRand hardware random number generator that was new to Excavator / Bulldozer v4. MOVBE is the Big Endian move instruction for going to/from x86 Little Endian format, basically reversing the byte order. MOVBE was also new to AMD CPUs starting with Excavator. RDRND is for calling on the CPU's RdRand capabilities while the MOVBE instruction can be useful in networking processing and related areas when needing to switch endianness.

GCC 11 Now Defaults To C++17 Dialect By Default

Following the proposal at the end of last year over GCC 11 aiming to default to C++17 for its C++ front-end, that change is now in place for GNU Compiler Collection 11.

When not specifying any alternative C++ standard, the default revision has been C++14. But with GCC's C++17 support being mature now for over a year, with the GCC 11 release due out next year it will assume C++17 by default.

Python 3.8.3 : PyCryptodome python package - part 001.

In the last tutorial, I wrote on Sunday, June 16, 2019, you can see a simple example of this python package with KDF with PBKDF2 function.
I guess it should be interesting for visitors to this blog to read more about this package because it is very useful and interesting.
Today I come up with another tutorial covering how to use A.E.S. standard encryption and decrypting text in a binary file.
The A.E.S. is a standard?
The Federal Information Processing Standards Publications (FIPS PUBS) announcing the A.E.S. on November 26, 2001, on the Federal Information Processing Standards Publication 197.

California University Paid $1.14 Million After Ransomware Attack [iophk: Windows TCO]

The University of California, San Francisco paid criminal [attackers] $1.14 million this month to resolve a ransomware attack.

The [attackers] encrypted data on servers inside the school of medicine, the university said Friday. While researchers at UCSF are among those leading coronavirus-related antibody testing, the attack didn’t impede its Covid-19 work, it said. The university is working with a team of cybersecurity contractors to restore the hampered servers “soon.”

Violence on The Streets: No Sign of Stopping

Streets of Rage. How uncanny for a game to carry that name in the first half of 2020! Even more so considering that this sequel had fans waiting for something like 30 years to materialize.

Of course, anyone remembering Streets of Rage (SoR) will inevitably refer to Streets of Rage 2. The first one was a draft, at best, and the third one was a cheaply-made sequel following the pinnacle that the second represents.

When you play video games for a long enough part of your life, you end up realizing that not everything new is better, not every game pushes genres forward.

There are genres where the best games remain, to this very day, in the past. Symphony of the Night is still the master of the Castlevania series. The peak of 2D Mario games were probably on the NES and SNES. The most exciting Sonic episode would be the second one on the Genesis/Megadrive. You may have a different opinion, but there’s a pattern that we can all agree with: popular genres mean increasing revenues, growing revenues bring competition, competition brings new ideas, and new ideas push games to surpass themselves iteration after iteration. But when genres fall out touch with the public, the trend reverses: less investment, less innovation, and newer titles are lesser titles more often than not.

This is especially relevant in the case of the “brawler” genre, to which Streets of Rage belongs. Brawlers are simple to grasp. You control a character (usually a vigilante) and your pass-time is to kick and punch people in the face for breakfast, lunch and dinner.

Something we can all identify with.

Wine (so Proton eventually) takes another step towards Easy Anti-Cheat working

Recently we highlighted the ongoing unofficial work to get Easy Anti-Cheat working in Wine (so Steam Play Proton then too) and it appears another major step has been achieved.

We still don't know what the plan is, if any now, for Easy Anti-Cheat to officially support Wine / Proton and there's been no update from them directly or Epic Games on if it's going to happen. At least, not since they said they would work with Valve in Early 2019. With that in mind, this is very much a community-led effort from a CodeWeavers developer @Guy15241 with help from @0xdt0.

The ongoing EAC work is now at a stage where they've been able to get Dead By Daylight into a game, although with low performance (Guy mentioned 1FPS in the menu). They also shared some shots...

ledger2beancount 2.3 released

I released version 2.3 of ledger2beancount, a ledger to beancount converter.

There are three notable changes with this release:

1) Performance has significantly improved. One large, real-world test case has gone from around 160 seconds to 33 seconds. A smaller test case has gone from 11 seconds to ~3.5 seconds. 2) The documentation is available online now (via Read the Docs).

ASUS Chromebit CS10 Chrome OS PC Stick Sells for $69.99 (Promo)

ASUS Chromebit CS10 was the cheapest Chrome OS hardware when it launched in 2015. Equipped with a Rockchip RK3288-C quad-core processor coupled with 2 GB RAM and 16 GB eMMC. plus one HDMI port and one USB port it was offered for $85.

[...]

The device has been in the wild long enough, that there are instructions to install other Linux distributions alongside Chrome OS including Arch Linux Arm and Ubuntu.

(Raspberry) Pi Commander | The MagPi 95

Puppet introduces beta of cloud-native, event-driven DevOps program: Relay

Puppet is a great DevOps program for managing multiple servers, but it wants to do more than automating server setup, program installation, and system management. The Portland, Oregon-based open-source company wants to automate processes across any cloud infrastructure -- as well as all tools and APIs -- with its new cloud-aware DevOps program Relay.

How to use the Zoom malware safely on Linux if you absolutely have to

“Zoom is malware.”

You should be using Jitsi instead. (Or, if want to live stream to lots of people, pay for something like Vimeo Live if you can.)

IBM Offers Open Source Toolkit for COVID-19 Data Analysis

The toolkit provides a set of Jupyter Notebooks to aggregate and clean up COVID-19 data from authoritative sources as a way to kickstart in-depth analysis.

The Open COVID Pledge – Don’t Say “I Do” Till You Think It Through

We are still facing a global pandemic, yet we can take a measure of hope in the way COVID-19 has brought people and companies together to find solutions to this urgent crisis. One inspiring example of this collaborative effort is the Open COVID Pledge, created the Open COVID Coalition, which “calls on organizations around the world to make their patents and copyrights freely available in the fight against the COVID-19 pandemic.” The Coalition consists of an international group of scientists and lawyers, including notable IP scholars such as Profs. Mark Lemley and Jorge Contreras.

[...]

As reflected in the above examples, there is some flexibility in nature and scope of the license that may be used. For companies interested in using IP offered under the Pledge, it is important to note that such IP may be covered by a number of different licenses and that each license should be reviewed separately. As such, companies using pledged IP will need to have mechanisms in place to ensure compliance with all applicable licenses.

[...]

Companies that have made the Pledge are listed on the Open COVID Pledge website and include a number of well-known technology companies and research institutions. However, the Pledge has not yet seen wide adoption in certain key industries. For example, it does not appear that the Open COVID Pledge has been embraced by the pharmaceutical or medical device industries. In such situations, it is especially important for companies to carefully consider the impacts of being an early (or sole) adopter in an industry.

A new Amiga 1200 Case and Keys in 2020

So, why would I want to do this to my Amiga 1200? Well, my old case is yellowing and so are the keys. The keys and I have never really liked that biscuit and gray look. When I saw the Amiga CDTV with its black keyboard and case, I thought how cool and sleek it looked but I wanted a more traditional computer (at that time) not something that was meant to go on your Hi-Fi stack. Now, today, you can have both the cool black look along with the full fledged Amiga Computer.

Daniel Stenberg: bug-bounty reward amounts in curl

A while ago I tweeted the good news that we’ve handed over our largest single monetary reward yet in the curl bug-bounty program: 700 USD. We announced this security problem in association with the curl 7.71.0 release the other day.

Someone responded to me and wanted this clarified: we award 700 USD to someone for reporting a curl bug that potentially affects users on virtually every computer system out there – while Apple just days earlier awarded a researcher 100,000 USD for an Apple-specific security flaw.

LKRG 0.8 Released For Increasing Linux Kernel Runtime Security

Version 0.8 of the Linux Kernel Runtime Guard (LKRG) has been released for further enhancing the runtime security provided by this out-of-tree kernel code plus other general improvements.

The Linux Kernel Runtime Guard provides runtime integrity checking of the kernel and various runtime detection of different security exploits. This out-of-tree kernel module saw a big update on Thursday in the form of v0.8.

Netbooks: The Next Generation — Chromebooks

Netbooks are dead, long live the Chromebook. Lewin Day wrote up a proper trip down Netbook Nostalgia Lane earlier this month. That’s required reading, go check it out and come back. You’re back? Good. Today I’m making the case that the Chromebook is the rightful heir to the netbook crown, and to realize its potential I’ll show you how to wring every bit of Linuxy goodness out of your Chromebook.

I too was a netbook connoisseur, starting with an Asus Eee 901 way back in 2009. Since then, I’ve also been the proud owner of an Eee PC 1215B, which still sees occasional use. Only recently did I finally bite the bullet and replace it with an AMD based Dell laptop for work.

For the longest time, I’ve been intrigued by a good friend who went the Chromebook route. He uses a Samsung Chromebook Plus, and is constantly using it to SSH into his development machines. After reading Lewin’s article, I got the netbook bug again, and decided to see if a Chromebook would fill the niche. I ended up with the Acer Chromebook Tab 10, codename Scarlet. The price was right, and the tablet form factor is perfect for referencing PDFs.

How we are helping you with computing teaching methods

A look at the ESP8266 for IoT

The Internet of Things (IoT) world is filled with countless microprocessors. One option we have covered in various ways before is the Arduino ecosystem. In the same vein, we now will look at another interesting segment of that community: The WiFi-enabled Espressif ESP8266 chip.

The ESP8266 chip is one of the more ideal chips for home-grown IoT development. It is cheap, has built-in 2.4GHz WiFi capabilities, has up to 17 different general purpose I/O (GPIO) pins available, and can take advantage of the extensive libraries available in the larger Arduino community. Many different commercial IoT devices use the ESP8266 chip; some devices, like those provided by Sonoff are known to be reprogrammable with custom firmware, while other off-brand devices are also known to be unlocked as well. The downside to the ESP8266 is that the SDK is closed-source; consisting of headers and binary libraries distributed under a non-free license that forbids use on anything but the ESP8266.

The lack of source code for the SDK is regrettable, but there still is an open-source community around the chip worth understanding and exploring. For readers unfamiliar with the ESP8266 chip, we will start with how it fits into the Arduino ecosystem.

Save Open Technology Fund, #SaveInternetFreedom

The Tor Project has joined the voices around the world from the internet freedom community and in the U.S. Congress to express concerns about the rapid firing of key personnel and dissolution of the board of directors at the four agencies (Middle East Broadcasting, Radio Free Asia, Radio Free Europe/Radio Liberty, and the Open Technology Fund) under the U.S. Agency for Global Media (USAGM).

Of most immediate concern to Tor is the future of the Open Technology Fund (OTF) and its crucial mission, since 2012, of providing funding for technology that enables free expression, helps people circumvent censorship, and obstructs repressive surveillance.

OTF's Work Is Vital for a Free and Open Internet

Keeping the internet open, free, and secure requires eternal vigilance and the constant cooperation of freedom defenders all over the web and the world. Over the past eight years, the Open Technology Fund (OTF) has fostered a global community and provided support—both monetary and in-kind—to more than four hundred projects that seek to combat censorship and repressive surveillance, enabling more than two billion people in over 60 countries to more safely access the open Internet and advocate for democracy.

OTF has earned trust over the years through its open source ethos, transparency, and a commitment to independence from its funder, the US Agency for Global Media (USAGM), which receives its funding through Congressional appropriations.

Redis Labs Unveils New Open Source Project, RedisRaft

Redis Labs has announced RedisRaft, a new strong-consistency deployment option. The RedisRaft module makes it possible to use Redis and its existing clients, libraries, and data types in beyond-cache scenarios requiring a high level of reliability and consistency.

According to Yossi Gottlieb, chief architect, Redis Labs, the new option makes it possible to operate a number of Redis servers as a single fault-tolerant, strongly consistent cluster, and is based on the Raft consensus algorithm and an open-source C library that implements it.

MariaDB 10.5.4 Release Notes

OpenAPI welcomes the OpenTravel Alliance as its newest member!

OpenTravel is a not-for-profit trade association that develops data messaging structures in order to facilitate communication between the many facets of the travel industry. It is the travel industry's only open-source, interoperability data standard. Using OpenTravel messaging, travelers can search, book, pay and check-in/out in a completely contactless environment.

Announcing the Relay public beta

Today we announce Relay, an event-driven automation platform. Sign up now and try it out! Relay connects infrastructure and operations platforms, APIs, and tools together into a cohesive, easy-to-automate whole. Relay is simple enough for you to start automating common, if-this-then-that (IFTTT) style DevOps tasks in minutes and powerful enough to model multi-step, branching, parallelized DevOps processes when the need arises.

Lynx Analytics Releases LynxKite 4.0 to Democratize Adoption of Graph AI

Lynx Analytics announces the open source release of its Complete Graph Data Science Platform, LynxKite 4.0, after years of development and successful deployments with customers.

With rapidly growing availability of network and relationship data as well as new graph deep learning technologies, Graph AI is the next frontier of machine learning as advocated by leading machine learning experts. By integrating relationship information into machine learning models, graphs are a crucial component in numerous AI applications: network based attribute prediction, fraud detection, product recommendation, infrastructure and operations optimization, drug discovery, etc.

Lynx Analytics releases LynxKite 4.0, an Open Source Graph Data Science Platform, to democratize adoption of Graph AI [Ed: GNU Affero General Public License v3.0]

What is Network Time Security and Why is it Important?

Network Time Security (NTS) is an attempt in the NTP working group of the Internet Engineering Task Force (IETF) to change the NTP authentication to something more useful. Netnod has participated in this standardisation effort and has sponsored the development of several implementations.

On 25 March 2020, the Internet Engineering Steering Group (IESG) of the IETF approved the NTS Internet Draft as an RFC in the Standards Track. It's currently in RFC editor queue awaiting publication as an RFC proper.

Lightweight alternatives to Google Analytics

More and more web-site owners are concerned about the "all-seeing Google" tracking users as they browse around the web. Google Analytics (GA) is a full-featured web-analytics system that is available for free and, despite the privacy concerns, has become the de facto analytics tool for small and large web sites alike. However, in recent years, a growing number of alternatives are helping break Google's dominance. In this article we'll look at two of the lightweight open-source options, namely GoatCounter and Plausible. In a subsequent article, we'll look at a few of the larger tools.

GA is by far the biggest player here: BuiltWith shows that around 86% of the top 100,000 web sites use it. This figure goes down to 64% for the top one-million web sites. These figures have grown steadily for the past 15 years, since Google acquired Urchin and rebranded it as Google Analytics. In addition to privacy concerns, GA is more complex and feature-heavy than some web-site owners need; many of them just want to see how much traffic is going to the pages on their site, and where that traffic is coming from. So it's not surprising that a number of simpler, more open tools have taken off in the past few years.

It should be noted that LWN does use GA, though we are evaluating other choices. Those who turn off ads in their preferences will not be served with the GA code, however.