This page permanently redirects to gemini://gemini.techrights.org/2022/06/03/notkia/.

● 06.03.22

Gemini version available ♊︎

● Links 04/06/2022: Notkia and Severe Flaws in Dominion Voting Systems

Posted in News Roundup at 6:14 pm by Dr. Roy Schestowitz

GNU/Linux

=> ↺ Notkia puts a Linux PC inside the shell of a Nokia 1680 cellphone

• he Nokia 1680 classic is a basic cellphone that was released in 2008 just as smartphones were starting to become a thing. Designed for phone calls, texting, and not much else, the phone has a small screen, a numeric keypad, and support for 2G networks.

• But a hardware hacker going by Remu NotMoe has scooped out the guts of the phone and replaced them with a custom printed circuit board (PCB) and other components to transform the Nokia 1680 classic into the Notkia: a pocket-sized Linux computer/communication device.

Audiocasts/Shows

=> ↺ Write A Script To Search the Arch Wiki (OFFLINE!) – Invidious

• Every few weeks, I get the sudden urge to do some bash scripting. Today, I’m going to create a simple bash script that uses dmenu to search an offline copy of the Arch Wiki. Follow along with me, and we should be able to knock this script out in under 30 minutes.

=> ↺ The official Steam Deck Dock was DELAYED! – Invidious

=> ↺ A BRAND NEW Steam Deck update just hit! – Invidious

=> ↺ The Story of the Internet and How it Broke Bad: A Call For Public-Interest Technologists – Invidious

• Bruce Schneier at the International Symposium on Technology and Society, November 12, 2020.

Instructionals/Technical

=> ↺ How to Install Fail2ban on Ubuntu 22.04 | Mark Ai Code

• Fail2ban is a free and open-source IPS that helps administrators safeguard Linux servers against brute-force assaults. Python-based Fail2ban has filters for Apache2, SSH, FTP, etc. Fail2ban blocks the IP addresses of fraudulent login attempts.

• Fail2ban scans service log files (e.g. /var/log/auth.log) and bans IP addresses that reveal fraudulent login attempts, such as too many wrong passwords, seeking vulnerabilities, etc. Fail2ban supports iptables, ufw, and firewalld. Set up email alerts for blocked login attempts.

=> ↺ How to Use the scp Command on Linux

• The scp command makes copying files between Linux computers easy and secure. It uses SSH security, but best of all, it is simple. If you can use cp, you can use scp.

=> ↺ How to deploy Joomla with Docker | TechRepublic

• Joomla is a world-class, open-source content management system that is search-engine and mobile-friendly, multilingual and flexible; it also offers unlimited design potential. With more than 110 million downloads, 10,000+ extensions and templates, Joomla is used on 2 million+ websites. You might deploy Joomla for business websites or portals, e-commerce or online publications.

• With the help of Docker, you can quickly deploy a containerized version of Joomla and use it for just about anything. Let’s do just that.

=> ↺ Setup Replicated GlusterFS Volume on Ubuntu – kifarunix.com

• Follow through this tutorial to learn how to setup replicated GlusterFS volume on Ubuntu. There are different types of Volume architectures that you may want to consider.

=> ↺ How to Add User in Linux – Linux Nightly

• In this tutorial, you will see how to create a new user in Linux from command line and GUI.

=> ↺ Easy multifactor authentication in Django – Oli Warner

• Use django-multifactor to make your Django websites extra-secure by requiring a secondary authentication factor. Disclaimer: I made this.

=> ↺ How to install AbiWord on a Chromebook

• Today we are looking at how to install AbiWord on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

=> ↺ How to manage Flatpak permissions with Flatseal | TechRepublic

• Flatpak apps are gaining serious popularity on Linux distributions but managing the permissions of those apps can be a challenge. But with this handy GUI tool, those permissions are simple to deal with.

=> ↺ Why You Should Use A Computer Specifically Meant For Bitcoin Transactions And How To Do It

• Tails is an operating system that boots from a USB thumb drive and temporarily takes over the hardware of any computer. It uses Tor connections only, so you’d need to be comfortable using Tor. None of the data that you write to memory during your session is saved to the drive (it starts fresh every time), unless you tweak the settings and create a permanent storage option (on the USB thumb drive), which you lock with a password.

• It’s not a bad option and it’s free, but it’s a little clunky for our purposes. Installing new software on it is not a breeze. One good feature is that it comes with Electrum, but the downside of this is that you didn’t install it yourself. Make sure the USB drive you use is at least 8GB.

• Your flexibility is reduced if you use Tails. You may not be able to follow various guides to set up what you need and get it working properly. For example, if you follow my guide to installing Bitcoin Core, there are modifications needed to make it work. I don’t think I’ll be making a Tails specific guide, so you’d need to build your skills and do it alone.

• I also am not sure how well hardware wallets will interact with this OS.

• Having said all this, a Tails computer for bitcoin transactions is a nice additional option, and it will certainly help your overall privacy skills to learn to use Tails.

Desktop Environments/WMs

=> ↺ State of the Budgie: May 2022

• One of the biggest developments this month is that we held our first two workshops, where we talked about a wide range of topic from our Core Values, Consensus Creation, organization structure, Budgie 10 development items, Budgie 11 – and more.

• The goal of these workshops was to provide a transparent process for everyone to get involved and express their thoughts / opinions, whether they were brand new faces to the community, long-time contributors, or just folks dropping by in Twitch chat. These were held over Google Meet and used Miro for our collaborative whiteboard.

=> ↺ Budgie team details plans for Budgie 10, 11

• Joshua Strobl, the lead developer of Budgie, the (currently) Gtk+-based desktop, posted a lengthy article about the state of the project and the future it’s embarking on. Budgie had been in a feature-freeze and maintenance mode for a long time, but now that Strobl is no longer involved with the Linux distribution Solus, Budgie has become truly independent, and development can pick up again.

• The article touches upon a lot – such as the way the Budgie developers intend to lead the project, how they want to involve the community as much as they can, and similar things. They don’t want to mandate defaults or force distributions into “stock” Budgie. They intend to take this pretty far.

GNOME Desktop/GTK

=> ↺ #46 Going Mobile · This Week in GNOME

• Update on what happened across the GNOME project in the week from May 27 to June 03.

=> ↺ ep0: The Journey Begins | My Blog

• Hey! I’m Thejas Kiran P S, a sophomore pursuing my Bachelor’s in Computer Science. I have been selected to GNOME organization as a GSoC’22 contributor and will be working on Pitivi. Pitivi is a non-linear video editor based on the GStreamer Editing Services library.

=> ↺ My Vacation in Android Land | Indulgent Ramblings

• Recently I was pulled into a project to build an Android app at Endless. While Android is Linux, it’s quite a bit different than “traditional” Linux. In our case, we’re trying to assemble a Python app into an Android app using python-for-android (aka, p4a). As you might imagine, this adds a couple more layers to the mix, which is always fun.

Distributions and Operating Systems

New Releases

=> ↺ NixOS 22.05 released

• Version 22.05 of the NixOS distribution is out. “”NixOS is already known as the most up to date distribution and is the distribution with the most packages. This release saw 9345 new packages and 10666 updated packages””. Significant changes include an update to version 2.8.0 of the Nix package manager with experimental support for flakes, GNOME 42, and many new services; see the release notes for details.

BSD

=> ↺ pfSense vs Netgear Router: Compare Features & Pricing

• pfSense is a fully open-source network firewall solution that is free to use and is based on the FreeBSD operating system. It works with a host of routers and appliances, and you can even build your own if you need the added customization and options.

• pfSense also offers its own routers under the name Netgate for those who want an experience closer to a bundled hardware and software option, such as with Netgear, but with the added options and flexibility pfSense offers.

Fedora Family / IBM

=> ↺ Fedora Community Blog: Friday’s Fedora Facts: 2022-22

• Here’s your weekly Fedora report. Read what happened this week and what’s coming up. Your contributions are welcome (see the end of the post)!

• Fedora Linux 34 reaches end of life on Tuesday 7 June.

• I have weekly office hours on Wednesdays in the morning and afternoon (US/Eastern time) in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. See the upcoming meetings for more information.

Devices/Embedded

=> ↺ The Astro Slide phone is a throwback you’ll want to throw away | Digital Trends

• If you really want a smartphone with a physical keyboard, just how much are you prepared to forgive about the rest of it to get one? That’s the dilemma with Planet Computers’ Astro Slide 5G phone, as sure enough it has a slide-out mechanical keyboard, but the rest of the phone leaves a lot to be desired.

Open Hardware/Modding

=> ↺ GetFit is a DIY fitness tracker based on the Nano 33 BLE Sense | Arduino Blog

• When it comes to fitness tracking, the average consumer would most likely reach for a smartwatch or similar wearable band. These all work by using their internal accelerometers and gyroscopes to sense motion and detect when a certain action, such as stepping or lifting a weight, has been completed. But to further simplify the process by eliminating the need to select a workout before starting an exercise routine, Nekhil and Shebin Jacob have worked together to come up with the GetFit fitness tracker.

• The GetFit is a battery-powered device that uses machine learning to detect not only when an action has been done, but also what kind of workout is being performed. They achieved this by gathering plenty of samples from a Nano 33 BLE Sense’s onboard accelerometer and training a Keras model with the help of the Edge Impulse Studio. It can accurately identify between arm circles, pushups, squats, and anything else in the future while also disregarding anomalous data.

=> ↺ A real-world health bar for Old School RuneScape | Arduino Blog

• For those of us of a certain age, RuneScape provides a deep sense of nostalgia. The original RuneScape MMORPG died off in popularity many years ago, but Old School RuneScape, which launched in 2013, recently gained traction once again. As with most MMORPGs, Old School RuneScape gives the player a health readout in the form of hit points. Austin Blake wanted to see his character’s health in the real world and turned to Arduino to make it happen.

• Blake chose to display his hit points on a heart-shaped LED array. It indicates health through both color and level. At full health, all of the LEDs light up in green. At half health, only half of the LEDs are lit and they light up in amber. The LEDs are strips of Adafruit NeoPixels and Blake controls them with an Arduino Nano Every board running the FastLED library. Those mount into a 3D-printed frame that Blake designed in Autodesk Fusion 360.

Mobile Systems/Mobile Applications

=> ↺ Murena and /e/ Foundation launch privacy-centric smartphones • The Register

• The /e/ Foundation’s de-Googled version of Android 10 has reached the market in a range of smartphones aimed at the privacy-conscious.

• The idea of a privacy-centric version of Android is not new, and efforts to deliver are becoming friendlier all the time. The Register interviewed the founder of the /e/ Foundation in 2020, and reported on /e/ OS doing rather well in privacy tests the following year. Back then, the easiest way to get the OS was to buy a Fairphone, although there was also the option of reflashing one of a short list of supported devices.

• Now there’s another option: a range of brand-new Murena phones. The company supplied The Register with a Murena One for review, with a pre-release version of the /e/ OS installed.

Free, Libre, and Open Source Software

=> ↺ Adopting Open Source Firmware Approach for Intel FSP

• We have heard you, and we agree with you: “Innovation thrives in an open, democratized environment where people can connect, collaborate, and respond together to new stimuli.…. This free exchange increased our ability to learn from one another.” [1] Under this exact sentiment, we hereby request a pledge from Intel to adopt an open source friendly development approach for silicon firmware delivery.

• According to the published technical article by Subrata Banik from Google (Open Source Firmware Development: Reduce Firmware Support Package (FSP) boundary on Intel® SoC Platform) [2], there are imminent and industry-wide demands calling for a more open source approach in the host firmware space. Let’s examine the current situation and define the most feasible path forward.

=> ↺ Why the State of Diversity in Open Source Is Improving

=> ↺ LinuxCNC translators life just got a bit easier

• Back in oktober last year, when I started looking at the LinuxCNC system, I proposed to change the documentation build system make life easier for translators. The original system consisted of independently written documentation files for each language, with no automated way to track changes done in other translations and no help for the translators to know how much was left to translated.

Web Browsers

Mozilla

=> ↺ Trevor Project’s Kevin Wong Shares What’s In His Corner of the Internet

Productivity Software/LibreOffice/Calligra

=> ↺ ONLYOFFICE is the Google Workspace for your home office | ZDNet

• Jack Wallen explains why ONLYOFFICE might be a great Google Workspaces alternative and how to deploy it to a local server with Docker.

Programming/Development

=> ↺ Why Is Go Good?

• The five co-creators of the Go language, Russ Cox, Robert Griesemer, Rob Pike, Ian Lance Taylor and Ken Thompson, have co-authored a paper in this month’s edition of Communications of the ACM in which they address the question, Why has Go grown in popularity when so many other language projects have not?

• As outlined in The Go Programming Language and Environment which is freely accessible online, Go was created at Google in late 2007 and released as open source in November 2009. Since then, it has operated as a public project, with contributions from thousands of individuals and dozens of companies. It is a garbage-collected, statically compiled language with support for concurrency and parallelism, which helped take advantage of the multicore machines that were becoming mainstream during its early years. It initial popularity must have been helped by its Google connections.

Perl / Raku

=> ↺ The File Access Operators: To Use, or Not to Use

• The file access operators are, for the purpose of this blog entry, the file test operators -r, -w, -x, -R, -W, and -X. The upper case operators test the ability of the user’s real UID to read, write, or execute the file being tested. The lower case operators do the same for the user’s effective UID.

• Though Perl provides these, their documentation comes with cautions about their use. The rest of this blog entry represents my thoughts on their use or avoidance.

• The primary limitation on these operators is that they only test the mode bits returned by the stat() function. The result of this test does not guarantee what will happen if you actually try to operate on the file. For example, most operating systems support Access Control Lists (ACLs) on files, and these can override the mode bits. Even without these, a file system can be mounted read-only, and this will probably not be reflected in the results of the -w and -W tests. An executable file can be corrupt in various ways, including something as simple as a shebang line that points to a non-existent executable.

Leftovers

Science

=> ↺ ‘Mind-boggling’ scrambled genome found in octopus and squid. It could explain their smarts. | Live Science

• Squid, octopus and cuttlefish have scrambled-up genomes that may help explain how these cephalopods evolved the most complicated nervous systems of any invertebrate.

• New genetic sequencing reveals that these animals’ genes are mixed up, arranged in strange orders not seen in other, non-cephalopod species. This DNA mixing and matching may have given evolution a new sandbox to play in, study co-author Caroline Albertin, a biologist at the University of Chicago Marine Biological Laboratory, told Live Science.

=> ↺ Quantum computing startup probed in report, securities suit

• Quantum computing startup IonQ is facing a securities fraud lawsuit after a barrage of accusations came to light in a blistering report from Scorpion Capital, which claims the company lied about the maturity (and even existence of) its quantum device in addition to a smattering of claimed financial fictions.

• The Scorpion Capital report, issued May 3, provides a rigorously scathing assessment of the IonQ technology, which is described as “a useless toy that can’t even add 1+1″ as assessed by internal experiments run by unnamed but numerous quantum experts hired by Scorpion and exhaustively detailed in the full report [PDF].

Hardware

=> ↺ The Era of Exascale Computing Has Arrived. What Does That Even Mean?

• FLOPS or floating point operations per second is a measurement of computing performance particularly important in the field of scientific computing where floating point operations are a requirement. An exaflop translates to 10^18 flops and 1.1 exaflops equates to 1,100,000,000,000,000,000 flops. That is a lot of operations per second!

• There are so many moving pieces to Frontier and I am proud to say that I am part of a smaller team that works on the Lustre file system that runs on the Cray Clusterstor E1000 storage system on the backend of Frontier. So, what does this mean?

Health/Nutrition/Agriculture

=> ↺ How COVID-19 Raised Indonesian Society’s Awareness of Green Architecture

• A decreasing number of COVID-19 patients and easing travel restrictions have begun in several countries across the globe, including Indonesia. In May 2022, the Indonesian government dropped the outdoor mask mandate as the pandemic got more and more under control. Soon, this pandemic will end and people will move on, but the question is: what will happen then? This question emerges as a result of many aspects of life in Indonesia being affected by the pandemic itself, such as the economy, business, politics, health, etc., with the adjustments needed in each. What about architecture?

• [...]

• Present-day, The Breeze BSD has become one of the most sought-after destinations among Jakarta and South Tangerang residents. Other aspects closely related to architecture are adjusting as well. Property developers have begun marketing a new commercial shophouse concept that provides outdoor space. For example, Melody Shophouses in BSD has a balcony and a terrace as an outdoor area. In landscape architecture, many places around Jakarta, such as Mangrove Park Kapuk and San Antonio Promenade PIK, highlight their outdoor experiences.

Security

=> ↺ CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X

• CISA has released an Industrial Controls Systems Advisory (ICSA) detailing vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot.

=> ↺ Vulnerabilities Affecting Dominion Voting Systems ImageCast X

• This advisory contains mitigations for Improper Verification of Cryptographic Signature, Mutable Attestation of Measurement Reporting Data, Hidden Functionality, Improper Protection of Alternate Path, Path Traversal: ”../filedir’, Execution with Unnecessary Privileges, Authentication Bypass Spoofing, Incorrect Privilege Assignment, and Origin Validation Error vulnerabilities in versions of Dominion Voting Systems Democracy Suite ImageCast X software.

=> ↺ Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134

• Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of tmhis vulnerability..

=> ↺ How to prevent future cyber incidents in local schools

• Despite local schools going online following the pandemic, the cybersecurity threat prevails – here’s how to prevent future cyber incidents

=> ↺ EnemyBot malware adds enterprise flaws to exploit arsenal

• Alien Labs recommends enterprises reduce the exposure of Linux servers and IoT devices to the internet, use properly configured firewalls, enable automatic updates, and monitor network traffic.

=> ↺ That critical vulnerability might not be the first you should patch

• Startup Rezilion suggests enterprises should change prioritization strategies

Privacy/Surveillance

=> ↺ Toyota Connected ‘Cabin Awareness’ Concept Uses New Tech to Detect Occupants

• Toyota Connected North America (TCNA), an independent software and innovation center of excellence, today introduced its Cabin Awareness concept technology that uses millimeter-wave, high-resolution 4D imaging radar to help detect occupants (including certain pets) in cars and has the potential to detect them if ever they’re left behind.

=> ↺ Millions of people’s info stolen from MGM Resorts dumped on Telegram for free

• Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.

• The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they “assume at least 30 million people had some of their data leaked.” MGM Resorts, a hotel and casino chain, did not respond to The Register’s request for comment.

Defence/Aggression

=> ↺ ‘Zombie clause,’ ban on nuclear weapons hidden in these tech user agreements

• Imagine if you entered a restaurant and the manager asked you to sign a contract blocking you from suing the business if everyone falls ill, and barring you from writing a bad online review. The agreement might even spell out what happens if zombies invade.

• You might dine elsewhere or just go back home. Fortunately, restaurants don’t try to impose demands like that (well, not usually). Yet we routinely agree to similar restrictions by clicking “yes” to long and tangled agreements on websites or simply by using software and gadgets. And yes, one tech powerhouse even includes a clause about reanimated corpses.

• Even if you’re distrustful of all that turgid legal prose, you may still be surprised by some of the clauses in terms of service and end-user license agreements, including the ones spelled out below. A number of them are odd but relatively harmless. In other cases, these agreements try to take away important consumer rights.

Environment

=> ↺ Rail transit for India thru’ Bangladesh: Railways of 2 countries to work on one route

• After a proposal from Indian Railways (IR), Dhaka and New Delhi have agreed to work out the details of the possibility of India using rail transit through Bangladesh.

=> ↺ How a Sound Transit contractor is trying to make light-rail construction easier on the environment

• Sound Transit boasts about creating the first “100% carbon-free light rail service” in the nation. Yet when the contractors build concrete columns and stations, they burn fossil fuels that reduce the electric trains’ net climate benefit.

• In a tiny experiment to limit greenhouse gas, crews building the north half of Sound Transit’s 2024 Northgate-to-Lynnwood extension are fueling two forklifts and a dirt loader in Mountlake Terrace with renewable plant-based diesel. It performs as well as petroleum, the crew says.

Energy

=> ↺ Bitcoin Miner Bitzero To Build $500 Million Headquarters In North Dakota

• Bitzero Blockchain Inc., a 100% renewable bitcoin mining company, is making North Dakota the central headquarters for its North American operations.

• The miner distilled the plans on Thursday in a joint press release with the governor of North Dakota’s office and notable investors such as Kevin O’Leary.

AstroTurf/Lobbying/Politics

=> ↺ How should we remember Sheryl Sandberg’s Facebook tenure? It’s complicated

Digital Restrictions (DRM)

=> ↺ Right to Repair is Real

• What began as a dream in 2012 has finally blossomed into reality. Today, New York passed Asm. Patricia Fahy and Sen. Neil Breslin’s Fair Repair Act, making it the first state in the country to pass an electronics Right to Repair Bill.

• Everyone in NY is going to benefit from this landmark legislation. We’ll all be able to fix the stuff we like, stop being forced to buy new things we don’t want, and it will be possible for the secondary market to provide high quality options for reuse.

• The NY bill that just passed is a huge first step that covers a lot of ground—including cell phones, tablets and IT equipment. The future looks bright for more state legislatures to pass similar legislation and take up some of the equipment categories that didn’t get taken up in NY. We know that legislators like to advance bills they know are winners, and a vote of 145 to 1 in favor is a clear endorsement of a winning bill.

Monopolies

Copyrights

=> ↺ let’s talk about AI art i guess

• there are two areas in which machine learning can be exploitative: hardware and software.

• hardware can’t quite be helped, in some ways, because the entire electronics production chain hinges on exploitation of the environment and workers around the world (but mainly, keeping with imperialism, in the global south), and as such can anyone truly have spotlessly clean hands when tweeting from their phone? of course, AI research is part of the push for “better”, more powerful new hardware, and with more compute power comes more energy use, and i’m certainly not denying that [3].

• as for software, the path splits. what people are probably most aware of when it comes to image generation is stuff like dall-e, neuralblender (stole code for profit btw [4]) and artbreeder (the site where i first encountered GANs). these large models use fittingly large datasets like imagenet, that attempt to collect and classify the entirety-ish of our world (specifically imagenet builds on wordnet and uses just nouns because they’re supposed to be possible to illustrate with e.g. a photo. it’s based on image classification because that’s what makes it possible to use prompts).

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages. Permalink  Send this to a friend

=> Techrights

➮ Sharing is caring. Content is available under CC-BY-SA.