Thursday, 27 June


Wayland's Weston Now Supports EGL Partial Updates For Better Performance [Phoronix]

Thanks to longtime open-source Linux graphics developer Daniel Stone, Wayland's Weston reference compositor now has support for the EGL_KHR_partial_update extension to provide for potentially better performance...


Early Soyuz Spacecraft Had a Peculiar User Interface, Says Developer Charles Simonyi [Slashdot]

Tekla Perry writes: When WYSIWIG pioneer Charles Simonyi went to space, he couldn't but help notice the awkward user interface on the rocket's control panel. It was a case of legacy systems, not wanting to change training and documentation, and an emulator that ran Unix on a 386 chip, he reported during a recent discussion on space software held at the Computer History Museum. "They liked the older chips because of radiation resistance and the feature set," he pointed out, noting how operation of the virtual interface was trickier than it seemed. "There are rows and columns," he said, "and you move the cursor over the button and use another button to push the virtual button." "On the right side," he said, "there are these windows that are numbers you type in by pushing virtual buttons below them. You use the cursor keys to go to the virtual buttons then push an entry button that is virtual." He added: "You can see that even as the technology changes, they want to keep as many things the same as possible."

Read more of this story at Slashdot.


Your server remote login isn't root:password, right? Cool. You can keep your data. Oh sh... your IoT gear, though? [The Register]

Not-quite-Iranian file-wiping malware emerges as Tehran blamed for rise in cyber-attacks

Not content to be the focus of the geopolitical news cycle, Iran now also finds itself in the middle of two major developments in the security world.…

Wednesday, 26 June


There's Huawei too many vulns in Chinese giant's firmware: Bug hunters slam pisspoor code [The Register]

More than 1 in 2 products have serious flaws, some potentially backdoors, we're told

Huawei, the Chinese manufacturing giant targeted by the Trump administration as a national security threat, has some of the least secure networking products in the industry, according to Finite State.…


Need a helping hand to turn your AI startup into a future British success? Great. Apply via here [The Register]

Join govt-backed Tech Nation’s programme for folks with big practical plans for machine-learning systems

Promo  Artificial Intelligence (AI) is the future, with countries around the world investing heavily to compete in initiatives that apply machine-learning to solving real-world problems.…


PHP 7.4 Alpha 2 Adds Support For Reading TGA Files, SQLite3 Online Backup API Support [Phoronix]

The second alpha release for this year's PHP 7.4 release is now available for testing...


Risk For Dementia May Increase With Long-Term Use of Anticholinergics, Study Suggests [Slashdot]

An anonymous reader quotes a report from The New York Times: A new study suggests that people who take a class of common medicines called anticholinergic drugs for several years may be more likely to develop dementia as they age (Warning: source may be paywalled; alternative source). Anticholinergic drugs include the antipsychotic clozapine; the bladder drug darifenacin (marketed as Enablex); the anti-nausea drug scopolamine; the bronchodilatoripratropium; the muscle relaxant tizanidine; antihistamines such as diphenhydramine (brand names include Benadryl), and antidepressants such as paroxetine (brand names include Paxil). These medications work by blocking a chemical called acetylcholine, which acts as a neurotransmitter and is involved in many nervous system functions including muscle movements, heart rate, the widening of blood vessels, respiratory functions and muscle contractions in the stomach during digestion. The research, conducted by Carol Coupland, a professor of medical statistics in primary care at the University of Nottingham in England, and colleagues, evaluated anticholinergic drugs prescribed to nearly 285,000 people age 55 and older. About 59,000 of them had a diagnosis of dementia. The study found a 50 percent increased risk of dementia among people who used a strong anticholinergic drug daily for about three years within that 10-year period. The association was stronger for antidepressants, bladder drugs, antipsychotics and epilepsy medications, the study said. Researchers did not find any increased risk of dementia with antihistamines, bronchodilators, muscle relaxants or medications for stomach spasms or heart arrhythmias. The link between anticholinergic drugs was stronger for people diagnosed with dementia before they turned 80 and in people with vascular dementia compared to people with Alzheimer's disease, the authors reported.

Read more of this story at Slashdot.


Researchers Demonstrate How US Emergency Alert System Can Be Hijacked and Weaponized [Slashdot]

After an emergency alert was accidentally sent to Hawaii residents last year, warning of an impending nuclear ballistic missile attack, researchers at the University of Colorado Boulder were prompted to ask the question: How easy would it be to exploit the nation's emergency alert systems, wreaking havoc on the American public via fake or misleading alerts? In short, they found that it wasn't very difficult at all. Motherboard reports: Their full study was recently unveiled at the 2019 International Conference on Mobile Systems, Applications and Services (MobiSys) in Seoul, South Korea. It documents how spoofing the Wireless Emergency Alert (WEA) program to trick cellular users wasn't all that difficult. To prove it, researchers built a mini "pirate" cell tower using easily-available hardware and open source software. Using isolated RF shield boxes to mitigate any real-world harm, they then simulated attacks in the 50,000 seat Folsom Field at the University. 90 percent of the time, the researchers say they were able to pass bogus alerts on to cell phones within range. The transmission of these messages from the government to the cellular tower is secure. It's the transmission from the cellular tower to the end user that's open to manipulation and interference, the researchers found. The vulnerability potentially impacts not just US LTE networks, but LTE networks from Europe to South Korea.

Read more of this story at Slashdot.


Before we lose our minds over sentient AI, what about self-driving cars that can't detect kids crossing the road? [The Register]

Uncle Sam needs to step in and audit machine-learning systems, House committee told

US House reps on Wednesday grilled a panel of experts on the various impacts artificial intelligence are likely to have on society, privacy, ethics, and so forth, and what can be done about it, if anything.…


Radeon Navi Support Pending For RadeonSI OpenGL Driver With 47k Line Worth Of Changes [Phoronix]

Last week AMD posted more than 400 patches providing the AMD Navi support within their AMDGPU DRM kernel driver while this week has brought dozens of patches amounting to 4,293 lines as a patch for their RadeonSI Gallium3D driver in order to provide OpenGL support on these next-gen GPUs being introduced next month as the Radeon RX 5700 series...


FCC Says Verizon Can SIM Lock Phones Again [Slashdot]

The FCC has granted Verizon a partial waiver to start SIM locking new handsets to its network for 60 days. "This news out of the FCC is the response to Verizon requesting back in February that it be allowed to lock devices to help deter fraud and theft," reports Droid Life. From the report: Why did they need to ask the FCC about locking? As we have explained a couple of times now, Verizon agreed to specific usage terms when it licensed 700MHz C Block spectrum for its LTE network years ago. One of the individual terms concerned handset locking, where Verizon had to acknowledge that it would leave its phones open for use on other networks at all times. Unlike AT&T or T-Mobile phones, where you have to fulfill a number of criteria in order to get either to unlock a phone for use elsewhere, Verizon's phones were to remain unlocked. The FCC's partial waiver permits Verizon to lock a customer's handset for 60 days from the date someone activates it on Verizon's network. Once the 60 days are up, this is what should happen: "After the expiration of the 60-day period, Verizon must automatically unlock the handsets at issue here regardless of whether: (1) the customer asks for the handset to be unlocked, or (2) the handset is fully paid off. Thus, at the end of the initial 60 days, the unlocking rule will operate just as it does now, and Verizon's customers will be able to use their unlocked handsets on other technologically compatible networks." The only exception is for fraud. "Verizon will not have to automatically unlock handsets that it determines within the 60-day period to have been purchased through fraud," the FCC says. Verizon has since issued a statement thanking the FCC and confirming that this new 60-day lock policy will go live "very soon."

Read more of this story at Slashdot.


Valve Reaffirms Commitment To Linux While Also Releasing Updated Proton [Phoronix]

Following all the drama caused by Canonical announcing last week they'd stop their 32-bit archive with Ubuntu 19.10 and that leading to a mess of concerns including Valve saying they would not be officially supporting Ubuntu 19.10 and later, today they issued a statement reaffirming their commitment to Linux...


Swapping Spark Plugs For Nanopulses Could Boost Engine Efficiency By 20 Percent [Slashdot]

An anonymous reader quotes a report from Ars Technica: Transient Plasma Systems has its roots in pulsed power technology developed for the Department of Defense at the University of Southern California, specifically nanosecond-duration pulses of power. Since 2009, it has been working on commercializing the technology for the civilian market in a number of applications, but obviously it's the automotive one that interests me. In a conventional four-stroke internal combustion gasoline engine, which works on the principle of suck-squeeze-bang-blow, the bang is created by a spark plug igniting the fuel-air mixture in the cylinder. That spark typically lasts several milliseconds, and although the control of that spark is now controlled electronically rather than mechanically, the principle is the same today as it was in 1910 when Cadillac added it to its engines. TPS's system does away with the conventional coil-on-plug approach. Instead, much shorter pulses of plasma -- several nanoseconds -- are used to ignite the fuel-air mix inside the cylinder. These have a much higher peak power than a conventional spark; thanks to their much shorter duration, however, the ignition is actually still rather low-energy (and therefore lower temperature). Consequently, it's possible to achieve better combustion at high compression ratios, more stable lean burning, and lower combustion temperatures within the cylinder. And that means a more efficient engine and one that produces less nitrogen oxide. TPS says that using its system, it can increase the thermal efficiency of an already very efficient internal combustion engine like the one Toyota uses in the current Prius (which is ~41 percent) up to 45 percent -- similar to the turbulent jet ignition systems that have recently seen Formula 1 gasoline engines reach that level. TPS has designed the system to replace existing spark plugs, so companies don't have to redesign their engines to use it, the report says. With that said, you can forget about fitting it to your own car as "TPS's going-to-market strategy is to work with an established tier-one supplier to leverage existing relationships with OEMs as well as existing manufacturing capacity."

Read more of this story at Slashdot.


You're not Boeing to believe this, but... Another deadly 737 Max control bug found [The Register]

Sim uncovers code-triggered hardware failure that pitches jetliner nose down

Yet another deadly and baffling safety flaw has been uncovered in Boeing's 737 Max line of airplanes.…


Reddit Quarantines Pro-Trump Forum Because of Threats [Slashdot]

The r/The_Donald subreddit has been "quarantined" by Reddit administrators after a series of threats against police were posted there. Slashdot reader AmiMoJo shares an excerpt from The Daily Beast: "Recent behaviors including threats against the police and public figures is content that is prohibited by our violence policy," a Reddit spokesperson said in a statement. "As a result, we have actioned individual users and quarantined the subreddit." The new quarantine was brought on by anti-police threats posted on The_Donald. Some users had apparently encouraged violence against law enforcement, angry that officials in Oregon were trying to bring back GOP state senators who fled the state to avoid voting on a climate-change bill. In a note to The_Donald moderators, Reddit administrators said they had "observed this behavior in the form of encouragement of violence towards police officers and public officials in Oregon." The report notes that The_Donald has roughly 754,000 subscribers and is "one of the largest forums for Trump fans on the internet, and by far the largest on Reddit." Donald Trump himself answered questions from the forum's members during the 2016 campaign.

Read more of this story at Slashdot.


Apple Hires Key Chip Designer From ARM As Own Efforts Ramp Up [Slashdot]

Apple has hired one of ARM's top chip engineers as the iPhone maker looks to expand its own chip development to more powerful devices, including the Mac, and new categories like a headset. Bloomberg reports: The company hired Mike Filippo in May for a chip architect position, according to his LinkedIn profile. At ARM, Filippo was a lead engineer behind chip designs that power the vast majority of the world's smartphones and tablets and was leading a new push into parts for computers. ARM, owned by SoftBank, designs microprocessors and licenses technology that is fundamental to the chip development efforts of Apple, Samsung, Qualcomm and Huawei. Prior to his work at ARM, Filippo was also a key designer at chipmakers Advanced Micro Devices and Intel. For Apple, the hire could help fill the void left by the departure of Gerard Williams III earlier this year. Williams was Apple's head architect of chips used in the iPhone and iPad. Apple's A series chips power its mobile devices using ARM technology. Its Mac computers have used processors from Intel for nearly two decades.

Read more of this story at Slashdot.


Saturday Morning Breakfast Cereal - Absent [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

On his deathbed, he admits it was all part of a grand plan.

Today's News:

Sorry for the extremely late updating. Moving has proved to be a substantially larger headache than anticipated.


Second Florida City Pays Giant Ransom To Ransomware Gang In a Week [Slashdot]

Less than a week after a first Florida city agreed to pay a whopping $600,000 to get their data back from hackers, now, a second city's administration has taken the same path. On Monday, in an emergency meeting of the city council, the administration of Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000. ZDNet reports: The decision to pay the ransom demand was made after the city suffered a catastrophic malware infection earlier this month, on June 10, which the city described as a "triple threat." Despite the city's IT staff disconnecting impacted systems within ten minutes of detecting the attack, a ransomware strain infected almost all its computer systems, with the exception of the police and fire departments, which ran on a separate network. A ransom demand was made a week after the infection, with hackers reaching out to the city's insurance provider -- the League of Cities, which negotiated a ransom payment of 42 bitcoins last week. City officials agreed to pay the ransom demand on Monday, and the insurer made the payment yesterday, on Tuesday, June 25, local media reported. The payment is estimated to have been worth between $480,000 to $500,000, depending on Bitcoin's price at the time of the payment. The city's IT staff is now working to recover their data after receiving a decryption key.

Read more of this story at Slashdot.


Hey China, while you're in all our servers, can you fix these support tickets? IBM, HPE, Tata CS, Fujitsu, NTT and their customers pwned [The Register]

Oh no Xi didn't! Fresh details emerge on mega-hack

Fresh details have emerged revealing just how deeply Chinese government hackers plundered HPE, IBM, DXC, Fujitsu, Tata, and others, stealing corporate secrets and rifling through their customers' networks.…


New Flaw Discovered On Boeing 737 Max [Slashdot]

An anonymous reader quotes a report from CNN: A new flaw has been discovered in the computer system for the Boeing 737 Max that could push the plane downward, according to two sources familiar with the testing, an issue that is expected to further delay the aircraft's return to service. A series of simulator flights to test new software developed by Boeing revealed the flaw, according to one of the sources. The latest versions of Boeing's popular jet were grounded in March after two crashes -- Lion Air flight 610 and Ethiopian Airlines flight 302 -- that killed 346 people. While the crashes remain under investigation, preliminary reports showed that a new stabilization system pushed both planes into steep nosedives from which the pilots could not recover. The issue is known in aviation vernacular as runaway stabilizer trim. In simulator tests, government pilots discovered that a microprocessor failure could push the nose of the plane toward the ground. It is not known whether the microprocessor played a role in either crash. When testing the potential failure of the microprocessor in the simulators, "it was difficult for the test pilots to recover in a matter of seconds," one of the sources said. "And if you can't recover in a matter of seconds, that's an unreasonable risk." Boeing engineers are now trying to address the issue, which has led to another delay in recertifying the 737 Max.

Read more of this story at Slashdot.


Decoding America's spies: What does the NSA's cryptic memo really mean? Citizens illegally spied on again [The Register]

Too much data slurped in October, months after snoops vowed not to do that

Analysis  The NSA illegally gathered a trove of American citizens' phone and text message records just four months after it promised it had taken steps to literally not do that again.…


Microsoft, Nintendo, Sony Ask Trump To Skip Tariffs on Gaming Consoles [Slashdot]

President Donald Trump's plan to increase tariffs on goods produced in China would affect a wide range of consumer goods. One gadget that could see a price increase because of a trade war is the video game consoles, and the three biggest companies behind consoles have come together to ask Trump for a pass. From a report: Microsoft, Nintendo and Sony sent a letter dated June 17 to the Office of the United States Trade Representative requesting that video game consoles be removed from the list of products covered by tariffs. The companies say a tariff on consoles would stifle innovation and harm the larger gaming ecosystem -- threatening jobs and injuring consumers, video game developers and retailers. Microsoft makes the Xbox console, Nintendo makes the Switch, and Sony makes the PlayStation. "While we appreciate the administration's efforts to protect US intellectual property and preserve US high-tech leadership," the three companies said in the letter, "the disproportionate harm caused by these tariffs to US consumers and businesses will undermine -- not advance -- these goals."

Read more of this story at Slashdot.


Google Warns of Microsoft SwiftKey Losing Access To Gmail on July 15 [Slashdot]

Speaking of Google, the company is sending out warnings to Microsoft SwiftKey users that the keyboard will no longer be able to access the data in Google Accounts, including Gmail content, starting on July 15th. From a report: In an email, Google is telling SwiftKey users who have integrated the keyboard replacement with Gmail that the integration will no longer work on July 15th, 2019, unless SwiftKey complies with Google's updated data policies. When users install SwiftKey, they can personalize the keyboard by integrating it into email accounts such as Gmail. When integrating in other services, though, the app requests various permissions in how they can access the content in this service.

Read more of this story at Slashdot.


Epyc crypto flaw? AMD emits firmware fix for server processors after Googler smashes RAM encryption algorithms [The Register]

SEV code cracked to leak secret keys

Updated  Microchip slinger AMD has issued a firmware patch to fix the encryption in its Secure Encrypted Virtualization technology (SEV), used to defend the memory of Linux KVM virtual machines running on its Epyc processors.…


Firefox Will Give You a Fake Browsing History To Fool Advertisers [Slashdot]

Security through obscurity is out, security through tomfoolery is in. From a report: That's the basic philosophy sold by Track THIS, "a new kind of incognito" browsing project, which opens up 100 tabs crafted to fit a specific character -- a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. The idea is that your browsing history will be depersonalized and poisoned, so advertisers won't know how to target ads to you. It was developed as a collaboration between mschf (pronounced "mischief") internet studios and Mozilla's Firefox as a way of promoting Firefox Quantum, the newest Firefox browser. [...] Just a warning -- if you use Track THIS it may take several minutes for all 100 tabs to load. (I used Chrome as my browser.) But when as it gradually loads, it's like taking a first-person journey through someone else's consciousness.

Read more of this story at Slashdot.


Debian Installer Buster RC2 Released [Phoronix]

With Debian 10 "Buster" aiming to be released in early July, a second release candidate of the Debian Installer has been made available...


YouTube Lets Users Override Recommendations After Criticism [Slashdot]

YouTube said it will let users override automated recommendations after criticism over how the online video service suggests and filters toxic clips. From a report: "Although we try our best to suggest videos you'll enjoy, we don't always get it right, so we are giving you more controls for when we don't," Essam El-Dardiry, a product manager at YouTube, wrote in a blog on Wednesday. Users will now be able to tell YouTube to stop suggesting videos from a particular channel by tapping the three-dot menu next to a video on the homepage or Up Next, then choosing "Don't recommend channel." After that, viewers should no longer see videos from that channel, El-Dardiry said. The move comes after Susan Wojcicki and other YouTube executives were criticized for being either unable or unwilling to act on internal warnings about extreme and misleading videos because they were too focused on increasing viewing time and other measures of engagement.

Read more of this story at Slashdot.


In a World First, Facebook To Give Data on Hate Speech Suspects To French Courts [Slashdot]

Facebook said it has agreed to give the names of French users who are suspected of using hate speech on its platform to the local courts when requested. The deal is believed to be the first of its kind in the world. From a report: The decision by the world's biggest social media network comes after successive meetings between Zuckerberg and Macron, who wants to take a leading role globally on the regulation of hate speech and the spread of false information online. So far, Facebook has cooperated with French justice on matters related to terrorist attacks and violent acts by transferring the IP addresses and other identification data of suspected individuals to French judges who formally demanded it. Following a meeting between Nick Clegg, Facebook's head of global affairs, and Cedric O (France's minister for digital affairs) last week, the social media company has extended this cooperation to hate speech. "This is huge news, it means that the judicial process will be able to run normally," O told Reuters in an interview. "It's really very important, they're only doing it for France."

Read more of this story at Slashdot.


Mike Lynch in court: I was not aware of every single thing Autonomy did around the world (so don't blame me) [The Register]

Ex-chief exec enters witness box, points finger at beancounters

Autonomy Trial  Mike Lynch, former CEO of Autonomy, today told a court, “I was not involved in the vast majority of transactions,” that HP claims added up to a $5bn fraud it uncovered after buying the company from Lynch and then-CFO Sushovan Hussain.…


Google Now Allows Users To Auto-Delete Their Location History [Slashdot]

Google today began rolling out location history deletion tools to Android and iOS, giving users a relatively simple way to limit the scope of Google's location tracking. Users can only choose between deleting data after three or 18 months. In a blog post, Google wrote: Choose a time limit for how long you want your activity data to be saved -- 3 or 18 months -- and any data older than that will be automatically deleted from your account on an ongoing basis. These controls are coming first to Location History and Web & App Activity and will roll out in the coming weeks.

Read more of this story at Slashdot.


TV is Still the Most Common Way For Americans To Get Local News, But Fewer People Are Watching [Slashdot]

Local TV is trusted and is still the preferred method of getting news (thanks mostly to people 50 and up). But viewership for local TV news continues to decline, according to research released by Pew this week. Pew also took a look at cable and network news.

Read more of this story at Slashdot.


VESA Publishes DisplayPort 2.0 Video Standard, Offers Support For Beyond-8K Resolutions and Higher Refresh Rates For 4K/HDR [Slashdot]

The Video Electronics Standards Association (VESA) today announced that it has released version 2.0 of the DisplayPort (DP) audio/video standard. DP 2.0 is the "first major update to the DisplayPort standard since March 2016, and provides up to a 3X increase in data bandwidth performance compared to the previous version of DisplayPort (DP 1.4a), as well as new capabilities to address the future performance requirements of traditional displays," it said in a statement. From a report: These include beyond 8K resolutions, higher refresh rates and high dynamic range (HDR) support at higher resolutions, improved support for multiple display configurations, as well as improved user experience with augmented/virtual reality (AR/VR) displays, including support for 4K-and-beyond VR resolutions. The advantages of DP 2.0 are enjoyed across both the native DP connector as well as the USB Type-C connector, which carries the DP audio/video signal through DisplayPort Alt Mode. DP 2.0 is backward compatible with previous versions of DisplayPort and incorporates all of the key features of DP 1.4a, including support for visually lossless Display Stream Compression (DSC) with Forward Error Correction (FEC), HDR metadata transport, and other advanced features. The increased video bandwidth performance of DP 2.0 carried over the USB-C connector enables simultaneous higher-speed USB data transfer without compromising display performance. DP 2.0 leverages the Thunderbolt 3 physical interface (PHY) layer while maintaining the flexibility of DP protocol in order to boost the data bandwidth and promote convergence across industry-leading IO standards. In addition, the new data rates of DP 2.0 come with a display stream data mapping protocol common to both single-stream transport and multi-stream transport. This common mapping further facilitates multi-stream transport support of DP 2.0 devices for a single DP port on the source device to drive multiple displays either via a docking station or daisy-chainable displays. First products incorporating DP 2.0 are projected to appear on the market by late 2020.

Read more of this story at Slashdot.


DisplayPort 2.0 Published For 3x Increase In Data Bandwidth Performance [Phoronix]

VESA announced their first major update to the DisplayPort interface in three years...


NHS Wales flings £39m at Microsoft for Office 365 and Windows 10 [The Register]

Far away, my Office is calling... Outlook alerts do chime

The Welsh, it seems, just cannot get enough of Microsoft as 100,000 NHS staff across the country are set to receive a bucketload of the company's productivity wares.…


Intel, Arm To Help Create New IoT Standard For Device Onboarding [Slashdot]

Intel is working with rival Arm to create a new industry standard for an important issue in the Internet of Things market: making sure that devices are properly configured and connected to the cloud. From a report: The Santa Clara, Calif.-based chipmaker announced on Wednesday that the company is a founding member of the new IoT Technical Working Group within the FIDO Alliance, an industry consortium founded by PayPal, Lenovo and others in 2012 to develop standards for password-less authentication. The goal of FIDO's IoT Technical Working Group, which will also include experts from Microsoft, Google and Amazon, is to create a standard specification for "large-scale IoT onboarding," the process in which devices are configured and connected to IoT cloud management services at the time of installation. Lorie Wigle, the executive in charge of Intel's platform security efforts, told CRN that it is important to create a standard around IoT onboarding because many companies currently face challenges with the practice when it comes to handling large-scale deployments and security. [...] Once FIDO develops the standard, market forces will compel companies to adhere and participate, according to Wigle, who said it will also increase device variety, lower costs and accelerate deployments.

Read more of this story at Slashdot.


It could be Rotterdam or anywhere, Wiltshire or in Bath: Euro cops cuff 6 for cybersquatting, allegedly nicking €24m in Bitcoin [The Register]

5 men, 1 woman nabbed

European cops have cuffed six people for typosquatting – in this case spoofing a well known cryptocurrency exchange – and allegedly making off with €24m worth of Bitcoin tokens.…


Eight of the World's Biggest Technology Service Providers Were Hacked by Chinese Cyber Spies in an Elaborate and Years-Long Invasion [Slashdot]

The invasion exploited weaknesses in those companies, their customers, and the Western system of technological defense, Reuters reported on Wednesday. From the report: Hacked by suspected Chinese cyber spies five times from 2014 to 2017, security staff at Swedish telecoms equipment giant Ericsson had taken to naming their response efforts after different types of wine. Pinot Noir began in September 2016. After successfully repelling a wave of attacks a year earlier, Ericsson discovered the intruders were back. And this time, the company's cybersecurity team could see exactly how they got in: through a connection to information-technology services supplier Hewlett Packard Enterprise. Teams of hackers connected to the Chinese Ministry of State Security had penetrated HPE's cloud computing service and used it as a launchpad to attack customers, plundering reams of corporate and government secrets for years in what U.S. prosecutors say was an effort to boost Chinese economic interests. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud. Prosecutors described an elaborate operation that victimized multiple Western companies but stopped short of naming them. A Reuters report at the time identified two: Hewlett Packard Enterprise and IBM. Yet the campaign ensnared at least six more major technology firms, touching five of the world's 10 biggest tech service providers. Also compromised by Cloud Hopper, Reuters has found: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology. HPE spun-off its services arm in a merger with Computer Sciences Corporation in 2017 to create DXC.

Read more of this story at Slashdot.


How To Evaluate Computers That Don't Quite Exist [Slashdot]

sciencehabit writes: To gauge the performance of a supercomputer, computer scientists turn to a standard tool: a set of algorithms called LINPACK that tests how fast the machine solves problems with huge numbers of variables. For quantum computers, which might one day solve certain problems that overwhelm conventional computers, no such benchmarking standard exists. One reason is that the computers, which aim to harness the laws of quantum mechanics to accelerate certain computations, are still rudimentary, with radically different designs contending. In some, the quantum bits, or qubits, needed for computation are embodied in the spin of strings of trapped ions, whereas others rely on patches of superconducting metal resonating with microwaves. Comparing the embryonic architectures "is sort of like visiting a nursery school to decide which of the toddlers will become basketball stars," says Scott Aaronson, a computer scientist at the University of Texas in Austin. Yet researchers are making some of their first attempts to take the measure of quantum computers. Last week, Margaret Martonosi, a computer scientist at Princeton University, and colleagues presented a head-to-head comparison of quantum computers from IBM, Rigetti Computing in Berkeley, California, and the University of Maryland (UMD) in College Park. The UMD machine, which uses trapped ions, ran a majority of 12 test algorithms more accurately than the other superconducting machines, the team reported at the International Symposium on Computer Architecture in Phoenix. Christopher Monroe, a UMD physicist and founder of the company IonQ, predicts such comparisons will become the standard. "These toy algorithms give you a simple answer -- did it work or not?" But even Martonosi warns against making too much of the tests. In fact, the analysis underscores how hard it is to compare quantum computers -- which leaves room for designers to choose metrics that put their machines in a favorable light.

Read more of this story at Slashdot.


Brexit: Digital border possible for Irish backstop woes, UK MPs told [The Register]

Don't worry, Fujitsu is on the case

A digital or "smart" solution to the Irish border problem is possible in the next three years if Europe agrees to a Brexit transition period, the "Alternative Arrangements Commission" Technical Panel has told MPs.…


Huawei Telecom Gear Much More Vulnerable To Hackers Than Rivals' Equipment, Report Says [Slashdot]

Telecommunications gear made by China's Huawei is far more likely to contain flaws that could be leveraged by hackers for malicious use than equipment from rival companies, according to new research by cybersecurity experts that top U.S. officials said appeared credible. From a report: Over half of the nearly 10,000 firmware images encoded into more than 500 variations of enterprise network-equipment devices tested by the researchers contained at least one such exploitable vulnerability, the researchers found. Firmware is the software that powers the hardware components of a computer. The tests were compiled in a new report that has been submitted in recent weeks to senior officials in multiple government agencies in the U.S. and the U.K., as well as to lawmakers. The report is notable both for its findings and because it is circulating widely among Trump administration officials who said it further validated their policy decisions toward Huawei. "This report supports our assessment that since 2009, Huawei has maintained covert access to some of the systems it has installed for international customers," said a White House official who reviewed the findings. "Huawei does not disclose this covert access to customers nor local governments. This covert access enables Huawei to record information and modify databases on those local systems." The report, reviewed by The Wall Street Journal, was prepared by Finite State, a Columbus, Ohio-based cybersecurity firm.

Read more of this story at Slashdot.


Linux 5.2 + Mesa 19.2 Performance With Polaris/Vega/Vega20 vs. NVIDIA On Ubuntu 19.04 [Phoronix]

With last week having delivered fresh benchmarks of the mid-range NVIDIA/AMD graphics cards using the very latest drivers, particularly the in-development Linux 5.2 and Mesa 19.2 components with the Radeon graphics cards tested, here is a similar comparison when moving up the spectrum and focusing on the higher-end graphics cards. Here's a look at how the RX 590, RX Vega 56, RX Vega 64, and Radeon VII are performing with the newest open-source AMD driver code compared to the NVIDIA Turing line-up backed by their latest binary driver.


Pull up your SoCs, it's rubber-glove time: European Commission to probe Broadcom over microchip supply deals [The Register]

Casts an eye over biz's agreements with 7 of its main customers

Updated  The European Commission is rolling up its sleeves and once again donning its tight plastic gloves, as it begins another probe into a chip designer – this time Silicon Valley-based Broadcom.…


The Effort To Parallelize GCC With Threads Is Starting To Take Shape [Phoronix]

Back in April we wrote about a proposal for providing better parallelization within GCC itself to address use-cases such as very large source files. That effort was accepted as part of this year's Google Summer of Code and the student developer pursing this parallelization with threads has issued his first progress report...


After Republican Protest, Oregon's Climate Plan Dies [Slashdot]

Oregon's climate change bill that would cap carbon emissions and make polluters pay for their greenhouse gas production is dead, Senate President Peter Courtney, a Democrat, announced on the state Senate floor Tuesday morning. "As a walkout by Republican senators over the cap-and-trade bill entered its sixth day -- and in an apparent attempt to bring them back -- Courtney gave assurances that the bill would die in the Senate chamber," reports NPR. From the report: Republican Sen. Cliff Bentz said Tuesday morning he had only just heard of Courtney's announcement and that he had questions about its meaning. "The question becomes, 'What are they trying to do?' " said Bentz, who is believed to be staying in Idaho while the boycott plays out. "Are they trying to make some sort of arrangement? If they are suggesting they don't have the votes, what's the procedure they're going to use to kill the bill?" Sen. Tim Knopp, a Republican from Bend, Ore., echoed that confusion. "We need clarification. What does that mean?" Knopp said. "Does it mean it's dead until the 2020 session? Is the governor going to take it up in a special session?" Meanwhile, senators who backed the bill appeared livid and declined to speak to reporters on the floor. All 11 Republican senators fled the state last week to avoid voting on the bill. Gov. Kate Brown ordered the Oregon State Police to find the Senate Republicans and bring them back to the Capital in Salem for a vote, but none of the Republicans had been found. The New York Times explains what this fight is really about, what's actually in the bill, and how Oregon's bill compares to other state climate policies. Here's an excerpt from the report: Senate Republicans say the legislation would have a devastating effect on farmers, dairies and the state's struggling logging industry, among others. More than that, Republicans say, the bill represents an existential threat to rural life, and they want the residents of Oregon to decide on the proposal, not the Democrats who control the state's capital. The highly debated bill would make Oregon one of several states to impose an emissions-trading program, a market-based approach to lowering greenhouse gas emissions. The bill would place limits on the amount of carbon dioxide that businesses could lawfully emit. By 2050, for instance, the bill would mandate an 80 percent reduction in emissions from 1990 levels. Some businesses would be required to buy credits for every ton of greenhouse gas they produce. Those credits would then be purchased at special auctions and traded among businesses. Over time, the state would make fewer credits available, ultimately forcing companies to pollute less. The plan, commonly known as cap-and-trade, is modeled after a California law. It is far more extensive than most. Oregon would become just the second state, after California, to require that businesses in every sector of the economy pay for the planet-warming greenhouse gases that they emit.

Read more of this story at Slashdot.


Years Late But Saitek R440 Force Racing Wheel Support Is On The Way For Linux [Phoronix]

If you happen to have a Saitek R440 Force Wheel or looking to purchase a cheap and used racing wheel for enjoying the various Linux racing game ports or even the number of games working under Steam Play like F1 2018 and DiRT Rally 2.0, Linux support is on the way...


Wipro wasn't a one-off: Same hacking crew targeted scores of firms, big and small – researchers [The Register]

Thanks in large part to a counter-phishing product. Doh!

The criminals behind the Wipro phishing attack from earlier this year also targeted Western Union, Expedia, Rackspace and a whole host of other big companies, according to threat intel outfit RiskIQ.…


Microsoft: 2TB or not 2... OK, OK! 2TB. OneDrive dragged kicking and screaming into selling more storage [The Register]

Oh alright then, we'll take your money – if we must

Microsoft finally joined the likes of Google and Apple and admitted that, yes, users might want more storage while also upping the security on its file shack.…


GCC 10 Lands Support For Intel Tiger Lake's AVX-512 VP2INTERSECT [Phoronix]

Similar to the recent LLVM compiler work, the in-development GCC 10 compiler also now has support for the AVX-512 VP2INTERSECT instructions being introduced on Intel Tiger Lake CPUs...


Fedora's AAC Support Finally Seeing Audio Quality Improvements [Phoronix]

Fedora's version of the FDK-AAC library that they began shipping in 2017 to finally provide AAC audio support strips out what was patented encumbered functionality. But that gutting of the code did cause some problems like audio playback glitches that are now being addressed...


Micron: Look, we've resumed trade with Huawei on a wee 'subset' of DRAM [The Register]

Cough... Yep, profits down 78% in our car crash Q3 financials... cough

Micron has begun to supply a "subset" of DRAM to Huawei in the past fortnight after discovering those products are not covered by the sanctions that prevent Chinese firms buying components from US suppliers.…


MSM DRM Adding Snapdragon 835 / Adreno 540 Support In Linux 5.3 [Phoronix]

Freedreno founder Rob Clark, who is now employed by Google to work on open-source graphics, has sent in the batch of MSM Direct Rendering Manager driver changes to DRM-Next ahead of the Linux 5.3 kernel cycle...


Eggheads have found a positive link between the number of racist tweets and the number of racist hate crimes in US cities [The Register]

Ahem, correlation DOES NOT imply causation. Obviously...

Analysis  If you live in a city where people are more likely to make racist remarks on Twitter, there's apparently a high chance that there are increased rates of racially motivated hate crimes, too.…


Mars Colonization Possible Through Sperm Bank In Space, Study Suggests [Slashdot]

An anonymous reader quotes a report from The Guardian: All-female astronaut crews could reproduce in space without the help of accompanying men, new research suggests. The study found that frozen samples of sperm exposed to microgravity retained similar characteristics to sperm samples kept on the ground, raising hopes that a sperm bank could one day be set up in space to help populate new worlds. This could prove interesting for female astronauts, amid reports that future missions to Mars may involve women-only space crews. Findings from the small preliminary study, involving sperm from 10 healthy donors, suggest that "the possibility of creating a human sperm bank outside of Earth" exists, according to the researchers. One group of sperm samples used in the study had been exposed to microgravity with the help of a small aerobatic aircraft. The samples then underwent fertility screenings and were analyzed for concentration, motility and DNA fragmentation. No significant differences were detected between samples that had been given a ride and those that had stayed on the ground.

Read more of this story at Slashdot.


Canalys: You've gotten soft, swingbellied tech infrastructure vendors. Get used to WAY LESS growth [The Register]

Tsk, tsk... look at you getting accustomed to double digits, chides analyst

The three pillars of tech infrastructure - servers, storage and networking - are selling like lukewarm cakes as sectoral heat dissipates.…


DXC Technology warns techies that all travel MUST now be authorised [The Register]

Previous price cap of £180 per visit reduced to, er, exactly zero

DXC Technology's UK staffers have had their wings clipped by the imposition of some stringent belt tightening - all travel must now be authorised before personnel can visit other sites, including customers.…


Vulture gets claws on Lego's latest Apollo nostalgia-fest [The Register]

Plastic-fantastic Moon shenanigans for Reg hack

Hands On  One of the more delightful side effects of the current obsession with Apollo 11 at 50 has been the arrival of nerd-pleasing Lego. Today, an injured Vulture had a crack at building his own very Lunar Module.…


Watch live online today: Make data earn its keep by not just collating it, but securely sharing it with suppliers, partners [The Register]

We talk real-world examples with OSIsoft, Axens, MOL Group

Sponsored webcast  While many organisations are still gazing in marvel at the inelegantly named Internet of Things, the technology world has been making big strides in the area of routinely handling data from thousands of pieces of equipment.…


The seven deadly sins of the 2010s: No, not pride, sloth, etc. The seven UI 'dark patterns' that trick you into buying stuff [The Register]

Present in more than 1 in 10 top websites (and yes, greed covers them all)

Dark patterns – user interfaces designed to deviously manipulate people into doing things – have become common enough on websites and in apps that almost two dozen providers have sprung up to supply behavior persuasion as a service.…


Robots To Take 20 Million Jobs, Worsening Inequality, Study Finds [Slashdot]

A new study by Oxford Economics, a private British-based research and consulting firm, says robots are expected to take over some 20 million manufacturing jobs worldwide by 2030, extending a trend of worsening social inequality while boosting overall economic output. "The forecast set to be released Wednesday highlights growing concerns that automation and robots, while offering economic benefits, are disproportionately killing low-skill jobs and aggravating social and economic stress," reports France 24. From the report: Robots have already taken over millions of manufacturing jobs and are now gaining in services, helped by advances in computer vision, speech recognition and machine learning, the study noted. In lower-skilled regions, job losses will be twice as high as those in higher-skilled regions, even in the same country, the study concluded. According to the latest study, the current wave of "robotization" is likely ultimately to boost productivity and economic growth, generating roughly as many new jobs as it destroys. At the high end of the forecast, the researchers see a $5 trillion "robotics dividend" for the global economy by 2030 from higher productivity.

Read more of this story at Slashdot.

Tuesday, 25 June


Buckminsterfullerene sounds like the next UK Prime Minister but trust us, it's in fact the largest molecule yet found in interstellar space [The Register]

Tally ho, you can call me Buckyballs, what what

Astrophysicists have found the single largest molecule yet floating in the interstellar medium, the soup of matter and radiation that floods space in between all of the universe’s objects.…


US Tech Companies Sidestep a Trump Ban, To Keep Selling To Huawei [Slashdot]

An anonymous reader quotes a report from The New York Times: A number of the United States' biggest chip makers have sold millions of dollars of products to Huawei despite a Trump administration ban (alternative source) on the sale of American technology to the Chinese telecommunications giant, according to four people with knowledge of the sales. Since the Commerce Department enacted the ban in May, American companies including Intel and Micron have found ways to sell technology to Huawei, said the people, who spoke on the condition they not be named because they were not authorized to disclose the sales. The components began to flow to Huawei about three weeks ago, the people said. Goods produced by American companies overseas are not always considered American-made, and the suppliers are taking advantage of this. The sales will help Huawei continue to sell products such as smartphones and servers.

Read more of this story at Slashdot.


Smartphones and Fitness Trackers Are Being Used To Gauge Employee Performance [Slashdot]

A new system to assess the performance of employees is claimed to be more objective and thus more accurate by utilizing smartphones and fitness trackers. New Atlas reports: The passive system incorporates an app known as PhoneAgent, which was developed by Prof. Andrew Campbell at New Hampshire's Dartmouth College. Using the smartphone's own sensors, that app continuously monitors factors such as the worker's phone usage, physical activity level, geographical location, and the ambient light levels of their environment. PhoneAgent is also Bluetooth-linked to a fitness bracelet worn by the employee, which transmits data including their heart functions, sleep quality, stress levels, and calorie consumption. Additionally, Bluetooth locational beacons in the person's home and workplace monitor how much time they spend at each place, and how often they leave their workstation. All of the phone, bracelet and beacon data is transmitted to a cloud-based server, where it's processed via machine-learning algorithms that were "trained" on the habits of people already known to be high- or low-level performers. When tested on 750 workers across the U.S. over a one-year period, the system was reportedly able to distinguish between individuals' performance levels (in a variety of industries) with an accuracy of 80 percent. That number should rise as the system is developed further.

Read more of this story at Slashdot.


AMD Releases Firmware Update To Address SEV Vulnerability [Phoronix]

A new security vulnerability has been made public over AMD's Secure Encrypted Virtualization (SEV) having insecure cryptographic implementations. Fortunately, this AMD SEV issue is addressed by a firmware update...


Stop us if you've heard this one: US government staff wildly oblivious to basic computer, info security safeguards [The Register]

Now for deep-diving Congress hearings... LMAO JK JK they will do nothing

A US Senate probe has once again outlined the woeful state of computer and information security within Uncle Sam's civil service.…


Lightyear One Debuts As the First Long-Range Solar-Powered Electric Car [Slashdot]

The new Lightyear One is a prototype electric car from a Netherlands startup that gets all it needs to run from the sun. It features a sleek, driver-friendly design and also boasts a range of 450 miles on a single charge. TechCrunch reports: The startup says that it has already sold "over a hundred vehicles" even though this isn't yet ready to hit the road, but Lightyear is aiming to begin production by 2021, with reservations available for 500 additional units for the initial release. You do have to pay around $136,000 USD to secure a reservation, however. Lightyear One isn't just a plug-in electric with some solar sells on the roof: Instead it's designed from the ground up to maximize performance from a smaller-than-typical battery that can directly grab sun from a roof and hood covered with 16 square feet of solar cells, embedded in safety glass designed with passenger wellbeing in mind. The car can also take power directly from regular outlets and existing charging stations for a quick top-up, and again because it's optimized to be lightweight and power efficient, you can actually get around 250 miles on just one night of charging from a standard (European) 230V outlet.

Read more of this story at Slashdot.


FCC adviser and fiber telco CEO thrown in the clink for five years after conning investors out of $270m with fake deals [The Register]

Funnily enough, she was keen to slash infrastructure investment red-tape

A telecoms CEO and one-time adviser to FCC boss Ajit Pai will spend as much as the next half-decade behind bars after being convicted of wire fraud and eight counts of aggravated identity theft.…


YouTube Looks To Demonetization As Punishments For Major Creators, But It Doesn't Work [Slashdot]

YouTube is looking to send a message to content creators who step out of line by disabling ads on videos that infringe on the site's policies. The punishment is meant to revoke a key source of income, presenting a strong incentive for users to change their behavior. But, as Julia Alexander writes via The Verge, many creators make money through other platforms, rendering YouTube's punishment largely ineffective. From the report: Selling merchandise and subscriptions through other platforms isn't just a way for creators to make more money, it's also a way for creators to insulate themselves from YouTube's ever-mercurial rules and algorithms. And it means that if a creator's ads are cut off for whatever reason, they'll still have a source of revenue. Taking away a channel's ability to run ads is supposed to send a message that YouTube is punishing creators who severely step out of line. The company stated as much in a June 5th blog post, reiterating that channels repeatedly brushing up "against our hate speech policies will be suspended from the YouTube Partner program, meaning they can't run ads on their channel." Creators also won't be able to use alternative monetization techniques like Super Chat or channel memberships, according to YouTube. For up-and-coming YouTubers reliant on that revenue, it can pose a huge problem. Many people just entering YouTube's Partner Program, a threshold that signifies a creator can start earning ad revenue, may rely on that advertising money as they start their career. Channels that face day-to-day monetization issues, one of the biggest issues within the community, are struggling to understand what works and what doesn't. But for larger creators, who still keep their ability to reach a huge number of subscribers, the punishment doesn't necessarily accomplish YouTube's goals. "YouTube isn't likely to ban high-profile channels, either," Alexander writes. "If a channel's content is borderline, meaning that it doesn't violate YouTube's rules but is considered harmful, moderators will allow videos to remain up. Demonetizing a channel's videos allows YouTube to appear to have taken a strong action, even if that action isn't always effective."

Read more of this story at Slashdot.


Two-Thirds of American Employees Regret Their College Degrees [Slashdot]

An anonymous reader quotes a report from CBS News: A college education is still considered a pathway to higher lifetime earnings and gainful employment for Americans. Nevertheless, two-thirds of employees report having regrets when it comes to their advanced degrees, according to a PayScale survey of 248,000 respondents this past spring that was released Tuesday. Student loan debt, which has ballooned to nearly $1.6 trillion nationwide in 2019, was the No. 1 regret among workers with college degrees. About 27% of survey respondents listed student loans as their top misgiving, PayScale said. College debt was followed by chosen area of study (12%) as a top regret for employees, though this varied greatly by major. Other regrets include poor networking, school choice, too many degrees, time spent completing education and academic underachievement. "Those with science, technology, engineering and math majors, who are typically more likely to enjoy higher salaries, reported more satisfaction with their degrees," the report adds. "About 42% of engineering grads and 35% of computer science grads said they had no regrets." Those with the most regrets include humanities majors, who are least likely to earn higher pay post-graduation. "About 75% of humanities majors said they regretted their college education," report says. "About 73% of graduates who studied social sciences, physical and life sciences, and art also said the same." Somewhere in the middle were 66% of business graduates, 67% of health sciences graduates and 68% of math graduates who said they regretted their education.

Read more of this story at Slashdot.


Autoscaling AWS Step Functions Activities [Yelp Engineering and Product Blog]

In an ongoing effort to break down our monolithic applications into microservices here at Yelp, we’ve migrated several business flows to modern architecture using AWS Step Functions. Transactional ordering at Yelp covers a wide variety of verticals, including food (delivery/takeout orders), booking, home services, and many more. These orders are processed via Step Functions, where each is represented as an execution instance of the workflow, as shown below. Figure 1: Illustrative Step Functions Workflow for Transactions Orders Each step in the above workflow is an “activity,” and Yelp implements these activities as batch daemons, which interact with AWS Step Functions...


Spotify Wants a Refund On Overpaid Royalties To US Songwriters, Report Says [Slashdot]

Spotify is reportedly seeking a refund for overpayments made to songwriters and publishers last year, according to a report from Music Business Worldwide. CNET reports: Last year, a royalty rate-setting panel in the U.S., called the Copyright Royalty Board, ruled that a particular kind of royalty paid to songwriters and publishers should rise 44% or more for 2018 through 2022. The board finalized that rate -- called a mechanical royalty -- earlier this year. Then streaming services like Spotify, Amazon, Google and Pandora appealed the payment increases in March. Now Spotify is saying it paid too much last year and wants a refund, according to Music Business Worldwide. The CRB rules say the annual streaming royalty rate for US songwriters and publishers between 2018 and 2022 should be set by choosing the highest outcome of three different models, with one model based on a flat fee per subscriber, Consequence of Sound noted. But Spotify's student discount and family plan bundles add a layer of complexity. The Copyright Royalty Board's rules say a family plan is be worth 1.5 subscribers per month and a student plan is equal to half a subscriber per month. The family plan lets six people subscribe for $15 a month, while students pay $5 a month. (A regular subscriber pays $10.) The argument by Spotify seems to be that it didn't take some subscribers into account and overpaid publishers. It's not seeking the 2018 money back immediately, but "offered to extend the recoupment period" until the end of 2019, according to Music Business Worldwide.

Read more of this story at Slashdot.


Weather forecasters are STILL banging on about 5G clashing with their sensors. As if climate change is a big deal [The Register]

Now gimme that 4K HD live stream of kittens

Analysis  The weather forecasters responsible for letting millions knowing about weather patterns, including hurricanes and tornadoes, have warned yet again that plans to auction off radio spectrum for 5G mobile networks could have a dangerous impact on their efforts.…


San Francisco Becomes First US City To Ban Sale of E-Cigarettes [Slashdot]

San Francisco voted to ban e-cigarettes in the first legislation of its kind in the United States. The Guardian reports: Supervisors approved a measure banning the sale and distribution of e-cigarettes in an effort to curb the rise of youth vaping. The measure will now go for final approval to San Francisco Mayor London Breed, who said she will sign the legislation, and stores in the city will be required to remove e-cigarettes from their shelves. After decades of decline in youth cigarette smoking, the rise of vaping has led to a major boost in nicotine use for people under the age of 21.

Read more of this story at Slashdot.


Ex-Chair of FCC Broadband Committee Gets Five Years In Prison For Fraud [Slashdot]

An anonymous reader quotes a report from Ars Technica: The former head of FCC Chairman Ajit Pai's Broadband Deployment Advisory Committee (BDAC) was sentenced to five years in prison for defrauding investors. Elizabeth Ann Pierce was CEO of Quintillion, an Alaskan telecom company, when she lied to two investment firms in New York in order to raise $270 million to build a fiber network. She also defrauded two individual investors out of $365,000 and used a large chunk of that money for personal expenses. Pierce, 55, pleaded guilty and last week was given the five-year prison sentence in U.S. District Court for the Southern District of New York, U.S. Attorney Geoffrey Berman announced. Pierce was also "ordered to forfeit $896,698.00 and all of her interests in Quintillion and a property in Texas." She will also be subject to a restitution order to compensate her victims "at a later date." Pierce landed the top sot on Pai's broadband advisory committee in April 2017. "But she left Quintillion in July 2017 as her scheme unraveled, and she resigned from the FCC advisory panel," reports Ars. "Pai appointed a new chair for his committee two months later; he thanked Pierce for her service, saying she did 'an excellent job' chairing the committee and 'wish[ed] her all the best in her future endeavors.'" According to Berman's announcement, Pierce forged contracts in order to raise $270 million from investors.

Read more of this story at Slashdot.


RIP Dyn Dynamic DNS :'( Oracle to end Dyn-asty by axing freshly gobbled services, shoving customers into its cloud [The Register]

Meanwhile, staff face cuts – and may not exist by next year

Oracle is sharpening its ax for the Dyn networking biz it acquired in 2016, with plans to slash jobs and switch off services.…


US Government Announces Nationwide Crackdown on Robocallers [Slashdot]

The US government announced a nationwide crackdown on illegal robocalls on Tuesday, targeting companies and individuals who have collectively placed over 1 billion unwanted calls for financial schemes and other services, according to the Federal Trade Commission. From a report: The crackdown involves nearly 100 cases, five of which are criminal enforcement actions. They were brought by the FTC, Justice Department, 15 states and a slew of local authorities. It marks the latest effort by regulators to battle back the tide of unwanted and illegal calls from telemarketers and scammers. Some of those targeted by the action were a major source of robocalls. Derek Jason Bartoli, a Florida man who allegedly developed, sold and used a form of software that allows millions of calls to be placed in quick succession, was responsible for 57 million calls to US phone numbers over six months in 2017, according to a federal complaint. [...] The joint action includes the states of Alabama, Arizona, Colorado, Florida, Illinois, Indiana, Michigan, Missouri, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Texas, and Virginia.

Read more of this story at Slashdot.


That's a sticky Siemens situation: Former coder blows his logic bomb guilty plea deal in court [The Register]

Happy to admit I did a great job, says alleged firefighter-arsonist. Um, nope, says judge

A programmer facing up to 10 years in the cooler, and as much as $250,000 in fines, blew his guilty plea deal on Monday – after he tried to avoid admitting full blame for his actions.…


Google Developers Are Looking At Creating A New libc For LLVM [Phoronix]

As part of Google's consolidating their different toolchains around LLVM, they are exploring the possibility of writing a new C library "libc" implementation...


New Silex Malware is Bricking IoT Devices, Has Scary Plans [Slashdot]

A new strain of malware is wiping the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017. From a report: Named Silex, this malware began operating earlier today, about three-four hours before this article's publication. The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later. Attacks are still ongoing, and according to an interview with the malware's creator, they are about to intensify in the coming days. According to Akamai researcher Larry Cashdollar, who first spotted the malware earlier today, Silex works by trashing an IoT device's storage, dropping firewall rules, removing the network configuration, and then halting the device. It's as destructive as it can get without actually frying the IoT device's circuits. To recover, victims must manually reinstall the device's firmware, a task too complicated for the majority of device owners.

Read more of this story at Slashdot.


Toys 'R' Us, Back From the Dead, Will Open US Stores in 2019 [Slashdot]

Maybe American kids will only have to live through one Christmas without Toys "R" Us. About a year after shuttering U.S. operations, the remnant of the defunct toy chain is set to return this holiday season by opening about a half dozen U.S. stores and an e-commerce site, according to a report. From the report: Richard Barry, a former Toys "R" Us executive who is now CEO of new entity Tru Kids, has been pitching his vision to reincarnate the chain to toymakers, including at an industry conference this week, said the people, who asked not to be identified because the plans aren't public. The stores are slated to be about 10,000-square feet, roughly a third of the size of the brand's big-box outlets that closed last year, the people said. The locations will also have more experiences, like play areas. The startup costs could be minimized with a consignment inventory model in which toymakers ship goods but don't get paid until consumers buy them, some of the people said.

Read more of this story at Slashdot.


FedEx fed up playing box cop, sues Uncle Sam to make it stop: 'We do transportation, not law enforcement' [The Register]

Feds are asking Huawei too much from us, complains shipping giant upset it has to police every package

FedEx is suing the US government to escape the burden of policing packages (cough, cough, tech materials) sent abroad (ahem, ahem, China).…


Oracle Dyn DNS Services Shutting Down in 2020 [Slashdot]

Oracle has sent the following email to customers of DYN service: Since Oracle acquired Dyn in 2016 (and subsequently acquired Zenedge), the engineering teams have been working diligently to integrate Dyn;s products and network into the Oracle Cloud Infrastructure. With the completion of this upgrade to Oracle Cloud Infrastructure. Oracle is announcing the end-of-life for the free Standard DNS service in favor of the enhanced, paid subscription version on the Oracle Cloud Infrastructure platform. On May 31, 2020, the 'EOL Date', the Standard DNS will be retired and will no longer be available. The following capabilities are not currently supported in Oracle Cloud Infrastructure DNS: Webhop (HTTP redirect), Dynamic DNS, Zone transfer to external nameservers, and DNSSEC.

Read more of this story at Slashdot.


Cement Produces More Pollution Than All the Trucks in the World [Slashdot]

An anonymous reader shares a report: The most astonishing thing about cement is how much air pollution it produces. Manufacturing the stone-like building material is responsible for 7% of global carbon dioxide emissions, more than what comes from all the trucks in the world. And with that in mind, it's surprising that leading cement makers from LafargeHolcim in Switzerland to Votorantim Cimentos in Brazil are finding customers slow to embrace a greener alternative. Their story highlights the difficulties of taking greenhouse gases out of buildings, roads and bridges. After wresting deep cuts from the energy industry, policymakers looking to extend the fight against global warming are increasingly focusing on construction materials and practices as a place to make further reductions. The companies are working on solutions, but buyers are reluctant to pay more. While architects and developers concentrate on the energy used by their buildings, it's actually the materials supporting the structure that embody the biggest share of its lifetime carbon footprint. Cement's contribution to emissions is especially immense because of the chemical process required to make it. About two-thirds of the polluting gases that come from cement production stem from burning limestone. Kilns are heated to more than 1,400 degrees Celsius (2,600 Fahrenheit), about four times hotter than a home oven set to the self-clean cycle. Inside the kiln, carbon trapped in the limestone combines with oxygen and is released as CO2, the most abundant greenhouse gas.

Read more of this story at Slashdot.


AWS Security Hub takes half-hearted bite out of SIEM vendors' lunches [The Register]

SIEMless pitch, amirite?

Amazon Web Services has wheeled out its Security Hub – a SIEM aggregator product – in an effort to snaffle some of the lucrative cloud SIEM market for itself.…


Benchmarking The Experimental Bcachefs File-System Against Btrfs, EXT4, F2FS, XFS & ZFS [Phoronix]

With Bcachefs core development being done and the possibility of this file-system being mainlined soon, here are some fresh benchmarks of this file-system compared to Btrfs, EXT4, F2FS, XFS, and ZFS On Linux.


It's a fullblown Crysis: Gamers press pause on PC purchases, shipments freeze [The Register]

Can I swap out the card? Then fsck the upgrade

A dip in the Chinese economy and consumers exploiting lower-priced GPUs to upgrade rather than replace their desktop rigs has led to slowdown in sales of gaming systems.…


The Eldritch Horror of Date Formatting is visited upon Tesco [The Register]

Best before end? Who reads those things anyway?

Date formatting is one of the many banes of a programmer's existence. Pity, therefore, the Tesco customer presented with a date in the Julian format.…


Ubuntu Has Started Work On A New Desktop Snap Store [Phoronix]

Ubuntu's software stores / software centers have gone through several revisions over the years and now a new Snap Store is in development...


McAfee sues ship-jumping sales staff over trade secret theft allegations [The Register]

Complaint claims rival Tanium's hires took deal data with them

McAfee is suing former senior salespeople whom it alleges stole company trade secrets when they moved to a rival security vendor.…


TUXEDO Computers Is The Latest Linux PC Vendor Eyeing Coreboot [Phoronix]

With Linux PC vendors System76 and Purism among those embracing Coreboot for freeing more of the system and appealing to open-source enthusiasts, Linux PC vendor TUXEDO from Germany is also eyeing a similar move...


Don't make a FOSS: Apache Software Foundation Board bids farewell to co-founder and two big hitters [The Register]

Over in proprietary land, musical chairs a thing at Microsoft too as former Windows Insider-in-chief quits

To lose one board member may be regarded as a misfortune, to lose two looks like carelessness, but to lose three?…


Saturday Morning Breakfast Cereal - Passive [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

I have been moving homes for 2 weeks and am out of cleverness. Wish me luck tomorrow!

Today's News:


Open-heart nerdery: Boffins suggest identifying and logging in people using ECGs [The Register]

Heartbeat rhythms could be the next biometric authentication method

Biometric systems could use the unique patterns from a person's ECG reading for biometric sign-ons.…


Mesa 19.1.1 Released - Led By RADV & Intel Driver Fixes [Phoronix]

Mesa 19.1.1 is out as the first point release to this quarter's Mesa 19.1 series that was christened earlier this month...


The in and outs of Microsoft's new Windows Terminal [The Register]

Handy features in the Store applications, but the underlying infrastructure changes matter more

Hands On  Microsoft's new terminal app is now available in the Windows Store - so naturally your vultures took it for a spin.…


We've Falcon caught it! SpaceX finally nets a fairing half after a successful Heavy launch [The Register]

Although third time unlucky as the centre stage enjoys an explosive landing

SpaceX's Falcon Heavy turned night into day this morning as the monster rocket successfully hauled itself from Kennedy Space Center's Launch Complex 39A.…


Fedora 31 Looking At No Longer Building i686 Linux Kernel Packages [Phoronix]

Not to be confused with Ubuntu's varying stance on dropping 32-bit packages beginning with their next release later this year, Fedora 31 now has a proposal pending to discontinue their i686 kernel builds but they will still be keeping with their 32-bit packaging...


Intel UMWAIT Support Queued For Linux 5.3 - New Feature For Tremont Cores [Phoronix]

Adding to the growing list of features for the upcoming Linux 5.3 kernel is now Intel UMWAIT support for better power-savings...


UK police want to Airwave hello to some more mobile devices – survey [The Register]

Long delayed Emergency Services Network probably not helping

UK police might not agree on how to measure the success of technology used on the beat, but three-quarters of them want better mobile kit - and more of it.…


Mesa 19.0.7 Now Available As The Last Of The Series [Phoronix]

Mesa 19.0.7 was released on Monday as the last Mesa 19.0 stable release, ending this quarterly update series from Q1...


Please stop regulating the dumb tubes, says Internet Society boss [The Register]

Even govt rules have knock-on effects, warns Andrew Sullivan

Interview  Andrew Sullivan, chief exec of the Internet Society, has condemned governments that "interfere in underlying technologies that people are allowed to build," as regulators increasingly target net infrastructure to enforce their visions of how the online world ought to be.…


The Great IoT Protocol War may have been won: Thread's 1.2 release aims at business [The Register]

Meanwhile in the home, it's all Google, Amazon, Apple…

Analysis  The smart home and internet-of-things market has long suffered from a plethora of protocols and standards: from X10 and ZigBee, to LightwaveRF, Z-Wave, Bluetooth, HomeKit, Weave, and Brillo. This month, however, we may finally have found a winner. Or, at least, a co-winner.…


New "-O1g" Optimization Level Proposed For The GCC Compiler [Phoronix]

A new "-O1g" optimization level has been proposed for the GNU Compiler Collection that would allow better performance but still relative ease for debugging the generated binaries...

Monday, 24 June


Sputnik? No, comrade, this is Spunknik: Frozen sperm manages to survive zero-grav in this totally realistic test [The Register]

May mean humans can travel to and infect alien worlds using cryotanks of reproductive cells

Humans may be able to colonize space after all, as a new study shows frozen sperm seems to be unaffected by the effects of microgravity.…


Linux 5.3 Kernel To Bring Ingenic KMS Driver, Rockchip RK3328 Support [Phoronix]

A final set of drm-misc-next Direct Rendering Manager driver changes were sent out at the end of last week as the remaining feature work now queued up for the upcoming Linux 5.3 kernel merge window...


What the cell...? Telcos around the world were so severely pwned, they didn't notice the hackers setting up VPN points [The Register]

Revealed: Long-running espionage campaign targets phone carriers to snoop on VIPs' location, call records

Hackers infiltrated the networks of at least ten cellular telcos around the world, and remained hidden for years, as part of a long-running tightly targeted surveillance operation, The Register has learned. This espionage campaign is still ongoing, it is claimed.…


GNOME Shell & Mutter See Their 3.33.3 Releases With Notable X11/Wayland Changes [Phoronix]

Arriving late, a few days after the GNOME 3.33.3 development snapshot, the Mutter and GNOME Shell updates are now available...


Remember that crypto-exchange boss who mysteriously died after his customers' coins disappeared? Of course he totally stole them [The Register]

So claims this Ernst & Young probe report

Gerald Cotten, the late Quadriga CEO, created a string of accounts on his Canadian cryptocurrency exchange, each under an alias and containing bogus dollar balances, according to Ernst & Young auditors. He then used those accounts, it's claimed, to buy his customers' cryptocurrency with those digitally conjured dollars that didn't actually exist, and then moved the ill-gotten Bitcoin and Ethereum to his accounts at other cryptocurrency trading sites.…


Fedora Workstation 31 Is Looking Great With Many Original Features Being Worked On [Phoronix]

Fedora Workstation 31 is shaping up to be another exciting release for this Red Hat sponsored Linux distribution. As usual, a ton of original upstream features are being worked on for this innovative desktop/workstation Linux spin...


Wayland's Weston 6.0.1 Released With Build System Fixes & Other Corrections [Phoronix]

Weston 6.0 was released back in March with a remote/streaming plug-in and Meson becoming the preferred build system among other improvements. Weston 6.0.1 was released today by Simon Ser with various fixes to this reference Wayland compositor...


Mayday, mayday. Cray, you cray cray: Investor attempts to halt HPE's $1.3bn biz gobble [The Register]

Accuses both companies of withholding essential information, claims multiple conflicts of interest

A cray cray Cray investor is attempting to scupper the supercomputer builder's pending $1.3bn acquisition by HPE, by proposing a class-action lawsuit.…


Biz tells ransomware victims it can decrypt their files... by secretly paying off the crooks and banking a fat margin [The Register]

It's all in a lucrative day's work for Red Mosquito

A Scottish managed services provider is running a lucrative sideline in ransomware decryption – however, a sting operation by a security firm appears to show that “decryption” merely means paying off the malware's masterminds.…


It's official. You can get FUCT, US Supremes tell scandalized bureaucrats in rude trademark spat [The Register]

Top court undoes snub for provocatively named clothing brand

When Erik Brunetti in 2011 first tried to obtain a trademark for his clothing company FUCT, the US Patent and Trademark Office blocked his application.…


Iran is doing to our networks what it did to our spy drone, claims Uncle Sam: Now they're bombing our hard drives [The Register]

Tehran's hackers are 'wiping' infected machines as tensions spike, fresh sanctions approved

Hackers operating on behalf of the Iranian government have turned destructive, the US Department of Homeland Security has claimed.…


BGP super-blunder: How Verizon today sparked a 'cascading catastrophic failure' that knackered Cloudflare, Amazon, etc [The Register]

'Normally you'd filter it out if some small provider said they own the internet'

Updated  Verizon sent a big chunk of the internet down a black hole this morning – and caused outages at Cloudflare, Facebook, Amazon, and others – after it wrongly accepted a network misconfiguration from a small ISP in Pennsylvania, USA.…


Ubuntu To Provide Select 32-Bit Packages For Ubuntu 19.10 & 20.04 LTS [Phoronix]

It looks like my info from this weekend was accurate, "I'm hearing that Canonical may revert course and provide limited 32-bit support." Canonical issued a statement today that they indeed will provide "selected" 32-bit packages for the upcoming Ubuntu 19.10 as well as Ubuntu 20.04 LTS...


Apple sued over fondleslab death blaze: iPad battery blamed for deadly New Jersey apartment fire [The Register]

Insurers and family fling sueballs at Cupertino giant

Apple is being sued Stateside over allegations that a faulty iPad battery caused a fire which resulted in a New Jersey man's death.…


Packet hauls microservers out of dusty grave: Whoa! Necromancy is really edgy [The Register]

Small machines with feeble CPUs are becoming interesting again

In an act of technological voodoo, bare metal cloud provider Packet has resurrected the IT trend that was last in the headlines circa 2015 - the microserver.…


Benchmarking The Intel Performance Change With Linux FSGSBASE Support [Phoronix]

As covered last week, the Linux kernel is finally about to see FSGSBASE support a feature supported by Intel CPUs going back to Ivybridge and can help performance. Since that earlier article the FS/GS BASE patches have been moved to the x86/cpu branch meaning unless any last-minute problems arise the functionality will be merged for the Linux 5.3 cycle. I've also begun running some benchmarks to see how this will change the Linux performance on Intel hardware.


One goes up, one stays on the ground and one gets ready: It's a week in space [The Register]

A trio of heavy lifters in rocket boffinry

Roundup  There was European joy, Russian frustration and a bit of a tease from the Falcon Heavy last week. And while the Pi 4 is the new shiny, spare a thought for the computers on the ISS.…


Saturday Morning Breakfast Cereal - Fundamental [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Oh God, did this week accidentally become econ joke week?

Today's News:


Bill G on Microsoft's biggest blunder... Was it Bing, Internet Explorer, Vista, the antitrust row? [The Register]

Nope: It was not giving Android a run for its money...

Bill Gates has said his biggest management miscalculation was failing to position Microsoft's Windows Phone as the primary rival mobile operating system to Apple's iOS.…


Panfrost Gallium3D Picks Up Yet More Features Thanks To Collabora's Summer Internship [Phoronix]

Just a few days ago I wrote how the Panfrost Gallium3D driver continues making incredible progress for this community-driven, open-source graphics driver targeting Arm Bifrost/Midgard graphics. There's yet another batch of new features and improvements to talk about...


Cloudflare hits the deck, websites sink from sight after the internet springs yet another BGP leak [The Register]

Ghost in the machine conspires to ruin CDN biz's 10th birthday, it seems

Updated  US network services provider Cloudflare has been celebrating its impending tenth birthday with a good, old-fashioned TITSUP*, er, knees-up.…


EE-k, a hundred grand! BT's mobile arm slapped for sending 2.5m+ unwanted texts [The Register]

Pestered folk to 'download my EE app' and 'upgrade your phone'

EE, the mobile operator arm of BT, is nursing a six-figure fine for texting more than 2.5 million pain-in-the-ass direct marketing messages to customers without their consent.…


Out of Steam? Wine draining away? Ubuntu's 64-bit-only x86 decision is causing migraines [The Register]

i386 binaries will still run, says Canonical, but it may not be good enough for key apps

Updated  Canonical's decision to effectively ditch official support for 32-bit x86 in Ubuntu 19.10 means the Steam gaming runtime is likely to run aground on the Linux operating system – and devs say the Wine compatibility layer for running Windows apps will be of little use.…


Curioser and curioser: Little Mars rover sniffs out highest ever levels of methane [The Register]

He who smelt it dealt it?

The Mars Curiosity Rover has found unexpectedly high levels of methane on the red planet.…


Vulkan 1.1.112 Released While Open-Source ANV + RADV Drivers Continue Marching Along [Phoronix]

Vulkan 1.1.112 was outed this morning as the newest documentation update to this high performance graphics and compute API...


The Windows Terminal turns up in the Microsoft Store [The Register]

Also: Azure backup for SQL dinosaurs and Machine Learning hits Windows Update

Windows 10 19H2 may still be MIA, but Azure is alive and well in the UAE.…


Raspberry Pi 4 Announced With Dual HDMI, USB 3.0, Gigabit Ethernet, V3D Driver Stack [Phoronix]

Managing to make it out today as a surprise is the Raspberry Pi 4. The Raspberry Pi 4 is a major overhaul and their most radical update yet while base pricing still starts out at $35 USD...


Cisco cleans up critical flaws, Florida city forks out $600k to ransomware scumbags, and more from infosec land [The Register]

Your quick guide to what else has been happening in computer security lately

Roundup  Here's a quick Monday summary of recent infosec news, beyond what we've already reported.…


Official x86 Zhaoxin Processor Support Is Coming With Linux 5.3 [Phoronix]

Zhaoxin is the company producing Chinese x86 CPUs created by a joint venture between VIA and the Shanghai government. The current Zhaoxin ZX CPUs are based on VIA's Isaiah design and making use of VIA's x86 license. With the Linux 5.3 kernel will be better support for these Chinese desktop x86 CPUs...


Remember the Nominet £100m dot-uk windfall it claims doesn't exist? Well, it's already begun [The Register]

Fasthosts registers all its customers' .uk domain names – just for safekeeping, you understand

Analysis  For a £100m windfall that apparently doesn't exist, the release of millions of valuable .uk domain names is stirring a lot of activity in the UK's internet name space.…


Driving Xtreme Cuts: DXC Technology waves bye bye to 45% of Americas Security divison [The Register]

50 roles shifted off to India

DXC Technology is sending hundreds of security personnel from the America's division down the redundancy chute and offshoring some of those roles to low-cost centres, insiders are telling us.…


Having bank problems? I feel bad for you son: I've got 25 million problems, but a bulk upload ain't one [The Register]

It was acceptable in the Eighties

Who, Me?  Sunday is gone and Monday is here. To ring in the week, please join us in welcoming the latest addition to the shedload of shame that is The Register's Who, Me? column.…


Using i3 with multiple monitors [Fedora Magazine]

Are you using multiple monitors with your Linux workstation? Seeing many things at once might be beneficial. But there are often much more windows in our workflows than physical monitors — and that’s a good thing, because seeing too many things at once might be distracting. So being able to switch what we see on individual monitors seems crucial.

Let’s talk about i3 — a popular tiling window manager that works great with multiple monitors. And there is one handy feature that many other window managers don’t have — the ability to switch workspaces on individual monitors independently.

Quick introduction to i3

The Fedora Magazine has already covered i3 about three years ago. And it was one of the most popular articles ever published! Even though that’s not always the case, i3 is pretty stable and that article is still very accurate today. So — not to repeat ourselves too much — this article only covers the very minimum to get i3 up and running, and you’re welcome to go ahead and read it if you’re new to i3 and want to learn more about the basics.

To install i3 on your system, run the following command:

$ sudo dnf install i3

When that’s done, log out, and on the log in screen choose i3 as your window manager and log back in again.

When you run i3 for the first time, you’ll be asked if you wish to proceed with automatic configuration — answer yes here. After that, you’ll be asked to choose a “mod key”. If you’re not sure here, just accept the default which sets you Windows/Super key as the mod key. You’ll use this key for mostly all the shortcuts within the window manager.

At this point, you should see a little bar at the bottom and an empty screen. Let’s have a look at some of the basic shortcuts.

Open a terminal using:

$mod + enter

Switch to a second workspace using:

$mod + 2

Open firefox in two steps, first by:

$mod + d

… and then by typing “firefox” and pressing enter.

Move it to the first workspace by:

$mod + shift + 1

… and switch to the first workspace by:

$mod + 1

At this point, you’ll see a terminal and a firefox window side by side. To close a window, press:

$mod + shift + q

There are more shortcuts, but these should give you the minimum to get started with i3.

Ah! And to exit i3 (to log out) press:

$mod + shift + e

… and then confirm using your mouse at the top-right corner.

Getting multiple screens to work

Now that we have i3 up and running, let’s put all those screens to work!

To do that, we’ll need to use the command line as i3 is very lightweight and doesn’t have gui to manage additional screens. But don’t worry if that sounds difficult — it’s actually quite straightforward!

The command we’ll use is called xrandr. If you don’t have xrandr on your system, install it by running:

$ sudo dnf install xrandr

When that’s installed, let’s just go ahead and run it:

$ xrandr

The output lists all the available outputs, and also indicated which have a screen attached to them (a monitor connected with a cable) by showing supported resolutions. Good news is that we don’t need to really care about the specific resolutions to make the them work.

This specific example shows a primary screen of a laptop (named eDP1), and a second monitor connected to the HDMI-2 output, physically positioned right of the laptop. To turn it on, run the following command:

$ xrandr --output HDMI-2 --auto --right-of eDP1

And that’s it! Your screen is now active.

Second screen active. The commands shown on this screenshot are slightly different than in the article, as they set a smaller resolution to make the screenshots more readable.

Managing workspaces on multiple screens

Switching workspaces and creating new ones on multiple screens is very similar to having just one screen. New workspaces get created on the screen that’s currently active — the one that has your mouse cursor on it.

So, to switch to a specific workspace (or to create a new one in case it doesn’t exist), press:

$mod + NUMBER

And you can switch workspaces on individual monitors independently!

Workspace 2 on the left screen, workspace 4 on the right screen.
Left screen switched to workspace 3, right screen still showing workspace 4.
Right screen switched to workspace 4, left screen still showing workspace 3.

Moving workspaces between monitors

The same way we can move windows to different workspaces by the following command:

$mod + shift + NUMBER

… we can move workspaces to different screens as well. However, there is no default shortcut for this action — so we have to create it first.

To create a custom shortcut, you’ll need to open the configuration file in a text editor of your choice (this article uses vim):

$ vim ~/.config/i3/config

And add the following lines to the very bottom of the configuration file:

# Moving workspaces between screens 
bindsym $mod+p move workspace to output right

Save, close, and to reload and apply the configuration, press:

$mod + shift + r

Now you’ll be able to move your active workspace to the second monitor by:

$mod + p
Workspace 2 with Firefox on the left screen
Workspace 2 with Firefox moved to the second screen

And that’s it! Enjoy your new multi-monitor experience, and to learn more about i3, you’re welcome to read the previous article about i3 on the Fedora Magazine, or consult the official i3 documentation.


Fedora's GRUB2 EFI Build To Offer Greater Security Options [Phoronix]

In addition to disabling root password-based SSH log-ins by default, another change being made to Fedora 31 in the name of greater security is adding some additional GRUB2 boot-loader modules to be built-in for their EFI boot-loader...


Go fourth and multi-Pi: Raspberry Pi 4 lands today with quad 1.5GHz Arm Cortex-A72 CPU cores, up to 4GB RAM... [The Register]

...And more, including dual 4K monitor outputs that you'll need new cables for

The Raspberry Pi Foundation has multiplied 3 by 3 and come up with 4: today a new Pi, the Raspberry Pi 4, officially launches with three times the grunt of the previous generation, the Raspberry Pi 3.…

Sunday, 23 June


Get a grip on Lambda, Kubernetes, Azure Functions, and more, at Serverless Computing London – save £100s today with blind bird tix [The Register]

Discount offer expires tonight so hurry, hurry, hurry

Event  If you want to learn how organisations like Lego, Well pharmacy and Bayer are putting AWS Lambda, Function as a Service (FaaS), and Azure Functions to work, you should join us at Serverless Computing London this coming November.…


FreeBSD's Release Engineering Lead Departs The Foundation [Phoronix]

Well known FreeBSD developer and leader of their release engineering team, Glen Barber, has left the FreeBSD Foundation but will continue working on FreeBSD as well as coordinating its releases...


There's A Professional Grade Digital Cinema Camera Powered By Linux [Phoronix]

Digital camera startup Octopus Cinema has been designing the "OCTOPUSCAMERA" as a digital cinema camera that's professional grade yet is an open platform with removable/upgradeable parts and this camera platform itself is running Linux...



Ubuntu Developer Talks Down Impact Of 32-Bit Changes For Ubuntu 19.10 [Phoronix]

Following Valve saying they won't be officially supporting Ubuntu 19.10 and Wine developers questioning their Ubuntu 32-bit builds following the announcement this week of not providing new 32-bit packages for new Ubuntu releases, longtime Ubuntu developer and Canonical employee Steve Langasek is trying to provide some clarity into the situation...


AMD Sends In Navi Support & Other Remaining AMDGPU Changes For Linux 5.3 [Phoronix]

On Saturday night AMDGPU/Radeon DRM maintainer Alex Deucher sent in the final batch of feature updates to DRM-Next that is targeting the upcoming Linux 5.3 kernel...


KDE's Night Color Feature Being Ported From Wayland To X11 [Phoronix]

It's another busy summer in the KDE space with a nice mixture of bug fixes and features being pursued for KDE Frameworks, KDE Plasma, and KDE Applications...


Fedora 31 Will Finally Disable OpenSSH Root Password-Based Logins By Default [Phoronix]

Fedora 31 will harden up its default configuration by finally disabling password-based OpenSSH root log-ins, matching the upstream default of the past four years and behavior generally enforced by other Linux distributions...


Linux Kernel "LOCKDOWN" Ported To Being An LSM, Still Undergoing Review [Phoronix]

It didn't make it for the Linux 5.2 kernel and now it's up to its 33rd revision on the Linux kernel mailing list... The "lockdown" patches for locking down access to various kernel hardware features has been reworked now and is a Linux Security Module (LSM) as it still tries to get enough endorsements to be mainlined...


DragonFlyBSD Picks Up Radeon Performance Improvements With Latest Code Update [Phoronix]

Slipping just past this week's DragonFlyBSD 5.6 release is now an early feature for the next series: continued work on the Radeon DRM driver ported to this BSD from the Linux kernel...

Saturday, 22 June


Yay, for AI: Autonomous pizza-delivery robots. Nay for AI: Big Brother is real and it's powered by neural networks [The Register]

Also Waymo is releasing a data set for you self-driving car nerds

Roundup  If you wanna know what's been happening in AI this week beyond what we've already covered, here's a quick roundup...…


Saturday Morning Breakfast Cereal - Screentime [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

You can tell she has a problem because she never stops wearing the same blue shirt.

Today's News:

Friday, 21 June


Saturday Morning Breakfast Cereal - Teleporter [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

It's not a particularly good plant, but it's still better than you.

Today's News:


Making Fedora 30 [Fedora Magazine]

What does it take to make a Linux distribution like Fedora 30? As you might expect, it’s not a simple process.

Changes in Fedora 30

Although Fedora 29 released on October 30, 2018, work on Fedora 30 began long before that. The first change proposal was submitted in late August. By my count, contributors made nine separate change proposals for Fedora 30 before Fedora 29 shipped.

Some of these proposals come early because they have a big impact, like mass removal of Python 2 packages. By the time the proposal deadline arrived in early January, the community had submitted 50 change proposals.

Of course, not all change proposals make it into the shipped release. Some of them are more focused on how we build the release instead of what we release. Others don’t get done in time. System-wide changes must have a contingency plan. These changes are generally evaluated at one of three points in the schedule: when packages branch from Rawhide, at the beginning of the Beta freeze, and at the beginning of the Final freeze. For Fedora 30, 45 Change proposals were still active for the release.

Fedora has a calendar-based release schedule, but that doesn’t mean we ship whatever exists on a given date. We have a set of release criteria that we test against, and we don’t put out a release until all the blockers are resolved. This sometimes means a release is delayed, but it’s important that we ship reliable software.

For the Fedora 30 development cycle, we accepted 22 proposed blocker bugs and rejected 6. We also granted 33 freeze exceptions — bugs that can be fixed during the freeze because they impact the released artifacts or are otherwise important enough to include in the release.

Other contributions

Of course, there’s more to making a release than writing or packaging the code, testing it, and building the images. As with every release, the Fedora Design team created a new desktop background along with several supplemental wallpapers. The Fedora Marketing team wrote release announcements and put together talking points for the Ambassadors and Advocates to use when talking to the broader community.

If you’ve looked at our new website, that was the work of the Websites team in preparation for the Fedora 30 release:

The Documentation Team wrote Release Notes and updated other documentation. Translators provided translations to dozens of languages.

Many other people made contributions to the release of Fedora 30 in some way. It’s not easy to count everyone who has a hand in producing a Linux distribution, but we appreciate every one of our contributors. If you would like to join the Fedora Community but aren’t sure where to start, check out What Can I Do For Fedora?

Photo by Robin Sommer on Unsplash.

Thursday, 20 June



Saturday Morning Breakfast Cereal - Pirate [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Also comics where you say 'arr' for no reason.

Today's News:


Critical Firefox vulnerability fixed in 67.0.3 [Fedora Magazine]

On Tuesday, Mozilla issued a security advisory for Firefox, the default web browser in Fedora. This advisory concerns a CVE for a vulnerability based on type confusion that can happen when JavaScript objects are being manipulated. It can be used to crash your browser. There are apparently already attacks in the wild that exploit the issue. Read on for more information, and how to protect your system against this flaw.

At the same time the security vulnerability was issued, Mozilla also released Firefox 67.0.3 (and ESR 60.7.1) to fix the issue.

Updating Firefox in Fedora

Firefox 67.0.3 (with the security fixes) has already been pushed to the stable Fedora repositories. The security fix will be applied to your system with your next update. You can also update the firefox package only by running the following command:

$ sudo dnf update --refresh firefox

This command requires you to have sudo setup. Note that not every Fedora mirrors syncs at the same rate. Community sites graciously donate space and bandwidth these mirrors to carry Fedora content. You may need to try again later if your selected mirror is still awaiting the latest update.

Wednesday, 19 June


Saturday Morning Breakfast Cereal - Torture [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

If that doesn't work, the next step is putting in contact lenses.

Today's News:


Get the latest Ansible 2.8 in Fedora [Fedora Magazine]

Ansible is one of the most popular automation engines in the world. It lets you automate virtually anything, from setup of a local system to huge groups of platforms and apps. It’s cross platform, so you can use it with all sorts of operating systems. Read on for more information on how to get the latest Ansible in Fedora, some of its changes and improvements, and how to put it to use.

Releases and features

Ansible 2.8 was recently released with many fixes, features, and enhancements. It was available in Fedora mere days afterward as an official update in Fedora 29 and 30, as well as EPEL. The follow-on version 2.8.1 released two weeks ago. Again, the new release was available within a few days in Fedora.

Installation is, of course, easy to do from the official Fedora repositories using sudo:

$ sudo dnf -y install ansible

The 2.8 release has a long list of changes, and you can read them in the Porting Guide for 2.8. But they include some goodies, such as Python interpreter discovery. Ansible 2.8 now tries to figure out which Python is preferred by the platform it runs on. In cases where that fails, Ansible uses a fallback list. However, you can still use a variable ansible_python_interpreter to set the Python interpreter.

Another change makes Ansible more consistent across platforms. Since sudo is more exclusive to UNIX/Linux, and other platforms don’t have it, become is now used in more places. This includes command line switches. For example, –ask-sudo-pass has become –ask-become-pass, and the prompt is now BECOME password: instead.

There are many more features in the 2.8 and 2.8.1 releases. Do check out the official changelog on GitHub for all the details.

Using Ansible

Maybe you’re not sure if Ansible is something you could really use. Don’t worry, you might not be alone in thinking that, because it’s so powerful. But it turns out that it’s not hard to use it even for simple or individual setups like a home with a couple computers (or even just one!).

We covered this topic earlier in the Fedora magazine as well:

Give Ansible a try and see what you think. The great part about it is that Fedora stays quite up to date with the latest releases. Happy automating!

Tuesday, 18 June


Saturday Morning Breakfast Cereal - Staying Married [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

The sounds moving past your father's child-like beard are correct.

Today's News:

Monday, 17 June


Saturday Morning Breakfast Cereal - Lost Chapter [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Honestly, I was a bit relieved when we cut this chapter, because of the twin dangers of pissing off anti-nuclear people and pro-thorium people. Wish me luck!

Today's News:

Thanks, geeks! We hope you like it.


Saturday Morning Breakfast Cereal - Tower [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Can we agree that this is the least bad horse I've ever drawn?

Today's News:

Sunday, 16 June



Saturday Morning Breakfast Cereal - Philosopher [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Dude, I gave you free will so we could have this conversation and you're barely speaking.

Today's News:

Saturday, 15 June


Saturday Morning Breakfast Cereal - Death [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

I am prepared to offer my services as spokesman, Walmart.

Today's News:

Friday, 14 June


Saturday Morning Breakfast Cereal - Findings [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Somewhere, there's a scientist reading this, wonder why I made a comic with no hyperbole.

Today's News:


Personal assistant with Mycroft and Fedora [Fedora Magazine]

Looking for an open source personal assistant ? Mycroft is allowing you to run an open source service which gives you better control of your data.

Install Mycroft on Fedora

Mycroft is currently not available in the official package collection, but it can be easily installed from the project source. The first step is to download the source from Mycroft’s GitHub repository.

$ git clone

Mycroft is a Python application and the project provides a script that takes care of creating a virtual environment before installing Mycroft and its dependencies.

$ cd mycroft-core
$ ./

The installation script prompts the user to help him with the installation process. It is recommended to run the stable version and get automatic updates.

When prompted to install locally the Mimic text-to-speech engine, answer No. Since as described in the installation process this can take a long time and Mimic is available as an rpm package in Fedora so it can be installed using dnf.

$ sudo dnf install mimic

Starting Mycroft

After the installation is complete, the Mycroft services can be started using the following script.

$ ./ all

In order to start using Mycroft the device running the service needs to be registered. To do that an account is needed and can be created at

Once the account created, it is possible to add a new device at the following address Adding a new device requires a pairing code that will be spoken to you by your device after starting all the services.

The device is now ready to be used.

Using Mycroft

Mycroft provides a set of skills that are enabled by default or can be downloaded from the Marketplace. To start you can simply ask Mycroft how is doing, or what the weather is.

Hey Mycroft, how are you ?

Hey Mycroft, what's the weather like ?

If you are interested in how things works, the script provides a cli option that lets you interact with the services using the command line. It is also displaying logs which is really useful for debugging.

Mycroft is always trying to learn new skills, and there are many way to help by contributing the Mycroft community.

Photo by Przemyslaw Marczynski on Unsplash

Thursday, 13 June


Saturday Morning Breakfast Cereal - Analogy [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Now I'm just hoping we didn't do this in Soonish.

Today's News:

Wednesday, 12 June


Saturday Morning Breakfast Cereal - Check Please [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

There's an underappreciated world of erotic complexity class humor.

Today's News:

Every time I do a joke like this I feel the need to personally apologize to Scott Aaronson.


Installing alternative versions of RPMs in Fedora [Fedora Magazine]

Modularity enables Fedora to provide alternative versions of RPM packages in the repositories. Several different applications, language runtimes, and tools are available in multiple versions, build natively for each Fedora release. 

The Fedora Magazine has already covered Modularity in Fedora 28 Server Edition about a year ago. Back then, it was just an optional repository with additional content, and as the title hints, only available to the Server Edition. A lot has changed since then, and now Modularity is a core part of the Fedora distribution. And some packages have moved to modules completely. At the time of writing — out of the 49,464 binary RPM packages in Fedora 30 — 1,119 (2.26%) come from a module (more about the numbers).

Modularity basics

Because having too many packages in multiple versions could feel overwhelming (and hard to manage), packages are grouped into modules that represent an application, a language runtime, or any other sensible group.

Modules often come in multiple streams — usually representing a major version of the software. Available in parallel, but only one stream of each module can be installed on a given system.

And not to overwhelm users with too many choices, each Fedora release comes with a set of defaults — so decisions only need to be made when desired.

Finally, to simplify installation, modules can be optionally installed using pre-defined profiles based on a use case. A database module, for example, could be installed as a client, a server, or both.

Modularity in practice

When you install an RPM package on your Fedora system, chances are it comes from a module stream. The reason why you might not have noticed is one of the core principles of Modularity — remaining invisible until there is a reason to know about it.

Let’s compare the following two situations. First, installing the popular i3 tiling window manager, and second, installing the minimalist dwm window manager:

$ sudo dnf install i3

As expected, the above command installs the i3 package and its dependencies on the system. Nothing else happened here. But what about the other one?

$ sudo dnf install dwm
Enabling module streams:
dwm 6.1

It feels the same, but something happened in the background — the default dwm module stream (6.1) got enabled, and the dwm package from the module got installed.

To be transparent, there is a message about the module auto-enablement in the output. But other than that, the user doesn’t need to know anything about Modularity in order to use their system the way they always did.

But what if they do? Let’s see how a different version of dwm could have been installed instead.

Use the following command to see what module streams are available:

$ sudo dnf module list
dwm latest ...
dwm 6.0 ...
dwm 6.1 [d] ...
dwm 6.2 ...
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

The output shows there are four streams of the dwm module, 6.1 being the default.

To install the dwm package in a different version — from the 6.2 stream for example — enable the stream and then install the package by using the two following commands:

$ sudo dnf module enable dwm:6.2
Enabling module streams:
dwm 6.2
$ sudo dnf install dwm

Finally, let’s have a look at profiles, with PostgreSQL as an example.

$ sudo dnf module list
postgresql 9.6 client, server ...
postgresql 10 client, server ...
postgresql 11 client, server ...

To install PostgreSQL 11 as a server, use the following command:

$ sudo dnf module install postgresql:11/server

Note that — apart from enabling — modules can be installed with a single command when a profile is specified.

It is possible to install multiple profiles at once. To add the client tools, use the following command:

$ sudo dnf module install postgresql:11/client

There are many other modules with multiple streams available to choose from. At the time of writing, there were 83 module streams in Fedora 30. That includes two versions of MariaDB, three versions of Node.js, two versions of Ruby, and many more.

Please refer to the official user documentation for Modularity for a complete set of commands including switching from one stream to another.

Tuesday, 11 June


Saturday Morning Breakfast Cereal - Parenting [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Peak romance about children happens right around the month before pregnancy.

Today's News:

Monday, 10 June


Saturday Morning Breakfast Cereal - Behold [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

Actually if anyone would sell me one of these I'd be prepared to pay a considerable sum.

Today's News:

This is just about as autobiographical as I get.


Applications for writing Markdown [Fedora Magazine]

Markdown is a lightweight markup language that is useful for adding formatting while still maintaining readability when viewing as plain text. Markdown (and Markdown derivatives) are used extensively as the primary form of markup of documents on services like GitHub and pagure. By design, Markdown is easily created and edited in a text editor, however, there are a multitude of editors available that provide a formatted preview of Markdown markup, and / or provide a text editor that highlights the markdown syntax.

This article covers 3 desktop applications for Fedora Workstation that help out when editing Markdown.


UberWriter is a minimal Markdown editor and previewer that allows you to edit in text, and preview the rendered document.

The editor itself has inline previews built in, so text marked up as bold is displayed bold. The editor also provides inline previews for images, formulas, footnotes, and more. Ctrl-clicking one of these items in the markup provides an instant preview of that element to appear.

In addition to the editor features, UberWriter also features a full screen mode and a focus mode to help minimise distractions. Focus mode greys out all but the current paragraph to help you focus on that element in your document

Install UberWriter on Fedora from the 3rd-party Flathub repositories. It can be installed directly from the Software application after setting up your system to install from Flathub


Marker is a Markdown editor that provides a simple text editor to write Markdown in, and provides a live preview of the rendered document. The interface is designed with a split screen layout with the editor on the left, and the live preview on the right.

Additionally, Marker allows you to export you document in a range of different formats, including HTML, PDF, and the Open Document Format (ODF).

Install Marker on Fedora from the 3rd-party Flathub repositories. It can be installed directly from the Software application after setting up your system to install from Flathub


Where the previous editors are more focussed on a minimal user experice, Ghostwriter provides many more features and options to play with. Ghostwriter provides a text editor that is partially styled as you write in Markdown format. Bold text is bold, and headings are in a larger font to assist in writing the markup.

It also provides a split screen with a live updating preview of the rendered document.

Ghostwriter also includes a range of other features, including the ability to choose the Markdown flavour that the preview is rendered in, as well as the stylesheet used to render the preview too.

Additionally, it provides a format menu (and keyboard shortcuts) to insert some of the frequent markdown ‘tags’ like bold, bullets, and italics.

Install Ghostwriter on Fedora from the 3rd-party Flathub repositories. It can be installed directly from the Software application after setting up your system to install from Flathub

Sunday, 09 June


Saturday Morning Breakfast Cereal - Heritable [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

I've been in the middle of moving lately and can't help but notice that now that I have less time to think per comic ALL of the idiots are redheasd.

Today's News:

Saturday, 08 June

Friday, 07 June


Saturday Morning Breakfast Cereal - Starfish [Saturday Morning Breakfast Cereal]

Click here to go see the bonus panel!

I wonder if starfish watch fragmentation erotica.

Today's News:


Contribute to Fedora Magazine [Fedora Magazine]

Do you want to share a piece of Fedora news for the general public? Have a good idea for how to do something using Fedora? Do you or someone you know use Fedora in an interesting way?

We’re always looking for new contributors to write awesome, relevant content. The Magazine is run by the Fedora community — and that’s all of us. You can help too! It’s really easy.Read on to find out how.


What content do we need?

Glad you asked. We often feature material for desktop users, since there are many of them out there! But that’s not all we publish. We want the Magazine to feature lots of different content for the general public.

Sysadmins and power users

We love to publish articles for system administrators and power users who dive under the hood. Here are some recent examples:


We don’t forget about developers, either. We want to help people use Fedora to build and make incredible things. Here are some recent articles focusing on developers:

Interviews, projects, and links

We also feature interviews with people using Fedora in interesting ways. We even link to other useful content about Fedora. We’ve run interviews recently with people using Fedora to increase security, administer infrastructure, or give back to the community. You can help here, too — it’s as simple as exchanging some email and working with our helpful staff.

How do I get started?

It’s easy to start writing for Fedora Magazine! You just need to have decent skill in written English, since that’s the language in which we publish. Our editors can help polish your work for maximum impact.

Follow this easy process to get involved.

The Magazine team will guide you through getting started. The team also hangs out on #fedora-mktg on Freenode. Drop by, and we can help you get started.

Image courtesy Dustin Lee – originally posted to Unsplash as Untitled

Thursday, 06 June

Wednesday, 05 June


Tweaking the look of Fedora Workstation with themes [Fedora Magazine]

Changing the theme of a desktop environment is a common way to customize your daily experience with Fedora Workstation. This article discusses the 4 different types of visual themes you can change and how to change to a new theme. Additionally, this article will cover how to install new themes from both the Fedora repositories and 3rd party theme sources.

Theme Types

When changing the theme of Fedora Workstation, there are 4 different themes that can be changed independently of each other. This allows a user to mix and match the theme types to customize their desktop in a multitude of combinations. The 4 theme types are the Application (GTK) theme, the shell theme, the icon theme, and the cursor theme.

Application (GTK) themes

As the name suggests, Application themes change the styling of the applications that are displayed on a user’s desktop. Application themes control the style of the window borders and the window titlebar. Additionally, they also control the style of the widgets in the windows — like dropdowns, text inputs, and buttons. One point to note is that an application theme does not change the icons that are displayed in an application — this is achieved using the icon theme.

Two application windows with two different application themes. The default Adwaita theme on the left, the Adapta theme on the right.

Application themes are also known as GTK themes, as GTK (GIMP Toolkit) is the underlying technology that is used to render the windows and user interface widgets in those windows on Fedora Workstation.

Shell Themes

Shell themes change the appearance of the GNOME Shell. The GNOME Shell is the technology that displays the top bar (and the associated widgets like drop downs), as well as the overview screen and the applications list it contains.

Comparison of two Shell themes, with the Fedora Workstation default on top, and the Adapta shell theme on the bottom.

Icon Themes

As the name suggests, icon themes change the icons used in the desktop. Changing the icon theme will change the icons displayed both in the Shell, and in applications.

Comparison of two icon themes, with the Fedora 30 Workstation default Adwaita on the left, and the Yaru icon theme on the right

One important item to note with icon themes is that all icon themes will not have customized icons for all application icons. Consequently, changing the icon theme will not change all the icons in the applications list in the overview.

Comparison of two icon themes, with the Fedora 30 Workstation default Adwaita on the top, and the Yaru icon theme on the bottom

Cursor Theme

The cursor theme allows a user to change how the mouse pointer is displayed. Most cursor themes change all the common cursors, including the pointer, drag handles and the loading cursor.

Comparison of multiple cursors of two different cursor themes. Fedora 30 default is on the left, the Breeze Snow theme on the right.

Changing the themes

Changing themes on Fedora Workstation is a simple process. To change all 4 types of themes, use the Tweaks application. Tweaks is a tool used to change a range of different options in Fedora Workstation. It is not installed by default, and is installed using the Software application:

Alternatively, install Tweaks from the command line with the command:

sudo dnf install gnome-tweak-tool

In addition to Tweaks, to change the Shell theme, the User Themes GNOME Shell Extension needs to be installed and enabled. Check out this post for more details on installing extensions.

Next, launch Tweaks, and switch to the Appearance pane. The Themes section in the Appearance pane allows the changing of the multiple theme types. Simply choose the theme from the dropdown, and the new theme will apply automatically.

Installing themes

Armed with the knowledge of the types of themes, and how to change themes, it is time to install some themes. Broadly speaking, there are two ways to install new themes to your Fedora Workstation — installing theme packages from the Fedora repositories, or manually installing a theme. One point to note when installing themes, is that you may need to close and re-open the Tweaks application to make a newly installed theme appear in the dropdowns.

Installing from the Fedora repositories

The Fedora repositories contain a small selection of additional themes that once installed are available to we chosen in Tweaks. Theme packages are not available in the Software application, and have to be searched for and installed via the command line. Most theme packages have a consistent naming structure, so listing available themes is pretty easy.

To find Application (GTK) themes use the command:

dnf search gtk | grep theme

To find Shell themes:

dnf search shell-theme

Icon themes:

dnf search icon-theme

Cursor themes:

dnf search cursor-theme

Once you have found a theme to install, install the theme using dnf. For example:

sudo dnf install numix-gtk-theme

Installing themes manually

For a wider range of themes, there are a plethora of places on the internet to find new themes to use on Fedora Workstation. Two popular places to find themes are OpenDesktop and GNOMELook.

Typically when downloading themes from these sites, the themes are encapsulated in an archive like a tar.gz or zip file. In most cases, to install these themes, simply extract the contents into the correct directory, and the theme will appear in Tweaks. Note too, that themes can be installed either globally (must be done using sudo) so all users on the system can use them, or can be installed just for the current user.

For Application (GTK) themes, and GNOME Shell themes, extract the archive to the .themes/ directory in your home directory. To install for all users, extract to /usr/share/themes/

For Icon and Cursor themes, extract the archive to the .icons/ directory in your home directory. To install for all users, extract to /usr/share/icons/

Tuesday, 04 June


Monday, 03 June


Submissions now open for the Fedora 31 supplemental wallpapers [Fedora Magazine]

Have you always wanted to start contributing to Fedora but don’t know how? Submitting a supplemental wallpaper is one of the easiest ways to start as a Fedora contributor. Keep reading to learn how.

Each release, the Fedora Design team works with the community on a set of 16 additional wallpapers. Users can install and use these to supplement the standard wallpaper. And submissions are now open for the Fedora 31 Supplemental Wallpapers.

Dates and deadlines

The submission phase opens June 3, 2019 and ends July 26, 2019 at 23:59 UTC.

Important note: In certain circumstances, submissions during the last hours may not get into the election, if there is no time to do legal research. The legal research is done by hand and very time consuming. Please help by following the guidelines correctly and submit only work that has a correct license.

Please stay away to submit pictures of pets, especially cats.

The voting will open August 1, 2019 and will be open until August 16, 2019 at 23:59 UTC.

How to contribute to this package

Fedora uses the Nuancier application to manage the submissions and the voting process. To submit, you need an Fedora account. If you don’t have one, you can create one here. To vote you must have membership in another group such as cla_done or cla_fpca.

For inspiration you can look to former submissions and the  previous winners. Here are some from the last election:

You may only upload two submissions into Nuancier. In case you submit multiple versions of the same image, the team will choose one version of it and accept it as one submission, and deny the other one.

Previously submissions that were not selected should not be resubmitted, and may be rejected. Creations that lack essential artistic quality may also be rejected.

Denied submissions into Nuancier count. Therefore, if you make two submissions and both are rejected, you cannot submit more. Use your best judgment for your submissions.


You can also earn badges for contributing. One badge is for an accepted submission. Another badge is awarded if your submission is a chosen wallpaper. A third is awarded if you participate in the voting process. You must claim this badge during the voting process, as it is not granted automatically.

Sunday, 02 June

Saturday, 01 June

Friday, 31 May


Use Firefox Send with ffsend in Fedora [Fedora Magazine]

ffsend is the command line client of Firefox Send. This article will show how Firefox Send and ffsend work. It’ll also detail how it can be installed and used in Fedora.

What are Firefox Send and ffsend ?

Firefox Send is a file sharing tool from Mozilla that allows sending encrypted files to other users. You can install Send on your own server, or use the Mozilla-hosted link The hosted version officially supports files up to 1 GB, and links that expire after a configurable download count (default of 1) or 24 hours, and then all the files on the Send server are deleted. This tool is still in experimental phase, and therefore shouldn’t be used in production or to share important or sensitive data.

While Firefox Send is the tool itself and can be used with a web interface, ffsend is a command-line utility you can use with scripts and arguments. It has a wide range of configuration options and can be left working in the background without any human intervention.

How does it work?

FFSend can both upload and download files. The remote host can use either the Firefox tool or another web browser to download the file. Neither Firefox Send nor ffsend require the use of Firefox.

It’s important to highlight that ffsend uses client-side encryption. This means that files are encrypted before they’re uploaded. You share secrets together with the link, so be careful when sharing, because anyone with the link will be able to download the file. As an extra layer of protection, you can protect the file with a password by using the following argument:

ffsend password URL -p PASSWORD

Other features

There are a few other features worth mentioning. Here’s a list:

  • Configurable download limit, between 1 and 20 times, before the link expires
  • Built-in extract and archiving functions
  • Track history of shared files
  • Inspect or delete shared files
  • Folders can be shared as well, either as they are or as compressed files
  • Generate a QR code, for easier download on a mobile phone

How to install in Fedora

While Fedora Send works with Firefox without installing anything extra, you’ll need to install the CLI tool to use ffsend. This tool is in the official repositories, so you only need a simple dnf command with sudo.

$ sudo dnf install ffsend

After that, you can use ffsend from the terminal .

Upload a file

Uploading a file is a simple as

$ ffsend upload /etc/os-release
Upload complete
Share link:

The file now can be easily share using the Share link URL.

Downloading a file

Downloading a file is as simple as uploading.

$ ffsend download
Download complete

Before downloading a file it might be useful to check if the file exist and get information about it. ffsend provides 2 handy commands for that.

$ ffsend exists
Exists: true
Password: false
$ ffsend info
ID: 88a6324e2a99ebb6
Downloads: 0 of 1
Expiry: 23h59m (86388s

Upload history

ffsend also provides a way to check the history of the uploads made with the tools. This can be really useful if you upload a lot of files during a scripted tasks for example and you want to keep track of each files download status.

$ ffsend history
1 23h59m
2 23h54m

Delete a file

Another useful feature is the possibility to delete a file.

ffsend delete

Firefox Send is a great service and the ffsend tools makes it really convenient to use from the terminal. More examples and documentation is available on ffsend‘s Gitlab repository.

Thursday, 30 May

Wednesday, 29 May


Fedora 28 End of Life [Fedora Magazine]

With the recent release of Fedora 30Fedora 28 officially enters End Of Life (EOL) status effective May 28, 2019. This impacts any systems still on Fedora 28. If you’re not sure what that means to you, read more below.

At this point, packages in the Fedora 28 repositories no longer receive security, bugfix, or enhancement updates. Furthermore, the community adds no new packages to the Fedora 28 collection starting at End of Life. Essentially, the Fedora 28 release will not change again, meaning users no longer receive the normal benefits of this leading-edge operating system.

There’s an easy, free way to keep those benefits. If you’re still running an End of Life version such as Fedora 28, now is the perfect time to upgrade to Fedora 29 or to Fedora 30. Upgrading gives you access to all the community-provided software in Fedora.

Looking back at Fedora 28

Fedora 28 was released on May 1, 2018. As part of their commitment to users, Fedora community members released over 9,700 updates.

This release featured, among many other improvements and upgrades:

  • GNOME 3.28
  • Easier options for third-party repositories
  • Automatic updates for the Fedora Atomic Host
  • The new Modular repository, allowing you to select from different versions of software for your system

Of course, the Project also offered numerous alternative spins of Fedora, and support for multiple architectures.

About the Fedora release cycle

The Fedora Project offers updates for a Fedora release until a month after the second subsequent version releases. For example, updates for Fedora 29 continue until one month after the release of Fedora 31. Fedora 30 continues to be supported up until one month after the release of Fedora 32.

The Fedora Project wiki contains more detailed information about the entire Fedora Release Life Cycle. The lifecycle includes milestones from development to release, and the post-release support period.


Packit – packaging in Fedora with minimal effort [Fedora Magazine]

What is packit

Packit ( is a CLI tool that helps you auto-maintain your upstream projects into the Fedora operating system. But what does it really mean?

As a developer, you might want to update your package in Fedora. If you’ve done it in the past, you know it’s no easy task. If you haven’t let me reiterate: it’s no easy task.

And this is exactly where packit can help: once you have your package in Fedora, you can maintain your SPEC file upstream and, with just one additional configuration file, packit will help you update your package in Fedora when you update your source code upstream.

Furthermore, packit can synchronize downstream changes to a SPEC file back into the upstream repository. This could be useful if the SPEC file of your package is changed in Fedora repositories and you would like to synchronize it into your upstream project.

Packit also provides a way to build an SRPM package based on an upstream repository checkout, which can be used for building RPM packages in COPR.

Last but not least, packit provides a status command. This command provides information about upstream and downstream repositories, like pull requests, release and more others.

Packit provides also another two commands: build and create-update.

The command packit build performs a production build of your project in Fedora build system – koji. You can Fedora version you want to build against using an option –dist-git-branch. The command packit create-updates creates a Bodhi update for the specific branch using the option —dist-git-branch.


You can install packit on Fedora using dnf:

sudo dnf install -y packit


For demonstration use case, I have selected the upstream repository of colin ( Colin is a tool to check generic rules and best-practices for containers, dockerfiles, and container images.

First of all, clone colin git repository:

$ git clone
$ cd colin

Packit expects to run in the root of your git repository.

Packit ( needs information about your project, which has to be stored in the upstream repository in the .packit.yaml file (

See colin’s packit configuration file:

$ cat .packit.yaml
specfile_path: colin.spec
 - colin.spec
upstream_project_name: colin
downstream_package_name: colin

What do the values mean?

  • specfile_path – a relative path to a spec file within the upstream repository (mandatory)
  • synced_files – a list of relative paths to files in the upstream repo which are meant to be copied to dist-git during an update
  • upstream_project_name – name of the upstream repository (e.g. in PyPI); this is used in %prep section
  • downstream_package_name – name of the package in Fedora (mandatory)

For more information see the packit configuration documentation (

What can packit do?

Prerequisite for using packit is that you are in a working directory of a git checkout of your upstream project.

Before running any packit command, you need to do several actions. These actions are mandatory for filing a PR into the upstream or downstream repositories and to have access into the Fedora dist-git repositories.

Export GitHub token taken from


Obtain your Kerberos ticket needed for Fedora Account System (FAS) :

$ kinit <yourname>@FEDORAPROJECT.ORG

Export your Pagure API keys taken from


Packit also needs a fork token to create a pull request. The token is taken from

Do it by running:


Or store these tokens in the ~/.config/packit.yaml file:

$ cat ~/.config/packit.yaml

github_token: <GITHUB_TOKEN>
pagure_user_token: <PAGURE_USER_TOKEN>
pagure_fork_token: <PAGURE_FORK_TOKEN>

Propose a new upstream release in Fedora

The command for this first use case is called propose-update ( The command creates a new pull request in Fedora dist-git repository using a selected or the latest upstream release.

$ packit propose-update

INFO: Running 'anitya' versioneer
Version in upstream registries is '0.3.1'.
Version in spec file is '0.3.0'.
WARNING  Version in spec file is outdated
Picking version of the latest release from the upstream registry.
Checking out upstream version 0.3.1
Using 'master' dist-git branch
Copying /home/vagrant/colin/colin.spec to /tmp/tmptfwr123c/colin.spec.
Archive colin-0.3.0.tar.gz found in lookaside cache (skipping upload).
INFO: Downloading file from URL
100%[=============================>]     3.18M  eta 00:00:00
Downloaded archive: '/tmp/tmptfwr123c/colin-0.3.0.tar.gz'
About to upload to lookaside cache
won't be doing kinit, no credentials provided
PR created:

Once the command finishes, you can see a PR in the Fedora Pagure instance which is based on the latest upstream release. Once you review it, it can be merged.

Sync downstream changes back to the upstream repository

Another use case is to sync downstream changes into the upstream project repository.

The command for this purpose is called sync-from-downstream ( Files synced into the upstream repository are mentioned in the packit.yaml configuration file under the synced_files value.

$ packit sync-from-downstream

upstream active branch master
using "master" dist-git branch
Copying /tmp/tmplvxqtvbb/colin.spec to /home/vagrant/colin/colin.spec.
Creating remote fork-ssh with URL
Pushing to remote fork-ssh using branch master-downstream-sync.
PR created:

As soon as packit finishes, you can see the latest changes taken from the Fedora dist-git repository in the upstream repository. This can be useful, e.g. when Release Engineering performs mass-rebuilds and they update your SPEC file in the Fedora dist-git repository.

Get the status of your upstream project

If you are a developer, you may want to get all the information about the latest releases, tags, pull requests, etc. from the upstream and the downstream repository. Packit provides the status command for this purpose.

$ packit status
Downstream PRs:
 ID  Title                             URL
----  --------------------------------  ---------------------------------------------------------
 14  Update to upstream release 0.3.1
 12  Upstream pr: 226        
 11  Upstream pr: 226        
  8 Upstream pr: 226        

Dist-git versions:
f27: 0.2.0
f28: 0.2.0
f29: 0.2.0
f30: 0.2.0
master: 0.2.0

GitHub upstream releases:

Latest builds:
f27: colin-0.2.0-1.fc27
f28: colin-0.3.1-1.fc28
f29: colin-0.3.1-1.fc29
f30: colin-0.3.1-2.fc30

Latest bodhi updates:
Update                Karma  status
------------------  ------- --------
colin-0.3.1-1.fc29        1  stable
colin-0.3.1-1.fc28        1  stable
colin-0.3.0-2.fc28        0  obsolete

Create an SRPM

The last packit use case is to generate an SRPM package based on a git checkout of your upstream project. The packit command for SRPM generation is srpm.

$ packit srpm
Version in spec file is ''.
SRPM: /home/phracek/work/colin/colin-

Packit as a service

In the summer, the people behind packit would like to introduce packit as a service ( In this case, the packit GitHub application will be installed into the upstream repository and packit will perform all the actions automatically, based on the events it receives from GitHub or fedmsg.

Tuesday, 28 May


Monday, 27 May


5 GNOME keyboard shortcuts to be more productive [Fedora Magazine]

For some people, using GNOME Shell as a traditional desktop manager may be frustrating since it often requires more action of the mouse. In fact, GNOME Shell is also a desktop manager designed for and meant to be driven by the keyboard. Learn how to be more efficient with GNOME Shell with these 5 ways to use the keyboard instead of the mouse.

GNOME activities overview

The activities overview can be easily opened using the Super key from the keyboard. (The Super key usually has a logo on it.) This is really useful when it comes to start an application. For example, it’s easy to start the Firefox web browser with the following key sequence Super + f i r + Enter.

Message tray

In GNOME, notifications are available in the message tray. This is also the place where the calendar and world clocks are available. To open the message tray using the keyboard use the Super+m shortcut. To close the message tray simply use the same shortcut again.

Managing workspaces in GNOME

Gnome Shell uses dynamic workspaces, meaning it creates additional workspaces as they are needed. A great way to be more productive using Gnome is to use one workspace per application or per dedicated activity, and then use the keyboard to navigate between these workspaces.

Let’s look at a practical example. To open a Terminal in the current workspace press the following keys: Super + t e r + Enter. Then, to open a new workspace press Super + PgDn. Open Firefox (Super + f i r + Enter). To come back to the terminal, use Super + PgUp.

Managing an application window

Using the keyboard it is also easy to manage the size of an application window. Minimizing, maximizing and moving the application to the left or the right of the screen can be done with only a few key strokes. Use Super+🠝 to maximize, Super+🠟 to minimize, Super+🠜 and Super+🠞 to move the window left and right.

Multiple windows from the same application

Using the activities overview to start an application is very efficient. But trying to open a new window from an application already running only results in focusing on the open window. To create a new window, instead of simply hitting Enter to start the application, use Ctrl+Enter.

So for example, to start a second instance of the terminal using the application overview, Super + t e r + (Ctrl+Enter).

Then you can use Super+` to switch between windows of the same application.

As shown, GNOME Shell is a really powerful desktop environment when controlled from the keyboard. Learning to use these shortcuts and train your muscle memory to not use the mouse will give you a better user experience, and make you more productive when using GNOME. For other useful shortcuts, check out this page on the GNOME wiki.

Photo by 1AmFcS on Unsplash.

Sunday, 26 May