ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Open-source CNCing

([Development] Jul 29, 2020 18:50 UTC (Wed) (coogle))

Last year [1]Sienci Labs finished its [2]Kickstarter campaign for the open-source [3]LongMill Benchtop CNC Router — its second successful open-source [4]CNC machine Kickstarter campaign. CNC routers allow users to mill things (like parts) from raw materials (like a block of aluminum) based on a 3D-model. The LongMill is a significant improvement over the original sold-out [5]Mill One and makes professional-quality machining based entirely on open-source technology a reality. As an owner of a LongMill, I will walk through the various open-source technologies that make this tool a cornerstone of my home workshop.



[1] http://sienci.com/

[2] https://www.kickstarter.com/projects/sienci/longmill-benchtop-cnc-router

[3] https://sienci.com/product/longmill/

[4] https://en.wikipedia.org/wiki/Numerical_control

[5] https://sienci.com/mill-one-resources/

Firefox 79.0

([Development] Jul 28, 2020 15:51 UTC (Tue) (ris))

Firefox 79.0 has been released. This version has improved accessibility for people using screen readers. See the [1]release notes for more details.



[1] https://www.mozilla.org/en-US/firefox/79.0/releasenotes/

Historical programming-language groups disappearing from Google

([Development] Jul 28, 2020 15:04 UTC (Tue) (corbet))

As Alex McDonald notes in [1]this support request , Google has recently banned the old Usenet groups comp.lang.forth and comp.lang.lisp from the Google Groups system. " Of specific concern is the archive. These are some of the oldest groups on Usenet, and the depth & breadth of the historical material that has just disappeared from the internet, on two seminal programming languages, is huge and highly damaging. These are the history and collective memories of two communities that are being expunged, and it's not great, since there is no other comprehensive archive after Google's purchase of Dejanews around 20 years ago. " Perhaps Google can be convinced to restore the content, but it also seems that some of this material could benefit from a more stable archive.



[1] https://support.google.com/accounts/thread/61391913?hl=en

Security updates for Tuesday

([Security] Jul 28, 2020 14:58 UTC (Tue) (ris))

Security updates have been issued by openSUSE (cacti, cacti-spine, go1.13, SUSE Manager Client Tools, and tomcat), Red Hat (postgresql-jdbc and python-pillow), Slackware (mozilla), SUSE (python-Django and python-Pillow), and Ubuntu (clamav, librsvg, libslirp, linux-gke-5.0, linux-oem-osp1, linux-hwe, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, and sqlite3).

[$] Go filesystems and file embedding

([Development] Jul 30, 2020 16:52 UTC (Thu) (benhoyt))

The [1]Go team has recently published several draft designs that propose changes to the language, standard library, and tooling: we [2]covered the one on generics back in June. Last week, the Go team published two draft designs related to files: one for a new read-only [3]filesystem interface , which specifies a minimal [4]interface for filesystems, and a second design that proposes a standard way to [5]embed files into Go binaries (by building on the filesystem interface). Embedding files into Go binaries is intended to simplify deployments by including all of a program's resources in a single binary; the filesystem interface design was drafted primarily as a building block for that. There has been a lot of discussion on the draft designs, which has been generally positive, but there are some significant concerns.



[1] https://golang.org/

[2] https://lwn.net/Articles/824716/

[3] https://go.googlesource.com/proposal/+/master/design/draft-iofs.md

[4] https://golang.org/doc/effective_go.html#interfaces

[5] https://go.googlesource.com/proposal/+/master/design/draft-embed.md

Lockless algorithms for mere mortals

([Kernel] Jul 28, 2020 19:34 UTC (Tue) (corbet))

Time, as some have said, is nature's way of keeping everything from happening at once. In today's highly concurrent computers, though, time turns out not to be enough to keep events in order; that task falls to an extensive set of locking primitives and, below those, the formalized view of memory known as the Linux kernel memory model. It takes a special kind of mind to really understand the memory model, though; kernel developers lacking that particular superpower are likely to make mistakes when working in areas where the memory model comes into play. Working at that level is increasingly necessary for performance purposes, though; a recent conversation points out ways in which the kernel could make that kind of work easier for ordinary kernel developers.

"Structural pattern matching" for Python, part 1

([Development] Aug 5, 2020 16:11 UTC (Wed) (jake))

We last [1]looked at the idea of a Python "match" or "switch" statement back in 2016, but it is something that has been circulating in the Python community both before and since that coverage. In June it was raised again, with a Python Enhancement Proposal (PEP) supporting it: [2]PEP 622 (" Structural Pattern Matching "). As that title would imply, the match statement proposed in the PEP is actually a pattern-matching construct with many uses. While it may superficially resemble the C switch statement, a Python match would do far more than simply choose a chunk of code to execute based on the value of an expression.



[1] https://lwn.net/Articles/693482/

[2] https://www.python.org/dev/peps/pep-0622/

Git v2.28.0

([Development] Jul 27, 2020 17:29 UTC (Mon) (ris))

Version 2.28.0 of the git version control system has been released. " It is smaller than the releases in our recent past, mostly due to the development cycle was near the shorter end of the spectrum (our cycles last 8-12 weeks and this was a rare 8-week cycle). " See [1]this GitHub Blog post for details on the new features in this release.



[1] https://github.blog/2020-07-27-highlights-from-git-2-28/

Security updates for Monday

([Security] Jul 27, 2020 14:51 UTC (Mon) (ris))

Security updates have been issued by Debian (e2fsprogs, ffmpeg, milkytracker, mupdf, openjdk-11, and qemu), Fedora (bashtop), Gentoo (ant, arpwatch, awstats, cacti, chromium, curl, dbus, djvu, filezilla, firefox, freexl, fuseiso, fwupd, glib-networking, haml, hylafaxplus, icinga, jhead, lha, libexif, libreswan, netqmail, nss, ntfs3g, ntp, ocaml, okular, ossec-hids, qtgui, qtnetwork, re2c, reportlab, samba, sarg, sqlite, thunderbird, transmission, tre, twisted, webkit-gtk, wireshark, and xen), openSUSE (cacti, cacti-spine, chromium, freerdp, go1.13, kernel, knot, libraw, LibVNCServer, perl-YAML-LibYAML, salt, tomcat, vino, and webkit2gtk3), and SUSE (mailman, rubygem-excon, rust, rust-cbindgen, samba, and tomcat).

Kernel prepatch 5.8-rc7

([Kernel] Jul 27, 2020 13:24 UTC (Mon) (corbet))

The [1]5.8-rc7 kernel prepatch is out for testing; Linus is unsure about whether things are slowing down enough or not. " But it *might* mean that an rc8 is called for. It's not like rc7 is *big* big. We've had bigger rc7's. Both 5.3 and 5.5 had bigger rc7's, but only 5.3 ended up with an rc8. Put another way: it could still go either way. We'll see how this upcoming week goes. "



[1] https://lwn.net/Articles/827063/

Bison 3.7 released

([Development] Jul 24, 2020 15:12 UTC (Fri) (corbet))

Version 3.7 of the Bison parser generator is out. The biggest new feature would appear to be the generation of "counterexamples" for conflicts — examples of strings that could be parsed in multiple ways. There is also better support for reproducible builds, documentation links in warnings, and more.

digiKam 7.0.0 released

([Development] Jul 24, 2020 14:05 UTC (Fri) (corbet))

[1]Version 7.0.0 of the digiKam photo editing and management application is out. This release adds support for a number of new raw formats, support for Apple's HEIF format, and a new mosaic plugin. The headline feature, though, appears to be completely reworked face detection: " The new code, based on recent Deep Neural Network features from the OpenCV library, uses neuronal networks with pre-learned data models dedicated for the Face Management. No learning stage is required to perform face detection and recognition. We have saved coding time, run-time speed, and a improved the success rate which reaches 97% of true positives. Another advantage is that it is able to detect non-human faces, such as those of dogs. "



[1] https://www.digikam.org/news/2020-07-19-7.0.0_release_announcement/

Security updates for Friday

([Security] Jul 24, 2020 13:32 UTC (Fri) (jake))

Security updates have been issued by Debian (qemu), Fedora (java-11-openjdk, mod_authnz_pam, podofo, and python27), openSUSE (cni-plugins, tomcat, and xmlgraphics-batik), Oracle (dbus and thunderbird), SUSE (freerdp, kernel, libraw, perl-YAML-LibYAML, and samba), and Ubuntu (libvncserver and openjdk-lts).

Brauner: The Seccomp Notifier – New Frontiers in Unprivileged Container Development

([Kernel] Jul 23, 2020 19:54 UTC (Thu) (corbet))

Christian Brauner has posted [1]a novella-length description of the seccomp notifier mechanism and the problems it is meant to solve. " So from the section above it should be clear that seccomp provides a few desirable properties that make it a natural candidate to look at to help solve our mknod(2) and mount(2) problem. Since seccomp intercepts syscalls early in the syscall path it already gives us a hook into the syscall path of a given task. What is missing though is a way to bring another task such as the LXD container manager into the picture. Somehow we need to modify seccomp in a way that makes it possible for a container manager to not just be informed when a task inside the container performs a syscall it wants to be informed about but also how can to make it possible to block the task until the container manager instructs the kernel to allow it to proceed. "



[1] https://people.kernel.org/brauner/the-seccomp-notifier-new-frontiers-in-unprivileged-container-development

PHP 8 alpha 3 released

([Development] Jul 23, 2020 17:40 UTC (Thu) (coogle))

The PHP project has [1]released PHP 8 Alpha 3, the final alpha release according to the 8.0 [2]release schedule . Feature freeze for the 8.0 release is scheduled for August 4, making this release the last one before features for the latest version of PHP are finalized. PHP 8.0 is scheduled to be released for general availability on November 26.



[1] https://www.php.net/index.php#id2020-07-23-1

[2] https://wiki.php.net/todo/php80

LWN.net Weekly Edition for July 30, 2020


Security updates for Thursday

([Security] Jul 23, 2020 13:20 UTC (Thu) (jake))

Security updates have been issued by Debian (poppler and tomcat8), Fedora (cacti, cacti-spine, java-1.8.0-openjdk, mbedtls, mingw-python3, singularity, and xen), openSUSE (firefox, redis, and singularity), Red Hat (samba), SUSE (java-11-openjdk, qemu, and vino), and Ubuntu (ffmpeg and pillow).

Image "Cloaking" for Personal Privacy

([Security] Jul 22, 2020 22:43 UTC (Wed) (jake))

[1]SAND Lab at the University of Chicago has [2]announced Fawkes , which is a BSD-licensed privacy-protection tool [3]available on GitHub. " At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then use these "cloaked" photos as you normally would, sharing them on social media, sending them to friends, printing them or displaying them on digital devices, the same way you would any other photo. The difference, however, is that if and when someone tries to use these photos to build a facial recognition model, "cloaked" images will teach the model an highly distorted version of what makes you look like you. The cloak effect is not easily detectable, and will not cause errors in model training. However, when someone tries to identify you using an unaltered image of you (e.g. a photo taken in public), and tries to identify you, they will fail. "



[1] http://sandlab.cs.uchicago.edu/

[2] http://sandlab.cs.uchicago.edu/fawkes/

[3] https://github.com/Shawn-Shan/fawkes

[$] TLS gets a boost from Arduino for IoT devices

([Development] Jul 28, 2020 15:18 UTC (Tue) (coogle))

[1]Arduino devices are a favorite among do-it-yourself (DIY) enthusiasts to create, among other things, Internet of Things (IoT) devices. We have [2]previously covered the Espressif ESP8266 family of devices that can be programmed using the Arduino SDK, but the Arduino project itself also provides WiFi-enabled devices such as the [3]Arduino MKR WiFi 1010 board. Recently, the Arduino Security Team [4]raised the problem of security shortcomings of IoT devices in a post, and how the Arduino project is working to make improvements. We will take the opportunity to share some interesting things from that, and also look at the overall state of TLS support in the Arduino and Espressif SDK projects.



[1] https://www.arduino.cc/

[2] https://lwn.net/Articles/822516/

[3] https://store.arduino.cc/usa/mkr-wifi-1010

[4] https://blog.arduino.cc/2020/07/02/arduino-security-primer/

[$] The archaeology of GNOME accessibility

([Development] Jul 23, 2020 14:06 UTC (Thu) (corbet))

There are many people in the world who cannot make full use of their computers without some sort of accessibility support. Developers, though, have a tendency not to think about accessibility issues themselves; they don't (usually) need those features and cannot normally even see them. In a talk at the [1]2020 GUADEC virtual conference , Emmanuele Bassi discussed the need for accessibility features, their history in GNOME, and his effort to rethink about how GNOME supports assistive technology.



[1] https://events.gnome.org/event/1/overview
More

Even if we put all these nagging thoughts [four embarrassing questions about
astrology] aside for a moment, one overriding question remains to be asked.
Why would the positions of celestial objects at the moment of birth have an
effect on our characters, lives, or destinies? What force or influence,
what sort of energy would travel from the planets and stars to all human
beings and affect our development or fate? No amount of scientific-sounding
jargon or computerized calculations by astrologers can disguise this central
problem with astrology -- we can find no evidence of a mechanism by which
celestial objects can influence us in so specific and personal a way. . . .
Some astrologers argue that there may be a still unknown force that represents
the astrological influence. . . .If so, astrological predictions -- like those
of any scientific field -- should be easily tested. . . . Astrologers always
claim to be just a little too busy to carry out such careful tests of their
efficacy, so in the last two decades scientists and statisticians have
generously done such testing for them. There have been dozens of well-designed
tests all around the world, and astrology has failed every one of them. . . .
I propose that we let those beckoning lights in the sky awaken our interest
in the real (and fascinating) universe beyond our planet, and not let them
keep us tied to an ancient fantasy left over from a time when we huddled by
the firelight, afraid of the night.
-- Andrew Fraknoi, Executive Officer, Astronomical Society of the Pacific,
"Why Astrology Believers Should Feel Embarrassed," San Jose Mercury
News, May 8, 1988