wlug November 2020

wlug@list.waikato.ac.nz

5 participants
70 discussions

by Lawrence D'Oliveiro

For quite a while now, I’ve been annoyed by the system notification volume going to 100% on my Debian systems, regardless of my attempts to set it to a lower level. For example, when I open the KDE System Settings app, change something, then try to close the window, the sound that accompanies the save/discard/cancel alert is always startlingly loud. I think I have finally found a fix: in your /etc/pulse/daemon.conf, put in a line saying flat-volumes = no (You should find an existing comment “; flat-volumes = yes” that indicates the default.) You can make this new setting take effect in the current session immediately without having to logout or reboot, by executing the following as the currently-logged-in user: pulseaudio -k (This kills and restarts the PulseAudio daemon for your user session.) There are several discussions of the pros and cons of this issue online, going back some years. For example, here <https://bugzilla.redhat.com/show_bug.cgi?id=1265267>. Also a mention about the “flat-volumes” setting in the ever-reliable Arch Linux Wiki here <https://wiki.archlinux.org/index.php/PulseAudio>.

6 months, 2 weeks

Random Firefox Tweaks

by Lawrence D'Oliveiro

Been looking at various settings changes you can make in the “about:config” page in Firefox. Here are a couple I have found useful: * keyword.enabled -- set to false to stop Firefox trying to do a search on the contents of the address box if it doesn’t match a URL. This is why I have a search box separate from the address box. * browser.fixup.alternate.enabled -- set to false to stop it helpfully tacking on “www.” and “.com” if the original URL you type doesn’t work. I have occasionally been confused by it complaining about not finding a URL, but showing a different one from the one I typed. By the way, when you first try to view this page, Firefox shows you a warning to ensure you understand the consequences of messing about with settings at this level. It remembers it has shown you this warning by adding the following line to the prefs.js file in your profile: user_pref("browser.aboutConfig.showWarning", false); Firefox seems to overwrite this file when it quits, and reloads it when it is launched again.

7 months, 3 weeks

Greg Kroah-Hartman: 'Don't Make Users Mad'

by Peter Reutemann

'Greg Kroah-Hartman, the Linux Foundation fellow currently responsible for stable Linux kernel releases, shared the lessons he's learned as a kernel developer that are applicable to other developers at this year's Linux App Summit. He started by showing how he could succinctly distill the essence of the talk into a single five-word slide: "Don't make your users mad...." Kroah-Hartman explains that one of Linus Torvalds' most deeply-held convictions: don't break userspace. "Other operating systems have this rule as well — it's a very solid rule — because we always want you to upgrade. And we want you to upgrade without worrying about it. We don't want you to feel scared. If you see a new release, and we say, 'Hey, this fixes a bunch of problems,' we don't want you to feel worried about taking that. That's really really important — especially with security...." If you do make a change, make sure there truly is a compelling reason. "You have to provide enough reason and enough goodness to force somebody to take the time to learn to do something else. That's very rare." His example of this was systemd, which unified a variety of service configurations and initialization processes. "They did it right. They provided all the functionality, they solved a real problem that was there. They unified all these existing tools and problems in such a way that it was just so much better to use, and it provided enough impetus that everybody was willing to do the work to modify their own stuff and move to the new model. It worked. People still complain about it, but it worked. Everybody switched... It works well. It solves a real problem. "That was an example of how you can provide a compelling reason to move on — and make the change."' -- source: https://linux.slashdot.org/story/20/11/28/0714229 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 months

Raspberry Pi Used To Hack Tesla Model X SUV Key Fob

by Peter Reutemann

'According to this Tom's Hardware story, a Belgian PhD student managed to wrest full control of a Tesla Model X SUV, by way of hijacking the Bluetooth keyfob and reprogramming it, using a Raspberry Pi. Tesla has since issued a software update to protect against that kind of attack Since the attack is done via Bluetooth, control could be gained wirelessly from 5 meters away. According to the article this is the third time the same student "has managed to exploit the key fob and gain access to the car. Previously he was able to clone the fob..." Computer Weekly also got an interesting quote from a senior security consultant at the electronic design automation company Synopsys, who argues that the research "demonstrates the impacts of security requirements and security features not having proper validation."' -- source: https://tech.slashdot.org/story/20/11/28/2325210 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 months, 1 week

PHP 8.0 Brings Major (And Breaking) Changes to a 25-Year-Old Language

by Peter Reutemann

'"PHP version 8.0 has arrived, bringing with it a major update to the 25-year-old programming language..." writes Tech Republic. New language features include the nullsafe operator and attributes (commonly known as annotations in other languages) to add metadata to classes — and more: The JIT compiler is designed to bring performance improvements to web applications by turning code into instructions for the CPU at runtime. Meanwhile, union types is a feature that allows data of more than one type to be held by a variable. Named arguments allow developers to assign values to a function by specifying the value name, allowing optional parameters to be ignored. Alongside these, version 8.0 of PHP brings optimizations and enhancements to the language's type system, syntax, error handling and consistency.... Commenting on PHP 8.0, PHP programmer and stitcher.io developer, Brent Roose, noted that the latest version of the language may require developers to review code for any breaking changes.' -- source: https://developers.slashdot.org/story/20/11/28/1030246 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 months, 1 week

Developer Successfully Virtualizes Windows for Arm on M1 Mac

by Peter Reutemann

'Developer Alexander Graf has successfully virtualized the Arm version of Windows on an M1 Mac, proving that the M1 chip is capable of running Microsoft's operating system. From a report: Currently, Macs with the M1 chip do not support Windows and there is no Boot Camp feature as there is on Intel Macs, but support for Windows is a feature that many users would like to see. Using the open-source QEMU virtualizer, Graf was able to virtualize the Arm version of Windows on Apple's M1 chip, with no emulation. Since the M1 chip is a custom Arm SoC, it is no longer possible to install the x86 version of Windows or x86 Windows apps using Boot Camp, as was the case with previous Intel-based Macs. However, he said in a Tweet that when virtualized on an M1 Mac, "Windows ARM64 can run x86 applications really well. It's not as fast as Rosetta 2, but close."' -- source: https://apple.slashdot.org/story/20/11/27/2343223 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 months, 1 week

AGM in January

by Peter Reutemann

Hi everyone Since we had our last meeting for the year, I just want to announce our upcoming AGM on January 25th. Agenda (preliminary) • President's Report • Treasurer's Report • Election of 2021 Committee • General business • Consumption of pizza Details: https://www.meetup.com/WaikatoLinuxUsersGroup/events/274861121/ Don't worry, there will be another announcement closer to the date. ;-) Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 months, 1 week

Microsoft's 'Project Latte' Aims To Bring Android Apps To Windows 10

by Peter Reutemann

'Windows Central reports: Microsoft is working on a software solution that would allow app developers to bring their Android apps to Windows 10 with little to no code changes by packaging them as an MSIX and allowing developers to submit them to the Microsoft Store. According to sources familiar with the matter, the project is codenamed 'Latte' and I'm told it could show up as soon as next year. The company has toyed with the idea of bringing Android apps to Windows 10 before via a project codenamed Astoria that never saw the light of day. Project Latte aims to deliver a similar product, and is likely powered by the Windows Subsystem for Linux (WSL.) Microsoft will need to provide its own Android subsystem for Android apps to actually run, however. Microsoft has announced that WSL will soon get support for GUI Linux applications, as well as GPU acceleration which should aid the performance of apps running through WSL. It's unlikely that Project Latte will include support for Play Services, as Google doesn't allow Play Services to be installed on anything other than native Android devices and Chrome OS. This means that apps which require Play Services APIs will need to be updated to remove those dependencies before they can be submitted on Windows 10.' -- source: https://tech.slashdot.org/story/20/11/27/2027234 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 months, 1 week

2FA Bypass Discovered In Web Hosting Software cPanel

by Peter Reutemann

'ZDNet: Security researchers have discovered a major security flaw in cPanel, a popular software suite used by web hosting companies to manage websites for their customers. The bug, discovered by security researchers from Digital Defense, allows attackers to bypass two-factor authentication (2FA) for cPanel accounts. These accounts are used by website owners to access and manage their websites and underlying server settings. Access to these accounts is critical, as once compromised, they grant threat actors full control over a victim's site. On its website, cPanel boasts that its software is currently used by hundreds of web hosting companies to manage more than 70 million domains across the world. But in a press release today, Digital Defense says that the 2FA implementation on older cPanel & WebHost Manager (WHM) software was vulnerable to brute-force attacks that allowed threat actors to guess URL parameters and bypass 2FA -- if 2FA was enabled for an account. While brute-forcing attacks, in general, usually take hours or days to execute, in this particular case, the attack required only a few minutes, Digital Defense said today. Exploiting this bug also requires that attackers have valid credentials for a targeted account, but these can be obtained from phishing the website owner. The good news is that Digital Defense has privately reported the bug, tracked as SEC-575, to the cPanel team, which has already released patches last week.' -- source: https://it.slashdot.org/story/20/11/25/2227200 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 months, 1 week

WireGuard for Windows 0.3.1 is the release you’ve been waiting for

by Peter Reutemann

'This Monday, WireGuard founder and lead developer Jason Donenfeld announced a new WireGuard release for the Windows platform. The release is something of a godsend for administrators hoping to implement WireGuard as a replacement for more traditional end-user VPNs in a business environment, adding several new features that will make their lives easier—or simply make its implementation possible, in environments where it otherwise would not. If you haven't heard about WireGuard yet, it's a relatively new VPN protocol featuring advanced cryptography. It's implemented from the ground up as an exercise in cleanly written, minimalist, maximally secure and performant code—and it succeeded at those goals well enough to get Linus Torvalds' own rarely-seen stamp of approval. ' -- source: https://arstechnica.com/gadgets/2020/11/wireguard-for-windows-0-3-1-is-the-… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

8 months, 1 week

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug November 2020