Mozilla Releases Common Voices, KStars v3.1.0 Is Out, LibreELEC 9.0.1 (Leia) Now Available, System76’s New Oryx Pro Laptops Slated to Arrive and Security Flaw in Google Chrome

News briefs for February 28, 2019.

Mozilla today released Common Voices, the "largest to-date public domain transcribed voice dataset". The dataset includes 18 languages and almost 1,400 hours of recorded voice from more than 42,000 people. From the Mozilla blog: "With this release, the continuously growing Common Voice dataset is now the largest ever of its kind, with tens of thousands of people contributing their voices and original written sentences to the public domain (CC0). Moving forward, the full dataset will be available for download on the Common Voice site."

KStars v3.1.0 was released today, marking the first release of 2019. This release focuses on stability and performance improvements—for example, some bugs in the Ekos Scheduler, Ring-Field Focusing was added to the Focus module, and the LiveView window now enables zooming and panning for supported DSLR cameras. See the Jasem's Ekosphere blog for all the details, and go here for download links and other resources.

LibreELEC 9.0.1 (Leia) is now available. This release of the Linux-based open-source operating system for embedded devices "contains many changes and refinements to user experience and a complete overhaul of the underlying OS core to improve stability and extend hardware support. Kodi v18 also brings new features like Kodi Retroplayer and DRM support that (equipped with an appropriate add-on) allows Kodi to unofficially stream content from services like Netflix and Amazon." In addition, "Changeable SSH passwords and a default firewall configuration have been added to combat the increasing number of HTPC installs that can be found on the public internet." Go here to download.

System76's new Oryx Pro laptop with RTX 20-Series GPUs is slated to arrive today. Features include "super thin aluminum alloy design, switchable NVIDIA and Intel GPUs, performance 8th-gen CPus, 15" and 17" IPS display options and up to 32GB of memory", and comes with Pop!_OS 18.04 LTS (64-bit) or Ubuntu 18.04 LTS (64-bit) for the OS.

Softpedia News reports that the security flaw discovered by EdgeSpot is "already being exploited in the wild and an official fix would only be released by Google in late April." In addition, "The PDF documents do not appear to leak any personal information when opened in dedicated PDF readers like Adobe Reader. However, it seems the malicious code specifically targets a vulnerability in Google Chrome, as opening them in the browser triggers outbound traffic to one of two different domains called and" To protect yourself, don't open any PDFs in Google Chrome, especially from untrusted sources.

Indie Makers Using Single-Board Computers


Possibly the most amazing thing, to me, about single board computers (SBCs) is that they allow small teams of people (and even lone individuals) to create new gadgets using not much more than SBCs and 3D printers. That opportunity for makers and small companies is absolutely astounding.

Two such projects have really caught my attention lately: the Noodle Pi and the TinyPi.

The Noodle Pi is a simple, handheld computer (about the size of a deck of playing cards). And, when I say simple, I mean simple. It's got a micro-USB charging port, another for plugging in USB devices, a touch screen and a battery. Think of it like an old-school PDA without any buttons (other than a small power toggle) and the ability to run a full Linux-based desktop.

Noodle Pi

Figure 1. The Credit-Card-Sized, Pi Zero-Powered, Noodle Pi

The TinyPi is a gaming handheld. And, believe it or not, it's even smaller than the Noodle Pi, with a tiny screen and tiny buttons. This is the sort of handheld game console you could put on a keychain.


Figure 2. The Impossibly Small TinyPi (Banana for Scale)

Both of these are built on top of the (super-tiny and super-cheap) Raspberry Pi Zero. And, both are built by lone individuals with a heavy reliance on 3D printers.

I wanted to know how they did it and how their experience was. What can we learn from these independent gadget makers? So, I reached out to both of them and asked them each the same questions (more or less).

Let's start with a chat with Pete Barker (aka "pi0cket"), maker of the TinyPi.

Interview with Pete Barker (pi0cket), TinyPi Maker

Bryan Lunduke: Could you give a quick overview of the TinyPi?

Pete Barker: TinyPi is (unofficially) the world's smallest pi-based gaming device. It started life as a bit of a joke—"how small can i make this?"—but it actually turned into something pretty good. The Pro version added more features and improvements, and a kickstarter was funded on December 30, 2018. Manufacturing is already underway, and the early-bird backers should start getting the kits in February 2019.

TinyPi parts

Figure 3. The parts of the TinyPi—the Smallest Handheld Game Console I Can Possibly Imagine

KDE Participating in Google Summer of Code 2019, MariaDB Releasing New Open-Source MariaDB Enterprise Server, CentOS Celebrates 15th Birthday, Cmd Is a New Security Tool for Linux and Red Hat Announces Red Hat Certified Architect Program in Telco Cloud

News briefs for February 27, 2019.

KDE announces it's been selected to participate in the Google Summer of Code for the 14th year. See the KDE Community Wiki for ideas and instructions for students interested in working with KDE for GSoC 2019.

MariaDB announced it is releasing a new version of its MySQL-compatible database management system called MariaDB Enterprise Server 10.4. ZDNet reports that "This new business server comes with more powerful and fine-grained auditing, faster, highly reliable backups for large databases, and end-to-end encryption for all data at rest in MariaDB clusters." The MariaDB Enterprise Server will be available in the second quarter of this year and will be fully open source.

CentOS is celebrating its 15th birthday. As part of its birthday celebrations, the CentOS blog wants to talk with those who "were involved in the early days, as well as some that have joined later on, to talk about how and why people get involved in this project". If you're interested in telling your story, contact for an interview.

Cmd is a new security tool for Linux. According to Network World, "It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems." It is designed for the cloud and monitors user activity "by forming user activity profiles (characterizing the activities these users generally perform), noticing abnormalities in their online behavior (login times, commands used, user locations, etc.), and preventing and reporting certain activities (e.g., downloading or modifying files and running privileged commands) that suggest some kind of system compromise might be underway. The product's behaviors are configurable and changes can be made rapidly."

Red Hat today announced the Red Hat Certified Architect Program in Telco Cloud, "a new training and certification program emphasizing the next-generation of telecommunications innovation". The program "focuses on the skills that telecommunications engineers need to build network functions virtualization (NFV) clouds, critical technologies that can help drive advanced services like 5G."

Privacy, Mine: the Right of Individual Persons, Not of the Data

data privacy


“For true, lasting privacy, we must shift from the ‘privacy policies’ of companies, which spring from data protection laws, to the ‘privacy’ of individual persons, as contemplated by human rights laws.”

How do we accomplish this shift?

TL;DR (in summary)

  • Privacy pertains to the person; “privacy” is the state of being free from public attention and unwanted intrusion.
  • Data is not privacy, but data from or about a person can be private or not private depending on how it’s used, who is using it and who has control of it.
  • In the digital world, a person’s privacy policy is like the clothing that one puts on to signal what data they consider private and what is not private.
  • The companies (sites, apps and so on) that respect a person’s privacy will build relationships with that person over time.
  • The accumulation of trust over time incentivizes good behavior by both parties, to preserve value and not lose it instantly.

We live in the age of surveillance marketing, where consumers’ privacy is being violated without their knowledge, consent or recourse. Data from and about consumers is collected en masse by ad-tech companies and traded for profit. But few consumers knew about it until things blow up like the Cambridge Analytica/Facebook scandal. Most consumers think they are interacting with the sites they’re visiting or the apps (like Facebook) they’re using, but they aren't aware of the dozens of hidden ad-tech trackers that siphon their data off to other places or the aggressive data collection and cross-device tracking of apps. Not only are they not aware, they also definitely did not give consent to third parties to use, buy and sell their data. They wouldn’t even know who ABCTechCompany was anyway if it asked for consent.

Consent Is Not the Same as Permission, But Consumers Are Tricked Anyway

Eclipse IoT Milestones, Bare-Metal Cloud Computing Risk, Purism Announces PureBoot, Go 1.12 Released, and Qualcomm and Thundercomm Launched a Robotics RB3 Platform that runs Linux with Robot Operating System

News briefs for February 26, 2019.

The Eclipse Foundation this morning announced that Eclipse IoT, "a leading collaboration of vendors working together to define an open, modular architecture to accelerate commercial IoT adoption", has reached "3 million lines of code, 41 member companies, 37 IoT projects and 350 contributors". See the Eclipse IoT website for more on how "Eclipse IoT is the open source center of gravity for IoT". Eclipse IoT also wants to hear your thoughts and invites you to take its 2019 IoT Developer Survey.

A Supermicro hardware vulnerability allows researches to backdoor an IBM cloud server. According to the Ars Technica story, other bare-metal cloud computing providers also may be at risk to BMC (baseboard management controller) attacks. See also security firm Eclypsium's paper "The Missing Security Primer for Bare Metal Cloud Services" for more details.

Purism yesterday announced PureBoot, its "collection of software and security measures designed for you to protect the boot process, while still holding all the keys". PureBoot has six components: neutralized and disabled Intel management engine, the coreboot free software BIOS replacement, a Trusted Platform Module (TPM) chip, Heads (the tamper-evident boot software), the Librem Key (USB security token) and multifactor authentication. For more details, see the PureBoot documentation.

The Go team announced the release of Go 1.12 yesterday. Highlights of this new version of the Go programming language include opt-in support for TLS 1.3, improved modules support, and improved macOS and iOS forward compatibility. See the release notes for all the changes in Go 1.12, and download Go from here.

Qualcomm and Thundercomm launched a Robotics RB3 Platform that runs Linux with Robot Operating System (ROS) on the Snapdragon 845. Linux Gizmos reports that the kit costs $449 and "also includes a Qualcomm Robotics navigation mezzanine board that supports time-of-flight, tracking, active stereo, and 4K-ready main cameras". See Qualcomm's RB3 page and Thundercomm's RB3 page for more information.

Beaker: the Decentralized Read-Write Browser


The best future of the internet may be peer-to-peer. The Beaker Browser offers a glimpse.

When Tim Berners-Lee invented the World Wide Web, he envisioned a single software package that allowed everyone to create and read pages across the internet. Much has happened in the intervening years, but this idea is starting to come back.

Many of the web's founders now realize that they didn't sign up for a web dominated by a few giant corporations relying on collecting massive amounts of data on its users to sell to advertisers.

The Beaker Browser project is creating a decentralized peer-to-peer web browser that, if successful, could return the web to its users. Let's explore how this is done!

Guiding Principles

Beaker Browser serves as a bridge to a possible future for the web—and the internet. You can use Beaker today to surf the web like any other Chromium-based browser. More important, you also can use Beaker to create and support a new, decentralized, server-less internet.

Beaker Browser uses a peer-to-peer network protocol called Dat to create a decentralized web platform. Websites spread from people seeding them, BitTorrent-style. When following news and discussions about the decentralized web, you'll often hear about blockchain as an underlying basis. The Beaker team thinks that blockchain negotiations and "proof of work" requirements unnecessarily slow down the web. It's better to build "communities of trust" among peers than to try to eliminate trust altogether.

Centralized servers, internet service providers and web hosting firms restrict the options for users to collaborate with one another to build a better world. Comcast, AT&T and cable companies seek to end the principle of net neutrality to narrow the content choices users have always made on their own. At the same time, Facebook, Amazon, Google and other giant content corporations seek to keep us locked inside their respective walled gardens, persuading us that they have all the content we'll ever need. There's no need to visit the open internet. Both sides of this corporate clash do this to maximize profits for themselves.

Users deserve better, and Linux users want all the choices.

Explaining Dat

The Dat Project describes itself as "Modeled after the best parts of Git, BitTorrent, and the internet, the Dat protocol is a peer-to-peer protocol for syncing files and data across distributed networks."

Dat began as a file-sharing protocol, designed to allow users to store and share encrypted files without using centralized services like Dropbox. With the Dat Desktop app, you can make any folder on your system use the Dat protocol. Every file in that folder is encrypted with a private key. Dat also allows for storing version information for each file shared on the network.

Linux Kernel 5.0-rc8 Released, Git v2.21.0 Now Available, 1TB MicroSD Cards Are in the Works, Sprint Launching 5G Service in Four Cities Soon, Emergency Point Release for Ubuntu 16.04.6

News briefs for January 25, 2019.

Linux kernel 5.0-rc8 was released yesterday. Linus writes "This may be totally unnecessary, but we actually had more patches come in this last week than we had for rc7, which just didn't make me feel the warm and fuzzies. And while none of the patches looked all that scary, some of them were to pretty core files, so it wasn't all just random rare drivers (although those kinds also existed). So I agonized about it a bit, and then decided to just say 'no hurry' and make an rc8. And after I had tagged the rc, I noticed a patch in my inbox that I had missed that was a regression from one of the very patches this last week, so that made me feel like rc8 was the right decision."

Git v2.21.0 is now available. New features include human-readable dates, detecting case-insensitive path collisions, multi-pack indexes, delta islands and more. See the GitHub Blog for details on the new features.

1-terabyte microSD cards are now available. The Verge reports that Micron and Western Digital's SandDisk both announced UHS-I microSDXC products at Mobile World Congress. The SanDisk card will be available in April for $449.00. No information yet on the pricing or availability of the Micron card.

Also at Mobile World Congress, Sprint announced it will be launching 5G service in Atlanta, Chicago, Dallas and Kansas City in May 2019, and then in Houston, Los Angeles, New York City, Phoenix or Washington D.C. by the end of June 2019. See the TechCrunch post for more info on the 5G coverage.

An unplanned point release for Ubuntu 16.04.6 is in the works. According to the release announcement, "In the light of the recently discovered and fixed apt vulnerability, we have decided to re-build all our supported isos that could be potentially affected. We did not plan for another xenial point-release but oh well, what can you do. Security is important." The release will be available February 28th.

Some (Linux) Bugs Have All the Fun

Bugs happen.

Every minute of every hour of every day, software bugs are hard at work, biting computer users in the proverbial posterior. Many of them go unnoticed (the bugs, not the posteriors). More still rise to the illustrious level of "bugs that are minor annoyances".

Yet sometimes, when the stars align just so, a bug manifests itself in a truly glorious way. And when I say "glorious", I mean "utterly destructive and soul-obliterating". Nowhere are these bugs more insidious than when they are within the operating systems (and key components) themselves.

Case in point: an October 2018 bug in an update for Windows 10 caused entire user folders to be deleted. Documents? Gone. Pictures? Like they never existed at all. This was a singular OS update that vaporized files from low-Earth orbit.

After that bug impacted roughly 1,500 Windows 10 users—before it even hit widespread distribution—Microsoft pulled the update entirely.

Then, after the engineering team in Redmond thoroughly tested and fixed this gnarly bug, they did the only obvious thing: re-release the system update—with another file-destroying issue. This time it was in their un-zip functionality. More files lost to the sands of time.

Seriously. That actually happened.

Things aren't necessarily that much better over in Apple land, either.

A little more than a year ago—at the end of November 2017—a bug occurred in Mac OS X (yeah, I know they've renamed it "macOS", but I'm stubborn and I'll call it what I want) that allowed anyone to gain root access to any Macintosh (running the latest version of the OS) by following these extremely complex steps:

  1. Turn on a Macintosh.
  2. Type root as the user name and leave the password blank.
  3. Press Enter.

I know. I know. That'll be hard to remember, right?

To Apple's credit, the company did manage to release a system update rather quickly, thus minimizing the potential damage. But, just the same, I'd say that one calls for a "yikes"—possibly even an "oh, dear".

As satisfying as it is to make fun of Microsoft and Apple—and, boy howdy, is it ever—we in the Linux (and general Free and Open-Source Software world) are not immune from highly embarrassing, crazy destructive bugs and security vulnerabilities.

What follows are two that I find rather interesting. One is a remote exploit that had serious ramifications. The other is a local security bug that, well, I find amusing.

Note: there are lots of bugs—more than likely can be cataloged—in every system on the planet. These are just the two that I picked.

For the first one, let's travel back to the year 2014—September 24th, to be precise. Taylor Swift and Meghan Trainor were dominating the radio. The Guardians of the Galaxy were busy doing their galaxy-guarding thing.

Redis Labs Changing Its Licensing for Redis Modules Again, Raspberry Pi Rolling Out the Linux 4.19 Kernel, Windows Subsystem for Linux Updates Coming, Facebook Removing Its Spyware Onavo VPN from the Google Store and openSUSE Leap 15.1 Beta Pizza Party

News briefs for February 22, 2019.

Redis Labs has changed its licensing for Redis Modules again. According to TechCrunch, the new license is called the Redis Source Available license, and as with the previous Commons Clause license, applies only to certain Redis Modules created by Redis Labs. With this license, "Users can still get the code, modify it and integrate it into their applications—but that application can't be a database product, caching engine, stream processing engine, search engine, indexing engine or ML/DL/AI serving engine." The TechCrunch post notes that by definition, an open-source license can't enforce limitations, so this new license technically isn't open source. It is, however, similar to other "permissive open-source licenses", which "shouldn't really affect most developers who use the company's modules".

Raspberry Pi has started rolling out the Linux 4.19 kernel. According to Phoronix, RPi is moving from kernel 4.14 to the 4.19 long-term support release. This change marks about a year of updates, and as Phoronix notes, "For Linux 4.19 alone on the Raspberry Pi front was updates to its voltage driver, under-voltage issue reporting, and the VC4 DRM changes we see each cycle. Over the span of 4.14 to 4.19 are a lot of improvements upstream and now less patches that need to be re-based and carried by the Raspberry Pi crew."

The Windows 10 April Update will let you access Linux files from Windows. ZDNet quotes Craig Loewen, a Microsoft programming manager on the updates to Windows Subsystem for Linux (WSL): "The next Windows update is coming soon and we're bringing exciting new updates to WSL with it! These include accessing the Linux file system from Windows, and improvements to how you manage and configure your distros in the command line."

Facebook to take its spyware Onavo VPN app off the Google Store. TechCrunch reports that following TechCrunch's investigation into the app and how it "sucked up data about teens" and the ensuing backlash, the "app will eventually shut down, and will immediately cease pulling in data from users for market research though it will continue operating as a Virtual Private Network in the short-term to allow users to find a replacement."

The openSUSE Leap release manager has announced that Leap 15.1 has entered the Beta phase this week, and now it's time for a Beta Pizza Party. Geeko in Nuremberg is holding a Beta Pizza Party on March 1st for testing. If you're not in Nuremberg, visit the wiki for details on how to hold your own and test away. You can download the Beta from here.

Taking System Monitoring to the Next Level: an Interview with Scalyr CEO Steve Newman

Scalyr Logo

As computing ecosystems become more complex, monitoring and analyzing those often disconnected moving parts becomes increasingly challenging.

Today's data center has evolved from a single supplier producing and selling all-in-one offerings, such as the days when EMC, NetApp, HP or even Sun owned your data center and you chose a vendor and stuck with it. Those same vendors provided you with the required tools to monitor, analyze and troubleshoot their entire stack.

Shifting focus to the present, the landscape now appears to be quite different. Instead, you will find environments of mixed offerings provided by an assortment of vendors, both large and small. Proprietary machines work side by side with off-the-shelf commodity devices hosting software-defined software. Half of your applications may be hosted in virtual machines over a hypervisor or just spun up in a container. How does a modern data-center administrator or DevOps professional manage such an environment?

An assortment of platforms and frameworks exist that provide such capabilities, but they're not all one and the same. In some cases, those same tools will need to be coupled with others to produce something useful (for example, ELK: Elasticsearch + Logstash + Kibana). Unfortunately, this arrangement just adds to the complication and frustration when attempting to diagnose or discover problems in your computing environment.

Putting an end to this level of complexity, one company stands out among the rest: Scalyr. Scalyr develops and offers a complete suite of server monitoring, log management, visualization and analysis tools, which integrate with cloud services. I recently had the pleasure of chatting with Scalyr CEO Steve Newman.

His is not a household name, like Steve Jobs or Bill Gates, but you will be familiar with his work and contributions to cloud-enabled technologies. Although this is likely to change with Scalyr, Steve is best known for his work with Writely, a technology that later was acquired by Google and relabeled as Google Docs. In our conversation, Steve and I took the opportunity to discuss Scalyr, its solution and the problem it solves.

Steve Newman, Scalyr CEO

Steve Newman, Scalyr CEO

Petros Koutoupis: Tell me a bit about yourself. Who is Steve Newman?

Steve Newman: I am an engineer by both training and background and have spent most of my career in the startup environment. This is because I enjoy building things. I was at Google for a number of years following an acquisition, and while the experience itself was great, the startup bug in me drove me to Scalyr.

PK: So, now you founded a company called Scalyr. Please tell us, what is Scalyr?

GNOME 3.31.91 Beta Released, Cisco’s Duo Security Launching a Beta of Its CRXcavator Tool to Find Risky Chrome Extensions, Fedora 30 Now Has Flicker Free Boot, Qt Creator 4.9 Beta Now Available and Four New openSUSE Tumbleweed Snapshots

News briefs for February 21, 2019.

GNOME 3.31.91 beta was released this morning. This is the second beta of the 3.32 release cycle and also the start of the string freeze. See the list of all the changes and updates here. The BuildStream project snapshot is here, or you can get the source packages from here.

Cisco's Duo Security division is launching a public beta of its CRXcavator tool to help discover risky Google Chrome web extensions. According to the eWeek post, CRXcavator "will make it easier for organizations to take inventory of the Chrome extensions running across their enterprise, understand what if any risk they pose and then link that to a policy for secure deployment. As part of the effort to build CRXcavator, Duo also looked at over 120,000 Chrome extensions, to discover potential security concerns and risks."

Fedora 30 now has a fully Flicker Free boot. Hans de Goede's blog reports that "Last week a new version of plymouth landed which implements the new theme for this and also includes a much improved offline-updates experience, following this design. At boot the display will seamlessly transit from the firmware boot-splash into the new plymouth theme, which uses the firmware boot-splash as background." See the post for screenshots and more details.

Qt Creator 4.9 Beta was released today. Improvements include generic programming language support, the QML parser was updated to Qt 5.12, the UI for diagnostics from the Clang analyzer tools has many improvements, and much more. You can get the open-source version from the Qt downloads page.

Four openSUSE Tumbleweed snapshots were released this week, bringing updates for Kerberos, GNOME, KDE, YaST and Mozilla Firefox.

Fun Little Tidbits in a Howling Storm (Re: Intel Security Holes)

Some kernel developers recently have been trying to work around the massive, horrifying, long-term security holes that have recently been discovered in Intel hardware. In the course of doing so, there were some interesting comments about coding practices.

Christoph Hellwig and Jesper Dangaard Brouer were working on mitigating some of the giant speed sacrifices needed to avoid Intel's gaping security holes. And, Christoph said that one such patch would increase the networking throughput from 7.5 million packets per second to 9.5 million—a 25% speedup.

To do this, the patch would check the kernel's "fast path" for any instances of dma_direct_ops and replace them with a simple direct call.

Linus Torvalds liked the code, but he noticed that Jesper and Christoph's code sometimes would perform certain tests before testing the fast path. But if the kernel actually were taking the fast path, those tests would not be needed. Linus said, "you made the fast case unnecessarily slow."

He suggested that switching the order of the tests would fix it right up. He added:

In fact, as a further micro-optimization, it might be a good idea to just specify that the dma_is_direct() ops is a special pointer (perhaps even just say that "NULL means it's direct"), because that then makes the fast-case test much simpler (avoids a whole nasty constant load, and testing for NULL in particular is often much better).

But that further micro-optimization absolutely *requires* that the ops pointer test comes first. So making that ordering change is not only "better code generation for the fast case to avoid extra cache accesses", it also allows future optimizations.

Regarding Linus' micro-optimization, Christoph explained:

I wanted to do the NULL case, and it would be much nicer. But the arm folks went to great lengths to make sure they don't have a default set of dma ops and require it to be explicitly set on every device to catch cases where people don't set things up properly, and I didn't want to piss them off....But maybe I should just go for it and see who screams, as the benefit is pretty obvious.

Linus also suggested that for Christoph's and Jesper's tests, the dma_is_direct() function should be sure to use the likely() call. And this was interesting because likely() is used to alert the compiler that a block of code is more "likely" to be run than another in order to optimize it. And, Christoph wasn't sure this was true. He said, "Yes, for the common case, it is likely. But if you run a setup where you say always have an iommu, it is not, in fact, it is never called in that case, but we only know that at runtime."

KDE Adding Matrix to Its Instant Messaging Infrastructure, E3D Launches New 3D Printing Slicer, digiKam Announces Major 6.0.0 Release, Google to Acquire Alooma and KDE Plasma Bugfix Update 5.15.1 Is Out

News briefs for February 20, 2019.

KDE announces it's adding Matrix to its instant messaging infrastructure. Matrix "is an open protocol and network for decentralised communication, backed by an open standard and open source reference implementations for servers, clients, client SDKs, bridges, bots and more. It provides all the features you'd expect from a modern chat system: infinite scrollback, file transfer, typing notifications, read receipts, presence, search, push notifications, stickers, VoIP calling and conferencing, etc. It even provides end-to-end encryption (based on Signal's double ratchet algorithm) for when you want some privacy." For more information and how to get started, see the wiki page.

E3D, the UK hot-end manufacturer, has officially launched a beta of its new 3D printing slicer. Make reports that the new slicer named Pathio features 3D offsetting for perfect shells, logical grouped model settings, a good UI and scripting for power users. See the Pathio website to try out the beta.

digiKam 6.0.0 was released recently. This major release follows two years of intensive development and lots of work from students during the Summer of Code. New features include full support of video file management, raw file decoding engine supporting new cameras, simplified web service authentication using OAuth, new export tools and much more. Go here to download.

Google yesterday announced it intends to acquire Alooma, which "helps enterprise companies streamline database migration in the cloud". According to the announcement, "the addition of Alooma, subject to closing conditions, is a natural fit that allows us to offer customers a streamlined, automated migration experience to Google Cloud, and give them access to our full range of database services, from managed open source database offerings to solutions like Cloud Spanner and Cloud Bigtable".

KDE yesterday released a bugfix update to KDE Plasma 5: 5.15.1. This release adds "a month's worth of new translations and fixes from KDE's contributors" to the release announced a little more than one week ago. See the Plasma 5.15.1 changelog for the full list of changes and updates.

Cat-Proofing Your Screen Locker with Bash

cat walking on computer


I have a computer in my bedroom. I also have cats. Unfortunately, cats and screen lockers don't mix well, particularly at night. To be accurate, it's more a problem with the display power management than the actual screen locking. Here's the way it works: I run a script to "shut the lights off at night" (that is, lock the screen and force the display to power down), and that works great, until one of the cats jumps on the desk and causes the mouse to move and turn the display back on. And the cats don't even have to touch the mouse; the slight movement of the desk is enough to cause the mouse to react. Recently, I'd had enough of it and figured there had to be a way to disable the mouse and "refactor" the script.

Google Makes Revisions to Avoid Breaking Ad-Blocking Extensions in Chrome, Kali Linux 2019.1 Released, New Version of Cutelyst Is Out, Ubuntu Posts Security Notice for systemd Vulnerability and Applications Open for Outreachy Summer 2019 Internships

News briefs for February 19, 2019.

Google rethinks its planned changes to Chrome's extension API that would have broken many ad-blocking extensions. Ars Technica reports that Google has made this revision to "ensure that the current variety of content-blocking extensions is preserved". In addition, "Google maintains that 'It is not, nor has it ever been, our goal to prevent or break content blocking' [emphasis Google's] and says that it will work to update its proposal to address the capability gaps and pain points."

Kali Linux 2019.1 was released yesterday. This is the first release of 2019, bringing the kernel to version 4.19.13. This release fixes many bugs and includes several updated packages. The release announcement notes that "the big marquee update of this release is the update of Metasploit to version 5.0, which is their first major release since version 4.0 came out in 2011." You can download Kali Linux from here.

A new version of the Cutelyst Qt/C++ Web Framework is now available. According to Dantti's Blog, Cutelyst 2.7.0 brings back proper async support and includes a few other new features.

Ubuntu posted a security notice of a new systemd vulnerability yesterday. USN-3891-1 affects the following versions of Ubuntu and its derivatives: Ubuntu 18.10, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. The details: "systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service (kernel panic)." See the security notice for instructions on how to update.

Applications for the Outreachy Summer 2019 round of internships is open now to April 2, 2019. The program "provides three-month internships to work in Free and Open Source Software (FOSS). Interns are paid a stipend of $5,500 and have a $500 travel stipend available to them." Outreachy "expressly invite women (both cis and trans), trans men, and genderqueer people to apply. We also expressly invite applications from residents and nationals of the United States of any gender who are Black/African American, Hispanic/Latin@, Native American/American Indian, Alaska Native, Native Hawaiian, or Pacific Islander. Anyone who faces under-representation, systemic bias, or discrimination in the technology industry of their country is invited to apply." Visit here for more information on the application process.

Open Science, Open Source and R

data analysis and statistics

Free software will save psychology from the Replication Crisis.

"Study reveals that a lot of psychology research really is just 'psycho-babble'".—The Independent.

Psychology changed forever on the August 27, 2015. For the previous four years, the 270 psychologists of the Open Science Collaboration had been quietly re-running 100 published psychology experiments. Now, finally, they were ready to share their findings. The results were shocking. Less than half of the re-run experiments had worked.

When someone tries to re-run an experiment, and it doesn't work, we call this a failure to replicate. Scientists had known about failures to replicate for a while, but it was only quite recently that the extent of the problem became apparent. Now, an almost existential crisis loomed. That crisis even gained a name: the Replication Crisis. Soon, people started asking the same questions about other areas of science. Often, they got similar answers. Only half of results in economics replicated. In pre-clinical cancer studies, it was worse; only 11% replicated.

Open Science

Clearly, something had to be done. One option would have been to conclude that psychology, economics and parts of medicine could not be studied scientifically. Perhaps those parts of the universe were not lawful in any meaningful way? If so, you shouldn't be surprised if two researchers did the same thing and got different results.

Alternatively, perhaps different researchers got different results because they were doing different things. In most cases, it wasn't possible to tell whether you'd run the experiment exactly the same way as the original authors. This was because all you had to go on was the journal article—a short summary of the methods used and results obtained. If you wanted more detail, you could, in theory, request it from the authors. But, we'd already known for a decade that this approach was seriously broken—in about 70% of cases, data requests ended in failure.

Debian 9.8 Released, Kernel 5.0-rc7 Is Out, Creative Commons Update on the EU Copyright Changes, Slax 9.8 Available and Mozilla Testing Picture-in-Picture Mode in Firefox

News briefs for February 18, 2019.

Debian 9.8 was released over the weekend. This release mostly addresses security issues and bug fixes. See the post for the full list of changes and visit the mirror list to upgrade an existing installation.

Linux kernel 5.0-rc7 was released yesterday. Linus writes "A nice and calm week, with statistics looking normal. Just under half drivers (gpu, networking, input, md, block, sound, ...), with the rest being architecture fixes (arm64, arm, x86, kvm), networking and misc (filesystem etc). Nothing particularly odd stands out, and everything is pretty small. Just the way I like it."

Creative Commons publishes update on the EU copyright changes that the European Parliament will vote on this spring. The final text of Articles 13 and 11 has been changed somewhat, but according to the Creative Commons post, "With Article 13, it's no exaggeration to say that it'll fundamentally change the way people are able to use the internet and share online. And the European copyright changes will affect how copyright develops in the rest of the world. Even with some of the minor improvements to other aspects of the copyright file, it's hard to see how the reform—taken as a whole—will be a net gain except for the most powerful special interests." If you live in Europe, visit for more information and to contact your MEPs before the vote.

Slax 9.8 was released yesterday. This point release updates some of the included packages; it doesn't include new features. To download the new version, go here.

Mozilla has started testing picture-in-picture mode in Firefox Nightly. According to Softpedia News, "the current implementation of picture-in-picture mode in Firefox is very limited, and I expect Mozilla to accelerate work on it as we approach its target release date. No specifics in this regard are available, however." Picture-in-picture mode is already available in other browsers, such as Google Chrome and Vivaldi.

Converting Decimals to Roman Numerals with Bash


Decimals to Roman numerals—here we hit all the limitations of Bash shell scripting.

My last few articles have given me a chance to relive my undergraduate computer science degree and code a Roman numeral to decimal converter. It's quite handy when you're watching old movies (when was MCMLVII anyway?), and the basic coding algorithm was reasonably straightforward. (See Dave's "Roman Numerals and Bash" and "More Roman Numerals and Bash".)

The trick with Roman numerals, however, is that it's what's known as a subtractive notation. In other words, it's not a position → value or even symbol → value notation, but a sort of hybrid. MM = 2000, and C = 100, but MMC and MCM are quite different: the former is 2100, and the latter is 1000 + (–100 + 1000) = 1900.

This means that the conversion isn't quite as simple as a mapping table, which makes it a good homework assignment for young comp-sci students!

Let's Write Some Code

In the Roman numeral to decimal conversion, a lot of the key work was done by this simple function:

mapit() {
   case $1 in
     I|i) value=1 ;;
     V|v) value=5 ;;
     X|x) value=10 ;;
     L|l) value=50 ;;
     C|c) value=100 ;;
     D|d) value=500 ;;
     M|m) value=1000 ;;
      * ) echo "Error: Value $1 unknown" >&2 ; exit 2 ;;

You'll need this function to proceed, but as a cascading set of conditional statements. Indeed, in its simple form, you could code a decimal to Roman numeral converter like this:

while [ $decvalue -gt 0 ] ; do

  if [ $decvalue -gt 1000 ] ; then
    romanvalue="$romanvalue M"
    decvalue=$(( $decvalue - 1000 ))
  elif [ $decvalue -gt 500 ] ; then
    romanvalue="$romanvalue D"
    decvalue=$(( $decvalue - 500 ))
  elif [ $decvalue -gt 100 ] ; then
    romanvalue="$romanvalue C"
    decvalue=$(( $decvalue - 100 ))
  elif [ $decvalue -gt 50 ] ; then
    romanvalue="$romanvalue L"
    decvalue=$(( $decvalue - 50 ))
  elif [ $decvalue -gt 10 ] ; then
    romanvalue="$romanvalue X"
    decvalue=$(( $decvalue - 10 ))
  elif [ $decvalue -gt 5 ] ; then
    romanvalue="$romanvalue V"
    decvalue=$(( $decvalue - 5 ))
  elif [ $decvalue -ge 1 ] ; then
    romanvalue="$romanvalue I"
    decvalue=$(( $decvalue - 1 ))


This actually works, though the results are, um, a bit clunky:

$ sh 25
converts to roman numeral  X X I I I I I

Or, more overwhelming:

SUSE OpenStack Cloud v9, Ubuntu 18.04.2 LTS Released, Happy Birthday Steam for Linux, WebKitGTK v 2.23.90 Released, Future Support of Virtual Desktops Hinted at in Chromium Codebase

SUSE OpenStack Cloud version 9 is out with its first release candidate.

After a bit of delay, Canonical just released the released Ubuntu 18.04.2 LTS (Bionic Beaver) packaged with a patched 4.18 Linux kernel to address the boot failure bug pushing its release by a week.

Yesterday (Valentine's Day) marked the 6 year anniversary of the release of Steam for Linux. Happy belated birthday Steam for Linux!!!

Just released is WebKitGTK version 2.23.90, adding better GTK integration, support for JPEG2000 and touchpad gestures and more.

A recent code commit to the Chromium codebase may hint to a near future support of virtual desktops; a definite plus for those who tend to run multiple programs all at once.