Source: OSNews
In 1999, some members from the MMC Association decided to split and create SD Association. But nobody seems to exactly know why.
↫ sdomi’s webpage
I don’t even know how to summarise any of this research, because it’s not only a lot of information, it’s also deeply bureaucratic and boring – it takes a certain kind of person to enjoy this sort of stuff, and I happen to fit the bill. This is a great read.
Source: Ars Technica
Popular open source Nintendo Switch emulator Ryujinx has been removed from GitHub, and the team behind it has reportedly ceased development of the project after apparent discussions with Nintendo.
Ryujinx developer riperiperi writes on the project's Discord server and social media that fellow developer gdkchan was "contacted by Nintendo and offered an agreement to stop working on the project, remove the organization and all related assets he's in control of." While the final outcome of that negotiation is not yet public, riperiperi reports that "the organization has been removed" (presumably from GitHub) and thus "I think it's safe to say what the outcome is."
While the Ryujinx website is still up as of this writing, the download page and other links to GitHub-hosted information from that website no longer function. The developers behind the project have not posted a regular progress report update since January after posting similar updates almost every month throughout 2023. Before today, the Ryujinx social media account last posted an announcement in March.
Source: OSNews
When Valve took its second major crack at making Steam machines happen, in the form of the Steam Deck, one of the big surprises was the company’s choice to base the Linux operating system the Steam Deck uses on Arch Linux, instead of the Debian base it was using before. It seems this choice is not only benefiting Valve, but also Arch.
We are excited to announce that Arch Linux is entering into a direct collaboration with Valve. Valve is generously providing backing for two critical projects that will have a huge impact on our distribution: a build service infrastructure and a secure signing enclave. By supporting work on a freelance basis for these topics, Valve enables us to work on them without being limited solely by the free time of our volunteers.
↫ Levente Polyak
This is great news for Arch, but of course, also for Linux in general. The work distributions do to improve their user experience tend to be picked up by other distributions, and it’s clear that Valve’s contributions have been vast. With these collaborations, Valve is also showing it’s in it for the long term, and not just interested in taking from the community, but also in giving, which is good news for the large number of people now using Linux for gaming.
The Arch team highlights that these projects will follow the regular administrative and decision-making processes within the distribution, so we’re not looking at parallel efforts forced upon everyone else without a say.
Source: The Verge - All Posts
Reddit is giving its staff a lot more power over the communities on its platform. Starting today, Reddit moderators will not be able to change if their subreddit is public or private without first submitting a request to a Reddit admin. The policy applies to adjusting all community types, meaning moderators will have to request to make a switch from safe for work to not safe for work, too.
By requiring admin approval for the changes, Reddit is taking away a lever many communities used to protest the company’s API pricing changes last year. By going private, the community becomes inaccessible to the public, making the platform less usable for the average visitor. And that’s part of the reason behind the change.
“The ability to instantly...
Source: Hacker News
Source: Hacker News
Source: Schneier on Security
NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords:
The following requirements apply to passwords:
- lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
- Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
- Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
- Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a signgle character when evaluating password length.
- Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.
- Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
- Verifiers and CSPs SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.
- Verifiers and CSPs SHALL NOT prompt subscribers to use knowledge-based authentication (KBA) (e.g., “What was the name of your first pet?”) or security questions when choosing passwords.
- Verifiers SHALL verify the entire submitted password (i.e., not truncate it).
Hooray.
Source: Ars Technica
Enlarge (credit: Carol Yepes | Moment)
California recently became the first state to ban deceptive sales of so-called "disappearing media."
On Tuesday, Governor Gavin Newsom signed AB 2426 into law, protecting consumers of digital goods like books, movies, and video games from being duped into purchasing content without realizing access was only granted through a temporary license.
Sponsored by Democratic assemblymember Jacqui Irwin, the law makes it illegal to "advertise or offer for sale a digital good to a purchaser with the terms buy, purchase, or any other term which a reasonable person would understand to confer an unrestricted ownership interest in the digital good, or alongside an option for a time-limited rental."
Source: Hacker News
Source: Hacker News
