05.12.17

Contents

• GNU/Linux
  • Distributions
  • Devices/Embedded
• Free Software/Open Source
• Leftovers

GNU/Linux

• Desktop

  • PC repair chap lets tech support scammer log on to his PC. His Linux PC

    Why look at that! Friday is upon us, which means it’s time for another instalment of On-Call, The Register’s weekly column in which readers share memories of being asked to fix odd stuff at unpleasant times of the day.

    This week, meet “Shane,” who used to do a bit of computer repair work on the side, and kept a phone just for that business.

    “This was back in the days when XP would regularly crap itself and need to be reinstalled every year or so, and thus such a sideline was worth the effort,” Shane explained in his mail to El Reg.

    That phone rang one day and the caller proclaimed he was from Microsoft tech support and that they had detected a virus on Shane’s computer. “The irony of this obvious scam coming into that particular phone amused me enough that I played along with the scammer for a while.”

• Kernel Space

  • linux-4.11-ck1 / MuQSS CPU scheduler 0.155

    These are patches designed to improve system responsiveness and interactivity with specific emphasis on the desktop, but configurable for any workload. The patchset is mainly centred around the Multiple Queue Skiplist Scheduler, MuQSS.

  • MuQSS CPU Scheduler 0.155 Released

    Con Kolivas has released his latest version of the MuQSS CPU scheduler that succeeds the Brain BFS scheduler.

    MuQSS 0.155 is now available along with his Linux-4.11-ck1 patch series. MuQSS continues to be designed for delivering maximum system responsiveness and interactivity with a focus on desktop workloads.

  • Broadcom BCM2835 Thermal Driver For Linux 4.12

    The Broadcom BCM2835 SoC, most notably used by various Raspberry Pi boards and other SBCs, will have a thermal driver in the Linux 4.12 kernel.

    As part of the thermal updates sent in to Linux 4.12, a BCM2835 SoC thermal driver is being added. The bcm2835_thermal driver exposes the SoC temperature and a critical trip point (80C or whatever is defined by the firmware). It looks like this BCM2835 driver will also work for BCM2836 and BCM2837 SoCs too with the correct DeviceTree information. This thermal driver should be useful for Raspberry Pi users putting their hardware under routine load or in more demanding environments.

  • Graphics Stack

    • VK9 Direct3D-Over-Vulkan Begins Hitting More Advanced Milestones

      The VK9 hobbyist project implementing Direct3D 9 over the Vulkan graphics API is beginning to reach the more challenging milestones.

    • Mesa 17.0.6 Is Coming Soon with Polaris 12 Support for Radeon RADV Vulkan Driver

      A new maintenance update of the Mesa 17.0 3D Graphics Library stable series, which numerous GNU/Linux distributions are currently using in their default install, is being prepped these days.

      We’re talking here about Mesa 17.0.6, which is now in the Release Candidate stage of development, promising to bring more than 50 improvements for various supported drivers, as well as core components. The final release of Mesa 17.0.6 is expected this weekend, but let’s have a look at what to expect from it.

  • Benchmarks

    • RADV vs. AMDGPU-PRO Vulkan Performance vs. OpenGL In May 2017

      With the open-source RADV Radeon Vulkan driver recently hitting the milestone of effectively being Vulkan 1.0 compliant, I figured this warranted a good time for running a fresh open-source Vulkan vs. AMDGPU-PRO Vulkan performance comparison on various graphics cards. For additional context, the RadeonSI and AMDGPU-PRO OpenGL numbers are also present to provide additional value.

• Applications

  • A simple command-line tool for recording audio

    Machine learning and natural language processing are transforming our relationship with our devices by giving them a human voice. People with visual impairments have especially benefited from these technologies, but those who speak languages like my native Odia have largely been left behind by most voicebanks.

    When T. Shrinivasan, a Tamil-language Wikipedian, started the Voice-recorder-for-tawictionary, he probably didn’t realize how useful his open source tool can be for users like me. I was in search of a simple tool that could allow me to record large chunks of words in a short time so that those recordings can be used on Odia Wiktionary, a sister project of Wikipedia and a free dictionary in Odia language that has translations of Odia and other language words.

  • VLC Media Player 2.2.5 Improves Video Scaling in VDPAU, MP3 Playback, and More

    VLC 2.2.5 arrived recently with a great number of improvements over the previous stable update of the open-source, free and cross-platform video player application for GNU/Linux, macOS and Microsoft Windows operating systems.

    In fact, it’s been almost a year since VLC 2.2.4 was announced back in early June 2016, and users can now finally update their beloved media player to a newer version that has quite a number of improvements. For example, VLC 2.2.5 improves the MP3 playback quality when the libmad library is used, as well as VDPAU video scalling and the playback of palettized codecs.

  • OpenShot 2.3.2 Open-Source Video Editor Is Out, Addresses a Few Important Issues

    OpenShot developer Jonathan Thomas today announced the release and immediate availability of the first public maintenance update to the OpenShot 2.3 stable series of the open-source and cross-platform video editor.

    OpenShot 2.3 arrived at the end of March 2017 as “one of the biggest updates ever” of the popular and free video editor software that’s used with success by many videographers and vloggers on the Open Source community, but also by any home user who wants to edit his/her vacation movies.

  • Tilix – An Advanced GTK3 Tiling Terminal Emulator for Linux

    Tilix (Previously known as Terminix) is an advanced GTK3 tiling terminal emulator that follows the Gnome Human Interface Guidelines (HIG). It has vast features which is not found in other terminal emulators.

    Tilix is very useful when you are working with more then one server in a same time since it allow users to split the window to horizontal or vertically. It will improve the productivity and also save lots of time.

  • Instructionals/Technical

    • Hardening SSH authentication using Yubikey (1/2)

    • Hardening SSH authentication using Yubikey (2/2)

    • Installing a Docker Swarm cluster inside VirtualBox with Docker Machine

    • If you’re still using ifconfig, you’re living in the past

    • The Many Layers of Packaging

    • Linux lsof command tutorial for beginners (10 examples)

    • How to work with dates and time with Python

  • Wine or Emulation

    • Wine Announcement

      The Wine development release 2.8 is now available.

    • Wine 2.8 released with asynchronous Direct3D command stream

    • Wine 2.8 Brings Improved Direct3D Command Stream

      Wine 2.8 is now available as the latest bi-weekly development snapshot for this program to run Windows applications/games on Linux and macOS.

  • Games

    • Charlie Murder and The Dishwasher: Vampire Smile have been released with Linux support

      Originally console exclusives, this pair of older action titles from the developer of Salt and Sanctuary have been ported by the ever-prolific Ethan Lee. The Linux version has been launched simultaneously with all other platforms on Steam.

    • Absolver, a combat game with RPG elements, won’t have Linux support at launch

      After the disappearance of Linux system requirements on their Steam store page, a reader reached out for us to find out what was going on with their release plans.

    • The Linux port of Xenonauts is not supported and was only made for ‘legacy customers’

      Here’s your utterly weird news of the day. Some time ago Xenonauts was ported to Linux by Knockout Games. The official website now claims it’s not actually supported and is only meant for whatever the heck they mean by ‘legacy customers’. Thanks to reddit for originally pointing it out.

      Despite the Linux version being sold on GOG, Steam & Humble, I find it rather anti-consumer to claim on the official site that the Linux & Mac versions aren’t actually supported. With regards to ‘legacy customers’, essentially, it’s only meant for people who purchased it originally. If that’s truly the case, having it advertised for sale across those stores is pretty bad practice.

    • Block’hood, the neighborhood-building simulator, has launched out of Early Access

    • Steam Controller & Steam Link on sale for a few days, the Link is especially cheap

    • BATTLETECH, the turn-based mech battler from Harebrained Schemes has a new trailer

      Love mech battles? How about turn-based tactical mech battles? BATTLETECH is coming to Linux and it has a new trailer.

    • Haemimont Games & Paradox announce ‘Surviving Mars’, a management strategy game

      Surviving Mars [Official Site, Paradox Site], from developer Haemimont Games and publisher Paradox is a brand new management strategy game about colonizing the red planet.

• Desktop Environments/WMs

  • K Desktop Environment/KDE SC/Qt

    • Kdenlive 17.04.1 released

      With the ongoing refactoring at full throttle a minor bug fix released with the ability to use VAAPI in transcoding and rendering by inserting a pre-parameter in you encoding profile (refer to commit and bug report for more info), a performance improvement and some Windows version fixes.

    • KDE Applications 17.04 Gets First Point Release, Adds More Than 20 Bug Fixes

    • KDE Plasma 5.10 Will Let You Install Snaps and Flatpaks, Support GNOME’s ODRS

    • KDE 4/5 Affected By A Root Exploit Vulnerability

      The issue in KAuth paired with a problem in smb4k can allow an attacker to gain root access on a local machine. This exploit has been tested on openSUSE Leap and Fedora 26 Alpha, among other distributions.

      More details on the issue are still coming to light but there is some detailed information via this oss-security posting.

  • GNOME Desktop/GTK

    • GNOME 3.24.2 Desktop Environment Officially Released as the Last in the Series

    • GNOME Shell and Mutter Updated for the GNOME 3.24.2 Desktop with More Bug Fixes

    • Meson and GXml

      After a call, Yannick has pushed a patch to add Meson build system to GXml. This is my first time using Meson and I really love it.

      After a set of patches, I’ve managed to fix most installation and Unit Test integration.

• Distributions

  • CoreOS’s Linux platform bolsters enterprise Kubernetes features

    Tectonic, CoreOS’s Linux platform built to run containers, was revamped this week to version 1.6.2. Underneath that minor point revision label lie some significant changes.

  • OpenSUSE/SUSE

    • Several openSUSE services disabled due to a security breach

      We have been informed of a security breach of the MF authentication system used by several openSUSE services.

      As a result, the openSUSE services using this authentication method are immediately being set to read-only mode/preventing authentication.

      This includes the openSUSE OBS, wiki, and forums.

      The scope and impact of the breach is not yet fully clear. The disabling of authentication is to ensure the protection of our systems and user data while the situation is fully investigated.

    • Tumbleweed: Review of the weeks 2017/18 & 19

      In the last two weeks, a total of 6 snapshots had been released to the wild (0428, 0429, 0430, 0502, 0503, 0505): all those snapshots were mainly in Week 18 – while we were having some struggles this week due to the way the pattern packages are now laid out. The change was slightly more complex than anticipated and small issues crept in here and there. But the change is well worth the effort, as patterns are now smaller chunks with their own respective maintainer groups assigned. For example, the KDE Team has more, and especially more direct, control over their pattern. The same holds, of course, true for all other desktop related patterns: those now live in the respective desktop environment’s devel projects.

  • Red Hat Family

    • Red Hat’s Head Of Products On Competing With Docker, Teaming With AWS And A Container Services ‘Renaissance’ For The Channel

      At open-source technologies giant Red Hat, executives say it’s their company—not Docker—that is the player to beat in containers for the enterprise. Paul Cormier, an executive vice president who heads Red Hat’s technology and products organizations, sat down with CRN during Red Hat Summit 2017 in Boston and had plenty to say about the competition around containers. “You need a production-ready environment to really start to deploy [containers] and bet your business on it,” Cormier said, “and we’re the only one that’s proved we can do that.”

    • Red Hat Release Next Generation of OpenShift Online

      Red Hat have announced the initial availability of the next generation of OpenShift Online, the PaaS cloud application platform. This next edition is re-engineered to be built on top of OpenShift container platform, powered by open source tools such as Docker and Kubernetes.

      OpenShift online is a multi-tenant cloud application platform, which allows developers to develop and run container based applications. It aims to reduce operational overhead by providing on-demand application stacks, automating building and deployment, and streamlining development processes.

    • Finance

      • Market Spotlight: Focusing on Shares of Red Hat, Inc. (NYSE:RHT)

    • Fedora

      • Nvidia driver improvements for Fedora 25+

      • The latest Sublime Text Editor build on Fedora

      • Track the night sky with Stellarium on Fedora

        Ever looked up at the night sky and tried to identify specific celestial bodies out of the millions you can see? Stellarium is an awesome open source planetarium application available in Fedora to help you identify and track objects in the night sky. Basically, it simulates the night sky and provides labels and other tools to help you know what you are actually looking at.

      • Crouton Fedora + Wayland. Yes, please!

        As of version 50, Chrome OS includes a Wayland server. Even though this is mostly for running Android applications, even my old Toshiba Chromebook which doesn’t have Android support, has Wayland in it. Therefore Crouton Fedora can now fully utilize it and run GUI applications on it, mixed with Chrome OS windows!

      • It’s Now Possible To Run Fedora On Chromebooks With Wayland

        With Wayland now being present on Chrome OS for the Android compatibility layer, modifications to Crouton were made to allow Fedora Workstation with Wayland to run atop these Wayland-enabled Chromebooks.

        Using Crouton to load a Linux distribution on a Chromebook/Chromebox no longer has to rely upon using a xorg-server now that Wayland is present on ChromeOS 50+.

  • Debian Family

    • Linus Torvalds Talks to Debian Users

      A little over two-and-a-half years ago, Linus Torvalds spent over an hour taking and answering questions from an audience of developers at DebConf14 in Portland, Oregon. Some of what he said is by now old news, but that’s interesting too, as it serves as a marker for where we’ve been.

    • Derivatives

      • Canonical/Ubuntu

        • Canonical Releases Snapd 2.26 Snappy Daemon with Tab-Completion Support in Snaps

          Canonical’s Snappy team, through Michael Vogt, announced today the release and immediate availability of the Snapd 2.26 Snappy daemon for Ubuntu Linux and other supported GNU/Linux distributions.

          Snapd 2.26 is here only two weeks after the previous maintenance release, but it looks like it’s yet another hefty update adding quite a number of improvements and new features. The biggest new feature being the implementation of tab-completion in Snaps, which means that Snap packages can now ship pre-loaded with a bash completion script that will be exported to user’s shell.

        • Ubuntu Podcast S10E10 Released, Listen Now!

        • It’s Now Super Easy to Install Atom Text Editor on Ubuntu

        • Consortium GARR creates countrywide Federated Canonical OpenStack

          GARR, Italy’s leading research and education network consortium, manages a fully owned fibre optic network of 15,000 Km dedicated to Italian Research and Education and offers high performance connectivity and advanced services to around 4 million users and over 1,200 research institutes, universities, research hospitals, cultural institutions, libraries, museums and schools.

        • Which Apps Would You Like to See as Snaps?

          Which applications would you like to see made available as Snap?

          That’s the question being asked by the Snapcraft community who work on the technology.

        • conjure-up dev summary for week 19

          We sent out a proposal outlining why we wanted to go with a particular solution and made sure to solicit input from the community to either get approval or see if there were any other solutions. Read about that proposal and responses for more details into that process and the pros and cons. The conclusion was to go with our proposal and bundle LXD into conjure-up snap in the same way we do Juju.

          This work has been completed and should make it’s way into conjure-up 2.2. Prior to that though we need to make sure to socialize this change as it will cause users existing Localhost deployment to not be easily reachable and also documenting how users can reach their newly deployed containers.

        • Flavours and Variants

          • Which Official Ubuntu Flavor Is Best for You?

            Up until recently, the official Ubuntu Linux included the in-house Unity desktop and a sixth recognized flavor existed: Ubuntu GNOME — Ubuntu with the GNOME desktop environment.

            When Mark Shuttleworth decided to nix Unity, the choice was obvious to Canonical—make GNOME the official desktop of Ubuntu Linux. This begins with Ubuntu 18.04 (so April, 2018) and we’ll be down to the official distribution and four recognized flavors.

            For those already enmeshed in the Linux community, that’s some seriously simple math to do—you know which Linux desktop you like, so making the choice between Ubuntu, Kubuntu, Lubuntu, Mythbuntu, and Ubuntu Budgie couldn’t be easier. Those that haven’t already been indoctrinated into the way of Linux won’t see that as such a cut-and-dried decision.

            To that end, I thought it might be a good idea to help newer users decide which flavor is best for them. After all, choosing the wrong distribution out of the starting gate can make for a less-than-ideal experience.

            And so, if you’re considering a flavor of Ubuntu, and you want your experience to be as painless as possible, read on.

• Devices/Embedded

  • Open source, $125 NAS SBC has four SATA 3.0 ports

    On Kickstarter, an open source, 4-bay “Helios4” NAS SBC runs Armbian on a Marvell Armada 388 SoC, and sells for $125, or $139 for the full case kit with fans.

    A Singapore-based startup called Kobol has gone to Kickstarter to pitch an open source network attached storage (NAS) SBC that supports up to 40TB of onboard storage, as well as media streaming and file sharing. The Helios4 Personal Cloud also comes with an optional enclosure kit with bays and dual fans for the board’s four SATA ports. Two USB 3.0 ports are also available.

  • Phones

    • Tizen

      • Samsung’s Tizen overtakes Android Wear in smartwatch OS market share, still lags behind Apple’s watchOS

        Smartwatches are one of the most personal pieces of tech someone can use day-to-day. Not only does it come down to the style of the device, but also the look and feel of the operating system. For Android users, there’s no lack of choices for a compatible smartwatch, with the first coming to mind usually being Android Wear. Now, though, Samsung’s Tizen has overtaken Android Wear in popularity…

        According to a new report from Strategy Analytics (via Tizen Experts), during Q1 of 2017, Samsung’s Tizen OS overtook Google’s Android Wear for the first time with 19% of the overall market compared to Google’s 18%. What’s interesting to note here is that past reports predicted that Samsung’s OS would barely make a dent in the market at this point, with Android Wear taking second place with a much closer comparison to Watch OS.

      • Tizen Studio version 1.2 Released, Includes Tizen RT for Internet of Things (IoT)

      • Could Samsung’s new patent be a Tizen-based Bixby speaker?

      • Tizen 2.4.0.7 update for Samsung Z2 in Indonesia currently being rolled out

        Samsung has released a new software update for the Samsung Z2 for users in Indonesia. The new Tizen platform version 2.4.0.7 brings some bug fixes, performance improvements and new features. This latest version comes as a replacement to the Tizen version 2.4.0.5.

      • Samsung Z4, First Tizen 3.0 Firmware Available Online AQD7 – SM-Z400F

      • Samsung launches Z4 smartphone with Tizen OS

      • Samsung Z4 Mobile has been Announced, heading to the Tizen Developer Conference

      • Samsung unveils Tizen Check, a new diabetes prevention solution for Tizen smartphone

      • Best of Tizen deals from Amazon’s ‘Great Indian Sale’

      • Live Lock Screen App available in Tizen Store

      • Tizen App Share – Released for your Android phone to cut down mobile data charges

    • Android

      • Android Wear 2.0 on the Huawei Watch

      • Google Maps for Android adds Street View images in navigation to show your turns

      • Android device updates: Android Nougat finally comes to the unlocked Galaxy S7 Edge

      • This smart home camera backed by the inventor of Android sounds kind of amazing

        After leaving Google in 2014, Android inventor Andy Rubin launched an incubator for hardware startups the following year. It’s already hosting numerous projects, and the first one is coming soon: the Lighthouse ‘interactive assistant’.

      • Android flaw affecting millions of users won’t be fixed for months

        Security researchers have discovered an unusual Android vulnerability that could affect nearly 40 per cent of users.

        It can expose users to malware, by allowing cyber criminals to hijack a phone’s screen.

      • Android Security Bulletin May 2017: What you need to know

      • Try out Chrome’s new ultra fast search tool for Android before the rest of the world

      • The unlocked Galaxy S8 is now available for preorder in the US

        In the US, Samsung is all-in on the carrier-driven purchasing model. When the Galaxy S8 launched last month, it was only available locked to a US carrier. Today, US customers are finally able to plunk down some cash for the unlocked US version at Bestbuy.com or Samsung.com.

      • Google Contacts 2.0 for Android redesigns the people view, account switcher, more

Free Software/Open Source

• CNCF Snares Four New Members for Open Source Container Orchestration

  The Cloud Native Computing Foundation (CNCF) added four new members to its efforts to develop an open source-based container orchestration platform.

  The new members include Tencent Cloud, which joined as a “Gold” member; Mashape, which signed on as a “Silver” member; and Vevo and Zalando Technology, which both joined the organization as “End-User Supporters.”

• Kubernetes: The smart person’s guide

  As containers have become more important to businesses across the globe, it was necessary to create a system that would allow containers to scale out to meet the needs of enterprise-level deployments. That’s where Kubernetes comes into play.

  Unlike Docker, Kubernetes is a very robust ecosystem. Instead of deploying a single container, Kubernetes enables you to deploy multiple containers to multiple hosts, making it ideal for larger deployments and load balancing.

• How to do time series prediction using RNNs, TensorFlow and Cloud ML Engine

  The Estimators API in tf.contrib.learn (See tutorial here) is a very convenient way to get started using TensorFlow. The really cool thing from my perspective about the Estimators API is that using it is a very easy way to create distributed TensorFlow models. Many of the TensorFlow samples that you see floating around on the internets are not distributed — they assume that you will be running the code on a single machine. People start with such code and then are immeasurably saddened to learn that the low-level TensorFlow code doesn’t actually work on their complete dataset. They then have to do lots of work to add distributed training code around the original sample, and who wants to edit somebody else’s code?

• TensorFlow: I want to like you, but you’re tricksy

  Occasionally a technology comes along that changes the way that people work. Docker has had a profound effect on how applications are deployed in the cloud, Hadoop changed how analysis of big data was done and the R language has disrupted the statistics market.

  And so to TensorFlow, which emerged from the Machine Learning team at the Google Brain project. Building on their experience of a system called DistBelief, TensorFlow is a second-generation framework for the implementation of machine learning at scale.

  Users described their ML models as dataflow graphs, combining a number of machine learning techniques into a single model. TensorFlow itself does nothing to reduce the learning curve found in ML (in fact it might make it steeper), but Google’s framework does enormously simplify the deployment of ML models. If you think of ML model construction as a data science then TensorFlow is a Data Engineering tool for deployment.

• Events

  • X.Org Is Looking For An XDC2018 Host

    The X.Org Foundation is looking for interested individuals to offer bids for organizing the 2018 X.Org Developers’ Conference.

    The XDC2017 conference happening this September is taking place at the Googleplex in Mountain View and thus in the usual rotation, for the 2018 conference will ideally be trying to find a host in Europe.

  • New Continuous Development Course Now Available From The Linux Foundation

  • Webinar: Delivering the value of IoT in the retail industry

    IoT is being embraced by an increasingly diverse set of sectors and one which is reaping the benefits is the retail sector, specifically supermarkets and how they are using data in cold-chain (refrigeration) solutions. For this webinar, join Paul Edrich, CTO of IMS Evolve, who is helping major supermarket chains to manage billions of data points in real time to inform operational processes, reduce energy consumption and increase product quality.

  • Kamailio World and FSFE team visit, Tirana arrival

    This week I’ve been thrilled to be in Berlin for Kamailio World 2017, one of the highlights of the SIP, VoIP and telephony enthusiast’s calendar. It is an event that reaches far beyond Kamailio and is well attended by leaders of many of the well known free software projects in this space.

  • The Open Source Day 2017 conference coming on May 17th in Warsaw

    Nearly 1,000 attendees and several thousand viewers online participates in the annual Open Source Day conference. This Europe’s largest event dedicated to open technology has become a highlight among tech events in the country. The 10th anniversary edition will take place on May 17th at Marriott Hotel in Warsaw.

  • 6 days to SunCamp

    It will be a small event (about 20-25 people), with a more intimate atmosphere than DebConf. There will be people fixing RC bugs, preparing stuff for after the release, or just discussing with other Debian folks.

• Web Browsers

  • Chrome

    • Chrome Gets A GPU Service Scheduler

• SaaS/Back End

  • Why Quotas are Hard

    Lets say we allow the explicit allocation of quota from higher to lower. Does this mean that the parent project is reducing its own quota while creating an explicit quota for the lower project? Or does it mean that both quotas need to be enforced? If the quota for sales is set to 10, and the quota for the three node projects are all set to 10, is this legal or an error?

• EEE

  • Microsoft emits code for DIY Linux IoT hubs. Repeat, Linux IoT hubs (that talk to Azure, duh)

  • Pigs are flying as Apple iTunes, Ubuntu Linux head to the Windows Store

  • Pigs are flying as Apple iTunes, Ubuntu Linux head to the Windows Store

  • Coming to Microsoft’s Windows Store: Apple iTunes, and Linux distributions

  • No joke: Linux is coming to Microsoft’s app store

  • Microsoft brings Fedora, SUSE, and Ubuntu Linux to the Windows Store

  • Microsoft will offer 3 flavors of Linux in the Windows Store

  • Apple is bringing iTunes to the Windows Store

  • Ubuntu, SUSE Linux, and Fedora are all coming to the Windows Store [iophk: "offering only VMs not the OS itself"]

    Ubuntu, SUSE Linux, and Fedora will all be available to install directly from the Windows Store, making it easy to run Linux apps on any Windows 10 device. The Linux installations will run in a virtualized environment side by side with Windows, [...]

• BSD

  • Promoting FreeBSD at Events

• FSF/FSFE/GNU/SFLC

  • GIMP 2.8.22 Open-Source Image Editor Fixes Ancient CVE Bug from 10 Years Ago

    GIMP, the open-source, free and multi-platform image editor software, was updated today to version 2.8.22, which appears to be a bugfix release in the stable 2.8 series of the project.

  • GNU OrgaDoc Aims To Make It Easy To Copy/Sync Documents Between Computers

    But will OrgaDoc serve much of a use in 2017 when for years most multi-computer individuals have probably been using Nextcloud/ownCloud, their own web/FTP servers, or proprietary services like Google Docs and Dropbox to manage files across computers? Do you plan to use OrgaDoc or how do you keep files synced across computers? What about using the Eiffel programming language today? Let us know your thoughts in the forums. Should you want to learn more about GNU OrgaDoc, see the project site.

• Licensing/Legal

  • A federal court has ruled that an open-source license is an enforceable contract

    When the South Korean developer of a suite of productivity apps called Hancom Office incorporated an open-source PDF interpreter called Ghostscript into its word-processing software, it was supposed to do one of two things.

    To use Ghostscript for free, Hancom would have to adhere to its open-source license, the GNU General Public License (GPL). The GNU GPL requires that when you use GPL-licensed software to make some other software, the resulting software also has to be open-sourced with the same license if it’s released to the public. That means Hancom would have to open-source its entire suite of apps.

• Openness/Sharing/Collaboration

  • Why we need an open source approach to data management

    Open source communities that form around common challenges allow large groups of individuals to gain knowledge on really complicated aspects of their business and industry, expanding communal learning and continually advancing a topic along the way. Open sourcing a framework that enables data management and is supported by a community of information security professionals provides them with the tools and capabilities necessary in today’s cybersecurity environment, including:

• Programming/Development

  • The curl user survey 2017

    If you use curl or libcurl, in any way, shape or form, please consider spending a few minutes of your precious time on this. Your input helps us understand where we are and in which direction we should go next.

Leftovers

• You really should know what the Andrew File System is

  When I saw that the creators of the Andrew File System (AFS) had been named recipients of the $35K ACM Software System Award, I said to myself “That’s cool, I remember AFS from the days of companies like Sun Microsystems… just please don’t ask me to explain what the heck it is.”

  Don’t ask my colleagues either. A quick walking-around-the-office survey of a half dozen of them turned up mostly blank stares at the mention of the Andrew File System, a technology developed in the early 1980s and named after Andrew Carnegie and Andrew Mellon. But as the Association for Computing Machinery’s award would indicate, AFS is indeed worth knowing about as a foundational technology that paved the way for widely used cloud computing techniques and applications.

• Science

  • The Real Threat to Our Government Is Tech Illiteracy

• Health/Nutrition

  • Dakota Access pipeline leaks 84 gallons of crude oil before becoming fully operational

  • WHO, Stakeholders Take ‘First Step’ On Fair Pricing For Medicines

    The World Health Organization has concluded a major one-day forum on fair pricing of medicines, bringing a wide range of stakeholders together in Amsterdam and coming up with several possible actions for the way ahead. Key points of discussion included a definition of fair pricing, moving away from value-based pricing, delinkage of price from research and development costs, and greater transparency, according to participants.

  • WHO Touts Its Past Work On Improving Access To Medicines

    The World Health Organization today published an item entitled, Access to medicines: making market forces serve the poor, a chapter from its report ‘Ten years in public health 2007-2017’ of outgoing WHO Director General Margaret Chan.

    The chapter reveals that almost two billion people worldwide have no access to essential medicines, and says this lack of access to medicines is a complex problem that prevents better health. The chapter investigates the role of WHO in addressing the problem of access to safe, effective and quality-assured medicines.

  • Longest, Biggest World Health Assembly Ever Set To Open With Election, Budget Topping Agenda

    Timothy Armstrong, director of the WHO Department of Governing Bodies, gave an introduction to the WHA during a press briefing today, which ended up being largely focused on the election process and why Taiwan has not been invited this year, a first since 2009.

    [...]

    Also on the agenda are: the Global Vaccine Action Plan; the preparation for the third High-Level Meeting of the General Assembly on the Prevention and Control of Non-Communicable Diseases to be held in 2018; WHO engagement with non-state actors; and a potential agreement on a resolution on cancer drug, in particular prices.

• Security

  • Avast blocks the entire internet – again

    An Avast software update pushed out on Wednesday is preventing web access for at least some devices running the firm’s freebie anti-malware software.

    Users affected by the problem have started threads (here and here among others) on Avast’s support forum.

  • Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable [Ed: With or without a fix, Windows is vulnerable because it’s designed for back doors]

    Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.

  • Flexera’s new solution embeds open-source security scanning in development build process

  • Flexera Reimagines Software Supply Chain Safety – Embeds Open Source Security Scanning into Software Development Build Process

  • observations re packet socket exploit

    A few thoughts I had after reading Exploiting the Linux kernel via packet sockets. Not really about the exploit itself, but what it reveals about the state of systems security.

  • 185,000+ IoT security cameras are vulnerable to a new worm

    Persirai is a new strain of Internet of Things malware that infects more than 1,250 models of security camera, all manufactured by an unnamed Chinese manufacturer that has sold at least 185,000 units worldwide.

  • Keylogger found on many HP Windows laptops

    A Swiss researcher has discovered a keylogger in an audio driver on many Windows laptops made by HP Inc.

  • HP laptops covertly log user keystrokes, researchers warn

    HP is selling more than two dozen models of laptops and tablets that covertly monitor every keystroke a user makes, security researchers warned Thursday. The devices then store the key presses in an unencrypted file on the hard drive.

  • Could Your Hospital Data Be Breached?[iophk: "use of Windows violates HIPAA"]

  • Massive ransomware attack hits UK hospitals, Spanish banks [Ed: Microsoft shows its real cost]

    A large number of hospitals, GPs, and walk-in clinics across England have been locked down by a ransomware attack, reports suggest. There are also some reports of a ransomware attack hitting institutions in Portugal and Spain, with telecoms provider Telefonica apparently hit hard. Further attacks have been reported in Russia, Ukraine, and Taiwan. Batten down the hatches: we might be in the middle of a global ransomware attack.

    Multiple sources point to this ransomware attack being based on the EternalBlue vulnerability, which was discovered by the NSA but was leaked by a group calling itself Shadow Brokers last month.

    NHS Digital has confirmed the attack and issued a brief statement, stating that there’s no evidence that patient data had been accessed and that the attack was not specifically targeted at the NHS. At this point it isn’t clear whether a central NHS network has been knocked offline by the ransomware or whether individual computers connected to the network are being locked out. In any case, a number of hospitals and clinics are reporting that their computer systems are inaccessible, and some telephone services are down too.

  • New ransomware Jaff demands $3,700 payments

  • Updates on CyberSecurity, WordPress and what we’re cooking in the lab today.

    This is a Wordfence public service security announcement for all users of computers running any version of Windows.

    We have confirmed that a serious virulent ransomware threat known as WannaCrypt0r/WannaCry has affected Windows computers on shared networks in at least 74 countries worldwide, with 57,000 reported individual cases being affected. And according to the analysis team at Kaspersky Lab, that number is growing fast.

• Defence/Aggression

  • The Weapons For Everybody Racket

    ​Yesterday, the topic of The Ron Paul Liberty Report program was “Arming The Kurds – A Dangerous Idea”. On the one hand, we have our NATO ally, Turkey, who we’re supposed to come to the defense of (unconstitutionally, of course). And on the other hand, there’s the Kurds, who have long been seeking autonomy from Turkey.

    President Trump has authorized the Pentagon to begin providing heavy weapons to the Kurds in Syria. But what if the Kurds turn those weapons on our ally Turkey?

    Unfortunately, this web of insanity is not new. The U.S. federal government has been arming and supporting both sides of conflicts for many decades.

• Transparency/Investigative Reporting

  • AfterMidnight

    Today, May 12th 2017, WikiLeaks publishes “AfterMidnight” and “Assassin”, two CIA malware frameworks for the Microsoft Windows platform.

    “AfterMidnight” allows operators to dynamically load and execute malware payloads on a target machine. The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of “Gremlins” via a HTTPS based Listening Post (LP) system called “Octopus”. Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute. If there is, it downloads and stores all needed components before loading all new gremlins in memory. “Gremlins” are small AM payloads that are meant to run hidden on the target and either subvert the functionality of targeted software, survey the target (including data exfiltration) or provide internal services for other gremlins. The special payload “AlphaGremlin” even has a custom script language which allows operators to schedule custom tasks to be executed on the target machine.

    “Assassin” is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. “Assassin” (just like “AfterMidnight”) will then periodically beacon to its configured listening post(s) to request tasking and deliver results. Communication occurs over one or more transport protocols as configured before or during deployment. The “Assassin” C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively as” The Gibson” and allow operators to perform specific tasks on an infected target..

  • House Committee Head Tells Federal Agencies To Stop Handing Out Communications With Congress To FOIA Requesters

    Barack Obama promised the “most transparent administration ever,” then spent years undermining his own promise. The Trump Administration has made no such promises (other than “if you don’t like your Forever Wars, you can keep them…”) but it’s working overtime to make the faux transparency of the Obama years look like a high water mark in government accountability.

    Multiple federal agencies are no longer allowed to communicate directly with the public through social media accounts. Anything posted must be approved by administration staff. Open.gov is shut down and Trump has decided against following in his predecessor’s footsteps, refusing to release White House visitors’ logs.

• Environment/Energy/Wildlife/Nature

  • These people want you to know climate change isn’t just for liberals

    He doesn’t start with an apocalyptic description of future impacts when he talks to people about climate change, but, for some audiences, University of Wisconsin-Madison Professor of Environmental Studies Calvin DeWitt does turn to the book of Revelation. “I’ll have a white-out pen in my pocket, and I’ll have them read Revelation chapter 11, verse 18. It’s a description of the sounding of the last trumpet, as you hear in Handel’s ‘Messiah,’ and the end verse says, ‘The time has come for destroying those who destroy the Earth,’” DeWitt told me. “And so, I say, ‘I have a white-out pen here for anyone who would like to correct their Bible.’”

    DeWitt sees his faith as fundamental to, rather than in conflict with, his concern about climate change. He often finds common ground with fellow evangelicals by talking about stewardship of the wonderful natural world they have been given as a home. Put in these familiar terms, climate change seems more like an issue worthy of careful consideration.

  • In the Arctic, carbon dioxide goes down where methane comes up

    Reports of methane bubbling up from the bottom of the East Siberian Sea may have induced some climate change anxiety. In recent years, plumes of methane bubbles rising up from what was once dry permafrost have been observed off the Siberian coast. But their context was unclear. Were they a brand-new greenhouse gas release driven by climate change or were the bubbles long-time fixtures?

    Work off the coast of Svalbard provided a welcome bit of relief. Examination of similar bubble plumes off Svalbard showed that they had been present (at some rate of bubbling) for thousands of years. While estimates of the amount of methane coming out of the East Siberian Sea were surprisingly large, measurements near Svalbard showed that the methane from deeper seafloor seeps gets trapped in the water column and consumed by bacteria before it can reach the atmosphere. That helped put the Siberian activity in some global context.

• Finance

  • America has become so anti-innovation – it’s economic suicide

    As the economist Mariana Mazzucato has shown, nearly every major innovation since the second world war has required a big push from the public sector, for an obvious reason: the public sector can afford to take risks that the private sector can’t.

• Censorship/Free Speech

  • Ending geoblocking in the EU: One step forward, two steps back

    I consider it unacceptable for the Parliament to further limit an already unambitious Commission proposal and I remain committed to pushing for an end to the discriminatory and outdated practice of geoblocking.

  • Lawsuit Claiming Fyre Festival Sent Cease & Desist Letters To Online Critics Doesn’t Show Any Actual Evidence

    If, somehow, you’ve avoided all the news about the Fyre Festival from the past few weeks… well… you’ve been missing out. There’s a ton of coverage basically everywhere, but what was promoted as an upscale music festival on a private island in the Bahamas, complete with private flights, luxury lodging, and fine dining… turned out to be… nothing. Despite having lots of rich and famous folks (especially Instagram stars) promoting the festival for months, it eventually appears that promoting and hyping was about all that was done for the festival, rather than actually organizing stuff. The festival was “canceled” but not before a bunch of people made their way to a not-so-private island in the Bahamas (Great Exumas) and discovered… that there was effectively nothing there. There was no music festival. The “lodging” was emergency relief structures. The “fine dining” was slices of bread and cheese with some lettuce. It’s been quite a story.

  • Story About Ex-Sony Pictures Boss Magically Disappears From Gawker; His Lawyer Tells Reporters Not To Talk About It

    Can people use a bankruptcy proceeding to create a “right to be forgotten”? We already know that Europe has implemented a form of a right to be forgotten that it’s now looking to expand. However, in the US, the First Amendment has protected us against such things — even if some politicians don’t realize it.

  • MySpace Tries To Play Dead To Avoid Lawsuits

    Yes, let’s get this out of the way already, so you don’t need to make this joke in the comments: as a social network, MySpace is considered pretty damn dead already. It lost its cool many, many years ago. And I do still love to point out this 2007 article suggesting that MySpace’s dominant position in the social networking market was almost impossible to crack (that didn’t age well). But that’s not what this post is about. You see, MySpace, still does exist — you can even visit it and double their traffic for the day. Even as the punchline in bad jokes, MySpace exists and (believe it or not) Time Inc. actually owns it, having bought the company, Viant, that owned it previously.

• Privacy/Surveillance

  • UK government’s draft spying powers get leaked online

    The UK government has drawn up details of its surveillance powers and put them out for a secretive consultation without letting the public know.

    The government wants to give itself the ability to monitor British people’s communications and force UK firms to include encryption backdoors in their products. Under the proposed Investigatory Powers (Technical Capability) Regulations 2017, telecoms providers must allow the government to simultaneously spy on one in 10,000 of their customers at any time.

    Telcos would also have to provide any information the government requests within one working day, and must notify Home Secretary Amber Rudd if there will be any changes to their service, including the development of new services – these will have to be built with the obligations and requirements of the technical capability notice in mind.

• Civil Rights/Policing

  • US will reportedly ban carry-on laptops on all flights from Europe

    The Department of Homeland Security (DHS) is said to be preparing to announce a ban on laptops in the cabins of all flights from Europe to the US.

  • An AI Will Decide Which Criminals in the UK Get Bail

    HART was trained on five years of data, including suspects’ offending history, gender, and postcode. It was let loose on actual cases in 2013, and researchers found HART’s predictions that a suspect was a low risk were accurate 98 percent of the time, while forecasts that they were high risk were accurate 88 percent of the time. However, there is no baseline data on the accuracy of human officers’ decisions to compare against.

  • Ruslan Sokolovsky Gets 3 Years In The Russian Clink For Playing Pokemon In A Church

    The better part of a year ago we discussed the story of atheist activist Ruslan Sokolovsky. Sokolovsky became something of the sequel story to the now infamous Pussy Riot debacle. Russian police detained Sokolovsky and put him on house arrest for the crime of playing Pokemon Go in a Russian church and uploading a mildly snarky video about it to YouTube. The Russian Orthodox Church was fully on board with his being detained, stating in true Christ-like fashion that the real crime was his not respecting the Church and being an atheist blogger.

  • Copenhagen imam accused of calling for killing of Jews

    Mundhir Abdallah was reported to police after being filmed citing in Arabic a hadith – a teaching of the Prophet Muhammad – considered anti-Semitic.

• Internet Policy/Net Neutrality

  • Cable lobby conducts survey, finds that Americans want net neutrality

    As US cable companies push to eliminate or change net neutrality rules, the industry’s primary lobby group today released the results of a survey that it says shows “strong bipartisan consensus that the government should let the Internet flourish without imposing burdensome regulations.”

    But proponents of keeping the current rules can find plenty to like in the survey conducted by NCTA—The Internet & Television Association. A strong majority of the 2,194 registered American voters in the survey support the current net neutrality rules that prohibit ISPs from blocking, throttling, or prioritizing online content in exchange for payment. While most opposed price regulation, a majority supported an approach in which regulators take action against ISPs on a case-by-case basis when consumers are harmed—the exact same approach the Federal Communications Commission uses under its existing net neutrality regime.

  • Sprint sues government over elimination of broadband price caps

    Sprint and Windstream sued the Federal Communications Commission this week over a decision that will help AT&T, Verizon, and CenturyLink charge higher prices for certain business Internet services.

    The FCC last month voted to eliminate price caps for the so-called Business Data Services (BDS) that are offered by incumbent phone companies throughout the country. The FCC decision to which Sprint and Windstream object only eliminated price caps in “competitive” markets, but it uses a standard that deems many local markets competitive even when there’s only one broadband provider.

• Intellectual Monopolies

  • Brussels Conference On Innovation, Research and Competition In EU

    An academic conference this month will explore issues related to innovation, research and competition in the European Union, addressing topics such as 5G, big data, patents and standards.

    On 29-30 May, the conference ‘Innovation, Research and Competition in the EU: The Future of Open and Collaborative Standard Setting’ will take place in Brussels, in the building of the Federation of Enterprises in Belgium. The conference is organised by the Liege Competition and Innovation Institute (LCII) and Tilburg Law and Economics Centre (TILEC).

  • Trademarks

    • Bethesda’s Pete Hines Shrugs His Shoulders About Trademark Dispute With No Matter Studios

      If any single aspect of common trademark disputes has become the thing that annoys me the most about them, it’s how often the canard from trademark bullies that they have to be bullies by order of trademark law is trotted out for public consumption. You can almost set your watch to it: trademark bully does trademark bullying, public backlash ensues, trademark bully falsely explains that if it doesn’t bully it loses its trademark rights, the public usually backs off. While it would be unreasonable to expect the general public to be up on the nuances of trademark law to the degree of someone who is paid to write about it, it’s not unreasonable to smack down attempts by those who know better but who actively attempt to misinform that same general public.

  • Copyrights

    • BBC announces password will be needed for iPlayer within weeks as part of TV licence crackdown

      ‘By matching email addresses we may be able to identify someone who has told us they don’t need a TV licence while at the same time having signed in and watched’