05.14.17

Gemini version available ♊︎

Links 14/5/2017: Linux 4.12 RC1 and KDE Frameworks 5.34.0

Posted in News Roundup at 1:11 pm by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

Free Software/Open Source

  • Insomnia Is Now Open Source

    Today, I’m happy to announce that the Insomnia desktop app is now open source software under the GPLv3 license! The source code is hosted on GitHub for your viewing pleasure.

  • Bookmarks for Nextcloud 0.10.0 released

    I am happy to announce the availability of Bookmarks for Nextcloud 0.10.0! Bookmarks is a simple way to manage the remarkable websites and pages you come across on the Internet. Bookmarks 0.10.0 provides API methods to create, read, update and delete your bookmarks as well as compatibility with upcoming Nextcloud 12, next to smaller improvements and fixes.

  • Coreboot Ported To Another Core 2 Era Motherboard: G41C-GS

    If you happen to have an ASRock G41C-GS still in use or tucked away in your closet, this older motherboard for Intel Core 2 CPUs now has support for Coreboot to free the proprietary BIOS of the motherboard. Or if you don’t but still have other parts available, this motherboard is still available from a few online shops.

  • Events

  • Web Browsers

    • Mozilla

      • Firefox 57: new Photon design screenshots

        The following article gives you a glimpse of the upcoming Photon design of the Firefox web browser which will come out later this year.

        Mozilla plans to make Firefox 57 a milestone release. It is the version of Firefox in which the cut is made that leaves legacy add-ons behind, and also the Firefox version that will feature a design update.

        This design update is called Photon, and we talked about this previously already here on Ghacks Technology News.

      • Firefox vs Chrome & Other Browsers

        Not too many years ago, Firefox was king of the jungle. Sadly, this is no longer the case. Is Chrome the browser to beat in 2017 on the Linux desktop? Can Firefox or other alternatives possibly make a dent in Chrome’s reign? I examine this matter closely.

      • Firefox vs Chrome & Other Browsers | Feedback Hangouts Video
  • Databases

  • OnlyOffice/LibreOffice

  • BSD

    • pfSense 2.5 and AES-NI

      We’re starting the process toward pfSense software release 2.3.4. pfSense software release 2.4 is close as well, and will bring a number of improvements: UEFI, translations to at least five lanuguages, ZFS, FreeBSD 11 base, new login page, OpenVPN 2.4 and more. pfSense version 2.4 requires a 64-bit Intel or AMD CPU, and nanobsd images are no longer a part of pfSense as of version 2.4.

  • FSF/FSFE/GNU/SFLC

  • Licensing/Legal

    • Machine learning for lawyers

      Machine learning is a technique that has taken the computing world by storm over the last few years. As Luis Villa discussed in his 2017 Free Software Legal and Licensing Workshop (LLW) talk, there are legal implications that need to be considered, especially with regard to the data sets that are used by machine-learning systems. The talk, which was not under the Chatham House Rule default for the workshop, also provided a simplified introduction to machine learning geared toward a legal audience.

  • Openness/Sharing/Collaboration

    • Open Hardware/Modding

      • Hackaday Prize Entry: Open Source Electrospinning

        Electrospinning is the process of dispensing a polymer solution from a nozzle, then applying a very high voltage potential between the nozzle and a collector screen. The result is a very, very fine fiber that is stretched and elongated down to nanometers. Why would anyone want this? These fibers make great filters because of their large surface area. Electrospinning has been cited as an enabling technology for the future of textiles. The reality, though, is that no one really knows how electrospinning is going to become a standard industrial process because it’s so rare. Not many labs are researching electrospinning, to say nothing of industry.

  • Programming/Development

    • Oracle crushed in defeat as Java world votes ‘No’ to modular overhaul

      The database goliath has lost a Java Community public-review ballot by 13 to 10 that was to have approved its Java Platform Module System (JPMS) specification as a final draft. Executive Committee members ignored dire warnings from Oracle spec lead Mark Reinhold in an open letter where he claimed that a “no” vote would not only delay Java 9 but also be a “vote against the Java Community Process itself”.

      The JSR, number 376, needed a two-thirds majority to pass.

      In that bluntly worded letter, Oracle’s Java platform chief also chastised IBM and Red Hat for suggesting that they might vote against JPMS.

Leftovers

  • Science

    • Toddlers’ screen time linked to speech delays and lost sleep, but questions remain

      It turns out that about 1 in 5 of the toddlers used handheld screens, and those kids had an average daily usage of about a half hour. Handheld screen time was associated with potential delays in expressive language, the team found. For every half hour of mobile media use, a child’s risk of language delay increased by about 50 percent.

  • Health/Nutrition

  • Security

    • Major cyber attack hits companies, hospitals, schools worldwide

      Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

    • Massive cyberattack hits several hospitals across England
    • Rejection Letter

      We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation’s infrastructure, in case they’ll come in handy againt some hypothetical future enemy. (I’m sorry, but this just won’t wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of “Zero Day”.)

    • SambaXP 2017: John Hixson’s Reflection

      The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.

    • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
    • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

      Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

    • Current wave of ransomware not written by ordinary criminals, but by the NSA

      The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.

    • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By “Accidental Hero”

      A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).

    • DDOS attacks in Q1 2017

      In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

      The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.

    • Applied Physical Attacks and Hardware Pentesting

      This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.

    • Intel’s zero-day problem
    • Reverse-engineering the Intel Management Engine’s ROMP module

      Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work.

      First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me.

    • Intel AMT on wireless networks

      More details about Intel’s AMT vulnerablity have been released – it’s about the worst case scenario, in that it’s a total authentication bypass that appears to exist independent of whether the AMT is being used in Small Business or Enterprise modes (more background in my previous post here). One thing I claimed was that even though this was pretty bad it probably wasn’t super bad, since Shodan indicated that there were only a small number of thousand machines on the public internet and accessible via AMT. Most deployments were probably behind corporate firewalls, which meant that it was plausibly a vector for spreading within a company but probably wasn’t a likely initial vector.

      [...]

      Case 2 is the scary one. If you have a laptop that supports AMT, and if AMT has been provisioned, and if AMT has had wireless support turned on, and if you’re running Windows, then connecting your laptop to a public wireless network means that AMT is accessible to anyone else on that network[1]. If it hasn’t received a firmware update, they’ll be able to do so without needing any valid credentials.

    • Intel declared war on general purpose computing and lost, so now all our computers are broken

      It’s been a year since we warned that Intel’s Management Engine — a separate computer within your own computer, intended to verify and supervise the main system — presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next?

      For the past week, the IT press has been full of news about the AMT module in the Management Engine making millions of systems vulnerable to local and remote attacks, with a firmware update to disable the module as the only really comprehensive solution. But AMT is only one of the many components of ME, and every one of them could have a vulnerability as grave as this one — and Intel is not offering any way to turn off ME altogether, meaning that there’s a lot of this in our future.

      ME is a brilliant example of why declaring war on general-purpose computing is a terrible idea. There are lots of reasons to want a computer that can only run some programs (instead of every program): preventing poisoned operating systems and other malware, preventing game cheating, enforcing copyright restrictions (DRM), etc… Every one of them is presented as a use-case for ME.

    • OSS-Fuzz: Five months later, and rewarding projects
    • USN-3285-1: LightDM vulnerability
    • generic kde LPE
    • QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)
    • Europe is living under Microsoft’s digital killswitch

      All across Europe, from Finland to Portugal, Ireland to Greece, governments rely on Microsoft software. As their digital systems grow in size and importance, countries are becoming increasingly dependent on this single American corporation. But what consequences does this “lock-in” have? What risks does it pose for the security of European data? And what can governments do to counter it?

      It’s estimated that Microsoft makes around two billion euros in Europe every year, just from its business with the public sector. In 2012 the European Commission released a report that stated that 1.1 billion euros were unnecessarily lost by the European public sector due to being locked-in in business with IT system providers.

  • Defence/Aggression

  • Finance

    • Kevin McKenna: Giving huge IT deal to foreign firm is a betrayal of Scotland [Ed: Microsoft...]

      CGI was at the centre of the massive IT catastrophe which left around 20,000 farmers without their farm subsidy payments, driving many to the edge of ruin. Audit Scotland, which produced a report into the shambles, warned that the incomplete £178m system, designed to process common agricultural policy payments of £688m a year, was at risk of running out of money before it had met the European Commission deadline.

    • The Windows Store is looking a lot like the future of Windows

      Oh, and there are some big benefits for Microsoft if it can pull this off, too, given that the company gets a nice 30 percent cut of app purchases.

  • AstroTurf/Lobbying/Politics

  • Censorship/Free Speech

  • Privacy/Surveillance

    • This Is the Secret Court Order That Forced the NSA to Delete the Data It Collected About You

      A newly released court opinion from the secretive Foreign Intelligence Surveillance Court (FISC) shows that for years the NSA improperly and perhaps illegally surveilled Americans. The court order triggered the surprise announcement two weeks ago that the agency would be severely scaling back its domestic surveillance and destroying previously collected data on Americans.

    • Their View: NSA stops one abuse, but many remain

      The National Security Agency has decided to halt a controversial surveillance program, but this was just the tip of an iceberg of government abuses of privacy and due process.

    • Report: NSA Analysts Frequently Broke Rules on Intelligence Collection

      When searching intelligence data, analysts from the National Security Agency failed to follow the rules “with much greater frequency” than was previously disclosed, documents published by the Office of the Director of National Intelligence show.

      The secretive Foreign Intelligence Surveillance Court accused the NSA of a “lack of candor” when reporting those failures, which are a serious concern for the Fourth Amendment.

      During a preliminary review of just a few months in 2015, analysts running searches on emails and other digital communications vacuumed up from undersea internet cables frequently violated Americans’ privacy—albeit unintentionally.

    • Met Police use of Indian hackers probed by watchdog

      Undercover counter-extremism officers used hackers in India to access the emails of journalists and environmental activists, it has been claimed.

    • How to escape the online spies [iophk: "block Facebook at the firewall"]

      And that’s just the start of it. Experts warn that, in the future, your online activity could be taken into consideration when you apply for a loan – or for a job.

    • Young children unconcerned about digital tracking by strangers [iophk: "*cough*facebook*cough*"]

      In contrast, the children did not express such negativity, overall. The youngest children (4-7 years) were positive about someone tracking others’ possessions. In fact, children were more negative about someone merely placing a mobile GPS device on an object and not tracking it than about someone placing the device in order to track the object, Gelman said.

    • NHS cyber attack: Edward Snowden says NSA should have prevented cyber attack

      Edward Snowden has blamed the National Security Council for not preventing a cyber attack which infiltrated the computer systems of organisations in 74 countries around the world.

      In a tweet, the National Security Council (NSA) whistleblower said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.”

  • Civil Rights/Policing

    • [Old] Raif Badawi

      First detained on apostasy charges in 2008, Mr. Badawi was released after a day of questioning. He was arrested on June 17, 2012, on a charge of insulting Islam through electronic channels and brought to court on several charges including apostasy, a conviction which carries an automatic death sentence. Human Rights Watch stated that Badawi’s website had hosted material criticizing “senior religious figures.” Mr. Badawi had also suggested that Imam Muhammad ibn Saud Islamic University had become “a den for terrorists.”

    • ‘We’ll not be safe with Indonesia,’ says West Papua’s Benny Wenda

      In its rush to claim former Dutch colonies in the Asia-Pacific region following West Papua’s self-declared independence from the Netherlands in late 1961, Indonesia has subjected West Papua to continued human rights violations.

      [...]

      With foreign media all but denied access to West Papua – despite apparent lifting of restrictions by President Joko Widodo in 2015 – much of Indonesia’s atrocities remain secret, hidden.

    • How one obscure court case could decide the future of internet business

      In August, the U.S. Court of Appeals for the 9th Circuit dealt the Federal Trade Commission a major blow by calling into question one of the consumer protection agency’s most important powers. The court said the FTC should be banned from regulating a company if even a small part of that firm’s business is regulated by the Federal Communications Commission as a telecom service, otherwise known as a “common carrier.”

  • DRM

    • Anti-DRM artists march on the World Wide Web Consortium today

      Today, activists will gather in Cambridge, Mass to march to the offices of W3C Director Tim Berners-Lee to urge him to keep DRM out of the standards for the open web.

      The controversial project to standardize DRM for streaming video on the web started in 2013 and culminated last month with a poll by W3C members whose results are confidential (though the W3C has chosen to publish the outcomes of previous polls and may yet do so for this one).

      Many of the members who voted in that poll endorsed a compromise advanced by the EFF: to go ahead with DRM, but only if members sign an amendment to the current membership agreement, promising not to use DRM laws to attack people engaged in legitimate activity like adapting the standard for people with disabilities, investigating security and privacy defects, and adding lawful features to video tools.

  • Intellectual Monopolies

    • Copyrights

      • The rise of copyright trolls

        At the 2017 Free Software Legal and Licensing Workshop (LLW), which was held April 26-28 in Barcelona, Spain, more information about the GPL enforcement efforts by Patrick McHardy emerged. The workshop is organized by the Free Software Foundation Europe (FSFE) and its legal network. A panel discussion on the final day of the workshop discussed McHardy’s methodology and outlined why those efforts are actually far from the worst-case scenario of a copyright troll. While the Q&A portion of the discussion was under Chatham House Rule (which was the default for the workshop), the discussion between the three participants was not—it provided much more detail about McHardy’s efforts, and copyright trolling in general, than has been previously available publicly.

      • ISP Bombarded With 82,000+ Demands to Reveal Alleged Pirates

        Scandinavian telecoms operator Telia has revealed how rightsholders are bombarding the company with demands to identify alleged pirates. During the past year alone, Telia has been ordered to hand over personal details relating to more than 82,000 IP addresses, a large proportion of which will go to known copyright trolls.

      • How Amanda Palmer gave the music industry the finger with crowdfunding

        “I’ve had to continually re-educate myself that this isn’t about selling music. It’s about making music.”

      • Anglophiles: Hang up your VPN; iPlayer isn’t for you anymore

        BBC collects IP address, location, e-mail address in fight against online cheats.

      • Texas Court Orders Temporary ‘Pre-Piracy’ Shutdown of Sports Streaming Sites

        A Federal Court in Texas has issued a broad preliminary injunction ordering several Internet services to disconnect a list of pirate sports streaming domains. While domain name seizures are not an entirely new phenomenon in the US, this order targets “anticipated” infringements and only applies temporarily. It ends after the Indian Premier League cricket tournament.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Maintenance and Development Updates

    We've been doing a lot of work on the back end (or operations) of Techrights, more so this past month, and we're almost ready to resume the normal publication pace



  2. [Meme] Microsoft Says Its Paying Clients (Like EPO) Don't Violate Privacy Law

    The ever-so-docile EPO will gladly oblige when companies like Microsoft lie about the legality of their industrial espionage operations, masked as “clown” computing (and other buzzwords)



  3. Coming Soon: EPO Series on Lawlessness

    Some time soon we’ll start an important series about the EPO, seeing that the management of the EPO is panicking and trying to put out the fire created by prior ones (more on that shortly)



  4. Links 19/9/2021: Jolla's Sailfish OS 4.2 and FreeBSD Technology Roadmap

    Links for the day



  5. IRC Proceedings: Saturday, September 18, 2021

    IRC logs for Saturday, September 18, 2021



  6. Links 18/9/2021: LibreOffice 8.0 Plans and Microsoftcosm Uses WSL to Badmouth 'Linux'

    Links for the day



  7. Links 18/9/2021: GIMP 2.10.28 Released and Azure Remains Back Doored

    Links for the day



  8. IRC Proceedings: Friday, September 17, 2021

    IRC logs for Friday, September 17, 2021



  9. Links 17/9/2021: Ubuntu 18.04.6 LTS, Manjaro 21.1.3, “2021 is the Year of Linux on the Desktop”

    Links for the day



  10. Links 17/9/2021: WSL Considered Harmful

    Links for the day



  11. [Meme] Microsoft Loves Linux Bug/Back Doors

    Microsoft is just cementing its status as little but an NSA stooge



  12. Lagrange Makes It Easier for Anybody to Use Gemini and Even Edit Pages (With GUI)

    Gemini protocol and/or Gemini space are easy for anyone to get started with or fully involved in (writing and creating, not just reading); today we take a look at the new version of Lagrange (it was first introduced here back in March and covered again in April), which I installed earlier today because it contains a lot of improvements, including the installation process (now it’s just a click-to-run AppImage)



  13. IBM is Imploding But It Uses Microsoft-Type Methods to Hide the Demise (Splits, Buybacks, and Rebranding Stunts)

    A combination of brain drain (exodus) and layoffs (a lack of budget combined with inability to retain talent or attract the necessary staff with sufficiently competitive salaries) dooms IBM; but the media won't be mentioning it, partly because a lot of it is still directly sponsored by IBM



  14. IRC Proceedings: Thursday, September 16, 2021

    IRC logs for Thursday, September 16, 2021



  15. [Meme] 70 Days of Non-Compliance

    António Campinos would rather fall on his sword than correct the errors or work to undo the damage caused by Team Battistelli, which is still at the EPO



  16. EPO “Board 28” Meeting: Imaginary Dialogue Between EPO President Campinos and the Chair of the Administrative Council, Josef Kratochvíl

    The EPO‘s chaotic state, which persists after Benoît Battistelli‘s departure, is a state of lawlessness and cover-up



  17. Links 16/9/2021: Linux Mint Has New Web Site, LibreOffice 7.2.1, KDE Plasma 5.23 Beta, and Sailfish OS Verla

    Links for the day



  18. If Git Can be Done Over the Command Line and E-mail, It Can Also be Done Over Gemini (Instead of Bloated Web Browsers)

    In order to keep Git lean and mean whilst at the same time enabling mouse (mousing and clicking) navigation we encourage people everywhere to explore gemini://



  19. Techrights Examines a Wide Array/Range of Gemini Clients/Browsers

    After spending many months examining an array of different types of software for Gemini (including but not limited to clients/browsers) we take stock of what exists, what's supported (it varies a bit), and which one might be suitable for use by geeks and non-geeks



  20. Links 16/9/2021: KStars 3.5.5 and Chafa 1.8

    Links for the day



  21. Trusting Microsoft With Security is a Clown Show

    A quick and spontaneous video about this morning's post regarding a major new revelation that reaffirms a longstanding trend; Microsoft conflates national security (back doors) with security



  22. IRC Proceedings: Wednesday, September 15, 2021

    IRC logs for Wednesday, September 15, 2021



  23. Microsoft Azure and Back/Bug Doors in GNU/Linux: Fool Me Once (Shame on You) / Fool Me Twice (Shame on Me)

    "Fool me once, shame on you; fool me twice, shame on me," goes the old saying...



  24. Deleted Post: “LibreOffice is Becoming Dominated by a Bunch of Corporates, and Has no Place for the Enthusiastic Amateur.”

    Chris Sherlock, an insider of LibreOffice, cautions about the direction of this very important and widely used project



  25. Links 16/9/2021: Unifont 14.0.01, LibreOffice on ODF 1.3, Mozilla Pushing Ads (Sponsored 'Firefox Suggest'), and Microsoft Pushes Proprietary Direct3D via Mesa

    Links for the day



  26. Links 15/9/2021: Another Azure Catastrophe and Darktable 3.6.1

    Links for the day



  27. Open Invention Network (OIN) Recognises a Risk Posed to Cryptocurrencies (Danger From Software Patents), But OIN Still Proposes the Wrong Solutions

    Square is joining OIN, but it's another example of banking/financial institutions choosing to coexist with software patents instead of putting an end to them



  28. IRC Proceedings: Tuesday, September 14, 2021

    IRC logs for Tuesday, September 14, 2021



  29. (Super)Free Software As a Right – The Manifesto

    "Software text has long been recognized as “speech”, and is covered under the very same copyright laws as conventional printed matter."



  30. Links 15/9/2021: Java 17 / JDK 17 Released and ExpressVPN Sold

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts