Bonum Certa Men Certa

Links 23/7/2017: Wine 2.13, Krita 3.2.0 Second Beta, KDE Applications 17.08 Beta, GNOME 3.25.4, Debian 9.1 and 8.9





GNOME bluefish

Contents





GNU/Linux



Free Software/Open Source



  • 5 open source tools for developing IoT applications
    The internet of things is growing at a staggeringly fast pace, and is quickly coming to revolutionize virtually every aspect of modern life. Aspiring developers hoping to hop on board and profit off the growing phenomenon are constantly looking for the right tools to use. So what are the open source tools best suited for working with the IoT, and where can developers find them?

    A plethora of open source tools lay at the disposal of any would-be developer eager and wise enough to use them. By utilizing these five, you’ll find yourself tackling challenges and developing successful applications in no time.


  • FossHub Forced to Pull Google Ads From qBitTorrent Downloads

    FossHub, a download site that hosts free and open-source software, has pulled Google advertising from the whole of its file-sharing software section. The difficult decision was taken after Google persistently flagged the download page of the popular qBitTorrent client as "unauthorized file sharing" and went on to ban the entire FossHub site.



  • Lucasfilm goes open source, DIY lab equipment, and more news


  • Assume Good Faith


    A recent exchange on a user forum caught my eye, one that’s typical of many user interactions with open source communities. Someone with a technical question had apparently had the answer they needed and to help others in the same situation had posted a summary of the resolution, complete with sample code. When they came back later, the summary was gone.

    I’ve no idea why this happened. It may have been a system issue, or an administrative error, or the user himself may have accidentally deleted it without realising. It’s even remotely possible an intentionally malicious act took place. Without more information there is no way to know. For the self-aware mind, responding to this situation is a matter of choice.

    So how did the user in question respond? Well, he decided the only possible explanation was malicious deletion. He posted an angry demand that his account be deleted and assumed more malice when this was “ignored” (after 3 days, including a weekend, having posted the demand at the end of a comment in a user forum…)


  • ProtonMail reassures us that its Android app will be open sourced
    It looks as though the secure email provider, ProtonMail, will open source its Android app in the future at least according to their Twitter account. Reaching out to ProtonMail, we asked whether they would open source their Android app and even work with the maintainers of F-Droid to get the client on the FOSS app store.


  • Scality Launches Zenko, Open Source Software To Assure Data Control In A Multi-Cloud World
    Scality, a leader in object and cloud storage, announced the open source launch of its Scality Zenko, a Multi-Cloud Data Controller. The new solution is free to use and embed into developer applications, opening a new world of multi-cloud storage for developers.


  • Web Browsers



    • Chrome



    • Mozilla



      • Firefox’s Accessibility Preferences
        Cursor browsing and search while you type, are still available under the Browsing section, as these options offer convenience for everybody, regardless of disability. Users should now be able to find an option under an appropriate feature section, or search for it in the far upper corner. This is a positive trend, that I hope will continue as we imagine our users more broadly with a diverse set of use-cases, that include, but are not exclusive to disability.






  • Oracle/Java/LibreOffice



  • Pseudo-Open Source (Openwashing)



  • Openness/Sharing/Collaboration



  • Programming/Development



    • Q. What's today's top language? A. Python... no, wait, Java... no, C
      Among developers, Python is the most popular programming language, followed by C, Java, C++, and JavaScript; among employers, Java is the most sought after, followed by C, Python, C++, and JavaScript.

      Or so says the 2017 IEEE Spectrum ranking, published this week.

      IEEE Spectrum, a publication of the The Institute of Electrical and Electronics Engineers, a technical advocacy organization, says it evaluated 12 metrics from 10 sources to arrive at this conclusion.


    • Benchmarks Of PHP 7.2 Beta: PHP Is Still Getting Faster
      PHP 7.2 Beta 1 was released yesterday as the next step towards this next refinement to PHP7 that is expected to be officially released in November. I couldn't help but to run some initial benchmarks.

      PHP 7.2 Beta 1 presents the Sodium extension for modern and easy-to-use cryptography, opcache improvements, better JSON decoding of invalid UTF-8 data, and many bug fixes among other improvements since PHP 7.1. The latest release and more details can be found via PHP.net.






Leftovers



  • Security



    • Apollo Server 1.0, GitHub’s Internet Bug Bounty donation, and the Google Cloud Platform — SD Times news digest: July 21, 2017
    • Facebook, GitHub, and the Ford Foundation donate $300,000 to bug bounty program for internet infrastructure


    • Internet Bug Bounty Receives New Funding to Expand Internet Safety Program


    • Internet Bug Bounty Raises New Funding to Improve Open-Source Security
      The Internet Bug Bounty (IBB) has raised new funding, in an effort to help reward and encourage security researchers to responsibly disclose vulnerabilities in open-source software. The IBB is backed by Facebook, the Ford Foundation and GitHub, who are now donating a total of $300,000 to help secure the internet with an open-source bug bounty program.

      The IBB was started back in 2013 with the help of bug bounty platform provider HackerOne, which still helps to operate the platform.


    • [Older] GHOSTHOOK ATTACK BYPASSES WINDOWS 10 PATCHGUARD
      A bypass of PatchGuard kernel protection in Windows 10 has been developed that brings rootkits for the latest version of the OS within reach of attackers.

      Since the introduction of PatchGuard and DeviceGuard, very few 64-bit Windows rootkits have been observed; Windows 10’s security, in particular its mitigations against memory-based attacks, are well regarded. Researchers at CyberArk, however, found a way around PatchGuard through a relatively new feature in Intel processors called Processor Trace (Intel PT).


    • [Slackware] OpenJDK 8 security round-up for July ’17
      Sooner than I anticipated, there is an update for OpenJDK 8. Andrew Hughes (aka GNU/Andrew) announced the release of IcedTea 3.5.0. The new icedtea framework compiles OpenJDK 8 Update 141 Build 15 (8u141_b15). This release includes the official July 2017 security fixes.


    • ROI (Not Security) the Most Immediate IoT Challenge


      According to Defining IoT Business Models, a new report from Canonical, the software company behind the Ubuntu Linux distribution, device security and privacy (45 percent) falls behind quantifying the return of investment (ROI) of their IoT projects (53 percent) as an immediate challenge. Canonical drew its conclusions from a survey of 361 IoT professionals conducted by IoTNow on behalf of the company.


    • Apply the STIG to even more operating systems with ansible-hardening
      Tons of improvements made their way into the ansible-hardening role in preparation for the OpenStack Pike release next month. The role has a new name, new documentation and extra tests.

      The role uses the Security Technical Implementation Guide (STIG) produced by the Defense Information Systems Agency (DISA) and applies the guidelines to Linux hosts using Ansible. Every control is configurable via simple Ansible variables and each control is thoroughly documented.


    • Open Source Flaw 'Devil's Ivy' Puts Millions of IoT Devices at Risk
      Millions of IoT devices are vulnerable to cybersecurity attacks due to a vulnerability initially discovered in remote security cameras, Senrio reported this week.


    • SECURITY FOR THE SECURITY GODS! SANDBOXING FOR THE SANDBOXING THRONE
      Last year, probably as a distraction from doing anything else, or maybe because I was asked, I started reviewing bugs filed as a result of automated flaw discovery tools (from Coverity to UBSan via fuzzers) being run on gdk-pixbuf.

      Apart from the security implications of a good number of those problems, there was also the annoyance of having a busted image file bring down your file manager, your desktop, or even an app that opened a file chooser either because it was broken, or because the image loader for that format didn't check for the sanity of memory allocations.


    • Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law [Ed: Microsoft should make a start by stopping the addition of back doors to all its software]

      The idea of the lawsuit, which was filed in August 2016, is to use various federal laws—including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and American trademark law—as a way to seize command-and-control domain names used by the group, which goes by various monikers, including APT28 and Strontium. Many of the domain names used by Fancy Bear contain Microsoft trademarks, like microsoftinfo365.com and hundreds of others.



    • Putin’s Hackers {sic} Now Under Attack—From Microsoft

      Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. The company’s approach is indirect, but effective. Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like “livemicrosoft[.]net” or “rsshotmail[.]com” that Fancy Bear registers under aliases for about $10 each. Once under Microsoft’s control, the domains get redirected from Russia’s servers to the company’s, cutting off the hackers {sic} from their victims, and giving Microsoft a omniscient view of that servers’ network of automated spies.



    • NHS Trusts are spending €£158,000 a day on new PCs

      NHS TRUSTS are splashing €£158,000 per day on new PCs and laptops at an average cost of €£678 per device, a Freedom of Information (FoI) request has revealed.



    • Twistlock 2.1 Container Security Suite Released
      Twistlock announced the general availability of version 2.1 of their container security product. Highlights of the release include an integrated firewall that understands application traffic, vulnerability detection, secrets management via integration with third party tools, and compliance alerting and enforcement.


    • Security and privacy are the same thing
      It got me thinking about security and privacy. There's not really a difference between the two. They are two faces of the same coin but why isn't always obvious in today's information universe. If a site like Facebook or Google knows everything about you it doesn't mean you don't care about privacy, it means you're putting your trust in those sites. The same sort of trust that makes passwords private.

      The first thing we need to grasp is what I'm going to call a trust boundary. I trust you understand trust already (har har har). But a trust boundary is less obvious sometimes. A security (or privacy) incident happens when there is a breach of the trust boundary. Let's just dive into some examples to better understand this.


  • Defence/Aggression



    • Why We Published the Name of a Covert C.I.A. Official


      In this case, editors decided to publish the name because Mr. D’Andrea is a senior official who runs operations from the agency’s headquarters outside Washington, not in the field. He is also the architect of the C.I.A.’s program to use drones to kill high-ranking militants, one of the government’s most significant paramilitary programs. We believe that the American public has a right to know who is making life-or-death decisions in its name.

      It was also not the first time that Mr. D’Andrea’s name has been mentioned in our newspaper. After his identity was disclosed in a 2015 article, The Times’s executive editor, Dean Baquet, discussed the rationale in an interview with Lawfare, a website that covers national security law, and gave more insight into editors’ decision-making.




  • Environment/Energy/Wildlife/Nature



    • Paying people to preserve forests really seems to work
      We’re trashing the world not because it’s fun, but because it pays to do so. People respond to financial incentives. So, how do you provide an incentive to stop trashing the world? One idea is to use cold, hard cash. If people earn more by not trashing, the thinking goes, the incentive flips: it suddenly pays to conserve. Based on this idea, a trial program in Uganda paid landowners to preserve the forest on their land and tracked the results.

      It turned out not to be so simple—people don’t always neatly do what they’re supposed to. What if these landowners were already concerned about deforestation and were already preserving their land? You’ve just forked out quite a bit to pay for something that was already going to happen. Or what if they just cut down trees elsewhere instead? Figuring out whether the benefits of the program are worth the cost requires collecting a lot of data.

      A paper in Science this week reports on the results, which are encouraging: deforestation slowed to about half the previous rate, and it looks as though people didn’t just shift their forest clearing elsewhere. The program benefits seem to have outweighed the costs, whichever way you slice it. In other words, money provides a great incentive to preserve habitats, which is great news for climate change efforts.


    • German energy company wants to build flow batteries in old natural gas caverns
      The technology that the project is based on should be familiar to Ars readers. Two years ago, Ars wrote about an academic paper published in Nature that described “a recipe for an affordable, safe, and scalable flow battery.” German researchers had developed better components for a large, stationary battery that used negatively and positively charged liquid electrolyte pools to exchange electrons through a reasonably priced membrane. These so-called “flow batteries” are particularly interesting for grid use—they have low energy-density, so they don’t work for portable energy storage. But as receptacles for utility-scale electricity storage, their capacity is limited only by the amount of space you have.






  • Finance



    • Understanding Bitcoin's Scaling Debate: Politics Comes First


      Software programmers are usually collegial and collaborative, but parts of the bitcoin developer community are currently displaying the kind of acrimony familiar to political capitols like Washington, D.C.

      Understanding the nature of the scaling debate then might help the bitcoin community better iterate on the protocol and software in the future. But, what's behind the strife when amendments to bitcoin's rules – or stasis – become so controversial? What unrecognized dimensions of the debate allowed it to become so divisive and debased?


    • Corbyn ally warns Labour leadership over party’s Brexit stance
      A key ally of Jeremy Corbyn has warned the Labour leadership not to take the party’s new wave of voters for granted over Brexit.

      Clive Lewis, the former shadow business secretary who was one of the first MPs to back Corbyn to be leader of the Labour Party in 2015, told POLITICO his party could lose support if it is seen to be “too closely aligned to a policy which will see us coming crashing out of Europe.”

      The Norwich South MP, who resigned his position on the Labour front bench in February over Corbyn’s three-line whip on backing the triggering of Article 50, said it would become “more urgent” for Labour to develop “clear positions” and “red lines” on the detail of Brexit negotiations.





  • AstroTurf/Lobbying/Politics



    • John McCain has brain cancer, his office says
      Veteran US Republican Senator John McCain has been diagnosed with brain cancer and is reviewing treatment options, according to his office.

      The options may include chemotherapy and radiation, his doctors said. The 80-year-old politician is in "good spirits" recovering at home.


    • The media's war on Trump is destined to fail. Why can't it see that?
      The people of the respectable east coast press loathe the president with an amazing unanimity. They are obsessed with documenting his bad taste, with finding faults in his stupid tweets, with nailing him and his associates for this Russian scandal and that one. They outwit the simple-minded billionaire. They find the devastating scoops. The op-ed pages come to resemble Democratic fundraising pitches. The news sections are all Trump all the time. They have gone ballistic so many times the public now yawns when it sees their rockets lifting off.

      A recent Alternet article I read was composed of nothing but mean quotes about Trump, some of them literary and high-flown, some of them low-down and cruel, most of them drawn from the mainstream media and all of them hilarious. As I write this, four of the five most-read stories on the Washington Post website are about Trump; indeed (if memory serves), he has dominated this particular metric for at least a year.

      And why not? Trump certainly has it coming. He is obviously incompetent, innocent of the most basic knowledge about how government functions. His views are repugnant. His advisers are fools. He appears to be dallying with obviously dangerous forces. And thanks to the wipeout of the Democratic party, there is no really powerful institutional check on the president’s power, which means that the press must step up.


    • Making fun of Trump – thanks France
      I mean, it is easy to make fun of Trump, he is just too stupid and incapable and uneducated. But what the French president Emmanuel Macron did on Bastille Day, in presence of the usual Trumpies, was just above the usual level of making fun of Trump. The French made Trump watch a French band playing a medley of Daft Punk. And as we know – Trump seemed to be very unimpressed, most probably because he doesn’t have a clue.




  • Censorship/Free Speech



  • Privacy/Surveillance



    • NSA Chief Mike Rogers Is Not Here for Trump and Putin's "Impenetrable Cyber Security Unit"
      Earlier this month, Trump was relentlessly mocked by pretty much everyone for tweeting he and Russian president Vladimir Putin had discussed forming an “impenetrable Cyber Security unit” to prevent “election hacking, & many other negative things.” The blowback to his ridiculous proposal was so intense it achieved that rarest of Trump self-owns: A tweet walking back his prior tweet.
    • In midst of Russia probe, NSA chief vows: 'I will not violate' my oath to Americans
      In unusually passionate and stark terms, the head of the nation’s top spy agency made clear on Saturday in Colorado that he will stand up to anyone -- even the president of the United States -- who asks him to use the U.S. intelligence community as a political prop.


    • NSA chief on Russia-U.S. cyber unit - Now is 'not the best time'
      National Security Agency Director Mike Rogers on Saturday rebuffed the prospect for a U.S.-Russia cyber unit, a proposal which has been greeted with incredulity by several senior U.S. lawmakers and which President Donald Trump himself appeared to back down from after initially indicating interest.




  • Civil Rights/Policing



    • Court Rejects Cell Site RF Signal Map In Murder Trial Because It's Evidence Of Nothing
      The Maryland Court of Special Appeals has handed down a ruling [PDF] on quasi-cell site location info. The evidence offered by the state isn't being so much suppressed as it is being rejected. The information wasn't obtained illegally and no rights were violated. Rather, the court finds the evidence to be questionable, as in "evidence of what, exactly?" [via EvidenceProf Blog]

      The defendant in the case is charged with murder. Bashunn Phillips filed a motion to exclude the evidence, which was granted by the lower court. The state appealed. But there's nothing in it for the state.


    • Family of dead AlphaBay suspect says he was a “good boy”
      "We always thought his wealth was because of his investments in cryptocurrency and not with a dark market," she said. "And we don’t understand how he could be how the FBI describes him; it’s totally not the personality of Alexandre Cazes!"


    • You still cannot vape on US inbound, outbound flights
      A divided federal appeals court is upholding a President Barack Obama-era regulation that barred e-cigarette smoking—also known as vaping—on both inbound and outbound US flights.

      The US Department of Transportation officially banned electronic cigarettes on flights in March of 2016 to clear up any confusion as to whether they were also outlawed like traditional tobacco cigarettes.




  • Internet Policy/Net Neutrality



    • Senator blasts FCC for refusing to provide DDoS analysis
      US Senator Ron Wyden (D-Ore.) criticized the Federal Communications Commission for failing to turn over its internal analysis of the DDoS attacks that hit the FCC's public comment system.

      The FCC declined to provide its analysis of the attacks to Gizmodo, which had filed a Freedom of Information Act (FoIA) request for a copy of all records related to the FCC analysis "that concluded a DDoS attack had taken place." The FCC declined the request, saying that its initial analysis on the day of the attack "did not result in written documentation."



    • Verizon accused of throttling Netflix and YouTube, admits to “video optimization”
      Verizon Wireless customers this week noticed that Netflix's speed test tool appears to be capped at 10Mbps, raising fears that the carrier is throttling video streaming on its mobile network.

      When contacted by Ars this morning, Verizon acknowledged using a new video optimization system but said it is part of a temporary test and that it did not affect the actual quality of video. The video optimization appears to apply both to unlimited and limited mobile plans.

      But some YouTube users are reporting degraded video, saying that using a VPN service can bypass the Verizon throttling. The Federal Communications Commission generally allows mobile carriers to limit video quality as long as the limitations are imposed equally across different video services despite net neutrality rules that outlaw throttling. The net neutrality rules have exceptions for network management.




  • Intellectual Monopolies



    • Trademarks



      • MLB Mulls Over Opposing Trademark For New Overwatch League Logo


        It's no secret that Major League Baseball has proven themselves to be happy bullies regarding its trademarks. Between thinking it owns the letter 'W', forgetting that fair use exists, and its decision to bully amateur baseball leagues, the legal staff for MLB has shown that they can produce some really head-scratching moments.


      • Olive Garden Asks Olive Garden Reviewer Not To Refer To Olive Garden Due To Trademarks
        At some point, even the dimmest of lawyers will understand that parody and fair use are not infringement. There may be all sorts of reasons why big companies send dubious cease-and-desist letters over protected speech. Sometimes it's because lawyers are misinformed. Sometimes it's to silence criticism.




    • Copyrights



      • What can the possible implications of the CJEU Pirate Bay decision be? A new paper
        The CJEU judgment builds upon the earlier Opinion of Advocate General (AG) Szpunar in the same case [reported here], yet goes beyond it. This is notably so with regard to the consideration of the subjective element (knowledge) of the operators of an online platform making available copyright content. Unlike AG Szpunar, the Court did not refer liability only to situations in which the operators of an online platform have acquired actual knowledge of third-party infringements, but also included situations of constructive knowledge (‘could not be unaware’) and, possibly, even more.








Recent Techrights' Posts

SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Garden Season Starts Today
Outdoor time, officially...
More Information About Public Talks That Richard Stallman Gave This Week in Europe
Two talks in Switzerland
Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
Engadget writes for bots now, not for humans
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries