This problem can be perfectly seen in the world of Android: most Android devices run the same very old kernel version. The same very old version which Google alone supports and maintains. And Google really wants to get rid of the Linux kernel - they are fed up with it.
To summarize: in a world of "closed source" hardware it's near impossible to have a fully working open source operating system which supports all these devices properly unless you allow proprietary closed source code to exist in your kernel. It's quite possible that in a distant future Linux/GNU or some other open source operating system will run everything perfectly just because hardware vendors will run out of ideas how to differentiate their devices and all devices will have full documentation, spec sheets and support. We can only hope.
Independent commentator Artem S. Tashkinov is back at it again with his latest thoughts on GNU/Linux and its problems in a post entitled "Why Linux/GNU might never succeed on a large scale".
Tashkinov has previously ranted about problems he views with Linux as well as other operating systems like Android and Windows 10. His latest controversial thoughts are on why he thinks GNU/Linux might never succeed on a large scale. But then again, many of you will probably agree GNU/Linux has already succeeded on an enormous scale -- well, at least in clouds, servers, and workstations. When it comes to Linux on the desktop, most reports still put the overall Linux desktop at around 2% with the Linux gaming market-share at under 1%. And, of course, there still hasn't been a break-through GNU/Linux smartphone that's done well in overall markets.
In this video from OpenStack Australia, David Perry from the University of Melbourne presents: Supercomputing by API – Connecting Modern Web Apps to HPC.
Linux careers offers plenty of possibilities. At the time of this article, a simple search of 'Linux' on Indeed.com yields nearly 72,000 jobs with 52,000 of them being recently posted. Clearly, Linux is a space where a good, solid long term career is possible. But there are some things you should know before you decide to make the leap.
Recently I had the opportunity to sit down with two long time Linux system administrators. These pros have been in the trenches for many years and shared their expertise with me. I then took their thoughts and added it to my list of "career truths" that I was already aware of and decided to share the details here.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced that 19 new organizations have joined the Foundation as Silver members. Linux Foundation members help support development of the greatest shared technology resources in history, while accelerating their own innovation through open source leadership and participation.
A new subsystem is being proposed for the Linux kernel for the MIPI I3C sensor specification.
The MIPI I3C sensor interface was published at the beginning of this year and is designed for streamlined sensor integration across wearables, smartphones, IoT hardware, automotive systems, and other modern devices. When designing I3C, the MIPI Alliance looked at I2C, SPI, and UART for inspiration while designing an interface for today's modern needs.
Which is why Oracle is dedicated to developing technologies such as KSplice to automate your critical security patching and keep your servers compliant and secure.
With the Radeon RX Vega 56 and Vega 64 shipping in two weeks, here are some benchmarks of the latest Radeon and NVIDIA Linux graphics drivers with an assortment of modern GPUs. With these latest Linux GPU results are also the current performance-per-Watt and thermal metrics as recorded automatically via the Phoronix Test Suite benchmarking software. This Radeon vs. NVIDIA Linux comparison should be particularly interesting given the very good Mesa Git performance results posted yesterday that show RadeonSI performing well beyond the AMDGPU-PRO OpenGL levels.
For NVIDIA Linux users read our OpenGL 4.6 overview if you haven't already and then go forth and download the new experimental driver.
Adding to the list of changes for X.Org Server 1.20 that will be released in the future is grab protocol support for XWayland.
Last year is when the keyboard grabbing protocol for Wayland was proposed and made it into Wayland-Protocols 1.9. This is about allowing virtual machines, VNC viewers, or XWayland to be able to "grab" all input from a device and send to a particular surface, modeled like a keyboard locking mechanism.
Following last week's Linux/BSD CPU core scaling tests when seeing how different operating systems competed with going between one and twenty threads with the Intel Core i9 7900X, my latest benchmarking target of curiosity was seeing how Windows 10 with its Windows Subsystem for Linux (WSL) would compare on this system against the other Linux distributions.
Tilix is an advanced terminal emulator that enables you to do many more things effectively and thus increasing your productivity while working on the Linux terminal.
I’m currently doing some embedded work on ARM systems. Having a virtual ARM environment is of course helpful. For the i586 class embedded systems that I run it’s very easy to setup a virtual environment, I just have a chroot run from systemd-nspawn with the --personality=x86 option. I run it on my laptop for my own development and on a server my client owns so that they can deal with the “hit by a bus” scenario. I also occasionally run KVM virtual machines to test the boot image of i586 embedded systems (they use GRUB etc and are just like any other 32bit Intel system).
I am pleased to announce PiCluster version 2.0! In case you are unfamiliar with PiCluster, it is a container management tool written in Node.js used to manage Docker containers. It has been a long journey this past year coming up with new features and trying to community involvement. In this post, I will go over the contributions that the community has made for this release and discuss the exciting new feature: automatic container failover to different hosts.
Rainlendar is an open source calendar application with a focus on keeping your tasks and events visibly organized on your desktop without being any hindrance to your workflow.
In the first post of our series, we outlined three components of a modern front-end stack. In the second post, we untangled the challenge of package management with Yarn. In this post, we’ll take a look at the next component in our stack: webpackââ¢, a way of building and bundling assets for web apps.
Webpack is a robust and extensible tool that brings speed, parity between environments, and organized code to your application. It does its best work graphing a modular codebase, tying many graphed dependencies together into a few output files. For anything webpack doesn’t do readily, it can be taught to do with plugins. It can graph JavaScript modules naturally, and it can transform just about anything into a JavaScript module with a special kind of plugin called a loader.
ââ¬â¹For an OS (Operating System) to work it has to be fully “Synchronized” with the hardware, this includes audio and video connection with the help of drivers, wireless connection and other hardware options to connect the hardware and software. These connections may not work well and sometimes your system can crash and make you lose data. In this article, I will talk about Kernel Panic which is a System crash for Linux.
Today we gain another remaster of a classic game. This time it's 'The Silver Case' [GOG, Steam] which originally released in 1999, many years later it was remastered and release in 2016 and now we have it too.
According to my research, the game wasn't available in English before this remaster, so it's fantastic to not only see it revived, but localized for a wider audience too.
SimAirport [Steam, Official Site] aims to be a modern tycoon-style game where you build and manage every aspect of an airport. It's coming to Linux and the developers are looking for some testers.
For fans of OpenMW, the open-source re-implementation of the engine powering Elderscrolls III: Morrowind, a new feature release is now available.
OpenMW 0.42 is the project's newest release. OpenMW 0.42 features support for water sound effects, implementing various particles / magic particles / other in-game visuals, more implementations of OpenMW-CS, and dozens of bugs have been fixed.
ICY: Frostbite Edition [Steam, Official Site], a narrative-driven post-apocalyptic survival RPG is coming to Linux with day-1 Linux support.
It will officially release on the 11th of August, with the publisher Digital Tribe Games confirming to me via email it will include Linux support.
Downward [Steam, Official Site] is an extremely impressive and downright beautiful parkour game. Recently it left Early Access, but the Linux version was a bit behind, now it's not!
I also stepped down from Dot and KDE promo stuff after getting burnt out from doing it for many years hoping others would fill in which I hope they now will.
Even while we’re working on a new beta for Krita 3.2 and a new development build for 4.0 (with Python, on Windows!), we have to release some bad news as well.
The Krita Foundation is having trouble with the Dutch tax authorities. This is the situation:
In February, we received an audit from the tax inspector. We were quite confident we wouldn’t have any problems because when we setup the Krita Foundation in 2013, we took the advice of a local tax consultant on how to setup the Foundation and its administration. We registered for VAT with the tax authorities and kept our books as instructed by the consultant.
However, the tax inspector found two problems springing from the fact the Foundation sells training videos and books, so it is not 100% funded by donations. This means that the tax authorities see the Foundation is as partly a company, partly as not a company.
Do you use KMail or Kontact? The KDE PIM developers want to get more knowledge about how KMail is used so they can better know where they should focus and how they should evolve Kmail and Kontact. They want to make the best user experience possible and you can help by filling out a short survey.
Do you use Kmail, the KDE email client? If so be sure to add make your feedback on heard by taking the short Kmail user survey.
No doubt this release marks a major milestone in Qubes OS development. The single most import undertaking which sets this release apart, is the complete rewrite of the Qubes Core Stack. We have a separate set of posts detailing the changes (Why/What/How), and the first post is planned to be released in the coming 2 weeks.
This new Core Stack allows to easily extend the Qubes Architecture in new directions, allowing us to finally build (in a clean way) lots of things we’ve wanted for years, but which would have been too complex to build on the “old” Qubes infrastructure. The new Qubes Admin API, which we introduced in a recent post, is a prime example of one such feature. (Technically speaking, we’ve neatly put the Admin API at the heart of the new Qubes Core Stack so that it really is part of the Core Stack, not merely an “application” built on top of it.)
I wrote about the latest openSUSE Leap release a few days ago. In that post, I included some details about upgrading an existing openSUSE Leap installation to the new release. Since then, I have performed a fresh installation on another of my systems (the Acer Aspire V), so in this post I am going to include screenshots and a brief description of the installation process.
First, let's repeat some of the basic information about this release. The release announcement on the openSUSE website gives a bit of information (and a lot of propaganda) about the new release.The release notes contain a lot more technical detail, so be sure to read them before starting.
Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that it has acquired the assets and technology of Permabit Technology Corporation, a provider of software for data deduplication, compression and thin provisioning. With the addition of Permabit’s data deduplication and compression capabilities to the world’s leading enterprise Linux platform, Red Hat Enterprise Linux, Red Hat will be able to better enable enterprise digital transformation through more efficient storage options.
Red Hat has acquired “the assets and technology of Permabit Technology Corporation”, a data-shrinking concern, for an undisclosed sum.
Permabit offers data de-duplication and compression software and recently cooked ready-to-run Linux kernel modules of its wares after previously focusing on sales to OEMs.
Red Hat announced Monday that it has acquired the assets and technology of Permabit Technology Corp, a provider of software for data deduplication, compression and thin provisioning.
With the addition of Permabit’s data deduplication and compression capabilities to enterprise Linux platform, Red Hat Enterprise Linux, Red Hat will be able to better enable enterprise digital transformation through more efficient storage options.
With Permabit’s technology, Red Hat can now bring powerful data deduplication and compression features into Red Hat Enterprise Linux itself, which will also enhance capabilities across Red Hat’s hybrid cloud and storage technologies, including Red Hat OpenStack Platform, Red Hat OpenShift Container Platform and Red Hat Storage.
I often see articles, blog posts or even video tutorials on how to apply security-only errata in CentOS environments or set a cron job to do this regularly. While it can be very useful to keep components on a specific version and only updating those which has security fixes, it has one drawback.
Red Hat is taking quite serious a hacking threat reportedly developed by the CIA that targets its Linux software and is warning customers to follow "Incident Response" practices. A hacker news sites describes the latest malware news as "simply astonishing."
"It is recommended that systems found with indicators of compromise should follow their organizational practices for Incident Response and react accordingly," Red Hat says in a post at its customer portal.
The greatest threat from the so-called Aeris tool is from users who already have access to an enterprise network as opposed to an external infiltration.
Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced the general availability of Red Hat Enterprise Linux 7.4, the latest version of the world’s leading enterprise Linux platform. Red Hat Enterprise Linux 7.4 offers new automation capabilities designed to limit IT complexity while enhancing workload security and performance for traditional and cloud-native applications. This provides a powerful, flexible operating system backbone to address enterprise IT needs across physical servers, virtual machines and hybrid, public and multi-cloud footprints.
Red Hat Enterprise Linux 7.4 comes with improved security and performance for servers, containers, and clouds.
Red Hat is out today with the Red Hat Enterprise Linux 7.4 release.
RHEL 7.4 features a tech preview of "System Roles" as an Ansible-powered common management interface, USB Guard as a means of providing greater control and fending off data leakage/injection, greater container security, various performance improvements, and other updates.
Red Hat developers have been working to improve the performance of multi-threaded workloads on NUMA systems.
Rik van Riel of Red Hat sent out two patches on Monday to refactor the NUMA (non-uniform memory access) balancing code as it spends too much CPU time scanning and faulting during multi-threaded workloads.
While hosting a quarterly town hall meeting with my team a few months ago, I announced that we had finally hired a new senior manager to lead a big portion of the group. This role had gone unfilled for a while, so I'd been temporarily filling it. After describing the new leader and reviewing the selection process, I asked if anybody had any questions or comments. There was just one, and it was something like: "So, now that you are hiring this new person, what are you going to do?"
This image immediately popped into my head. I felt like the blindsided employee in Office Space, when one of the corporate consultant "Bobs" asked: "What would you say you do here?"
[...]
Jim Whitehurst has written of context, "When people understand why they're doing the work they're doing, they're much more likely to want to do it—and to help one another do it more creatively. Leaders who can effectively align their teams' passions with the organization's core mission will see success. . ."
Red Hat has (again) deprecated the Btrfs file-system from their Red Hat Enterprise Linux product, but this time it appears it may be for good.
Longtime Phoronix readers will recall when we noticed that Red Hat Enterprise Linux 6.8 deprecated Btrfs, which was later clarified as just being for RHEL6 while RHEL7 would continue to see Btrfs support. Red Hat has now deprecated Btrfs from RHEL7 and is looking like it won't be supported for future releases, e.g. RHEL 8.
With the recent release of Fedora 26, Fedora 24 officially enters End Of Life (EOL) status on August 8th, 2017. After August 8th, all packages in the Fedora 24 repositories no longer receive security, bugfix, or enhancement updates. Furthermore, no new packages will be added to the Fedora 24 collection.
The Release Party did already happen 3 days ago but I been busy since then and also a little bit tired, so thats why this post comes a bit later. The students had time until Thursday in the afternoon, to correct the slides with the things we told them. I got them in the evening, but they still had some issues. So we decided that I do the correction of the slides together with them on Saturday morning at 11am. Therefore I had to go earlier to PNC as originally planned and having lunch around there. But as always something happens and you have to change plans, as I arrived at PNC there was no electricity. Its not a big problem, they have a generator for this cases but as generator hours are not cheap, you have to get permission of the general manager to start it and this took a while. So we started a bit later and we also had some problems to solve, but the students saw why you should set on free software, I could open their Powerpoint presentations in LibreOffice but they could not open odp files in M$ office. But we managed to make all left changes and have after that a short lunch.
Once again, my focus was on Gitano, which we're working toward a 1.1 for. We had another one of our Gitano developer days which was attended by Richard maw and myself.
Pause on Lock is a simple script that can pause music on Ubuntu when the lock screen kicks in. When you return to your desktop and log back in whatever you were listening to resumes, with playback picking up exactly where it left off.
Hold the front page: Ubuntu could be about to switch log viewer from GNOME System Log to GNOME Logs. We're on the ground with all the details.
ââ¬â¹Ubuntu 17.10 codenamed Artful Aardvark (17.04 Zasty Zapus took us to the end of the alphabets so we are back to A) is expected to arrive on October 19, 2017. It was slated to bring minor improvements to the Ubuntu 17.04 but Canonical has sped things up and is bringing GNOME3 home quite early, Bye bye Unity. So how is the next iteration of Ubuntu fearing so far? Things are not finalized yet but let us see the direction is heading. Note that things might change (they won’t) in the final release.
The winning images in the Ubuntu Budgie 17.10 wallpaper contest have been revealed.
Ubuntu Budgie is an official Ubuntu flavor that uses the Budgie desktop environment. The next stable release, due in October, will include a new set of community-sourced desktop backgrounds.
10 wallpapers have been selected from the hundreds of entries submitted, and optimised versions should shortly arrive in the Ubuntu Budgie 17.10 daily builds via the regular update mechanism.
Linux Mint creator Clement Lefebvre recently published yet another monthly newsletter to inform the community behind the popular Ubuntu-based GNU/Linux distribution about what's coming to the project.
Now that Linux Mint 18.2 "Sonya" has hit the streets with all four officially supported flavors, with the Cinnamon 3.4, MATE 1.18, Xfce 4.12, and KDE Plasma 5.8 LTS desktop environment, it's time for Clement Lefebvre and his team to start working on the next major release, Linux Mint 18.3.
And the development was kicked off with a port of the Software Sources in-house built tool to the latest GTK+ 3 toolkit, along with support for HiDPI (High Dots Per Inch) displays, as well as HybridSleep support for the Cinnamon desktop environment. Also, it looks like the login screen was made more configurable.
Asus finally got around to updating the ZenWatch 3 to Android Wear 2.0. I’ve been wearing it on and off (no pun intended) for a couple months now, and I have been waiting patiently to see if the new software would change the experience of this smartwatch before publishing a review.
It basically didn’t. It’s a fine enough smartwatch, providing most of the things I really care about in a smartwatch. I have a particular set of things I care about, and they might not line up with what you want. For me, it’s a simple list:
I am from the Philippines. I've been an advocate of free and open culture since college, and I occasionally also contribute to the Wikimedia projects, particularly Wikimedia Commons.
In 2014, I worked on a government project where I digitally documented some of the largest heritage artworks in the country, like the ceiling paintings of some of the colonial Catholic churches in central Philippines. You can see them at Wikimedia Commons under Creative Commons licenses.
The debate about whether vendors can thrive and scale if their primary outputs are freely licensed continues to brew nearly two years since I wrote about the topic. Basing a business on an open source strategy is undoubtedly challenging, because no matter how many times you quote Richard Stallman that software freedom means "free speech," not "free beer," there is a persistent expectation that open source means free: free software, free updates, free knowledge, free support.
A few weeks ago we learned about some great work underway by Shane Martin Coughlan: putting a face to the vibrant open source community, and the fascinating discussions happening within it, through a series of interviews—we thought we'd share them here in a new series.
It might come as little surprise, but the two primary options for NFV orchestration platforms are open source or vendor-supplied options. See who's doing what in these areas.
LunchBadger; API lifecycle, orchestration and optimization solution provider; has announced its new open source API gateway: Express Gateway. Express Gateway is one of the first open source gateways to utilize Express.js. The gateway delivers a solution to developers and businesses who desire to build their own Express.js-based micro services instead of utilizing an out-of-the-box solution.
Bitrise is the most open platform in the space. It’s completely extensible and lets developers use all the third party services they know and love in one beautiful interface.”
A growing cross-network advertising platform, we continue to be drawn to solutions that free up our internal resources from being bogged down by infrastructure management. While it’s a strategy that has been critical to our success, it hasn’t come without key infrastructure changes to make it work. Our challenge from day one has been balancing the fact that the strength of our database capabilities is absolutely essential to our product, but devoting all possible resources toward product development would give us the competitive differentiators we need to be successful.
Apache Kafka is on a roll. Last year it registered a 260 percent jump in developer popularity, as Redmonk’s Fintan Ryan highlights, a number that has only ballooned since then as IoT and other enterprise demands for real-time, streaming data become common. Hatched at LinkedIn, Kafka’s founding engineering team spun out to form Confluent, which has been a primary developer of the Apache project ever since.
But not the only one. Indeed, given the rising importance of Kafka, more companies than ever are committing code, including Eventador, started by Kenny Gorman and Erik Beebe, both co-founders of ObjectRocket (acquired by Rackspace). Whereas ObjectRocket provides the MongoDB database as a service, Eventador offers a fully managed Kafka service, further lowering the barriers to streaming data.
Game developers are turning to outside vendors for backend services, but there is always a danger they could get locked into one with bad results. So Heroic Labs is announcing the formal launch of its Nakama 1.0 open-source real-time game servers to help with this.
The San Francisco-based company has developed server that provides typical backend services such as live events, leaderboards, and other features that game developers would rather not have to code themselves, said Heroic Labs vice president of product Alim Jaffer in an interview with GamesBeat.
The news was announced today by the Open Network Automation Platform (ONAP) , which also welcomed four more vendors -- Fujitsu Ltd. (Tokyo: 6702; London: FUJ; OTC: FJTSY), Infosys Technologies Ltd. (Nasdaq: INFY), Netcracker Technology Corp. and Samsung Corp. -- to the fold for a total of 50 members. The organization, sponsored by the Linux Foundation , has only been in formal operation since March.
The deployment of network functions virtualization, or NFV, can bring significant benefits to service providers. These benefits include agility, lower costs and promises of operational efficiency. But service providers must choose from leading open source options and a variety of vendor-supplied offerings for their NFV orchestration platforms.
Open source technologies are everywhere and in almost everything we leverage today across the IT enterprise. That is not a new observation, but something we just accept. My experience in leveraging open source technologies reaches back to the mid 90's where I spent the better part of a year setting up both a rural phone company's ISP and a university’s computing lab leveraging Linux 0.99. In those days, the cost of commercial enterprise operating systems was too high for lean startup activities. Therefore, we were willing to trade time for money. Getting a Linux kernel working with a specific network card was not fun in the early days and often required a bit of trial and error cycled over many kernel builds. However, these types of projects gave us a real appreciation for what the open source community was contributing and what was expected from the user community to benefit. Unfortunately, this support gap kept open source technologies on the fringe for many years. Eventually this provided an opportunity for the creation of new vendor ecosystems that work closely with the technical innovators while delivering the functionality and support required of enterprise customers. Companies like RedHat have been filling some of these gaps for more than a decade.
There's trouble in open source land, revolving around a text editor that's popular with developers and a proprietary toolset, Kite, that wants some of that open source business. Their way of getting it, however, seems to have backfired.
Atom is a text editor developed by GitHub and released under the MIT license. It's been around for about three-and-a-half years, during which time it's built a sizable user base. Developers like it because it runs on most operating systems -- Linux, Windows and Mac -- and comes with a lot of dev-friendly features built-in. They also like its modular design, which has spawned a community of devs creating plugins that further expand its capabilities.
Innovation in the open-source community allows Nasdaq to rapidly embrace new features that benefit the exchange’s 3,000 webhosting clients around the globe, Ball notes, pointing to a new media library component that allows streamlined management of different media as one example. Drupal’s modular architecture translates into great flexibility for adding new functionality. For IROs, that means that critical must-have characteristics are an integral part of the Nasdaq Corporate Solutions platform. For example, ‘mobile is a first-class citizen,’ Ball says, pointing out that there is no separate process for administering content for mobile environments, so any new IR content is automatically promulgated across a multi-platform architecture.
Bitnami announced plans to open source its Cabin platform, which is billed as a mobile application for controlling Kubernetes.
Cabin is a mobile dashboard, allowing for the remote management of Kubernetes clusters. Users can scale deployments, execute commands in containers, access logs, manage labels, and integrate with Google Container Engine for cluster provisioning.
Today, 4 billion people live without the internet. There’s a global debate about how to connect the unconnected, but it’s often dominated by assumptions and not a lot of data or talking to actual users on the ground.
To better inform this issue, Mozilla recently supported a series of focus groups to investigate how and why people use subsidized services in India, Myanmar, Peru, Kenya, Nigeria, Rwanda and South Africa. Today, we’re releasing the results of this research carried out by Research ICT Africa, LIRNEasia and IEP.
Last month, we delivered the first in a series of groundbreaking updates to the browser. This week, the Test Pilot team is continuing to evolve Firefox features with three new experiences that will make for a simpler, faster and safer experience.
ââ¬â¹The Document Foundation announces LibreOffice 5.4, the latest major release of the best open source office suite software available. LibreOffice 5.4 is the last major release of the 5.x family. LibreOffice 5.4 comes with new features for Writer, Calc and Impress and it is immediately available for Linux, macOS and Windows, and for the cloud. The latest iteration comes with significant features in every module, including the usual large number of incremental improvements to Microsoft Office file compatibility. So let’s see what’s new in LibreOffice 5.4.
My first "office" program was WordStar in 1982. Since then, I've used more than I can ever remember, including all the Microsoft Office programs beginning with 1.0 in 1991. I make my living from office software. If there's something good out there, I want to know about it. And that's why I've been using LibreOffice ever since it forked from OpenOffice. It's the best office suite out there, and with the release of LibreOffice 5.4, it's only gotten better.
Why? There are many reasons. Let's start with the basics: It's free. Yes, it's also open source, but I mean "free" as in "free beer". It doesn't cost you a red cent.
The Dutch education system, together with teachers and school authorities, needs to develop a vision on the relationship between ICT and education, the Education Council of the Netherlands writes in a report published in May. Recommendations include emphasising sharing and reuse of ICT solutions.
An ICT vision should encompass digital educational goals, the use of digital educational resources, and the use of digital applications in the organisation of education, the Council writes.
For more than two and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
We are writing to you today to announce the final release of version 17.7 “Free Fox”, which, over the course of the last 6 months, includes highlights such as SafeStack application hardening, the Realtek re(4) driver for better network stability, a Quagga plugin with broad routing protocol support and the Unbound resolver as the new default. Additionally, translations for Czech, Chinese, Japanese, Portuguese and German have been completed for the first time during this development cycle.
OpenBSD is now the latest BSD switching from GCC to LLVM's Clang C/C++ compiler by default.
With the OpenBSD switch-over that happened last week in CVS, Clang is now the default compiler for i386 and x86_64 architectures.
As open source becomes more pervasive, companies are consuming products that have open source components. Today you literally can’t use any piece of software that doesn’t have any open source code in it, making it very complicated for companies to keep a tab on what they are consuming and stay compliant with open source licenses.
To help simplify matters is a new Linux Foundation project called Software Package Data Exchange. With SPDX, the Foundation hosts the project and owns the copyright on the specification and trademark assets. It’s an open community of volunteers and as such has people participating across a broad spectrum of companies, academia and other foundations.
Last week Arduino AG, the holding company for the open source Arduino project, announced that CEO Federico Musto stepped down, to be replaced with Massimo Banzi as new Chairman and CTO of Arduino and Dr. Fabio Violante as CEO.
The move comes after the maker community found troubling discrepancies in Musto’s educational claims.
While the 3D printed, PIN-protected door lock by HPI looks cool, I’m pretty sure that a determined thief would find a way to get past it. The 3D printed, heavy duty Stealth Key system looks to be much more difficult to get around, but what’s even more high-tech than a lock or a key? A safe. But a team from Colorado-based SparkFun Electronics, an online retail store that sells pieces for electronics projects, recently used an inexpensive, homemade robot, which features some 3D printed components, to crack open a SentrySafe safe in front of hundreds of excited onlookers at a convention for hackers in Las Vegas.
If you are looking to learn more about robotics you may be interested in a new project which is being posted to the Hackaday website, detailing how to build a 3D printed open source robotic arm complete with built in control panel.
Watch the demonstration video below to learn more about the Pedro Petit open source DIY robotic arm which is being created by Hackaday user saandial.
As you can see, none of these support requests were true bugs. But they were stumbling blocks for many users, and added up to a major source of customer dissatisfaction – and a major contributor to support time. By resolving them we’ve made our existing customers happier, and made our new customers blissfully unaware of their predecessors’ struggles.
Scalability, latency, and throughput are key performance indicators for web servers. Keeping the latency low and the throughput high while scaling up and out is not easy. Node.js is a JavaScript runtime environment that achieves low latency and high throughput by taking a “non-blocking” approach to serving requests. In other words, Node.js wastes no time or resources on waiting for I/O requests to return.
Let me explain…
In the traditional approach to creating web servers, for each incoming request or connection the server spawns a new thread of execution or even forks a new process to handle the request and send a response. Conceptually, this makes perfect sense, but in practice it incurs a great deal of overhead.
The success of open-source communities like Node.js — a JavaScript runtime based on Chrome’s V8 engine — is completely dependent on contributions from a rich pool of organizations working toward the common goal of building a robust development framework.
Michael Dawson (pictured), digital transformation leader at IBM, is responsible for Big Blue’s contributions to the Node.JS source code. He explained his level of involvement within the community, including his role leading a Node benchmarking workgroup.
Node.js, however, compared with other scripting languages brings the whole platform into the mix. Beyond the CPU, it also requires networking power and a degree of storage. Intel has been investing a lot into making the whole platform shine with optimized Node.js, Ene-Pietrosanu stated. It has also made its efforts available to the open-source community.
Kindly reminder: According to schedule we should have Qt 5.10 feature freeze after a week, see https://wiki.qt.io/Qt_5.10_Release. So it is time to do remaining finalizations to 5.10 new features now and focus to bug fixing after that. Please fill new features page now as well (https://wiki.qt.io/New_Features_in_Qt_5.10); it seems to be quite empty at the moment.
Feature development on the Qt 5.10 tool-kit will soon be coming to an end.
Qt developers are planning to issue the feature freeze in about one week's time at which point they will be getting out a binary snapshot out, starting the soft branching, and then getting a hard branch of the code after that. If all goes according to plan, the Qt 5.10 Alpha should be out on 31 August while a beta release is expected for 10 October. If all goes well and it's not like past Qt5 releases with delays, Qt 5.10 would then be officially released on 30 November.
Thanks to C++11 now we have an implementation with move semantics that greatly simplifies the use of Object and will hopefully make for less memory management mistakes.
I'm obviously not spending much time writing here. It's been a rather busy month at work, and I've been doing other things on the weekend that aren't particularly interesting to write about.
This past week, though, I took advantage of our semi-annual Hack Week to finally learn Rust. I have several co-workers who love the language and have been wanting to stretch my programming language knowledge a bit. I was also profoundly disappointed by Go, which has been touted as the new C-style systems language but which I think is awful. All the reasons why is a topic for another post, but the obnoxiously verbose error handling is probably my biggest complaint. (This is the worst property of C; why would you copy it?) Rust was a favorite of a few people who felt the same way I did about Go, which seemed promising.
A recent controversy involving the group that sets the rules of the road for the web is a great reminder of how challenging standards-making really is, even if your standards are the ones everyone is using.
Standards have a way of bleeding into parts of life that you might not give a second thought to, as a consumer.
Case in point: Watching a show on Netflix is a pretty satisfying ritual, isn’t it? Lots of people do it. Tens of millions in fact, many of them on their computers, in their web browsers.
Back in February 2017, two Californians sued Apple in a proposed class-action lawsuit over the fact that the company disabled an older version of iOS. Disabling the outdated iOS had the effect of making FaceTime stop working on the customers' iPhone 4 devices.
[...]
"Apple broke FaceTime in order to gain a financial advantage and reduce relay fees," Judge Koh also wrote. "Further, although Apple knew that it had intentionally disabled FaceTime, Apple told consumers that FaceTime had stopped working because of a 'bug resulting from a device certificate that expired.' Apple did not tell users that Apple had intentionally caused the digital certificate to expire prematurely."
The ethicality or lack thereof of what Paterson did has been debated for years. Gary Kildall stridently claimed many times that he ripped off the actual CP/M source code, but this is a very problematic assertion. There is no evidence that he even had access to the source, which Digital, like most companies then and now, guarded carefully.
[...]
The real victor was Microsoft, which built an empire on the back of a shadily acquired MS-DOS.
Last week, I (like probably many of you) saw the news that the famous (or infamous, depending on your viewpoint) fact checking website "Snopes" was crowdfunding on GoFundMe, saying that it needed to raise money as soon as possible, because "a vendor" refused to recognize that Snopes had terminated a contract and was holding the site "hostage."
Last Thursday, the United States overwhelmingly passed a new round of sanctions against Russia, taking the executive actions made by then president Barack Obama in December 2016 and putting them into law. Congress also wrote its legislation such that the White House must get Congressional approval prior to any easing of sanctions against Russia. Despite some concerns about the law, President Donald Trump has said he will sign the bill.
Obama leveled these sanctions, including the dismissal of many Russian diplomats in the United States, following credible reports that the foreign adversary had meddled in the US presidential election. Russian President Vladimir Putin took no action at the time, believing he could work with President Trump to ease the restrictions. But after the Congressional action, Putin acted this weekend to remove hundreds of US diplomats from Russia. The number of US diplomats and Russian nationals employed as staff by the US government must now be 455, the same number Russia has in the United States.
How many species are living on Earth at this moment in time? Ask a few different scientists and you may get drastically different answers. Most estimates range from 3-10 million distinct species of multicellular organisms; however, when microbial diversity is factored in, the upper bound jumps to nearly a trillion.
Having a clear understanding of what species are present on Earth, where they are, and to what extent they are threatened is essential to making informed conservation decisions at both a local and global scale.
Scientists have long thrown shade at the unassuming kitchen sponge. The household staple skulks in sinks amid dirty dishes and soggy food scraps, sopping up and amplifying microbial forces capable of invading clean food spaces. The savvy kitchen-goer may think they have this situation locked down—a simple toss through a sanitizing dishwasher cycle or a sizzling swirl in the microwave... and done. Sudsy germsplosion averted.
Nice try, says science.
In a comprehensive study of 14 household sponges and their microbial inhabitants published in Scientific Reports, researchers confirmed that kitchen sponges are indeed domestic abominations. Moreover, any sterilizing attempts only seem to temporarily free up sponge-space for potential pathogens, which rapidly recolonize the festering scrubber.
A Democratic senator from New Jersey proposed legislation (PDF) Tuesday that would remove marijuana from the federal list of controlled substances. The proposal, if adopted, would also financially punish states that fail to decriminalize marijuana if they have racial disparities in their arrest and incarceration rates connected to marijuana.
Ransomware attacks caused 22% of small and medium-sized businesses in seven countries, including Australia, to pack up for good, a report from the security firm Malwarebytes claims.
It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.
In July, Sonatype released their third annual State of the Software Supply Chain report concluding that when organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production). Analysis also showed that applications built by teams utilising automated governance tools reduced the percentage of defective components by 63%.
Not a week goes by without WikiLeaks unveiling some more condemning evidence of the CIA’s malware tools. The latest reveal is Aeris, an automated implement which affects many different distributions of the Linux operating system. This particular tool packs quite a lot of features under the hood in an effort to gather as much intelligence as possible. This is surely not the last tool of its kind we will meet.
ââ¬â¹Linux distro is mostly loved for its security features. When we people want more security we use TOR and VPN. Today I am going to tell you about an application called Firejail that helps to protect your personal files via sandbox technique.
ââ¬â¹Firejail is a sandbox application built for Linux distros which uses the capabilities of Linux kernel to use namespace separation. In the simplest sense, apps launched through Firejail cannot access your personal files on your hard drive. Isn’t that cool? Cool and safe!
Nearly 20 years later, the country's voting security debt has mounted to incredible heights, and finally, just maybe, the security researchers are getting the hearing they deserve.
At Def Con’s hacker voting machine village, where 30 pieces of election equipment sat waiting, hackers were given a deliciously wicked goal. John Hopkins computer scientist Matt Blaze said, “We encourage you to do stuff that if you did on election day they would probably arrest you.”
And they did. Most of the voting machines were purchased via eBay, but some did come from government auctions. Despite the various different manufacturers of the voting equipment boxes, there was a common theme—they are “horribly insecure.”
Granted, come election day, officials would likely notice if hackers were physically taking apart the machines. Tinkering with an external USB port on a computerized voting box and using it to upload malicious software may or may not get noticed. Yet those are not the only ways hackers could potentially influence votes and an election’s outcome; there’s the sneaky way of remotely accessing the machine from a laptop.
The DEF CON 25 security conference is famous for its wide variety and number of security sessions and events. Not everyone can be in every session and some even choose to watch remotely, which is where DEF CON TV (DCTV) comes into play.
DCTV streamed several sessions from the event, both to local hotels as well as the outside internet. Securely setting up and managing the DCTV streaming is no easy task, but it's one that DEF CON hackers put together rapidly.
Microsoft refuses to fix the issue properly because there is a "simple command everyone can execute" but has not (to my knowledge) told anyone about this command because everyone assumes the issue has been fixed by KB4022715 and KB4022725
The reason I'm frustrated is because if these things were designed this way, I would WANT them. I really wish my washing machine would tell me when the wash is done because I am EXTREMELY bad at remembering to go check on it. But I can't buy that, I can't buy something that just has a $5 microprocessor with just enough intelligence to connect to the internet and send me an email or a push notification if the buzzer on the washer goes off. The only thing I can buy is a washing machine that's had a horrible, unreliable PC full of quarter-baked software crammed into it which will stop working when some godforsaken cloud service is "sunset", and which is so dependant on the reliability and trustworthiness of the software on the computer that if someone hacks it or the software has a bug, the washer can start spraying water at me when I have the loading door open.
Svpeng, designed to steal banking information through different means, now embeds itself in Android's accessibility services — the software that helps users with disabilities navigate devices and apps, the cybersecurity firm said. So Svpeng is now able to steal any data in a text box and log all keystrokes.
The upcoming version of the Transport Layer Security (TLS) protocol promises to be a game changer for web encryption. It will deliver increased performance, better security and less complexity. Yet many website operators could shun it for years to come.
TLS version 1.3 is in the final stages of development and is expected to become a standard soon. Some browsers, including Google Chrome and Mozilla Firefox, already support this new version of the protocol on an opt-in basis and Cloudflare enables it by default for all websites that use its content delivery network.
Josh and Kurt talk about Black Hat and Defcon, safes, banks, voting machines, SMBv1 DoS attack, Flash, liability, and password masking.
The historical, reactive model of security was a bunch of perimeter controls. With intelligence-driven security, the controls have to be much more agile and react to circumstances in real time. To create a defense in depth strategy, you need to anticipate attacks, to stop attacks before they start, and if you can't stop them, you have to detect an attack when it's in progress. If you can't detect an attack, then you need to be able to prevent a wholesale breach. If you can't prevent a breach, then you have to be able to detect that a breach has occurred, and respond quickly enough to prevent loss or disruption.
It's a fact of modern life that many of us forget—the phones, computers, and other connected devices we depend on can often be used against us as secret listening devices. On Tuesday, attention turned to the Amazon Echo, with a demonstration that showed how hackers can convert some models into devices that can surreptitiously record our most intimate moments.
To be clear, the hack works only against older models of Amazon Echoes. It also requires physical access to the device by a hacker with above-average skills in Linux and embedded hardware systems. That means people aren't likely to be exposed to such attacks unless they own a 2015 or 2016 device and are a target of interest to the Central Intelligence Agency, a similar nation-sponsored spy group, an advanced corporate espionage operation, or a highly determined stalker.
The decision today was about whether a decision not to permit such a prosecution was lawfully open to the criminal court. The High Court held that it was not open to a criminal court to give that permission. So: one step away from a decision to allow any prosecution.
Emmanuel Macron was told before his election that maintaining defence ties with Britain was crucial and “more important” than flawed plans for EU military integration, according to leaked emails from the French president’s campaign team.
A trove of tens of thousands of emails released by Wikileaks on Monday showed senior Macron advisers arguing for continued British involvement in European defence projects while highlighting the bitter divisions between Paris and Berlin on EU defence co-operation.
And here is the slice of it they used in a news feature they did with Assange...
The ACLU is headed to the Second Circuit Appeals Court, hoping to force the DOJ to be more... realistic about the government's drone strike operations in Pakistan. It's an FOIA lawsuit, with the ACLU seeking drone documents and being told -- in so many black bars -- that this publicly-acknowledged program is too secret to disclose.
Mary Rich, the mother of slain Democratic National Committee staffer Seth Rich, speaks at a press conference on Aug. 1, 2016. A lawsuit alleges Fox News and a wealthy Trump supporter intended to deflect public attention from growing concern about the administration's ties to the Russian government by concocting a story about Seth Rich's death.
In-court secrecy continues to thrive – at least in regards to protecting business interests. Almost all patent infringement lawsuits include secrecy orders negotiated by the parties without much court participation. Courts often view themselves as arbiters of disputes between the parties – and if the parties agree on a particular issue then there is no dispute.
The right to secrecy in federal courts was upped a bit further with the Defend Trade Secrets Act of 2016 in situations where the parties don’t agree. The DTSA includes a requirement that a court “may not authorize or direct the disclosure of any information the owner asserts to be a trade secret” without first allowing an under-seal submission of a description of the confidential interest. 18 U.S.C. 1835. Although not stated, the implication is that the court must then review the submission before requiring disclosure.
It's at that point that scientists think the world will fall into disastrous effects like widespread drought, extreme weather and dangerous increases in sea level. Experts have suggested that 2C of warming is the "tipping point" at which that change becomes unstoppable.
Climate change may have contributed to the suicides of nearly 60,000 Indian farmers and farm workers over the past three decades, according to new research that examines the toll rising temperatures are already taking on vulnerable societies.
Illustrating the extreme sensitivity of the Indian agricultural industry to spikes in temperature, the study from the University of California, Berkeley, found an increase of just 1C on an average day during the growing season was associated with 67 more suicides.
Five hundred workers just voted to unionize at Facebook’s cafeteria contractor, Flagship, which represents some 10 percent of the total food-service workforce in Silicon Valley. The victory builds on other recent union wins at Intel and Google for cafeteria and custodial staff—vibrant organizing campaigns, led by UNITE HERE and the Teamsters, that combined with grassroots community outreach to establish solid union contracts in the bottom tiers of the freewheeling tech sector. Activists are demanding fair hours and wages, as well as secure benefits, union rights, and other basic entitlements for the front-line workers of the world’s leading tech brands.
This leaves the average citizen powerless. Your money is no longer yours – but the governments to be used as a financial tool. (Or to be confiscated.)
The automatic right of European Union citizens to live and work in Britain will end in March 2019 with Brexit, Prime Minister Theresa May's spokesman said on Monday, after her ministers publicly differed over the shape of the divorce with the EU.
Since May's failed gamble on a snap election last month, the future of Brexit has been thrown into question with squabbling between her ministers over the pace, tone and terms of Britain's departure from the club it joined in 1973.
May, who on Monday interrupted a three-week holiday to attend a World War One commemoration ceremony, has faced public pressure to temper her plans for a clean break from the EU.
(As a side note, no Brexiteer – rightly – seems to believe that the UK was bound for all time by the 1975 referendum result.)
Bitcoin split into two separate currencies on Tuesday because part of the Bitcoin community isn't happy with recent and planned changes to the code that controls the cryptocurrency.
Bitcoin.org last month warned of a potential split if consensus couldn't be reached on efforts to help Bitcoin scale better.
Part of the effort, known as Bitcoin Improvement Proposal 91 (BIP91), was accepted last month, and a split was averted.
Over the past few weeks, a self-described "e-mail prankster" has posed as members of President Donald Trump's administration in a series of e-mails to White House officials, publishing responses to Twitter for comedic effect. Among the targets were Trump's top homeland security advisor Tom Bossert—who volunteered his personal e-mail address to the prankster because Bossert believed he was interacting with Jared Kushner. In the e-mail, the faux Kushner invited Bossert for a "soirée" with food better than the two had eaten together on their Iraq visit.
There is a concerted and combined effort by the likes of Putin, Erdoßan and Trump to hollow out democracy. To stop them, we must change how we view the world
The Portuguese government defended its decision to make a last-minute switch from Lisbon to Porto as its choice as the new host of the European Medicines Agency.
For months, Lisbon was the country’s nominee to take the agency, which must leave London after Brexit. But an outcry from the authorities in Porto led Portugal to make an 11th-hour shift in its proposal: The government dropped Lisbon barely two weeks ahead of the July 31 application deadline and announced the northern city would be the country’s candidate instead.
Until then, Portugal had pushed its capital city hard, with some success: Lisbon was the preferred choice of EMA staff forced to move out of London because of Brexit, ahead of rivals such as Copenhagen, Milan and Bucharest, according to local media reports. Colorful government pamphlets and brochures boasted that “Lisbon welcomes the EMA.”
President Donald Trump has removed Anthony Scaramucci as communications director, a little more than a week after the former financier was named to the post, the White House said on Monday.
The change came at the request of new chief of staff John Kelly, who started Monday, two White House officials said. It was not clear whether Scaramucci would take on a new role after leaving the communications job, nor was it immediately apparent who would take over the position.
Anthony Scaramucci’s reign as White House communications director—a reign of terror and vulgarity, marked by two outlandish interviews and the departures of two top West Wing officials—has ended, just 10 days after it began.
The New York Times broke the news Monday afternoon, just hours after Trump tweeted that there was “No W[hite] H[ouse] chaos!” It was not clear whether Scaramucci would take another post in the administration or exit altogether. His firing reportedly came at the behest of John Kelly, who was installed as chief of staff on Monday, three days after Scaramucci forced out Kelly’s predecessor.
There hasn’t been a single smooth week in the Trump presidency, but last week was, by popular consensus, the worst of them so far. Given the struggles of this president, that’s no small statement. What was remarkable was the breadth of Trump’s troubles. His top legislative priority was, once again, knocked flat. He had to replace Reince Priebus, making Priebus the shortest-tenured chief of staff to serve in the heart of a term. He publicly feuded with Republican senators, saw his new messaging guru call a colleague a “fucking paranoid schizophrenic,” and went to war with his attorney general.
The memo says employees should not “delete, destroy, modify, or remove from your paper files, laptop computer, desktop computer, tablet, mobile device, e-mail, or any storage system or device, any documents, records, or other materials that relate to the 2016 presidential election or that may relate to any investigation concerning the election.”
A conservative anti-corruption watchdog group is asking for an ethics investigation of Rep. Debbie Wasserman Schultz (D-Fla.) after former House IT aide Imran Awan was apprehended trying the flee the country. In a complaint that will be filed Monday, the Foundation for Accountability and Civic Trust (FACT) asks if Wasserman Schultz violated the House’s rules by continuing to pay Awan after he was cut off from the House computer system.
“It appears that Representative Wasserman Schultz permitted an employee to remain on the House payroll in violation of House Ethics Rules,” FACT’s Matthew Whitaker writes in the letter to the Office of Congressional Ethics. “After Awan was barred from accessing the House computer system, Wasserman Schultz continued to pay Awan with taxpayer funds for IT consulting — a position that he could not reasonably be able to perform.”
It's no secret that there are a bunch of folks in the Senate who really, really, really dislike the fact that the site Backpage has been abused by some users for sex trafficking. They should be happy that through a lot of public pressure, Backpage has shut down its adult section.
For reasons that are not entirely clear, many people seem to blame Section 230 of the CDA for the fact that sex traffickers have used Backpage.com. This is... weird and doesn't make much sense. After all, Section 230 doesn't apply to federal crimes around sex trafficking. So, if the platform itself is violating the law, the DOJ has the power and every right to go after the platform. Furthermore, as we've noted time and time again, these platforms have actually been tremendously helpful in allowing law enforcement to track down those responsible for trafficking and to help victims of trafficking. Still, because of this misplaced focus on CDA 230, earlier today, a bunch of Senators released a counterproductive and dangerous bill that would blow a massive hole through CDA 230, and it's clearly written 100% to focus on Backpage. Nearly all of the quotes about the bill from the Senate co-sponsors mention Backpage.
Portmanteau words are great. It's a highly-efficient way to forcibly join two (possibly unrelated) actions and create a brand new activity. Add to this a decently-fast internet connection and you have Chaturbate, a service that puts people together to do things to themselves separately.
Granted, much of this could be done with other services, including the portmaneau'ed ChatRoulette, but targeted markets are more profitable than floating from chat to chat hoping to escape the "turbate" part of this internet concoction. Chatting is fun. So is masturbation. But not many people enjoy being masturbated at, especially when they're looking to just chat a little. Chaturbate, however, gives people what they want, in as many varieties as they want it.
Brazilian singer Johnny Hooker recently released his sophomore album, Coração, which is being distributed digitally in the U.S. by CD Baby.
Before that, he released the first single from the album, "Flutua," featuring Liniker, and faced some problems with YouTube and Facebook.
When the single's audio was released on YouTube, Hooker received good reactions from the public. The single cover showed the two artists kissing. The morning after, he discovered it had been censored for anyone under 18.
As the Trump administration continues to make headlines for its attacks on the press and its attempts to prevent journalists from adequately covering White House press briefings, a recent YouGov/Economist poll (pdf) found that 45 percent of Republicans support giving courts the power to shut down "biased" media outlets—a result commentators argued should be "scary for anyone concerned about the future of American democracy."
In recent years, as documented on this site and on the Global Research News Hour radio program, we have seen an acceleration in the level of propaganda and its ability to shape common narratives around war.
The Assad government is blamed for virtually all the blood being spilt in Syria in recent years, in spite of evidence to the contrary. Russia, not NATO, is being blamed for an imperialist agenda for Ukraine and Eastern Europe. And a McCarthyist narrative accusing President Putin of interference in the 2016 US Presidential elections has taken hold in spite of an almost complete lack of evidence upholding that narrative.
More to the point, reporters risk being tagged ‘conspiracy theorists’ or ‘Russian agents’ if they dare to challenge these and other official narratives.
Billions of dollars of investment, not to mention political careers are dependent on maintaining these narratives, so it is understandable that dissident perspectives will sooner or later come under attack if the body politic begins to be influenced by them.
The creators of several Virtual Private Networks (VPNs) have criticised Apple's decision to remove their products from its App Store in China.
The BBC understands that as many as 60 VPNs were pulled over the weekend.
Apple said it was legally required to remove them because they did not comply with new regulations.
“With the Russian authorities increasingly intolerant of dissent, technologies that help internet users evade censorship and protect their privacy are crucial for freedom of expression online. Today the authorities have given themselves an instrument to ban the use of VPNs and other technologies that help people to freely access information online,” said Denis Krivosheev, Deputy Director for Europe and Central Asia at Amnesty International.
A new bill, just signed into law by President Putin, requires proxies, VPNs, Tor and other anonymizing services to prohibit access to blocked domains. If these services fail to comply, they will be blocked themselves. Search engines also face sanctions for linking to banned sites.
President Vladimir Putin has signed a law that prohibits forms of technology that grant access to banned websites in Russia, effective November 1st. The ban covers services that allow people to use the internet anonymously, such as virtual private networks and proxies, and internet providers will have to block websites that host these services.
President Vladimir Putin has signed a bill that prohibits services, including virtual private networks (VPNs), that enable users to skirt government censorship efforts.
The law will take effect on November 1.
We've noted for some time that Russia has been engaged in a slow but steady assault on privacy tools like VPNs. As with most countries that have an adversarial relationship with the truth, the entire effort has been couched as necessary to protect national security and cultural morality, though the real agenda is to help prop up the country's domestic surveillance efforts and Putin's ham-fisted internet filters. This push accelerated with a new surveillance bill last year that not only mandated new encryption backdoors, but also imposed harsh new data-retention requirements on ISPs and VPN providers.
The American Civil Liberties Union of Kentucky filed a federal lawsuit Monday regarding Gov. Matt Bevin banning or blocking users from his official social media accounts.
The suit seeks a declaration that Bevin's practices are a violation of individuals' First Amendment rights. The ACLU asked for an injunction to prevent the governor from permanently blocking users on Facebook and Twitter.
A federal judge has ruled public officials can't ban the public from interacting with official social media accounts, something that obviously has implications for the recently-filed suit by Twitter users blocked by the president's account.
Brian Davison filed a pro se lawsuit against Phyllis Randall, the Chair of the Loudon County Board of Supervisors, after she banned him from her Facebook page and deleted his critical comments. The decision wasn't an easy one for the court, as Venkat Balasubramani points out. The court had to take into account several determining factors before arriving at its First Amendment violation conclusion.
The Supreme Court has yet to examine the issue of historical cell site location info(CSLI). It finally picked a case from the Sixth Circuit to review, years after the warrantless gathering of historic CSLI became a thing. So far, there's not a single court in the nation that's found historic CSLI to have an expectation of privacy. The Fourth Circuit Appeals Court briefly did, before reversing its own decision. The original decision had problems with the amount of CSLI gathered: 221 days worth. Upon further review, the court sided with the government and its Third Party Doctrine arguments.
This federal court decision from the Southern District of New York name-checks the pending SCOTUS review, but falls in line with every other decision in the federal court system. The defendant sought to suppress historic CSLI obtained without a warrant, arguing the collection of location data by cell companies is not the same thing as "voluntarily" turning these records over to a third party.
[...]
As everything stands now, it's exactly that: cellphone users are generating tons of third party records that can be obtained without a warrant. This includes real-time and near-real time tracking of people's location through tower pings or cell site simulators. For the most part, courts have been extremely hesitant to erect warrant requirements for so-called Third Party records.
This needs to change. Privacy expectations have changed. While most people are aware certain records must be generated to ensure cell service, very few agree the government should be able to track their movements without a warrant, especially over a long period of time. In this case, thirteen MONTHS of cell site location info was obtained by law enforcement, putting the 221 days in the Graham case to shame. When the courts ask themselves what is "reasonable" in terms of expectations of privacy, they need to spend more time considering how much has changed in the world of communications since 1979.
A privacy advocacy group has filed a formal legal complaint with the US Federal Trade Commission, asking the agency to begin an investigation "into Google’s in-store tracking algorithm to determine whether it adequately protects the privacy of millions of American consumers."
In the Monday filing, the Electronic Privacy Information Center (EPIC) said it is concerned with Google’s new Store Sales Management program, which debuted in May. The system allows the company to extend its online tracking capabilities into the physical world. The idea is to combine credit card and other financial data acquired from data brokers to create a singular profile as a way to illustrate to companies what goods and services are being searched for online, which result in actual in-person sales.
The question is still unsettled here in the United States: is refusing to turn over your password protected by the Fifth Amendment? The argument hasn't found many judicial supporters but at least there's a Constitutional basis for claiming the relinquishment of passwords is possibly self-incriminating. Over in Australia, the rights aren't so clearly defined. But the picture is getting clearer, thanks to legislators seeking to make it a criminal offense to withhold passwords.
The Federal Government's bid to force tech companies to reveal terrorists' secret conversations could be unachievable, according to the former deputy director of the US National Security Agency (NSA).
Chris Inglis had a 28-year career with the NSA and now advises private companies on how to detect Edward Snowden-style leakers within their ranks.
The deputy director of the United States' National Security Agency (NSA) during the Edward Snowden leaks has backed the Australian government's push to force tech giants to assist in revealing the content of some encrypted messages, saying the likes of Facebook and Apple could do more to help track terrorists and criminals.
Sources tell CyberScoop that former NSA employees have been contacted by investigators in the probe to discover how a bevy of elite computer hacking tools fell into the Shadow Brokers' possession.
[...]
One set of files leaked by the group contained tools to hack into the Windows operating system. Those tools were eventually used in the devastating international ransomware attacks known as WannaCry and NotPetya.
A judge’s porn preferences and the medication used by a German MP were among the personal data uncovered by two German researchers who acquired the “anonymous” browsing habits of more than three million German citizens.
The pair obtained huge amounts of information about the browsing habits of three million German citizens from companies that gather "clickstreams".
These are detailed records of everywhere that people go online.
The researchers argue such data - which some firms scoop up and use to target ads - should be protected.
The data is supposed to be anonymised, but analysis showed it could easily be tied to individuals.
What advancements are we making impossible today, at the society level, by creating a mass surveillance society where all laws, rules, and expectations are increasingly expected to be followed, and where the celebration of misfits are emptier words than ever before? Where privacy is no longer guaranteed, but rather prevented, by those governments which are supposed to uphold it?
Last week, Europe’s highest court issued what might seem a fairly obscure ruling on an agreement between the EU and Canada on the transfer of passenger data between the two regions. In fact, the implications of the judgment by the Court of Justice of the European Union (CJEU) are far reaching, and are likely to have a major impact on the flow of all personal data across the Atlantic.
On Uncle Sam’s dime, an outside tech company helped state investigators finally hack into the iPhone of a Miami reality TV star accused of extorting a Miami socialite over stolen sex videos.
Kentucky Governor Matt Bevin has publicly accused a local television executive of "personally" flying a drone over his stately private home in a Louisville suburb on Tuesday morning. Gov. Bevin made this accusation after seemingly accusing other local media of "flying directly over and around my home, filming my children." The entire incident appears to be related to a local property dispute.
A second appeals court has handed down a ruling on the constitutionality of the Network Investigative Technique (NIT) deployed by the FBI during its Playpen child porn investigation. The Tenth Circuit Appeals Court overturned the suppression of evidence granted by the lower court, ruling that the FBI's NIT warrant was invalid but that the agent's "good faith" reliance on the warrant prevented exclusion of the evidence.
Multiple courts have found the NIT warrant invalid. The warrant was obtained in Virginia but the search the FBI's malware performed accessed computers all over the world. Prior to the recent Rule 41 changes, warrant execution was limited to the jurisdiction it was obtained in. The Appeals Court worked around the jurisdictional limit by reasoning the NIT was sent from Virginia and returned info gathered in the same jurisdiction. It just kind of glossed over the part where computers located all over the nation were briefly infected by the NIT to obtain the information needed to pursue suspects.
More get-out-of-jail-free cards are being issued by Baltimore prosecutors—and more are likely, after Monday's disclosure of a second police body cam video that defense attorneys say shows cops manufacturing evidence.
Sounds impressive until you start digging into how that $2.7 million was amassed. It wasn't a few large seizures with definite ties to criminal activity. It was a bunch of petty, nickel-and-dime seizures where the amounts taken could easily have earned by the property's owners through completely legal means.
A Facebook group for Norwegians opposed to immigration was widely mocked after members apparently could not tell the difference between empty bus seats and burka-clad women. A user posted a photo of empty bus seats to the Facebook group Fedrelandet viktigst (roughly translated as ‘Fatherland first’) with the question “what do people think about this?”
What they thought is apparently that they were seeing a bus full of burka-clad women and proof of the ‘Islamification’ of Norway.
Member after member sounded off on how “frightening”, “tragic” and “scary” the scene was. Others decried that such a thing could happen in Norway (it didn’t) and worried that the phantom passengers could have “weapons and bombs” under their garments (they didn't because, well, there were no passengers).
The last few years have seen a boon in consumer and small-business-friendly policies coming out of Canada's telecom regulator the CRTC. Under outgoing agency head Jean-Pierre Blais, the agency bumped the definition of broadband to 50 Mbps, required that phones must now be sold unlocked in Canada, shored up the country's net neutrality rules, and took aim at the anti-competitive use of usage caps and overage fees. Not everything Blais did was a success (like their attempt to force cable TV providers to offer cheaper plans, then failing to follow through) but by and large the CRTC has been an improvement over years past.
Cable company Charter Communications said it has no interest in buying Sprint. After reports that Sprint owner SoftBank proposed a merger with Charter, the cable company said it will move forward in its plan to offer wireless service without buying the carrier.
The Federal Communications Commission has told members of Congress that it won't reveal exactly how it plans to prevent future attacks on the public comment system.
FCC Chairman Ajit Pai and Democratic lawmakers have been exchanging letters about a May 8 incident in which the public comments website was disrupted while many people were trying to file comments on Pai's plan to dismantle net neutrality rules. The FCC says it was hit by DDoS attacks. The commission hasn't revealed much about what it's doing to prevent future attacks, but it said in a letter last month that it was researching "additional solutions" to protect the comment system.
So we've talked for years about how overlong terms of service contracts that nobody reads are used to eliminate your rights in numerous ways. That includes stripping away your legal rights and forcing you to engage in binding arbitration, which results in the company-employed arbitrator ruling in their employer's favor a vast majority of the time. In fact Tim Berners-Lee, the creator of the World Wide Web, recently cited these overlong and misleading contracts as one of the biggest threats to the health and utility of his invention.
Every so often we'll see a company conduct an experiment to demonstrate the stupidity of long-normalized behavior, like the company in 2010 that got users to sign off on selling their soul. Taking a cue out of that playbook, UK WiFi hotspot operator Purple recently did something similar, burying a provision in their terms of service requiring that customers engage in 1,000 hours of menial labor if they wanted to access the internet.
Nineteen Republican lawmakers are trying to eliminate subsidies that help poor people purchase cell phone service and broadband.
The legislation filed on Friday targets Lifeline, which is a Universal Service Fund program paid for by surcharges on phone bills. If the bill passes, low-income Americans would no longer be able to use $9.25 monthly subsidies toward cellular phone service or mobile broadband. The subsidies would still be available for landline phone service.
We recently discussed how Major League Baseball had asked for an extension with the USPTO so its legal staff could decide whether it wanted to oppose a trademark application for eSport organization Overwatch League's new logo. The request was more than a little head-scratching for a variety of reasons. As we pointed out in that post, the two logos aren't particularly similar and certainty don't appear to give ground to any confusion among the public about any affiliation between the leagues.
A group of companies and individuals are attempting to register racial slurs and offensive symbols, including the N-word and the Nazi swastika, in response to a June U.S. Supreme Court decision on trademarks.
Applicants filed nine trademark requests with the U.S. Patent and Trademark Office (PTO) since the June 19 decision to negate a federal law barring discriminatory trademarks. The court ruled that the law violated free speech rights in the Constitution.
Techdirt has been covering the story of Sci-Hub, which provides unrestricted access to a massive (unauthorized) database of academic papers, for a while now. As several posts have emphasized, the decision by the publishing giant Elsevier to pursue the site through the courts is a classic example of the Streisand Effect: it has simply served to spread the word about a hitherto obscure service. There's a new paper exploring this and other aspects of Sci-Hub, currently available as a PeerJ preprint.
Fifteen state attorneys general have teamed up with a pro-Hollywood group to launch a campaign aimed at dissuading the public from visiting file sharing sites.
THE GCSB lost control of its surveillance technology and wasn't aware its systems continued spying on Kim Dotcom, according to new documents from the spy bureau.
It claimed that it turned off all surveillance systems targeting Dotcom and others but found out more than a year later that surveillance continued without its knowledge.
The details in the documents have led Dotcom to state that there is now evidence the United States' National Security Agency was carrying out surveillance on him.
The National Security Agency (NSA) illegally used technology to spy on Megaupload founder Kim Dotcom, according to new documents from New Zealand's Government Communications Security Bureau (GCSB).
The New Zealand Herald first reported that the GCSB told the nation's high court that it ceased all surveillance of Dotcom in early 2012, but that "limited" amounts of communications from Dotcom were later intercepted by its technology without the bureau's knowledge.
New Zealand’s surveillance agency says it had no idea it was still spying on Kim Dotcom for months after officially ending its operation, according to new court documents.
The internet entrepreneur says the claim is evidence of NSA involvement in illegal spying against him and his family.
A small company called hiQ is locked in a high-stakes battle over Web scraping with LinkedIn. It's a fight that could determine whether an anti-hacking law can be used to curtail the use of scraping tools across the Web.
HiQ scrapes data about thousands of employees from public LinkedIn profiles, then packages the data for sale to employers worried about their employees quitting. LinkedIn, which was acquired by Microsoft last year, sent hiQ a cease-and-desist letter warning that this scraping violated the Computer Fraud and Abuse Act, the controversial 1986 law that makes computer hacking a crime. HiQ sued, asking courts to rule that its activities did not, in fact, violate the CFAA.
James Grimmelmann, a professor at Cornell Law School, told Ars that the stakes here go well beyond the fate of one little-known company.
"Lots of businesses are built on connecting data from a lot of sources," Grimmelmann said. He argued that scraping is a key way that companies bootstrap themselves into "having the scale to do something interesting with that data." If scraping without consent becomes illegal, startups like hiQ will have a harder time getting off the ground.
When someone uses a BitTorrent client to download content, it might seem like a small and insignificant act. However, according to a law firm trying to extract payment from five alleged infringers, every single one is engaged in the largest criminal enterprise ever witnessed on planet earth, one that threatens to tear down intellectual property itself.