EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Links 12/1/2018: New *buntu ISOs. KDE Applications 17.12.1

Posted in News Roundup at 7:16 pm by Dr. Roy Schestowitz

GNOME bluefish



  • Server

    • Thinking Concurrently: How Modern Network Applications Handle Multiple Connections

      The idea behind a process is fairly simple. A running program consists of not only executing code, but also data and some context. Because the code, data and context all exist in memory, the operating system can switch from one process to another very quickly. This combination of code + data + context is known as a “process”, and it’s the basis for how Linux systems work.

      When you start your Linux box, it has a single process. That process then “forks” itself, such that two identical processes are running. The second (“child”) process reads new code, data and context (“exec”), and thus starts running a new process. This continues throughout the time that a system is running. When you execute a new program on the command line with & at the end of the line, you’re forking the shell process and then exec’ing your desired program in its place.

    • New Purist Services – Standard Web Services Done Ethically

      When you sign up for a communication service, you are typically volunteering to store your personal, unencrypted data on someone else’s remote server farm. You have no way of ensuring that your data is safe or how it is being used by the owner of the server. However, online services are incredibly convenient especially when you have multiple devices.

    • Automated compliance testing with InSpec

      Don’t equate compliance through certification with security, because compliance and security are not the same. We look at automated compliance testing with InSpec for the secure operation of enterprise IT.

    • How the Kubernetes Certification Ensures Interoperability

      Dan Kohn, executive director of the Cloud Native Computing Foundation, has called the launch of the new Kubernetes service provider certification program the most significant announcement yet made by the Foundation around the open source container orchestration engine.

      On this new episode of The New Stack Makers from KubeCon + CloudNativeCon 2017, we’ll learn more from Kohn and William Denniss, a product manager at Google, about how the program can help ensure interoperability and why that’s so important.

    • Container Structure Tests: Unit Tests for Docker Images

      Usage of containers in software applications is on the rise, and with their increasing usage in production comes a need for robust testing and validation. Containers provide great testing environments, but actually validating the structure of the containers themselves can be tricky. The Docker toolchain provides us with easy ways to interact with the container images themselves, but no real way of verifying their contents. What if we want to ensure a set of commands runs successfully inside of our container, or check that certain files are in the correct place with the correct contents, before shipping?

    • Prometheus vs. Heapster vs. Kubernetes Metrics APIs

      In this blog post, I will try to explain the relation between Prometheus, Heapster, as well as the Kubernetes metrics APIs and conclude with the recommended way how to autoscale workloads on Kubernetes.

    • Google Introduces Open Source Framework For Testing Docker Images

      Google has announced a new framework designed to help developers conduct unit tests on Docker container images.

      The Container Structure Test gives enterprises a way to verify the structure and contents of individual containers to ensure that everything is as it should be before shipping to production, the company said in the company’s Open Source blog Jan. 9.

      Google has been using the framework to test containers internally for more than a year and has released it publicly because it offers an easier way to validate the structure of Docker containers than other approaches, the company said.

  • Kernel Space

    • Systemd 237 Will Have Support For WireGuard

      The next release of systemd, v237, will introduce support for WireGuard. WireGuard as a reminder is the effort to provide a fast, modern and secure VPN tunnel that eventually plans to be part of the mainline Linux kernel.

      Systemd’s networkd component recently merged patches for supporting WireGuard that have been in the works since September 2016. From the systemd perspective it’s implementing support for the new “wireguard” interface type and supporting key management.

    • Some Of The Other Changes Slated For Linux 4.16

      There’s still a week and a half to go until the Linux 4.15.0 stable kernel release is expected and that rings in the Linux 4.16 merge window. On top of various Linux 4.16 changes already talked about, here’s a look at some of the other kernel features/additions expected for this next release cycle.

    • Linux Foundation

      • SPDX clears confusion around software licenses

        Around this time every year, our minds turn to copyright. Or maybe they turn more to copyright. After all, open source works because of copyright law. As you may already know, copyright laws give the authors of works the exclusive right to copy (among other things) their work. These rights attach as soon as the work is fixed in a tangible medium (written down, saved to disk, etc.). So the rights that open source licenses grant rely on copyright law.

        But what rights are specifically granted? That depends on which license the developer selects. Most projects use one of a few standard licenses, but they’re not always clearly communicated. For example, a project may be released under “the GNU General Public License (GPL).” But which version? And can the recipient choose a later version if they wish?

        The Software Package Data Exchange (SPDX) is a Linux Foundation project to help reduce the ambiguity of software by defining standards for reporting information. The license is one such piece of information. SPDX provides a format for listing the specific license variant and version that applies to a software package. With over 300 licenses, you’re likely to find the one you use. The License List contains a human-friendly name, a short name, and a link to the full license text. SPDX also provides guidelines for matching the text of a license file to the official text of the license.

      • The Linux Foundation announces Linux on Azure training course to speed with Linux and vice versa

        The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced on Thursday the availability of a new training course, LFS205 – Administering Linux on Azure.

        A large number of the virtual machines running in Azure are utilizing the Linux operating system. Both Linux and Azure professionals should make sure they know how to manage Linux workloads in an Azure environment as this trend is likely to continue.

      • The Linux Foundation launches ‘Administering Linux on Azure’ training course

        Linux is very much mainstream nowadays. What was once viewed as a hobby and niche project, is transforming the world. Many of the world’s servers are running Linux-based operating systems. Hell, the most popular mobile operating system on the planet, Android, is Linux-based. Even closed-source champion Microsoft is embracing Linux by integrating it into Windows 10 and offering it on its Azure platform.

      • 4 Days Left to Submit Your Proposal for Open Networking Summit NA 2018

        The call for proposals deadline is quickly approaching! With more than 2000 attendees expected at this year’s event, submit before Sunday, January 14, 2018 at 11:59pm PST to share your ideas and expertise with the open networking community.

    • Graphics Stack

      • Wayland 1.15 & Weston 4.0 Planning For Release Next Month

        Ongoing Wayland/Weston release manager Bryce Harrington of Samsung’s Open-Source Group has laid out plans for the next releases of Wayland and the reference Weston compositor.

        It’s been a half-year since the release of Wayland 1.14 and Weston 3.0, so Bryce is trying to build up interest in getting out new releases in the weeks ahead.

      • NVIDIA Contributes Some New Tegra/Nouveau Patches

        It’s not any re-clocking code or magical improvements for Nouveau’s Pascal support, but on the Tegra side a NVIDIA developer has volleyed some new open-source patches.

      • Initial Intel Ice Lake PCH Support Posted
      • The Linux Graphics Stack Gets Further Meson-ized: Now With Libdrm Support

        The work on adding optional Meson build system support to the Linux graphics stack and other key open-source projects continues…

        Going back to last September has been work for Meson-izing Mesa as an alternative build system rather than Autotools, CMake, or SCons within Mesa. It’s been delivering fast results and since the initial port landed more Mesa components have become supported by the Meson build.

      • Server-Side GLVND Updated While X.Org Server 1.20 Drags On

        Adam Jackson of Red Hat has sent out the second version of the ongoing patches for providing server-side GLVND functionality for the X.Org Server.

        Most of you faithful Phoronix readers should be familiar with GLVND, the OpenGL Vendor Neutral Dispatch Library. That’s the effort led by NVIDIA and supported by others in the ecosystem for improving the “Linux OpenGL driver ABI” by allowing for multiple OpenGL drivers to happily co-exist on the same system without fighting over libGL.so. and the like. That’s been going well but server-side GLVND for the X.Org Server takes things a step further.

    • Benchmarks

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • KDE Applications 17.12 Open Source Software Suite Gets First Point Release

        KDE Applications 17.12 is the latest and most advanced version of the open source software suite used in KDE Plasma desktop environments or independently. It was released last month on December 14 with numerous improvements and new features, including HiDPI support for Okular and Dolphin enhancements.

        Now, the KDE Applications 17.12.1 minor bugfix release is out and brings more than 20 improvements to various of the included applications like Ark, Akonadi, Dolphin, Filelight, Gwenview, KGet, K3b, Kate, Kdenlive, Kleopatra, KMix, KMahjongg, Kontact, Okteta, Okular, and Umbrello.

      • KDE Ships KDE Applications 17.12.1
      • Meet Nextcloud Talk, World’s First Self-Hosted, Encrypted Communication Platform

        Nextcloud informs Softpedia today on the general availability of Nextcloud Talk, world’s first self-hosted, enterprise-ready, and end-to-end encrypted audio/video and chat communication platform.

        Meet Nextcloud Talk, the first enterprise-ready, open-source, and end-to-end encrypted, and privacy-focused self-hosted communication technology that promises to give users full control over their data while chatting with others over the communication platform.

        Developed by Nextcloud, the biggest self-hosted and fully open source enterprise file sync and share platform, Nextcloud Talk features text chat and audio/video conferencing support, and it can be hosted on-premise, accessible from the Internet through a web browser and on your mobile device.

      • Krita 4.0 Open-Source Digital Painting Tool Enters Beta, Here’s What to Expect

        The developers of the Krita open-source and cross-platform digital painting software have released today the first beta version of the upcoming Krita 4.0 major release.

        Krita 4.0 will be the biggest update since version 3.0, and today’s first beta release gives users early access to many of its awesome new features and improvements. Right now, Krita 4.0 is in String Freeze development stage, which means that most of the major new features are already implemented.

        “We’ve officially gone into String Freeze mode now! That’s developer speak for “No New Features, Honest.” Everything that’s going into Krita 4.0 now is in, and the only thing left to do is fixing bugs and refining stuff,” reads today’s announcement.

      • This week in Usability and Productivity

        These improvements were landed by KDE Developers Kai Uwe Broulik, Albert Astals Cid, Aleix Pol, Michael Heidelbach, and myself. And that’s not all; the entire KDE community has been busy landing many more bugfixes and features too–more than I can keep track of!

        I want to especially focus on the last Discover change I mentioned above. After my last post about Discover, we got a lot of user feedback that people wanted greater density and to be able to see more apps at once.

      • New Stable Release: Krita 3.3.3

        Today we’re releasing Krita 3.3.3. This will probably be the last stable release in the Krita 3 series.

    • GNOME Desktop/GTK

      • GTK’s Vulkan Renderer Will Now Let You Pick The GPU For Rendering

        One of the features exciting us the most about GTK4 is the Vulkan renderer that will make its premiere. This Vulkan renderer continues getting worked into shape for GTK+ 4.0.

        The most recent addition to this Vulkan renderer is a means to allow specifying a device (GPU) to use for rendering, in the event of having multiple Vulkan graphics processors on the same system.

  • Distributions

    • Top 3 Linux Distributions That ‘Just Work’

      Twenty years ago, when I first started using Linux, finding a distribution that worked, out of the box, was an impossible feat. Not only did the installation take some serious mental acuity, configuring the software and getting connected to the Internet was often a challenge users were reluctant to attempt.

      Today, things are quite different. Linux now offers distributions that anyone can use, right out of the box. But, even among those distros that “just work,” some rise to the top to stand as the best in breed. These particular flavors of Linux are perfect for users hoping to migrate away from Windows or mac OS and who don’t want to spend hours getting up to speed on how the platform works, or (more importantly) making the system perform as expected.

      Read more

    • OpenSUSE/SUSE

      • openSUSE Tumbleweed Now Patched Against Meltdown/Spectre, Adopts LibreOffice 6.0

        openSUSE Project reports today through Douglas DeMaio that the openSUSE Tumbleweed software repositories have been flooded this week by four new snapshots that brought updated components and other improvements.

        According to the developer, much of the efforts of the openSUSE Tumbleweed’s maintainers were focused this week on patching the recently unearthed Meltdown and Spectre security vulnerabilities that put billions of devices at risk of attacks by allowing unprivileged attackers to steal your sensitive data from memory.

    • Red Hat Family

      • Top predictions for 2018 point toward security and innovation

        When thinking about future trends, it’s important to have a strong understanding of the important innovations impacting most sectors, and pair that understanding with an intuition around what impacts those innovations will have to most organizations in 2018.

        Innovation is crucial to federal agencies, but is muted when security becomes a factor. When it comes to impactful trends in the new year, it’s all about three things: security, security, security. Despite the fact that a Ponemon Institute study recently showed that the global average cost of a data breach is down 10 percent over previous years to $3.62 million, according CSO, the average size of a data breach increased nearly two percent. This stat signifies that security will continue to be a top concern for 2018, just as it was in 2017, and will be in 2019.

      • How inner sourcing saved our IT department

        Red Hat is a company with roughly 11,000 employees. The IT department consists of roughly 500 members. Though it makes up just a fraction of the entire organization, the IT department is still sufficiently staffed to have many application service, infrastructure, and operational teams within it. Our purpose is “to enable Red Hatters in all functions to be effective, productive, innovative, and collaborative, so that they feel they can make a difference,”—and, more specifically, to do that by providing technologies and related services in a fashion that is as open as possible.

        Being open like this takes time, attention, and effort. While we always strive to be as open as possible, it can be difficult. For a variety of reasons, we don’t always succeed.

      • Finance

      • Fedora

        • Copr Modularity in retrospect

          his article is about the journey that we made since the Fedora modularity project started and we decided to get involved and provide modularity features in Copr. It has been a long and difficult road and we are still not on its end because the whole modularity project is a living organism that is still evolving and changing. Though, we are happy to be part of it.

        • 10 Fedora Women Days across the world

          Different topics were covered during the events, not only for people already familiar with our community but especially for newcomers intrigued by the open source world and willing to join the Fedora Project. This year we presented in Guwahati, Bangalore, Tirana, Managua, Cusco, Puno, Pune, Lima, Brno and Prishtina, spreading the word about Fedora and saying thank you to all the women contributors to our project.

          Even though the events were dedicated to women, everyone of all identities were welcomed to participate or give a talk. We are glad to see how much interest there was in these events in different local communities and how successful they were, making the decision easier for us to organize them again next year.

        • The Fedora 28 Wallpaper Contest is Open for Entries

          If you’re in any way creative, and want to give something back to the Linux community, here’s your chance!

          Fedora is on the hunt for a new set of desktop wallpapers sourced from the open source community.

          The distro invites open source enthusiasts to submit their very best photographs and illustrations for possible inclusion in the add-on wallpaper pack for its next major release, Fedora 28.

        • Submit Wallpaper for Fedora 28 Supplemental Wallpaper!
        • My FLOSS​ Year in Review

          Thanks to the Fedora Project, GNOME, BacktrackAcademy and the Linux Foundation, I was able to organize FLOSS events mostly in Lima, Peru. Besides that, I did a voluntary work as speaker in FLOSS workshops and IT conference in other parts of the world, being interviewed to reach more newcomers into the challenging Linux world, and do online training.

    • Debian Family

      • Freexian’s report about Debian Long Term Support, December 2017
      • Debian/TeX Live 2017.20180110-1 – the big rework

        In short succession a new release of TeX Live for Debian – what could that bring? While there are not a lot of new and updated packages, there is a lot of restructuring of the packages in Debian, mostly trying to placate the voices that the TeX Live packages are getting bigger and bigger and bigger (which is true). In this release we have introduce two measures to allow for smaller installations: optional font package dependencies and downgrade of the -doc packages to suggests.

      • Derivatives

        • Canonical/Ubuntu

          • Ubuntu 17.10 “Artful Aardvark” Respin ISOs Are Now Available to Download

            Several users reported last month broken BIOSes on their Lenovo, Acer, and Toshiba laptops due to a bug in the Ubuntu 17.10 installation images that won’t allow them to access their BIOS settings. The BIOS could be bricked even if the user ran the Ubuntu 17.10 image in live mode, without installing the OS.

            Canonical was quick to temporarily disable access to Ubuntu 17.10 downloads from their ubuntu.com website warning people about the issue. A workaround and a fix for existing users were available shortly after that, as they had to update the kernel packages in Ubuntu 17.10 to disable the intel-spi driver at boot time.

          • Flavours and Variants

            • Linspire 8.0 and Freespire 4.0 Slated for Release in mid-December 2018

              If you think the release of Linspire 7.0 and Freespire 3.0 were just a one-off, think again because we’re now in possession of the release roadmap for both operating systems, and it looks like we should be able to get our hands on the next major releases at the end of the year. But, in the meanwhile, we’ll be able to test a lot of the beta versions for both Freespire 4.0 and Linspire 8.0, as well as to enjoy new incremental versions of current releases.

              “Today we are releasing the release schedule and roadmap for Linspire and Freespire. These dates are not set in stone and there may be some alterations due to holidays and development mishaps. While the Freespire beta’s will be available publicly the Linspire beta’s will be available to subscription holders and insiders,” says Roberto J. Dohnert in today’s announcement.

  • Devices/Embedded

Free Software/Open Source

  • 7 Open-Source Serverless Frameworks Providing Functions as a Service

    With virtualization, organizations began to realize greater utilization from physical hardware. That trend continued with the cloud, as organization began to get their virtual machines in a pay-as-you-go service.

  • Deep learning wars: Is Facebook-backed PyTorch an answer to Google’s TensorFlow?

    The rapid rise of tools and techniques in Artificial Intelligence and Machine learning of late has been astounding. Deep Learning, or “Machine learning on steroids” as some say, is one area where data scientists and machine learning experts are spoilt for choice in terms of the libraries and frameworks available. A lot of these frameworks are Python-based, as Python is a more general-purpose and a relatively easier language to work with. Keras, Theano, TensorFlow are a few of the popular deep learning libraries built on Python, developed with an aim to make the life of machine learning experts easier.

  • Events

    • Libre in Las Vegas

      It’s no secret that Aleph Objects, by design, does not have trade secrets. As the makers of the LulzBot brand of 3D printers, our industry-leading transparency is born out of a passion for free software, libre innovation, and open source hardware.

      Every software tool we use to make our certified open source hardware is free software. Libre innovation encourages this kind of fanatical transparency, freeing us to share not only our bill of materials and internal assembly documentation, but even things like our research projects on our public development server. We confidently share everything that goes into our products—and more importantly, it lets us show you how they’re made and how to get involved.

    • Ceph Day Germany 2018

      I’m glad to annouce that there will be a Ceph Day on the 7th of February 2018 in Darmstadt. Deutsche Telekom will host the event. The day will start at 08:30 with registration and end around 17:45 with an one hour networking reception.
      We have already several very interesting presentations from SUSE, SAP, CERN, 42.com, Deutsche Telekom AG and Red Hat on the agenda and more to come. If you have an interesting 15-45 min presentation about Ceph, please contact me to discuss if we can add it to the agenda. Presentation language should be German or English.

  • Web Browsers

    • Mozilla

      • Top 5 Firefox extensions to install now

        The web browser has become a critical component of the computing experience for many users. Modern browsers have evolved into powerful and extensible platforms. As part of this, extensions can add or modify their functionality. Extensions for Firefox are built using the WebExtensions API, a cross-browser development system.

        Which extensions should you install? Generally, that decision comes down to how you use your browser, your views on privacy, how much you trust extension developers, and other personal preferences.

      • Not every bit of code you write needs to be optimal

        It’s easy to fall into the trap of obsessing about performance and try to micro-optimize every little detail in the code you’re writing. Or reviewing for that matter. Most of the time, this just adds complexity and is a waste of effort.

        If a piece of code only runs a few (or even a few hundred) times a second, a few nanoseconds per invocation won’t make a significant difference. Chances are the performance wins you’ll gain by micro optimizing such code won’t show up on a profile.

      • Making tab switching faster in Firefox with tab warming

        Since working on the Electrolysis team (and having transitioned to working on various performance initiatives), I’ve been working on making tab operations feel faster in Firefox. For example, I wrote a few months back about a technique we used to make tab closing faster.

        Today, I’m writing to talk about how we’re trying to make tab switching feel faster in some cases.

      • Firefox 60 Is The Next ESR Release, Introducing Policy Engine

        For those sticking to Firefox Extended Support Releases, the Firefox 60 branch will be the next ESR version.

        Firefox 60 will be an ESR release and the plan is to have the ESR 60.0 release out on 8 May, the Firefox 60.1 ESR release on 3 July, and to end Firefox 52 ESR on 28 August when releasing Firefox 60.2.

  • Pseudo-Open Source (Openwashing)

    • #AWChat: How Prebid.org & Open Source Will Shape the Ad Tech Landscape

      Some wrapper solutions are built on open source technology, while others are proprietary. Today, we are here to talk about Prebid, the leading open source solution that enables publishers to quickly implement header bidding.

    • 20 years on, open source hasn’t changed the world as promised

      Open source has officially been a thing for 20 years now. Did anyone notice?

      No, really. For something as revolutionary as open source, you’d think it would have changed the way all software is developed, sold, and distributed. Unfortunately for those party planners looking to celebrate the 20-year anniversary of open source, it hasn’t—changed software, that is. For most developers, most of the time, software remains stubbornly proprietary.

  • BSD

  • Openness/Sharing/Collaboration

  • Programming/Development

    • Exploring Node.js with Mark Hinkle, Executive Director of the Node.js Foundation

      Even though JavaScript has been around for more than 20 years, it’s becoming the first-class citizen for developing enterprise applications. There is a huge developer community behind this technology.

      What makes things even more interesting is that, with Node.js, JavaScript can run on server, so developers can write applications that run end-to-end in JavaScript. Node.js is very well suited for service applications because server applications are increasingly becoming single function event-driven microservices.

    • As Go 2.0 Nears, AWS Launches Developer Preview of Go SDK 2.0
    • PackageKit-Qt Updated With Qt5 Port, Offline Updates & Performance Improvement

      The PackageKit-Qt project that provides Qt bindings for PackageKit has simultaneously released versions v0.10 and v1.0.

    • PackageKitQt 1.0.0 and 0.10.0 released!

      PackageKitQt is a Qt Library to interface with PackageKit

      It’s been a while that I don’t do a proper PackageKitQt release, mostly because I’m focusing on other projects, but PackageKit API itself isn’t evolving as fast as it was, so updating stuff is quite easy.

    • GitHub Knows

      I was reflecting the other day how useful it would be if GitHub, in addition to the lists it has now like Trending and Explore, could also provide me a better view into which projects a) need help; and more, b) can accept that help when it arrives. Lots of people responded, and I don’t think I’m alone in wanting better ways to find things in GitHub.

      Lots of GitHub users might not care about this, since you work on what you work on already, and finding even more work to do is the last thing on your mind. For me, my interest stems from the fact that I constantly need to find good projects, bugs, and communities for undergrads wanting to learn how to do open source, since this is what I teach. Doing it well is an unsolved problem, since what works for one set of students automatically disqualifies the next set: you can’t repeat your success, since closed bugs (hopefully!) don’t re-open.

      And because I write about this stuff, I hear from lots of students that I don’t teach, students from all over the world who, like my own, are struggling to find a way in, a foothold, a path to get started. It’s a hard problem, made harder by the size of the group we’re discussing. GitHub’s published numbers from 2017 indicate that there are over 500K students using its services, and those are just the ones who have self-identified as such–I’m sure it’s much higher.


  • Shareholder Groups Say Apple Should Do More To Address Gadget ‘Addiction’ Among Young People: Should It?

    In an open letter to Apple, two of its major shareholders, Jana Partners and the California State Teachers’ Retirement System, have raised concerns about research that suggests young people are becoming “addicted” to high-tech devices like the iPhone and iPad, and the software that runs on them. It asks the company to take a number of measures to tackle the problem, such as carrying out more research in the area, and providing more tools and education for parents to help them deal with the issue.

  • Security

    • [Ubuntu] Meltdown and Spectre Status Update

      On Tuesday, January 9, 2018 we released Ubuntu kernel updates for mitigation of CVE-2017-5754 (aka Meltdown / Variant 3) for the x86-64 architecture.

    • Lubuntu 17.10.1 (Artful Aardvark) released!

      Lubuntu 17.10.1 has been released to fix a major problem affecting many Lenovo laptops that causes the computer to have BIOS problems after installing. You can find more details about this problem here.

      Please note that the Meltdown and Spectre vulnerabilities have not been fixed in this ISO, so we advise that if you install this ISO, update directly after.

      This release is no different in terms of features from the 17.10 release, and is comparable to an LTS point release in that all updates since the 17.10 release have been rolled into this ISO. You can find the initial announcement here.

    • Check Linux for Spectre or Meltdown vulnerability

      Devices running Linux are affected by Spectre and Meltdown vulnerabilities as much as their Windows counterparts.

      Development teams work on updated kernels for the various distributions, and users need to update browsers and other software to protect data against potential attacks.

      We talked about identifying whether your Windows PC or web browser is vulnerable already. A recently published script does the same for Linux systems. You may use it to check whether your Linux distribution is vulnerable.

    • Meltdown Patch Is Causing Problems for Some Ubuntu Linux Users

      Many Ubuntu Linux users who installed the latest kernel updates to fix the Meltdown CPU vulnerability found themselves stuck in a boot loop and had to revert back to a previous version.

      The problem affected mostly Ubuntu 16.04 (Xenial Xerus), which is a long-term support (LTS) release. Soon after the 4.4.0-108 kernel update was released to fix the Meltdown vulnerability, users flooded the Ubuntu Forums and bug tracker to report booting problems.

    • Meltdown Update Kernel doesnt boot
    • Major Linux distros have Meltdown patches, but that’s only part of the fix

      The Intel Meltdown security problem is the pain that just keeps hurting. Still, there is some good news. Ubuntu and Debian Linux have patched their distributions. The bad news? It’s becoming clearer than ever that fixing Meltdown causes significant performance problems. Worst still, many older servers and appliances are running insecure, unpatchable Linux distributions.

    • How Much Slower Will My PC Become After Meltdown And Spectre Patches?
    • Intel’s Microcode Update for Spectre Exploit Is Now Available in Ubuntu’s Repos

      Canonical announced a few moments ago that Intel’s latest microcode update for the Spectre security vulnerability is now available from the software repositories of all supported Ubuntu Linux releases.

      After releasing earlier this week new kernel updates to mitigate the Meltdown and Spectre security exploits that put billions of devices at risk of attacks by allowing a local, unprivileged attacker to obtain sensitive information from kernel memory, Canonical now released the updated microcode from Intel for supported Intel CPUs.

    • Cisco can now sniff out malware inside encrypted traffic

      Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic.

      Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service – now known as Encrypted Traffic Analytics (ETA) – available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V.

      Those devices can’t do the job alone: users need to sign up for Cisco’s StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

    • MacOS High Sierra security bug lets you unlock App Store System Preferences with any random password

      According to the bug report, users can simply open System Preferences, go to App Store settings and check the padlock icon. If it is unlocked, lock it and then try unlocking it using your username and any password.

    • Intel tells select customers not to use its bug fixes

      Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.

    • Canonical reissues Meltdown and Spectre patches for Ubuntu after borkage
    • A Step in the Right Direction: House Passes the Cyber Vulnerability Disclosure Reporting Act

      The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.

      H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities. Specifically, the mandated report would comprise two parts. First, a “description of the policies and procedures developed [by DHS] for coordinating cyber vulnerability disclosures,” or in other words, how the government reports flaws in computer hardware and software to the developers. And second, a possibly classified “annex” containing descriptions of specific instances where these policies were used to disclose vulnerabilities in the previous year, leading to mitigation of the vulnerabilities by private actors.

      Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities. To date, such evidence has been exceedingly sparse; for instance, Apple received its first ever vulnerability report from the U.S. government in 2016. Assuming the report and annex work as intended, the public’s confidence in the government’s ability to “play defense” may actually increase.

    • FBI Says Device Encryption Is ‘Evil’ And A Threat To Public Safety

      The FBI continues its anti-encryption push. It’s now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn’t taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he’s no longer the only FBI employee willing to speak up on the issue.

      Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.

    • Canonical Says It’ll Release New Ubuntu Kernels to Further Mitigate Spectre Bugs

      Canonical’s Dean Henrichsmeyer published today an update on the Ubuntu patches for the Meltdown and Spectre security vulnerabilities and what they plan on doing next to mitigate these critical bugs.

      By now, most of you have probably updated your Ubuntu Linux computers to the new kernel versions Canonical released earlier this week, as well as the new Nvidia proprietary graphics driver and Firefox web browser, both including patches to mitigate the Meltdown and Spectre exploits affecting billions of devices powered by modern processors from Intel, AMD, and ARM.

    • Security updates for Friday
    • AMD processors: Not as safe as you might have thought

      In a posting. Mark Papermaster, AMD’s CTO, admitted Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors. But, Papermaster wrote, “We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.”

    • AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2

      Last week in light of the Spectre disclosure. AMD believed they were at “near zero risk” to Variant Two / Branch Target Injection. But now the company confirmed last night that’s not the case: they are at least potentially vulnerable.

    • AMD Confirms Its Chips Are Affected By Spectre Flaw, Starts Pushing Security Patches
    • Intel Releases Linux CPU Microcodes To fix Meltdown & Spectre Bugs

      On January 8th Intel released new Linux Processor microcode data files that can be used to mitigate the Spectre and and Meltdown vulnerabilities in Intel CPUs. Using microcode files, an operating system can fix known bugs in Intel CPU without having to perform a BIOS update on the computer.

    • Power Systems And The Spectre And Meltdown Threats

      Speculative execution is something that has been part of modern processors for well over a decade, and while it is hard to quantify how much of a performance benefit this collection of techniques have delivered, it is obviously significant enough that all CPUs, including IBM Power and System z chips, have them. And that, as the new Spectre and Meltdown security holes that were announced by Google on January 3 show, turns out to be a big problem.

      Without getting too deep into the technical details, there are many different ways to implement speculative execution, which is used to keep the many instruction pipelines and layers of cache in a processor busy doing what is hoped will be useful work. So much of what a computer does is an IF-THEN-ELSE kind of branch, and being able to pre-calculate the answers to multiple possible branches in an instruction stream is more efficient than following each path independently and calculating the answers in series. The speculative part of the execution involves using statistics to analyze patterns in data and instructions underneath an application and guessing which branches and data will be needed. If you guess right a lot of the time, then the CPU does a lot more work than it might otherwise. There are no modern processors (except for the PowerPC A2 chips used in the BlueGene/Q supercomputers from IBM) that we can find that don’t have speculative execution in some form or another, and there is no easy way to quantify how much of a performance boost it gives.

    • Blender 3D open source platform plagued with arbitrary code vulnerabilities

      Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

    • Technologies That Secure the Home, WiFi and More Debut at CES 2018
    • What is the Future of Wi-Fi?
    • Spectre and Meltdown Attacks Against Microprocessors

      This is bad, but expect it more and more. Several trends are converging in a way that makes our current system of patching security vulnerabilities harder to implement.

    • Four Tips for a More Secure Website

      Security is a hot topic in web development with great reason. Every few months a major website is cracked and millions of user records are leaked. Many times the cause of a breach is from a simple vulnerability that has been overlooked. Here are a few tips to give you a quick overview of standard techniques for making your websites more secure. Note: I do not guarantee a secure website if you follow these suggestions, there are many facets to security that I don’t even touch in this article. This write-up is for increasing awareness about techniques used to correct some common vulnerabilities that appear in web applications.

    • What is DevSecOps? Developing more secure applications

      The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.

  • Transparency/Investigative Reporting

  • Finance

    • JioCoin: Reliance Jio Planning To Launch Its Own Cryptocurrency

      On one hand, the investment in cryptocurrencies is coming under the radar of Indian government, India’s largest corporate conglomerate is planning to launch its own cryptocurrency named JioCoin in the near future.

      As per a report from Livemint, the JioCoin project is being led by Mukesh Ambani’s elder son Akash Ambani. The company is planning to build a 50-member team of young employees to work on the blockchain technology.

    • Reliance Jio planning its own cryptocurrency called JioCoin

      After disrupting the telecom sector with its free offers and hyper-competitive tariffs, Reliance Jio Infocomm Ltd plans to create its own cyptocurrency, JioCoin.

      With Mukesh Ambani’s elder son Akash Ambani leading the JioCoin project, Reliance Jio plans to build a 50-member team of young professionals to work on blockchain technology, which can also be used to develop applications such as smart contracts and supply chain management logistics.

    • Jeff Bezos Wealthiest Person Ever, Net Worth Over $105B

      Jeff Bezos, the founder and CEO of e-commerce giant Amazon, is now the richest person on Earth, with a net worth of around $105 billion. This is on the back of a sharp increase in his fortunes throughout the first week or so of 2018, to the tune of about $6 billion. Amazon shares rose about 6.6% because of the shopping service managing to net about 89% of the holiday spending among top retailers who see spikes in spending during the season. It should be noted that Bezos’ high net worth is not solely due to his position with Amazon; he also controls the Washington Post and Blue Origin, a somewhat secretive space startup.

  • AstroTurf/Lobbying/Politics

    • Senate report challenges quality of Facebook, Twitter investigations of Russia’s Brexit influence
    • Trump Administration Waives Punishment For Convicted Banks, Including Deutsche — Which Trump Owes Millions

      The waivers were issued in a little-noticed announcement published in the Federal Register during the Christmas holiday week. They come less than two years after then-candidate Trump promised “I’m not going to let Wall Street get away with murder.”


      All of these interactions with the Trump administration and the federal government are transpiring as Deutsche serves as a key creditor for the president’s businesses.

    • Pelosi: ‘Five white guys’ leading DACA talks should open a ‘hamburger stand’

      Minority Leader Nancy Pelosi complained Thursday that immigration negotiations are being led by “five white guys” — and was quickly rebuked by her No. 2, Minority Whip Steny Hoyer, himself one of those white guys involved in the talks.

      “The five white guys I call them, you know,” Pelosi said at her weekly news conference. “Are they going to open a hamburger stand next or what?” Pelosi said, complaining that minority members of Congress were not involved in deciding the fate of Dreamers.

    • UN calls Donald Trump’s s***hole immigrants comments ‘racist’
    • Trump Lawyer Arranged $130,000 Payment for Adult-Film Star’s Silence

      A lawyer for President Donald Trump arranged a $130,000 payment to a former adult-film star a month before the 2016 election as part of an agreement that precluded her from publicly discussing an alleged sexual encounter with Mr. Trump, according to people familiar with the matter.

      Michael Cohen, who spent nearly a decade as a top attorney at the Trump Organization, arranged payment to the woman, Stephanie Clifford, in October 2016 after her lawyer negotiated the nondisclosure agreement with Mr. Cohen, these people said.

      Ms. Clifford, whose stage name is Stormy Daniels, has privately alleged the encounter with Mr. Trump took place after they met at a July 2006 celebrity golf tournament in Lake Tahoe, these people said. Mr. Trump married Melania Trump in 2005.

      Mr. Trump faced other allegations during his campaign of inappropriate behavior with women, and vehemently denied them. In this matter, there is no allegation of a nonconsensual interaction.

  • Censorship/Free Speech

  • Privacy/Surveillance

  • Civil Rights/Policing

    • Uber’s Secret Tool for Keeping the Cops in the Dark

      When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.

      Most tech companies don’t expect police to regularly raid their offices, but Uber isn’t most companies.

    • Coverage of Iran Protests Illustrated With Protests Not in Iran––Organized by Fringe Cultists

      Casually throwing around MEK images to represent unrest in Iran is the worst combination of insulting and sloppy. It would be like a Chinese outlet, in 2012, using images of a Westboro Baptist Church protest in a story about Occupy Wall Street, because both opposed the US government. The exact ideology of those protesting in Iran isn’t 100 percent clear—they seem to represent a mix of groups and grievances—but MEK has virtually zero support in Iran itself, having been disowned by the Green Movement (the last major protest movement in Iran) in 2009, and is widely loathed for working with Israeli intelligence and fighting alongside the Iraqi army in Iran’s decade-long war against Saddam in the 1980s that killed a half-million Iranians. The MEK has carried out several bomb attacks in Iran, and was even officially listed by the US State Department as a foreign terrorist organization for 16 years, until it was removed by then-Secretary of State Hillary Clinton in 2012, after a years-long lobbying effort by pro-regime change forces within the US.

      The only major media faction that even pretends the MEK has any legitimacy within Iran is the Murdoch group, which routinely runs MEK’s blatant disinformation (Fox News, 1/1/18) and pro-regime change op-eds (Wall Street Journal, 1/8/18).

    • Jacksonville City Council President and Local Public Defender Call for Suspension of Pedestrian Ticket Writing

      The Jacksonville City Council president and other local lawmakers have called for suspending the issuing of pedestrian tickets in the wake of a state attorney’s office bulletin, the substance of which suggests that hundreds of tickets had been issued in error in recent years.

      Jacksonville Assistant State Attorney Andrew Kantor on Tuesday issued a bulletin to the Jacksonville Sheriff’s Office detailing the proper enforcement of Florida’s pedestrian statutes — a document that supports a recent Times-Union/ProPublica analysis showing police have been issuing certain crosswalk violations in error, ticketing hundreds of pedestrians for failing to cross at formal intersections even when no such option was readily available.

      “I’d like to make sure that we are enforcing the laws appropriately,” City Council President Anna Brosche said shortly after being made aware of the state attorney’s bulletin. “I do support a pause to make sure that everything is being enforced that should be.”

    • FTC Takes Down Another Revenge Porn Site

      There ought to be a law, say many people opposed to revenge porn. And so they craft laws with an eye on prosecution but not so much on the First Amendment, tending to treat collateral damage as acceptable so long as revenge porn site operators are criminally charged. But the proposed laws are more than bad, they’re extraneous. Existing laws are still taking down revenge porn purveyors, as we’ve covered previously at this site.

      The FTC has taken down another revenge porn site and secured a judgment against one of its operations, all without having to having to hack away at protected speech or undermine Section 230 immunity. MyEx.com — a site “dedicated solely to revenge porn” — has been targeted in an FTC complaint.


      Paid removals were handled in a similarly shady fashion. The site’s operators made those seeking content removal wire money to someone named “Shelly Mae Garcia” who supposedly lived in the Philippines. Those who refused to pay the extortion were invited to send snail mail to the fake address in the Netherlands.


      This revenge porn operation is effectively dead. The nonconsensual part of the operation is blocked by the FTC judgment and the inability to charge removal fees pretty eliminates the most profitable revenue stream. It’s unclear what the future holds for Neil Infante, but it appears the Republican Senate race in Ohio (Infante’s home state) is suddenly in need of a new frontrunner. Perhaps FTC judgment recipient and former revenge porn site operator Craig Brittain could send his colleague a few ideas on to how to MAGA the hell out of the nation as a Senate race bottom-feeder.

  • Internet Policy/Net Neutrality

    • Why Are The People Who Whined About Wheeler’s Net Neutrality Rules Being ’400 Pages’ Silent About Pai’s Being ’539 Pages’

      Yes, as Wendy’s repetition was designed to point out, over and over again, those old rules simply must be extra burdensome, because it’s 400 pages and over 1700 footnotes. Of course, that’s bullshit, and Wendy knows its bullshit — but he wanted to misrepresent the rules and make them seem like a giant regulatory burden. The actual rules were just 8 pages. There were 392 other pages of legally required information including discussions of the various public comments and the various statements from the Commissioners, including lengthy dissent statements from the disagreeing commissioners. In the Wheeler ruling, Ajit Pai’s dissent took up 64 pages and Michael O’Rielly’s was another 15 pages. Yet, somehow, Wendy and others didn’t bother letting people know that 89 pages of the 400 pages were explaining why the rules were (apparently) bad.

      When the draft rules came out, at 210 pages, I wondered why Wendy and others were suddenly silent on the page length.

      Last week, as you may have heard, Pai’s actual final rules were released… and the full document weighs in at 539 pages. Again, those are not the actual rules. Those are just the rules, the legally required (and very detailed) explanation of the rules and all the Commissioners’ statements. And guess who’s suddenly angry about people misrepresenting why the new document is so long?

    • FCC delays review of Sinclair’s purchase of Tribune

      The Federal Communications Commission (FCC) is again delaying its review of Sinclair Broadcast Group’s acquisition of Tribune Media.

    • After Being AWOL From The Fight For Years, Google & Facebook To Fund Lawsuits Over Net Neutrality

      To be clear, that’s a good thing. These upcoming lawsuits, which will focus on the FCC’s blatant disregard for objective data and public interest, are going to need all the help they can get. Said suits will focus extensively on how Ajit Pai and the FCC ignored the nation’s startups, the people who built the internet, and any and all objective data as it rushed to give a sloppy, wet kiss to the nation’s entrenched telecom monopolies.

      That said, several IA member companies’ dedication to net neutrality has been anything but consistent. Google, while often touted as a “net neutrality advocate,” hasn’t truly supported the concept since 2009 or so. As the company pushed into fixed (Google Fiber) and wireless (Project Fi, Android) broadband, its interest in rules that truly protected consumers from duopoly market abuse in the sector magically disappeared. And Google worked with AT&T and Verizon to help craft FCC net neutrality protections in 2010 that were so packed with loopholes as to be largely useless (they didn’t even cover wireless networks).

      Other IA members like Facebook have actively worked to undermine net neutrality overseas as they attempt to corner the ad market in developing nations. Facebook received ample criticism for its behavior in India specifically, when the company tried to trick citizens into supporting Facebook’s push for a zero-rated walled garden platform dubbed “Free Basics.” India ultimately banned such zero rating efforts under its own net neutrality rules, supporting Mozilla’s position that if Facebook is so concerned about the Indian poor, it should help fund access to the entire internet — and not just a Facebook-curated walled garden.

  • Intellectual Monopolies

    • Trademarks

      • JPO Invalidates The Word Mark “Bord’or” In Relation To Bordeaux Wines

        In a decision in an invalidation trial jointly claimed by INSTITUT NATIONAL DE L’ORIGINE ET DE LA QUALITE and CONSEIL INTERPROFESSIONNEL DU VIN DE BORDEAUX, the Invalidation Board of Japan Patent Office (JPO) ordered the invalidation of trademark registration no. 5737079 for a word mark “Bord’or” in script fonts (see below) in violation of Article 4(1)(vii) of the Trademark Law.

      • Appeals Court OKs F-Bombs For Federal Trademark Protection

        The Supreme Court’s decision in The Slants’ trademark case is already beginning to pay off for trademark seekers whose applications were determined to be a bit too racy for the Trademark Office’s (subjective) taste. Section 1052(a) of the US Code used to forbid the registration of trademarks that “disparaged” other persons or groups or anything the USPTO found to be “immoral or scandalous.”

        That’s all gone now, thanks to the Supreme Court, which found this restriction to registrations unconstitutional. The Supreme Court struck down the language limiting “disparaging” trademark registrations. The Federal Circuit Court of Appeals has just struck down the remaining limiting language (“immoral or scandalous”), allowing clothing brand FUCT to finally secure federal trademark protection.

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts