Bonum Certa Men Certa

Links 12/7/2018: Mesa 18.1.4 RC, Curl 7.61.0





GNOME bluefish

Contents





GNU/Linux



  • Desktop



    • Top 10 Reasons Why Desktop Linux Failed
      1) Linux isn't pre-installed - No matter how much we may debate it, having Windows pre-installed on PCs means that's what people are likely to end up using. In order for someone to move over to Linux on the desktop, there must be a clear reason to do so. There is the problem. The only time I've personally seen users make the switch over to Linux from Windows comes down to frustration with Windows or a desire to advance their skills into an IT field.

      My own Linux story, for example, was a mixture of the two examples above. First off, I was just done with Windows. I had already been dabbling with Linux at the time I completely switched, but I become disenfranchised with the Microsoft way of doing things. So for me, the switch to Linux was based out of frustration.

      Had I not experienced any frustrations with Windows, I might not have ever thought to jump ship over to an alternative. Even when I built my own PCs myself, the OS offered at computer stores was Windows only. This is a huge hurdle for Linux adoption on the desktop.

      2) Linux freedom vs convenience - It's been my experience that people expect a user experience that's consistent and convenience. How one defines this depends on the individual user. For some, it's a matter of familiarity or perceived dependability. For more advanced PC users, a consistent convenience may mean a preferred workflow or specific applications.

      The greater takeaway is that when people are aware of other operating systems, they will usually stick with that they've used the longest. This presents a problem when getting people to try Linux. When using a desktop platform for a long time, you develop habits and expectations that don't lend themselves well to change.




  • Server



  • Audiocasts/Shows





  • Kernel Space



    • Linux Kernel Port Revised To China's C-SKY CPU Architecture
      In addition to the AMD-licensed Chengdu Haiguang x86 server processors and Zhaoxin x86-compatible CPUs from VIA Centaur lineage, another CPU effort within China has been C-SKY.

      C-SKY is a 32-bit embedded CPU core out of Hangzhou, China. C-SKY is working on RISC-V designs too, but this current C-SKY embedded processor appears to be an original CPU design. Back in March they posted the original C-SKY Linux kernel patches while this past week they sent out a revised version.


    • Another Big Pull Of Intel DRM Updates Submitted For Linux 4.19
      One month ago Intel was quick following the Linux 4.18 merge material to begin sending in new feature work for Linux 4.19 by means of the DRM-Next repository. They've already done a few rounds of updates while now another serving of Direct Rendering Manager patches were served up.

      Sent out on Tuesday is likely their last "big pull" targeting the Linux 4.19 kernel, but Intel developer Rodrigo Vivi commented that another one or two smaller pulls are still expected in the days or week ahead to DRM-Next for 4.19.


    • Xen Hypervisor 4.11 Released, New Browsh Text-Based Browser, Finney Cryptocurrency Phone, GNOME Hiring and More
      The Xen Hypervisor 4.11 was released yesterday. In this release "PVH Dom0 support is now available as experimental feature and support for running unmodified PV guests in a PVH Container has been added. In addition, significant chunks of the ARM port have been rewritten." Xen 4.11 also contains mitigations for Meltdown and Spectre vulnerabilities. For detailed download and build instructions, go here.


    • Oracle wants to improve Linux load balancing and failover
      Oracle reckons Linux remote direct memory access (RDMA) implementations need features like high availability and load balancing, and hopes to sling code into the kernel to do exactly that.

      The problem, as Oracle Linux kernel developer Sudhakar Dindukurti explained in this post, is that performance and security considerations mean RDMA adapters tie hardware to a “specific port and path”.

      A standard network interface card, on the other hand, can choose which netdev (network device) to use to send a packet. Failover and load balancing is native.
    • Linux 4.17.6
    • Linux 4.14.55
    • Linux 4.9.112
    • Linux 4.4.140
    • Linux 3.18.115


    • The final step for huge-page swapping
      For many years, Linux system administrators have gone out of their way to avoid swapping. The advent of nonvolatile memory is changing the equation, though, and swapping is starting to look interesting again — if it can perform well enough. That is not the case in current kernels, but a longstanding project to allow the swapping of transparent huge pages promises to improve that situation considerably. That work is reaching its final stage and might just enter the mainline soon.

      The use of huge pages can improve the performance of the system significantly, so the kernel works hard to make them available. The transparent huge pages mechanism collects application data into huge pages behind the scenes, and the memory-management subsystem as a whole works hard to ensure that appropriately sized pages are available. When it comes time to swap out a process's pages, though, all of that work is discarded, and a huge page is split back into hundreds of normal pages to be written out. When swapping was slow and generally avoided, that didn't matter much, but it is a bigger problem if one wants to swap to a fast device and maintain performance.


    • Revisiting the MAP_SHARED_VALIDATE hack
      One of the the most commonly repeated mistakes in system-call design is a failure to check for unknown flags wherever flags are accepted. If there is ever a point where callers can get away with setting unknown flags, then adding new flags becomes a hazardous act. In the case of mmap(), though, developers found a clever way around this problem. A recent discussion has briefly called that approach into question, though, and raised the issue of what constitutes a kernel regression. No changes are forthcoming as a result, but the discussion does provide an opportunity to look at both the specific hack and how the kernel community decides whether a change is a regression or not.

      Back in 2017, several developers were trying to figure out a way to safely allow direct user-space access to files stored on nonvolatile memory devices. The hardware allows this memory to be addressed directly by the processor, but any changes could go astray if the filesystem were to move blocks around at the same time. The solution that arose was a new mmap() flag called MAP_SYNC. When a file is mapped with this flag set (and the file is stored on a nonvolatile memory device), the kernel will take extra care to ensure that access to the mapping and filesystem-level changes will not conflict with each other. As far as applications are concerned, using this flag solves the problem.


    • Linux Foundation/CloudNative



      • What are cloud-native applications?
        As cloud computing was starting to hit its stride six or seven years ago, one of the important questions people were struggling with was: "What do my apps have to look like if I want to run them in a public, private, or hybrid cloud?"

        There were a number of takes at answering this question at the time.

        One popular metaphor came from a presentation by Bill Baker, then at Microsoft. He contrasted traditional application "pets" with cloud apps "cattle." In the first case, you name your pets and nurse them back to health if they get sick. In the latter case, you give them numbers and, if something happens to one of them, you eat hamburger and get a new one.


      • KubeCon + CloudNativeCon, Copenhagen
        I attended KubeCon + CloudNativeCon 2018, Europe that took place from 2nd to 4th of May. It was held in Copenhagen, Denmark. I know it’s quite late since I attended it, but still I wanted to share my motivating experiences at the conference, so here it is!

        I got scholarship from the Linux Foundation which gave me a wonderful opportunity to attend this conference. This was my first developer conference aboard and I was super-excited to attend it. I got the chance to learn more about containers, straight from the best people out there.
      • Certification Plays Big Role in Open Source Hiring
        Employers increasingly want vendor neutrality in their training providers, with 77 percent of hiring managers rating this as important, up from 68 percent last year and 63 percent in 2016. Almost all types of training have increased this year, with online/virtual courses being the most popular. Sixty-six percent of employers report offering this benefit, compared to 63 percent in 2017 and 49 percent in 2016. Forty percent of hiring managers say they are providing onsite training, up from 39 percent last year and 31 percent in 2016; and 49 percent provide individual training courses, the same as last year.


      • Take Our Survey on Open Source Programs


        Please take eight minutes to complete this survey. The results will be shared publicly on The New Stack, and The Linux Foundation’s GitHub page.




    • Graphics Stack



      • NVIDIA Jetson Xavier Development Kit: Under 30 Watts, 8-Core ARMv8.2, 512 Core Volta
        The NVIDIA Jetson Xavier Development Kit is pretty darn exciting with having eight ARMv8.2 cores, a 512-core Volta GPU, 16GB of LPDDR4, and under 30 Watt power use.

        Last month NVIDIA announced the Jetson Xavier with plans to ship in August at a $1,299 USD price-tag. More details on this NVIDIA Jetson Xavier Development Kit have now been announced.


      • Mesa 18.1.4 release candidate
        Mesa 18.1.4 is planned for release this Friday, July 13th, at or around 10 AM PDT.


      • Mesa 18.1.4 Being Prepared With Intel Fixes & A Couple For Radeon
        Another routine Mesa 18.1. point release is being prepared while waiting for the August debut of the Mesa 18.2 feature update.

        Dylan Baker, the Mesa 18.1 release manager and his first stab at the task, has announced the Mesa 18.1.4 release candidate today. In its current form, Mesa 18.1.4 is comprised of just over two dozen patches.


      • Pre-AMDGPU xf86-video-ati X.Org Driver Sees A Round Of Improvements
        It's rare in recent years to have anything to report on xf86-video-ati, the X.Org driver for the display/2D experience for pre-GCN Radeon graphics cards. But this week has been a large batch of fixes and improvements for those using this DDX driver with pre-HD7000 series hardware.

        Longtime Radeon Linux driver developer Michel Dänzer has landed a number of commits already this week of various fixes/cleanups, some of which were inspired by the xf86-video-amdgpu DDX driver that is used for current-generation hardware with the AMDGPU kernel driver (unless using xf86-video-modesetting...).






  • Applications



  • Desktop Environments/WMs



    • K Desktop Environment/KDE SC/Qt



      • Optimizing a Python application with C++ code
        I’ve been working lately in a command line application called Bard which is a music manager for your local music collection. Bard does an acoustic fingerprinting of your songs (using acoustid) and stores all song metadata in a sqlite database. With this, you can do queries and find song duplicates easily even if the songs are not correctly tagged. I’ll talk in another post more about Bard and its features, but here I wanted to talk about the algorithm to find song duplicates and how I optimized it to run around 8000 times faster.

        [...]

        An obvious improvement I didn’t do yet was replacing the map with a vector so I don’t have to convert it before each for_each call. Also, vectors allow to reserve space in advance, and since I know the final size the vector will have at the end of the whole algorithm, I changed to code to use reserve wisely.

        This commit gave the last increase of speed, to 7998x, 36680 songs/second and would fully process a music collection of 1000 songs in just 13 seconds..


      • How A KDE Developer Used C++17 & Boost.Python For About A 8,000x Speed-Up
        Open-source developer Antonio Larrosa who contributes to KDE and openSUSE has been developing a command-line music manager called Bard. He's written an interesting post about how he sped up some of his operations by around eight-thousand times faster.

        In particular, Antonio was focused on speeding up the process of finding song/music duplicates in the user's local music collection. What started out as Python code was morphed into optimized C++ code. Little surprise, the C++ code once tuned was immensely faster than Python -- but the blog post is interesting for those curious about the impact of the various steps he took for tuning this implementation.




    • GNOME Desktop/GTK



      • GUADEC 2018: BoF Days
        Monday went with engagement BoF. I worked with Rosanna to finalize the annual report. Please help us proofread it! I have also started collecting information for the GNOME 3.30 release video. If you are a developer and you have exciting features for GNOME 3.30, please add them to the wiki. The sooner you do it, the happier I am.
      • GNOME Foundation opens recruitment for further expansion
        Today, July 6th 2018, the GNOME Foundation has announced a number of positions it is recruiting for to help drive the GNOME project and Free Software on the desktop. As previously announced, this has been made possible thanks to a generous grant that the Foundation has received, enabling us to accelerate this expansion.
      • Emmanuele Bassi: News from GLib 2.58
        Next September, GLib will hit version 2.58. There have been a few changes during the past two development cycles, most notably the improvement of the Meson build, which in turn led to an improved portability of GLib to platforms such as Windows, macOS, and Android. It is time to take stock of the current status of GLib, and to highlight some of the changes that will impact GLib-based code.


      • GLib 2.58 Is Looking Good With Portability Improvements, Efficient Process Launching
        The GLib low-level GNOME library while being quite mature is seeing a significant update with its version 2.58 release due out this September for GNOME 3.30.

        Two of the biggest GLib 2.58 changes we have covered up to now on Phoronix has been the new generic reference counting API and more efficient app launching. The reference counting API has been in the works for 6+ years to help GLib's bindings/integration with languages utilizing automatic memory management / garbage collection. The more efficient process launching via the use of posix_nspawn() is also exciting for better performance, particularly on systems suffering from memory pressure.






  • Distributions



    • Red Hat Family



      • Red Hat OpenStack Platform Adopted by Fujitsu for Fujitsu Cloud Service for OSS
        Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Fujitsu Limited has adopted Red Hat OpenStack Platform as an Infrastructure-as-a-Service (IaaS) component of Fujitsu Cloud Service for OSS, its global hybrid cloud service offering. As a backbone for an open hybrid cloud, Fujitsu Cloud Service for OSS is designed to help enterprises more quickly develop cloud-native and traditional applications and services in an environment built from innovative, more reliable, and more secure open technologies.


      • Red Hat OpenStack platform adopted by Fujitsu
        Red Hat recently announced that Fujitsu has adopted Red Hat OpenStack Platform as an Infrastructure-as-a-Service (IaaS) component of Fujitsu Cloud Service for OSS, its global hybrid cloud service offering.

        As a backbone for an open hybrid cloud, Fujitsu Cloud Service for OSS is designed to help enterprises more quickly develop cloud-native and traditional applications and services in an environment built from innovative, more reliable, and more secure open technologies.

        This announcement shows the continued, long-standing collaboration between Red Hat and Fujitsu to offer hybrid cloud solutions based on open source.


      • Fujitsu Adopts Red Hat OpenStack Platform for Fujitsu Cloud Service for OSS


      • ISVs in APAC showcase increased Red Hat OpenShift adoption
        Red Hat recently showcased the uptake of Red Hat OpenShift Container Platform in Asia Pacific by many of the region’s leading independent software vendors (ISV).

        Red Hat director of ISV Balaji Swamy says, “Businesses in Asia Pacific are increasingly realising how a leading container platform such as Red Hat OpenShift can help them increase agility and accelerate innovation to be ahead of their competitors.


      • ISVs in APAC Showcase Increased Red Hat OpenShift Adoption Across Verticals
        Red Hat Partner Conference Asia Pacific -- Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today showcased the uptake of Red Hat OpenShift Container Platform in Asia Pacific by many of the region's leading independent software vendors (ISV).


      • ORock’s Red Hat OpenStack-Based Cloud Platform Gets FedRAMP Authorization; David Egts Comments
        ORock Technologies has received a Federal Risk and Authorization Management Program certification for its Red Hat OpenStack-based cloud platform.

        A Defense Department agency granted the FedRAMP authorization to operate to ORockCloud at the moderate impact level for hybrid cloud deployments and platform-as-a-service and infrastructure-as-a-service models, ORock said Tuesday.

        ORockCloud is built on a private fiber optic network and works to provide users on-demand access to storage, computing, performance monitoring, networking, virtualization and applications through the company’s service catalog.


      • Spraoi and Red Hat seek volunteers
        Spraoi is recruiting volunteers from all walks of life for this year's festival, August 3rd, 4th and 5th and the volunteering programme is being supported by software giant, Red Hat, whose offices are on the Cork Road.

        Red Hat's Director of Software Engineering, James Mernin, says the partnership is a very natural fit: "Spraoi and Red Hat are both driven by creative people with a passion for communities and this association will allow our team to become involved in this year's festival.

        We also have an international team here and it's great for them to have access to artists from around the world at Spraoi."


      • Entando Announces OEM Agreement with Red Hat on Modern Applications
        Entando, a leader in open source Digital Experience Platforms, today announced that Red Hat has agreed to include access to a set of Entando’s open source low-code tools as part of Red Hat’s newly launched Red Hat Process Automation Manager. Entando has optimized the tools to run effectively on Red Hat Process Automation Manager. Together, these technologies offer customers expanded next-generation business process automation capabilities native to Red Hat OpenShift Container Platform and a user experience (UX) designed to help them create cloud-native applications faster.


      • STT Connect builds webscale private cloud infrastructure on Red Hat
        To build its cloud on a flexible, supported open source platform, STT Connect partnered with Red Hat to deploy Red Hat OpenStack Platform, Red Hat Ansible Tower, and other enterprise Red Hat software.

        These solutions helped the company create an agile and efficient — yet secure — webscale cloud infrastructure. STT Connect became the first cloud company in Singapore to achieve the highest level Multi-Tier Cloud Security (MTCS) certification with an OpenStack private cloud.


      • The Final Build of Scientific Linux 6.10 Legacy Branch Released
        Scientific Linux has announced that the 6.10 release will be the final build of their legacy branch based on Red Hat 6.10. It will only receive security updates and major bug fixes and will be supported until November 2020.

        Fermi National Accelerator Laboratory (Fermilab) and European Organization for Nuclear Research (CERN) co-develop Scientific Linux with the aim of creating a stable operating system that is supplied with packages and applications that support scientific research. They also list using “the free exchange of ideas, designs, and implementations to prepare a computing platform for the next generation of scientific computing” as one of their goals.


      • ISVs in APAC Showcase Increased Red Hat OpenShift Adoption Across Verticals


      • Finance



      • Fedora



        • Hiding the Fedora boot menu
          The venerable Linux boot menu has made its appearance at boot time since the days when LILO was the standard boot loader, through the days of GRUB, and onward to today's GRUB 2 and others. It is sometimes configured out by distributions as something that will potentially confuse less-technical users, but it has been a mainstay of Fedora for many releases. A recent proposal to hide the menu, starting in Fedora 29, has met a mixed reaction, but those who are not in favor are also those most able to revert to the existing behavior.

          Hans de Goede raised the issue back at the end of May. He suggested that Fedora had at one time hidden the boot menu, but changed. As a longtime Fedora user, I don't remember that switch, but my memory is faulty and that may be the case here. In any case, De Goede's idea is to not have the distribution print any confusing messages at boot time: "the end goal being a user pressing the on button and then going to the graphical login manager without him seeing any text messages / menus filled with technical jargon."

          The response was somewhat mixed, as might be expected. Stephen Gallagher was concerned about boots that failed and gave the user no alternatives to try. De Goede said that the plan was to detect failed boots and then show the boot menu on the next boot. He muddied the waters somewhat by mentioning a "fastboot" feature that he is planning for Fedora 30. It would effectively provide no way for a user sitting at the console to override the boot sequence (with a key press, say) and get the boot menu once the system has started booting.
        • Fedora tackles Southeast Linux Fest 2018


        • Fedora 29 Dropping GCC From Their Default Build Root Has Been Causing A Heated Debate
          One of the surprisingly controversial changes being implemented for Fedora 29 is dropping GCC and GCC-C++ from the default BuildRoot for assembling Fedora packages with Koji and Mock.

          Up to now it's always just been implied that GCC (including the GCC C++ compiler) is there by default with every build-root. But these days with more packages being written in languages like Go, Rust, Python, Node.js, and other modern languages, the proportion of C/C++ applications is decreasing. As such, the GCC C/C++ support is no longer being implied with the default build environments in Koji/Mock, which in turn should help package build times for non-C/C++ packages as they will no longer need to pull in the gcc/gcc-c++ packages and in turn a cleaner buildroot environment too.






    • Debian Family



      • Taiwan Travel Blog - Day 2 & 3
        My Taiwan Travel blog continues! I was expecting the weather to go bad on July 10th, but the typhoon arrived late and the rain only started around 20:00. I'm pretty happy because that means I got to enjoy another beautiful day of hiking in Taroko National Park.

        I couldn't find time on the 10th to sit down and blog about my trip, so this blog will also include what I did on the 11th.


      • Derivatives



        • Canonical/Ubuntu



          • Ubuntu Local Authorization Bypass Bug Likely to Never Be Fixed? [Ed: Physical access = PC compromised; there are many other ways around it, including reboots with recovery mode, so...]
            It was just reported that a bug filed on Ubuntu Launchpad (dubbed Local authorization bypass by using suspend mode) about a month ago has been confirmed by several users. The bug allows an individual with physical access to a machine to evade the lock screen simply by removing its hard drive.


          • We shall call him Mini-U – Ubuntu reveals tiny cloudy server
            Canonical has released a new cut of Ubuntu it recommends for use in the cloud and containers.

            “Minimal Ubuntu” is based on either Ubuntu 16.04 LTS or 18.04 LTS. A Docker image of the latter weighs in at 29 megabytes. Images of the OS for the cloud are said to be “less than 50% the size of the standard Ubuntu server image, and boot up to 40% faster.” We think that makes them around 400MB.


          • Canonical Releases Minimal Ubuntu, Optimised for Multicloud


            Canonical, the company behind popular Linux system Ubuntu, has released Minimal Ubuntu, a pared-back, significantly faster iteration of its server operating system (OS).










  • Devices/Embedded





Free Software/Open Source



  • Open Source GraphQL Engine Launched


    An open source GraphQL Engine has been launched that can be used with applications based on Postgres without the need for backend GraphQL processing code.

    The new GraphQL as a service can be used by front-end developers to build scaleable GraphQL apps on Postgres.

    Hasura’s GraphQL Engine automates the implementation and linking of databases to the graph. The APIs can be used to choose tables from new or existing database for use with GraphQL and link those existing tables into a graph. The engine has built-in authorization and authentication with granular authentication and a dynamic access control system that integrates with existing authentication systems such as Auth0 or custom implementations. The engine is also lightweight, consuming only 50MB of RAM even while serving more than a thousand requests per second.


  • Hasura Launches Open Source GraphQL Engine That Provides Instant GraphQL-as-a-Service on Any Existing Postgres Application


  • R3 has commercially launched its open-source blockchain platform
    Blockchain consortium R3 has commercially rolled out its open-source blockchain platform, dubbed Corda Enterprise, which aims to enable more businesses to leverage blockchain technologies. This comes after R3 launched version 1.0 of the platform in October 2017.


  • Algo Development 2.0 Looks to Open Source, Cloud & Big Data
    While the financial services industry was an early adopter of open source software going back to the Linux operating system in 1991 and the FIX Protocol in the late 1990s, financial firms may have restrictions on contributing code back to the wider open source community.

    “When it comes to trading algorithms there is a secret sauce embedded there that I don’t think people ever want to open source,” said Bill Harts, senior advisor to the Modern Markets Initiative, who moderated the panel. Harts, who has been an early adopter of algorithmic trading at Citi, Goldman Sachs and Bank of America, said: “That’s how they make money. Where do you draw the line?” asked Harts.


  • 5 open source principles that help DevOps teams excel
    While open source has more than a decade head start on DevOps, the two have steadily converged over time. As a CIO, you can support the use of some key open source cultural values to empower your organization’s DevOps team and ensure maximum success.


  • Open source hasn't made tech more open
    Democratic ideals have given way to governments and corporate giants.



  • Event management with Indico
    There are many things to love about the Linux Plumbers Conference (LPC), but the event's web site has not often been considered one of them. This year, your editor took on the task of finding a new system to handle proposal submission, review, and scheduling, despite his own poor track record when it comes to creating attractive web sites. The search finally settled on a system called Indico; read on for some impressions of this interesting free event-management system.

    There are a number of free systems out there for handling the needs of conferences. Among the others that were considered are Symposion, which is used by linux.conf.au, and OSEM, the openSUSE event-management system. Both are capable systems, but neither seems to have been developed with the idea that others might want to pick it up and run it. In particular, every Symposion installation seems to require a fair amount of low-level customization. The installation documentation for both is, to put it charitably, a bit scant. Indico, instead, comes with a nice installation manual that makes the task something that is, if not actually easy, at least achievable without having to actually learn the entire code base first.

    [...]

    Events in Indico have most of the features needed to track their life cycle. Each event has a home page with a reasonable degree of customization; pages of information can be attached to the home page. There is an elaborate mechanism for proposal submission and review. Events can be split into tracks and sessions, with a different coordinator for each session; the schedule for the whole thing can be managed in a reasonably straightforward way. For those who need it, Indico also offers a registration system, though LPC is not using it.



  • Web Browsers



    • Chrome



      • Chrome 67 to Counter Spectre on Mac, Windows, Linux, Chrome OS via Site Isolation
        The Spectre and Meltdown vulnerabilities, discovered earlier this year, caught everyone off guard including hardware and software companies. Since then, several vendors have patched them, and today, Google Chrome implemented measures to protect the browser against Spectre. The exploit uses the a feature found in most CPUs to access parts of memory that should be off-limits to a piece of code and potentially discover the values stored in that memory. Effectively, this means that untrustworthy code may be able to read any memory in its process’s address space. In theory, a website could use such an attack to steal information from other websites via malicious JavaScript code. Google Chrome is implementing a technique known as site isolation to prevent any future Spectre-based attacks from leaking data.
      • Google Chrome is getting a Material Design revamp – here’s how to test the new features
        Google has been promising a Material Design revamp of its desktop Chrome web browser for quite some time – and now we have our first look.

        An update to the experimental Chrome Canary browser on Windows, Linux and Mac, offers a preview of what we can expect when Google builds the changes into the main browser later this year.
      • Google Chrome Gets A Big Material Design Makeover, Here's How To Try It On Windows, Linux And macOS
        Google's dominate Chrome web browser is set to receive a big Material Design makeover later this year. However, if you want to give a try right now, you can do so by downloading the latest build of Chrome Canary. For those not in the know, Canary is the developmental branch of Chrome where new features are tested before they roll out widely to the public.

        As you can see in the image below, this is a total revamp of the browser, with a completely new address bar and look for the tabs interface. Tabs have a more rounded shape and colors have been refreshed through the UI.


      • Chrome 67 features Site Isolation to counter Spectre on Mac, Windows, Linux, Chrome OS
        Following the disclosure of Spectre and Meltdown CPU vulnerabilities earlier this year, the entire tech industry has been working to secure devices. In the current stable version of Chrome, Google has widely rolled out a security feature called Site Isolation to protect desktop browsers against Spectre.




    • Mozilla



      • FTAPI SecuTransfer - the secure alternative to emails? Not quite...
        Emails aren’t private, so much should be known by now. When you communicate via email, the contents are not only visible to yours and the other side’s email providers, but potentially also to numerous others like the NSA who intercepted your email on the network. Encrypting emails is possible via PGP or S/MIME, but neither is particularly easy to deploy and use. Worse yet, both standard were found to have security deficits recently. So it is not surprising that people and especially companies look for better alternatives.

        It appears that the German company FTAPI gained a good standing in this market, at least in Germany, Austria and Switzerland. Their website continues to stress how simple and secure their solution is. And the list of references is impressive, featuring a number of known names that should have a very high standard when it comes to data security: Bavarian tax authorities, a bank, lawyers etc. A few years ago they even developed a “Secure E-Mail” service for Vodafone customers.


      • Mozilla Open Policy & Advocacy Blog: Searching for sustainable and progressive policy solutions for illegal content in Europe
        As we’ve previously blogged, lawmakers in the European Union are reflecting intensively on the problem of illegal and harmful content on the internet, and whether the mechanisms that exist to tackle those phenomena are working well. In that context, we’ve just filed comment with the European Commission, where we address some of the key issues around how to efficiently tackle illegal content online within a rights and ecosystem-protective framework.


      • Notes by Firefox Now Lets You Sync Notes Between Desktop and Android
        Mozilla has released a note taking app for Android that syncs with the Firefox browser on the desktop. Called (rather simply) ‘Notes by Firefox‘, the feature offers basic, encrypted note taking in the browser and via a standalone app for Android phones and tablets.


      • Mozilla applauds passage of Brazilian data protection law


        Mozilla’s previous statement supporting the Brazilian Data Protection Bill can be found here. The bill will now go to Brazilian President Michel Temer for his signature.


      • My Journey to Tech Speaking about WebVR/XR
        Ever since a close encounter with burning out (thankfully, I didn't quite get there) forced me to leave my job with Mozilla more than two years ago, I have been looking for a place and role that feels good for me in the Mozilla community. I immediately signed up to join Tech Speakers as I always loved talking about Mozilla tech topics and after all breaking down complicated content and communicating it to different groups is probably my biggest strength - but finding the topics I want to present at conferences and other events has been a somewhat harder journey.


      • Mozilla Funds Top Research Projects
        We are very happy to announce the results of the 2018H1 Mozilla Research Grants. This was an extremely competitive process, with over 115 applicants. We selected a total of eight proposals, ranging from tools to fight online harassment to systems for generating speech. All these projects support Mozilla’s mission to make the Internet safer, more empowering, and more accessible.

        The Mozilla Research Grants program is part of Mozilla’s Emerging Technologies commitment to being a world-class example of inclusive innovation and impact culture-and reflects Mozilla’s commitment to open innovation, continuously exploring new possibilities with and for diverse communities. We will open the 2018H2 round in Fall of 2018: see our Research Grant webpage for more details and to sign up to be notified when applications open.


      • 4 add-ons to improve your privacy on Thunderbird
        Thunderbird is a popular free email client developed by Mozilla. Similar to Firefox, Thunderbird offers a large choice of add-ons for extra features and customization. This article focuses on four add-ons to improve your privacy.


      • Mozilla’s Test Pilot Program For Mobile Apps: Launches “Lockbox” and “Notes” App






  • Codecs and Patents



    • An Invisible Tax on the Web: Video Codecs
      Here’s a surprising fact: It costs money to watch video online, even on free sites like YouTube. That’s because about 4 in 5 videos on the web today rely on a patented technology called the H.264 video codec.

      A codec is a piece of software that lets engineers shrink large media files and transmit them quickly over the internet. In browsers, codecs decode video files so we can play them on our phones, tablets, computers, and TVs. As web users, we take this performance for granted. But the truth is, companies pay millions of dollars in licensing fees to bring us free video.

      It took years for companies to put this complex, global set of legal and business agreements in place, so H.264 web video works everywhere. Now, as the industry shifts to using more efficient video codecs, those businesses are picking and choosing which next-generation technologies they will support. The fragmentation in the market is raising concerns about whether our favorite web past-time, watching videos, will continue to be accessible and affordable to all.


    • AV1, Opportunity or Threat for POWER and ARM Servers?
      While I haven’t seen an official announcement, Phoronix reported that the AV1 git repository was tagged 1.0, so the launch announcement is imminent. If you haven’t heard about it already, AOMedia Video 1 (AV1) is an open, royalty-free video coding format by the Alliance for Open Media.


    • VP9 & AV1 Have More Room To Improve For POWER & ARM Architectures
      Luc Trudeau, a video compression wizard and co-author of the AV1 royalty-free video format, has written a piece about the optimization state for video formats like VP9 and AV1 on POWER and ARM CPU architectures.




  • Pseudo-Open Source (Openwashing)



  • Funding



    • Best Bug Bounty Programs On Internet
      ​The software revolution brought many opportunities for programmers. The modern software industry is not just limited to development. The developed software or service might have backdoors or glitches. These can cause vulnerabilities that hackers use to their benefit by exploiting such services.




  • FSF/FSFE/GNU/SFLC



    • Minimum GCC Version Likely to Jump from 3.2 to 4.8
      The question of the earliest GCC compiler version to support for building the Linux kernel comes up periodically. The ideal would be for Linux to compile under all GCC versions, because you never know what kind of system someone is running. Maybe their company's security team has to approve all software upgrades for their highly sensitive devices, and GCC is low on that list. Maybe they need to save as much space as possible, and recent versions of GCC are too big. There are all sorts of reasons why someone might be stuck with old software. But, they may need the latest Linux kernel because it's the foundation of their entire product, so they're stuck trying to compile it with an old compiler.

      However, Linux can't really support every single GCC version. Sometimes the GCC people and the kernel people have disagreed on the manner in which GCC should produce code. Sometimes this means that the kernel really doesn't compile well on a particular version of GCC. So, there are the occasional project wars emerging from those conflicts. The GCC people will say the compiler is doing the best thing possible, and the kernel people will say the compiler is messing up their code. Sometimes the GCC people change the behavior in a later release, but that still leaves a particular GCC version that makes bad Linux code.




  • Openness/Sharing/Collaboration



    • Open Hardware/Modding



      • ARM Takes Down Boneheaded Website Attacking Open-Source Rival
        ARM, the incredibly successful developer of CPU designs, appears to be getting a little nervous about an open-source rival that’s gaining traction. At the end of June, ARM launched a website outlining why it’s better than its competitor’s offerings and it quickly blew up in its face. Realizing the site was a bad look, ARM has now taken it down.

        For the uninitiated, ARM Holdings designs various architectures and cores that it licenses to major chipmakers around the world. Its tech can be found in over 100 billion chips manufactured by huge names like Apple and Nvidia as well as many other lesser-known players in the low-power market. If ARM is Windows, you can think of RISC-V as an early Linux. Like ARM, it’s an architecture based on reduced instruction set computing (RISC), but it’s free to use and open to anyone to contribute or modify. While ARM has been around since 1991, RISC-V just got started in 2010 but it’s gaining a lot of ground and ARM’s pitiful website could easily be seen as a legitimizing moment for the tech.


      • A Landmark Legal Shift Opens Pandora’s Box for DIY Guns

        Two months ago, the Department of Justice quietly offered Wilson a settlement to end a lawsuit he and a group of co-plaintiffs have pursued since 2015 against the United States government. Wilson and his team of lawyers focused their legal argument on a free speech claim: They pointed out that by forbidding Wilson from posting his 3-D-printable data, the State Department was not only violating his right to bear arms but his right to freely share information. By blurring the line between a gun and a digital file, Wilson had also successfully blurred the lines between the Second Amendment and the First.

        "If code is speech, the constitutional contradictions are evident," Wilson explained to WIRED when he first launched the lawsuit in 2015. "So what if this code is a gun?”







  • Programming/Development



    • This Week in Rust 242
      Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!


    • Kindness and open-source projects
      Brett Cannon is a longtime Python core developer and member of the open-source community. He got to check off one of his bucket-list items when he gave a keynote [YouTube video] at PyCon 2018. That keynote was a rather personal look at what he sees as some problem areas in the expectations of the users of open-source software with respect to those who produce it. While there is lots to be happy for in the open-source world, there are some sharp edges (and worse) that need filing down.

      He started with his background as a way to show that he has the experience to give this talk. He is the development lead on the Python extension for Visual Studio Code, which is Microsoft's cross-platform open-source code editor. He noted that the two qualifiers for the editor are probably shocking to some. It was originally a community open-source project; Microsoft hired the developer behind it and it is now "corporate open source", Cannon said. That means there is a company backstopping the project; if the community fell away, the project would continue.

      He has been a Python core developer since April 2003; he got the commit bit shortly after attending the first PyCon (and he has attended every PyCon since as well). In contrast, Python is community open source; if the community disappeared, the project "would probably collapse within a month". He has contributed to over 80 open-source projects along the way; many of those were simply typo fixes of various sorts, but it has given him exposure to a lot of different development processes. "I've been lucky enough to have a broad range of exposure to open source overall."


    • Python and the web
      Dan Callahan is a developer advocate at Mozilla and no stranger to PyCon (we covered a talk of his at PyCon 2013). He was also the champion at Mozilla for the grant that helped revamp the Python Package Index (PyPI). At PyCon 2018, he gave a keynote talk [YouTube video] that focused on platforms of various sorts—and where Python fits into the platforms of the future.

      He began with a slide showing the IBM PCjr, which was the first computer IBM made for the home market. It was released in 1984 and immediately drew a bad reaction from the public and the press (Time magazine called it "one of the biggest flops in the history of computing"). Commercially and even objectively, the PCjr was a bad platform, he said.

      But when he was old enough to become interested in computers, that was the computer that was available to him—his father had bought one during the roughly one year they were available. He learned BASIC as his first language because the PCjr came with BASIC. He didn't think about it at the time, but his first language was chosen for him; he didn't get to consider what features he wanted or how the language's community was. His platform had determined the tool he would use.

      Fast-forward a few years to when he was in high school and had his own computer; even though he had access to Linux, PHP, and Perl, he still found himself programming in BASIC. This was the pre-smartphone era, so when he was bored in class, he had to find some other way to distract himself; he and his friends turned to TI-82 graphing calculators. Those were programmable in BASIC, so even though he had more sophisticated tools available to him, if he wanted to share something with his friends, it would have to be written in BASIC for the TI-82. That platform also dictated the tool that he would use.






Leftovers



  • Security



    • D-Link security certificates are being used to sign industry espionage malware

      Two strains of Plead exist - one straightforward beastie, and one password stealer capable of lifting from Google Chrome, Microsoft Internet Explorer, Microsoft Outlook and Mozilla Firefox.



    • DOD seeks classification “Clippy” to help classify data, control access [iophk: "if they have Microsoft Office they have already failed security]


    • Malware Attack On Arch Linux AUR Repository; Three Packages Infected So Far


    • Arch Linux PDF reader package poisoned


    • Security updates for Wednesday


    • Another Linux distro poisoned with malware


      Last time it was Gentoo, a hard-core, source-based Linux distribution that is popular with techies who like to spend hours tweaking their entire operating sytem and rebuilding all their software from scratch to wring a few percentage points of performance out of it.
    • Arch Linux AUR packages found to be laced with malware
      Three Arch Linux packages have been pulled from AUR (Arch User Repository) after they were discovered to contain malware. The PDF viewer acroread and two other packages that are yet to be named were taken over by a malicious user after they were abandoned by their original authors.


    • ​The return of Spectre
      The return of Spectre sounds like the next James Bond movie, but it's really the discovery of two new Spectre-style CPU attacks.

      Vladimir Kiriansky, a Ph.D. candidate at MIT, and independent researcher Carl Waldspurger found the latest two security holes. They have since published a MIT paper, Speculative Buffer Overflows: Attacks and Defenses, which go over these bugs in great detail. Together, these problems are called "speculative execution side-channel attacks."

      These discoveries can't really come as a surprise. Spectre and Meltdown are a new class of security holes. They're deeply embedded in the fundamental design of recent generations of processors. To go faster, modern chips use a combination of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it's called on. This way, no time is wasted if your application goes down that path. Unfortunately, Spectre and Meltdown has shown the chip makers' implementations used to maximize performance have fundamental security flaws.


    • Mercury Security Introduces New Linux Intelligent Controller Line
      Mercury Security, a leader in OEM access control hardware and part of HID Global, announces the launch of its next-generation LP intelligent controller platform built on the Linux operating system.

      The new controllers are said to offer advanced security and performance, plus extensive support for third-party applications and integrations. The controllers are based on an identical form factor that enables seamless upgrades for existing Mercury-based deployments, according to the company.




  • Defence/Aggression



    • Engineer stashed Navy drone trade secrets in his personal Dropbox

      A Connecticut federal court has found electrical engineer Jared Sparks guilty of six trade secret theft and transmission charges after he took files relating to underwater drones built for the US Navy's Office of Naval Research. When contemplating a switch of jobs from drone builder LBI to its software partner Charles River Analytics, he uploaded "thousands" of his then-current employer's sensitive files to his personal Dropbox account, including accounting and engineering data as well as design-related photos and renders.



    • A Call to Ease Tensions Between the Nuclear Superpowers


      Many Americans remain deeply concerned about reports of Russian interference with the 2016 election. Meanwhile, relations between the United States and Russia are at their lowest and most dangerous point in several decades. For the sake of democracy at home and true national security, we must reach common ground to safeguard common interests—taking steps to protect the nation’s elections and to prevent war between the world’s two nuclear superpowers.

      Whatever the truth of varied charges that Russia interfered with the election, there should be no doubt that America’s digital-age infrastructure for the electoral process is in urgent need of protection. The overarching fact remains that the system is vulnerable to would-be hackers based anywhere. Solutions will require a much higher level of security for everything from voter-registration records to tabulation of ballots with verifiable paper trails. As a nation, we must fortify our election system against unlawful intrusions as well as official policies of voter suppression.


    • Mental Illness Serves as Easy Scapegoat in Mass Murder Accounts


      After the May 18 mass murder at a high school in Santa Fe, Texas, a local CBS station (5/18/18) published an article headlined, “Looking for Signs of Mental Illness in Wake of Recent Shootings.” It described the Santa Fe shooter, Dimitrios Pagourtzis, as a “person who kept to himself,” citing this trait as a possible warning sign of mental disorder.

      [...]

      A study that analyzed 235 mass killings in the US between 1913 and 2015 found 22 percent of perpetrators demonstrated signs of mental illness. An American Psychiatric Association study from 2013 notes only 1 percent of yearly gun-related homicides are carried out by people with mental illness (New York Times, 2/16/18).

      Stephen Paddock, who killed 59 people at a Las Vegas concert, had no history of mental illness. Even an autopsy of Paddock’s brain revealed nothing of note. But the Washington Post (10/2/17) quoted the Las Vegas Metropolitan sheriff saying, “I can’t get into the mind of a psychopath.”




  • Environment/Energy/Wildlife/Nature



    • Drones survey African wildlife


      A new technique developed by Swiss researchers enables fast and accurate counting of gnu, oryx and other large mammals living in wildlife reserves. Drones are used to remotely photograph wilderness areas, and the images are then analysed using object recognition software and verified by humans. The work is reported in a paper published in the journal Remote Sensing of Environment. (*)

      The challenge is daunting: some African national parks extend over areas that are half the size of Switzerland, says Devis Tuia, an SNSF Professor now at the University of Wageningen (Netherlands) and a member of the team behind the Savmap project, launched in 2014 at EPFL. "Automating part of the animal counting makes it easier to collect more accurate and up-to-date information."






  • Finance



  • AstroTurf/Lobbying/Politics



    • In Wake of AMLO Victory, US Media Fear Chavismo and Hope for ‘Business-Friendly’ Change


      Neoliberal capitalist dogma pervades mainstream media. A case in point is coverage of Andrés Manuel López Obrador’s resounding victory in Mexico’s presidential election.

      [...]

      Another New York Times article (7/2/18), this one by Ahmed and Kirk Semple, said that López Obrador “must still convince investors that his policies will be business friendly.” Ensuring that “investors” are happy is apparently a nonnegotiable imperative.

      Revealingly, the authors failed to consider how this supposed essential can co-exist with another necessity they describe, which is that “Mr. López Obrador will also have to deliver on his promises to address widespread poverty and yawning inequality.” Ahmed and Semple decline to point out the contradiction here: “Investors” rarely deem policies that “address widespread poverty and yawning inequality”—say, a higher minimum wage and the redistribution of wealth through social programs—to be “business friendly.” By glossing over such inconsistencies, and proffering magical thinking according to which capital can be appeased while poverty and inequality are successfully fought, the authors performed a service for advocates of neoliberal capitalist scripture.
    • Democrats Reintroduce DISCLOSE Act to Combat Dark Money "Poison"
      On June 27, Democrats in both chambers of Congress reintroduced the DISCLOSE Act to provide what the lead Senate sponsor, Sheldon Whitehouse (RI-D), calls "a commonsense solution to restore transparency and accountability in our political system."

      The DISCLOSE Act of 2018 is the most recent iteration of a bill that Democrats have pushed since the Supreme Court's ruling in Citizens United v. FEC, which eliminated a century-old federal ban on political spending by corporations.

      The "Democracy Is Strengthened by Casting Light On Spending in Elections Act" (DISCLOSE) was first introduced in 2010 by Representative Chris Van Hollen and Senator Chuck Schumer. DISCLOSE passed in the House that year but a Republican filibuster threat doomed it in the Senate, despite support from 59 senators.




  • Censorship/Free Speech



    • German writer sues Random House

      A German author is taking Random House to court for declining to release his book Hostile Takeover: How Islam Hampers Progress and Threatens Society which it originally signed on the basis of a 10-page proposal.





  • Privacy/Surveillance



    • State Appeals Court Says Exigency Beats A Warrant Requirement If A Phone Has A Passcode
      The Supreme Court's Riley decision made one thing clear: cellphones are not to be searched without a warrant. Somehow, the Georgia Court of Appeals has reached a different conclusion than the Supreme Court of the United States, even as it cites the ruling. [h/t Andrew Fleischman]

      It's a decision [PDF] that's decidedly law enforcement-friendly. And it's one that will pair nicely with the FBI's overblown "going dark" assertions. An arrested individual requested his phone so he could retrieve a phone number to give to the officers questioning him. Here's what happened once he had retrieved that info.
    • How We Can 'Free' Our Facebook Friends
      In the wake of the recent privacy controversy over Facebook and Cambridge Analytica, internet users and policymakers have had a lot of questions on the topic of “data portability”: Is my social network data really mine? Can I take it with me to another platform if I’m unhappy with Facebook? What does the new European privacy law, the General Data Protection Regulation (GDPR), demand in terms of my being able to export my data? What even counts as my data that I should be able to download or share, and as my friends’ data that I shouldn’t?

      There’s a growing consensus that being able to easily move your data between social platforms, and perhaps even being able to communicate between different platforms, is necessary to promote competition online and enable new services to emerge. But that raises some difficult technical and policy questions about how to balance such portability and interoperability with your and your friends’ privacy interests—and how to guarantee that new privacy efforts don’t have the unintended consequence of locking in current platforms’ dominance by locking down their control over your data.

      To investigate a potential path forward, New America’s Open Technology Institute partnered with Mozilla to host an event earlier this month, “A Deep Dive Into Data Portability: How Can We Enable Platform Competition and Protect Privacy at the Same Time.” It included a tutorial from OTI’s senior policy technologist Ross Schulman on the basic terminology and technologies at issue—for instance, distinguishing between “data portability” and “interoperability,” and explaining what the heck an “Application Programming Interface,” or “API,” is.


    • Post-Carpenter Ruling Says Call Records Aren't Content Or Cell Site Location Info; Thus, No 4th Amendment Protection
      Judicial citations and applications of the recent Supreme Court decision in the Carpenter case continue to roll in. The narrow holding by the Supreme Court was that acquisition of cell site location info (CSLI) now requires a warrant, seeing as it can be used to effectively "track" someone over a period of days or months. Historical CSLI -- especially large amounts of it -- is far more revealing than many other records covered by the Third Party Doctrine. An "equilibrium shift" was needed and the court applied it.

      The shift is trickling down to lower courts, leading to some examinations of the Carpenter ruling in cases that don't appear to call for it. The Supreme Court of California, ruling [PDF] on a case that originated 15 years ago, takes a brief moment to weigh the Carpenter ruling against the specifics of this appeal. (via FourthAmendment.com)

      At stake here -- one of the several challenges raised by the defendant -- are phone records gathered with an SCA court order. Phone records were left undisturbed by the Carpenter ruling, but here's the court's brief examination of the issue.


    • Facebook faces €£500,000 fine from UK data watchdog


    • Facebook is slapped with first fine for Cambridge Analytica scandal


    • Facebook Slapped With “Maximum” U.K. Fine For Cambridge Analytica Scandal
      If you calculate Facebook’s estimated revenue for a period of just 7 minutes, it’ll turn out to be around $665,000. When you compare it to the fine imposed by the U.K. Information Commissioner for Facebook data leak of as many as 87 million users, you won’t notice much difference.


    • Facebook under fresh political pressure as UK watchdog calls for “ethical pause” of ad ops
      The UK’s privacy watchdog revealed yesterday that it intends to fine Facebook the maximum possible (€£500k) under the country’s 1998 data protection regime for breaches related to the Cambridge Analytica data misuse scandal.

      But that’s just the tip of the regulatory missiles now being directed at the platform and its ad-targeting methods — and indeed, at the wider big data economy’s corrosive undermining of individuals’ rights.

      Alongside yesterday’s update on its investigation into the Facebook-Cambridge Analytica data scandal, the Information Commissioner’s Office (ICO) has published a policy report — entitled Democracy Disrupted? Personal information and political influence — in which it sets out a series of policy recommendations related to how personal information is used in modern political campaigns.


    • How I Fully Quit Google (And You Can, Too)

      This guide is to show you how I quit the Googleverse, and the alternatives I choose based on my own research and personal needs. I’m not a technologist or a coder, but my work as a journalist requires me to be aware of security and privacy issues.



    • Polar disables activity map feature over privacy concerns

      The decision was made following a report that the data collected by the map feature can be accessed – relatively easily – by third parties to determine the addresses and other personal details of users, who include military and intelligence officers around the world.

      The report was published by Long Play, a Finnish collective of investigative journalists, De Correspondent, a Dutch news website, and Bellingcat, a British website for citizen journalist investigations. The vulnerability identified in the report is real, Marco Suvilaakso, the chief strategy officer at Polar, confirmed to Uusi Suomi on Monday.





  • Civil Rights/Policing

    • Journalist Held by ICE Speaks: ‘Without a Doubt’ I Was Targeted for My Work

      “ICE is targeting people who speak against them,” he said, “We see cases from all over the country where activists who speak out against ICE are being arrested.”



    • They Thought They’d Left The Surveillance State Behind. They Were Wrong.


      China is using its huge digital surveillance system, and the threat of sending family members to reeducation camps, to pressure minorities to spy on their fellow exiles.


    • Europe Shows a Polarized Supreme Court is Not Inevitable
      United States President Donald Trump has nominated Brett Kavanaugh to replace retiring Supreme Court Justice Anthony Kennedy. His choice solidifies a conservative majority on the nation’s nine-member highest court.

      Trump’s conservative bench could overrule Roe v. Wade, eliminating women’s constitutional right to abortion. It also could condone political gerrymandering and put LGBTQ people at further risk for discrimination by employers, landlords and business owners.

      A politically polarizing court is not inevitable. In some European countries, the judicial appointment process is actually designed to ensure the court’s ideological balance, and justices work together to render consensus-based decisions.


    • Two Sides To Every Coin: When "Security Measures" Become Imprisonment

      The bad (and sadly ironic) part is that we the taxpayers are the source of funding for these unconstitutional measures: our taxes pay for the cages being constructed around us and before our very eyes. The masses are unaware and/or they do not care. A shift is being fostered: a “need” for more security [translation: more surveillance] and more accountability [translation: more control] are forced upon us.

      The public is being shaped and manipulated: having lost conscience, its consciousness is now being molded and made to feel as if there is a need for security, safety, and being led. By appealing to the hierarchy of needs, the powers that be are fostering a climate of fear and creating a need for increased government intervention and control in the interests of security.



    • Reality and the Espionage Act

      Winner’s only crime, literally, was to share information with journalists and the American people about a foreign government’s attempt to hack [sic] U.S. voting systems. State election boards reportedly appreciated Winner’s leak, which gave them the information needed to investigate Russian hacking [sic] attempts and better secure their electronic voting infrastructure.

    • Giants newcomer accuses TSA of spilling mom's ashes


      There’s no recovering this fumble. New York Giants defensive lineman A.J. Francis is slamming Transportation Security Administration inspectors who he says spilled his dead mother’s ashes....


    • How the Fight Against Affirmative Action at Harvard Could Threaten Rich Whites
      Perpetually in jeopardy, the use of racial preferences in college admissions is under greater threat than ever.

      President Donald Trump has scrapped Obama-era guidelines that encouraged universities to consider race as a factor. He has proposed replacing Justice Anthony Kennedy, who wrote the majority opinion in a 2016 case upholding affirmative action by one vote, with the more conservative Brett Kavanaugh. Meanwhile, a lawsuit challenging Harvard’s preferences for Hispanics and African Americans has uncovered the university’s dubious pattern of rejecting academically outstanding Asian-American candidates — who don’t qualify for a race-related boost — by giving them low marks for personality. Either the Harvard case, or a similar lawsuit against the University of North Carolina at Chapel Hill, could put an end to affirmative action.

      If it is abolished, though, there will undoubtedly be increased pressure to also eliminate admissions criteria that favor a very different demographic — children of alumni and donors. Colleges are reluctant to drop these preferences of privilege for fear of hurting fundraising. But the political price of clinging to them could be significant.


    • Trump pardons Oregon ranchers who sparked 2016 militia standoff
      President Donald Trump has pardoned two Oregon cattle ranchers whose sentence for arson led armed militiamen to seize control of a wildlife refuge in 2016.

      Dwight Hammond, 76, and his son Steven Hammond, 49, were convicted in 2012 after a prescribed burn on their land spread to nearby public lands in 2001.

      The pair served time in jail, but a judge later ruled that they must serve their full five-year sentence.

      The ruling sparked anti-government protests that left one rancher dead.

      "The Hammonds are devoted family men, respected contributors to their local community and have widespread support from their neighbours, local law enforcement and farmers and ranchers across the West," the White House said in statement on Tuesday announcing their full pardon.

      "Justice is overdue for Dwight and Steven Hammond, both of whom are entirely deserving of these Grants of Executive Clemency.''


    • The Supreme Court Doesn't Have to Overturn Roe to Eviscerate Abortion Rights
      A new Supreme Court could effectively decimate women’s access to abortion, even without overturning Roe outright.

      Now that President Donald Trump has nominated Brett Kavanaugh to replace Justice Anthony Kennedy on the Supreme Court, it will be up to the Senate to fully vet him so that the American people can determine whether he will uphold the basic civil rights and liberties relied on by everyone in this country. This is particularly true when it comes to abortion rights, where Kavanaugh’s prior opinions on the subject, coupled with the fact that Donald Trump vowed to only nominate justices who would overturn Roe v. Wade, give rise to serious concern about women’s continued ability to access abortion if Kavanaugh is confirmed.

      The ACLU as a matter of policy does not endorse or oppose nominees to the Supreme Court. But we do think it’s essential, given Trump’s promise, that any nominee is questioned extensively and directly about their commitment to the 45-year-old precedent of Roe v. Wade.

      Some background is in order. Roe v. Wade made abortion legal in all 50 states by holding that politicians cannot constitutionally ban abortion — except after the point in pregnancy at which the fetus could survive outside the woman’s body. The 1973 decision nullified abortion bans across the country, but it provided imperfect protection for abortion access. Shortly after the decision, the Supreme Court held that politicians may exclude abortion coverage from Medicaid and may require parental or judicial involvement in a minor’s abortion decision. Those rulings cruelly placed abortion out of reach for many people — especially low-income women and, disproportionately, women of color.
    • Nevada Plans to Execute Prisoner Using a Risky and Experimental Drug Cocktail
      The state will use a controversial execution drug known to have played a part in numerous botched executions.

      On July 11, the state of Nevada will execute death-row prisoner Scott Dozier. To do so, the state has decided to use an experimental protocol that incorporates a drug — Midazolam — that has been associated with multiple botched executions across the United States. Allowing the government to execute a person using a protocol that risks torture would be a grave injustice. Nevadans must demand better.

      The road to this upcoming execution has been a tumultuous one.

      The state previously planned to execute Dozier in November of 2017 using an untested and unusual three-drug cocktail comprised of Diazepam, a sedative; Fentanyl, a narcotic; and Cisatracurium, a paralytic. Although Dozier volunteered for execution, he still recognized the state’s independent responsibility to act in a constitutional manner and brought a motion to determine the lawfulness of using a paralytic in his execution. Dozier argued that use of a paralytic needlessly risked inflicting death by suffocation, with physical abuse akin to waterboarding.

      The Nevada trial court agreed. It found that the use of a paralytic would carry a substantial and “objectively intolerable risk of harm” to Dozier in violation of his Eighth Amendment rights under the U.S. Constitution to be free of cruel and unusual punishment and corresponding rights under Article 1, Section 6 of the Nevada Constitution.

      The state of Nevada, however, refused to move forward without the paralytic and appealed to the Nevada Supreme Court. Although the Nevada Supreme Court eventually overturned the trial court decision on procedural grounds, it never ruled on the constitutionality of using a paralytic in connection with Dozier’s execution, leaving an open question of whether the state is acting within the bounds of the U.S. and Nevada Constitutions.
    • When Your Constitutional Rights Are Violated but You Lose Anyway
      The Supreme Court must close an unjust loophole it created, which allows constitutional misconduct to go unpunished.

      Beginning in 2010, a Connecticut man, Almighty Supreme Born Allah, spent over six months in solitary confinement. He was alone for 23 hours a day, allowed to shower just three times a week in underwear and leg shackles, and permitted only one 30-minute visit each week with a family member, whom he was not allowed to embrace, let alone touch. Studies have shown that this kind of isolation can result in clinical outcomes similar to those of physical torture, which is why numerous international human rights bodies have condemned the prolonged use of solitary confinement.


    • Federal Court Says Taking People's Drivers Licenses Away For Failure To Pay Court Fees Is Unconstitutional
      Good news out of Tennessee, via Christian Farias: a federal court has struck down the state's modern debtor's prison system.

      In Tennessee, if you fail to pay court fines and other fees associated with an arrest or imprisonment for more than a year, your driver's license is revoked. While it may not be as punitive as rounding up debtors and locking them up again (which obviously severely restricts their ability to pay off their debt), it basically serves the same purpose. Someone without a valid driver's license will find their ability to earn income restricted. Driving to and from work with a revoked license just raises the risk of being fined or arrested, placing residents even further away from settling their debts with the government.




  • Internet Policy/Net Neutrality

    • Charter Spectrum's New 'Unlimited' Wireless Service Bans HD Video Entirely
      Last week we noted how Comcast had imposed new limits on its shiny new "unlimited" wireless plans. The company informed users of its Xfinity Wireless service that moving forward, all video on the service would be throttled back to 480p, with plans to begin charging you more if you want to watch your video in full HD quality. As we noted then, this was just a continuation of a theme already established by wireless carriers like T-Mobile and Sprint, which involved imposing arbitrary throttling thresholds for games, music and video, then charging you additional money to get around those bogus limitations.

      It shouldn't be particularly hard to see how imposing arbitrary limits that impede your ability to experience content as the originators intended sets a terrible precedent. And should the FCC's net neutrality repeal survive its looming legal challenge, you're going to see wireless carriers and ISPs slowly embrace more and more of this sort of thing, at least once they know for sure that the government has zero interest in actually policing such "creative" abuse of a broken market. What we're seeing now is just the orchestra getting warmed up.




  • DRM



    • Latest Denuvo Version Cracked Again By One Solo Hacker On A Personal Mission
      Denuvo is... look, just go read this trove of backlinks, because I've written far too many of these intros to be able to come up with one that is even remotely original. Rather than plagiarize myself, let me just assume that most of you know that Denuvo is a DRM that was once thought to be invincible but has since been broken in every iteration developed, with cracking times often now down to days and hours rather than weeks or months. Key in this post is that much if not most of the work cracking Denuvo has been done by a single person going by the handle Voksi. Voksi is notable not only for their nearly singlehandedly torpedoing the once-daunting Denuvo DRM, but also for their devotion to the gaming industry and developers that do things the right way, even going so far as to help them succeed.

      Well, Voksi is back in the news again, having once again defeated the latest build of Denuvo DRM.


    • Latest Denuvo Anti-Piracy Protection Falls, Cracker ‘Voksi’ On Fire


      The latest variant of the infamous Denuvo anti-piracy system has fallen. Rising crack star Voksi is again the man behind the wheel, defeating protection on both Puyo Puyo Tetris and Injustice 2. The Bulgarian coder doesn't want to share too many of his secrets but informs TorrentFreak that he won't stop until Denuvo is a thing of the past, which he hopes will be sooner rather than later.




  • Intellectual Monopolies



    • Datamaran's Non-financial Risk Management Patents have been Published
      Datamaran - the global leader in Software as a Service (SaaS) solutions for non-financial risk management - has announced today that three of its patent applications have been published with their approval pending. Through its technology, Datamaran enables a systematic and thorough monitoring and analysis of Environmental Social Governance (ESG) risks.

      The three patents Datamaran has applied for in 2016 have now been published and are available on the World Intellectual Property Organisation website - the United Nations' agency that oversees and promotes the protection of intellectual property. The patents support the company software's backbone as they cover its business intelligence, regulatory and data processing methods and systems. As a result of years of collaboration between the leading ESG and risk management experts as well as data scientists and technology professionals, these inventions protect Datamaran's proprietary technology.


    • Study Reconsiders “Public Domain” In The Protection Of Traditional Knowledge
      The study, entitled, “Wandering footloose: Traditional knowledge and the ‘Public Domain’ revisited,” by University of Ottawa law professor Chidi Oguamanam, is available here.

      The idea of a public domain in intellectual property rights is that of limited term rights where such rights are seen as a trade-off as part of a social contract.

      “The state incentivises those who have made useful innovations or other creative works by way of a state sanctioned monopoly,” the paper states. “At the end of the monopoly, they are required to hands-off or take off tolls on the innovation so that it would be flushed into the sinkhole of the public domain for members of the public to freely access for various ends, including the creation of more useful innovation(s).”

      Regarding this public domain, the study highlights that the United States and its allies have been putting pressure on traditional knowledge stakeholders concerning the protection of traditional knowledge. These countries are of the view that effective protection of traditional knowledge will “undermine” the public domain, the study explains.


    • Artificial intelligence and the future of the patent system
      There are myriad issues facing the global patent system which, if not addressed, could lead to a decline in its use. Put simply, there is way too much data for humans to properly digest. In this month’s Clarivate Analytics guest piece, Ed White – director of IP analytics at the firm – argues that a closer focus on artificial intelligence could help to solve this existential problem.


    • Cantargia Receives Intention to Grant Notification From EPO for Expanded Patent Protection in Treatment of Solid Tumours [Ed: patents on cancer treatments are bad. What’s wrong with them? See [1, 2].]
      Cantargia AB announce that the European Patent Office (EPO) has issued an Intention to grant notification for the company's divisional (second, follow-up) patent application regarding use of IL1RAP as a target for antibody therapy in solid tumours. The patent application has application number 15197139.7. Cantargia has previously received formal patent approval in Europe and other major territories for use of IL1RAP as target molecule for antibody therapy of several types of tumours.


    • WIPO Launches Coordinated Examination before Top Five Patent Offices
      The World Intellectual Property Organization (WIPO) launched a pilot program on July 1st termed Collaborative Search and Examination (CS&E) that will enable an applicant to have searching performed by all five of the major global patent offices (the USPTO, European Patent Office (EPO), Chinese Patent Office (SIPO), Japan Patent Office (JPO), and Korean Intellectual Property Office (KIPO)).

      According to WIPO, the program has the following features: it is "applicant driven," insofar as applicants must request searching under the pilot program. It envisions a "balanced workload distribution," wherein each office will perform a search as a "main ISA" for 100 applications and perform "peer ISA" searches for another 400 applications for the two years of the pilot program. Finally, each ISA will use a "common set of quality and operational standards" in performing the searches. Initially, all applications accepted into the pilot program must be filed in the English language (although WIPO anticipates that it may accept applications in other languages later in the program).


    • Women in IP Global Network Interview: Gender inequality in Germany
      The Act on Equal Participation of Women and Men regarding Leadership Positions within the Sectors of Private Economy and Public Service is one piece of legislation that has been brought in to improve gender balance at work.


    • Spain: Rosuvastatina, Court of Appeal of Barcelona, Ruling no. 59/2018, 16 May 2018
      The influential Barcelona Court of Appeal corrected a finding of the Barcelona Patents Court, which – to great surprise – had lifted an injunction on finding that Swiss-type claims were affected by the Spanish Reservation to the European Patent Convention, and thereby ineffective in Spain. Although this decision arrived only after SPC expiry and thus much too late for this particular case, which concerned a top-selling blockbuster, it is nevertheless a welcome relief for Spanish patentees in similar situations.
    • Trading Partners Led By US, EU, Take China To Task In WTO Forum Over Weak Protection Of IP Rights
      Dennis Shea, the US ambassador to the WTO, cited “inadequate protection and enforcement of intellectual property rights” among a long list of alleged Chinese unfair trade measures that adversely affect the commercial interests of foreign competitors.

      On 10 July, US Trade Representative Robert Lighthizer in announcing the initiation of a new batch of punitive measures (10% tariffs on an additional $200 billion of Chinese imports) under Section 301 of the Trade Act of 1974, said, “for many years, China has pursued abusive trading practices with regard to intellectual property and innovation.”

      However, Wang Shouwen, China’s vice minister of Commerce, called on WTO members attending a review of China’s trade regime in Geneva on 11 July “to firmly stand up to trade bully, protectionism and unilateralism… and to tackle the systemic threats posed by such unilateralism actions as Section 232 and 301 investigations to the WTO.”


    • Copyrights



      • UK copyright infringement falls among young consumers
        New research suggests young people are infringing less and indicates that more people are paying for content
      • We’ve Redesigned the CC License “Legal Code” Pages
        Last week, we launched a redesign of Creative Commons’ various license (aka “legal code”) pages. See one for yourself. In this post, I’ll spell out what the changes are and why we made them.

        The most obvious change we made is updating the overall look of the pages so that they resemble the rest of the Creative Commons website, which was redesigned back in September 2016, as well as the CC license “deed” pages (e.g. the CC BY 4.0 deed), which were redesigned in 2017. We’d always intended to pull the design of the license/legal code pages up in line with the deeds, but the deeds took precedence, since they are the most frequently viewed pages on our website. I’m happy to say that we’ve finished the project with this latest design update.
      • Shocker: DOJ's Computer Crimes And Intellectual Property Section Supports Security Researchers DMCA Exemptions
        Well here's a surprise for you. The DOJ's Computer Crime and Intellectual Property Section (CCIPS) has weighed in to support DMCA 1201 exemptions proposed by computer security researchers. This is... flabbergasting.

        In case you don't know, Section 1201 of the Digital Millennium Copyright Act (DMCA) is the "anti-circumvention" part of the law. It's the part of the law that makes it infringement to get around any "technological measure" to lock down copyright covered material, even if breaking those locks has nothing whatsoever to do with copyright infringement. It's a horrible law that has created all sorts of negative consequences, including costly and ridiculous lawsuits about things having nothing to do with copyright -- including garage door openers and printer ink cartridges. In fact, Congress knew the law was dumb from the beginning, but rather than dump it entirely as it should have done, a really silly "safety valve" was added in the form of the "triennial review" process.

        The triennial review is a process that happens every three years (obviously, per the name), in which anyone can basically beg the Copyright Office and the Librarian of Congress to create exemptions for cracking DRM for the next three years (an exemption -- stupidly -- only lasts those three years, meaning people have to keep reapplying). Over the years, this has resulted in lots of silliness, including the famous decision by the Librarian of Congress to not renew an exemption to unlock mobile phones a few years back. Many of the exemption requests come from security researchers who want to be able to crack systems without being accused of copyright infringement -- which happens more frequently than you might think.
      • Google’s “View Image” Is Gone, Here Are 3 Alternatives To Get Your Favorite Images
        In early 2018, Google’s move of removing the “View Image” button from the image search results might have broken the hearts of many. Particularly those who rely on the platform to source images for their different needs.

        The change was the result of an agreement Google had with Getty Images over the display of copyrighted content in Google Images search results. In addition to it, the ‘Search by Image’ option has also been removed.


      • Swedish Court Sentences ‘Pirate’ IPTV Operators to Prison

        Three men connected to the IPTV operation ATN have been sentenced to prison and ordered to pay damages of $24 million. The company, which generated millions in profits and served over 70,000 customers at its height, has since gone bankrupt. The case was filed by the Qatari company beIN Sports, which is battling unauthorized broadcasts on several fronts.



      • The EU’s Controversial Digital Single Market Directive – Part I: Why the Proposed Internet Content Filtering Mandate Was So Controversial

        While it is certainly good news that the EU Parliament decided against giving a rubber stamp to the DSM proposal in its current form, the battle over Article 13 is far from over. The EU Parliament will be taking up further proceedings about it in the fall of 2018, but its proponents can be expected to mount a new campaign for its retention.









Recent Techrights' Posts

Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
 
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024
Gemini Links 21/11/2024: Alphabetising 400 Books and Giving the Internet up
Links for the day
Links 21/11/2024: TikTok Fighting Bans, Bluesky Failing Users
Links for the day
Links 21/11/2024: SpaceX Repeatedly Failing (Taxpayers Fund Failure), Russian Disinformation Spreading
Links for the day
Richard Stallman Earned Two More Honorary Doctorates Last Month
Two more doctorate degrees
KillerStartups.com is an LLM Spam Site That Sometimes Covers 'Linux' (Spams the Term)
It only serves to distract from real articles
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 20, 2024
IRC logs for Wednesday, November 20, 2024