EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.30.18

Feeling Shut Out of the European Patent System, Team UPC Persists With Misleading Claims and Falsehoods

Posted in Deception, Europe, Patents at 6:05 pm by Dr. Roy Schestowitz

The litigation ‘industry’ wants to control everything, including the underlying rules/laws

Man with shadow

Summary: Just like the patent microcosm in the US (facing 35 U.S.C. § 101 and the Patent Trial and Appeal Board (PTAB)), Europe’s patent microcosm is looking to mislead clients, encouraging them to pursue patents which would be of no real value

THE EPO does not grant so-called ‘unitary’ patents. It probably never will. The USPTO grants patents that can theoretically be leveraged in any US state, but there too — after TC Heartland (SCOTUS) — there are serious limitations. We’ll say more about it in the weekend.

Europe needs unity. But that does not mean it needs the so-called ‘unitary’ patent court, sometimes known as UPC or Unitary Patent. Calling litigation, raids and embargoes “unity” or “unitary” is just laughable because these things divide, they do not unite. We have spent almost a decade writing about it — going back to the days it was euphemistically labeled “EU patent”, “community patent” etc. They keep shuffling euphemisms, hoping that some nonsensical term eventually sticks. Maybe they’ll rename again in the future.

In this post we’d like to draw attention to new misinformation. Earlier this week, over at the patent trolls’ lobby (IAM), Melanie Stevenson from Carpmaels & Ransford LLP (together with Roger Lush and David Holland) perpetuated the famous two lies about UPC. She said this: “Looking to the future, the government proposes that the “UK should continue to participate in the unitary patent system and the Unified Patent Court that underpins it”, confirming the United Kingdom’s long-held desire to participate in this new pan-European system. The arrival of the new patent and associated court continues to be delayed by the constitutional challenge in Germany, but once that is complete the new system could be ready to launch in 2019. Further news is anticipated regarding how the government and the European Union could work together in order to preserve the geographical breadth of the new system, which is one of its key selling points.”

A selling point to who? Patent trolls, sure. And their legal representatives, i.e. firms like hers.

AWA’s Sofia Willquist, whom we mentioned here before, also pretends that UPC is inevitable, but the so-called ‘unitary’ patent is dead except in the eyes of dyed-in-the-wool believers (because they stand to gain financially). Quoting Willquist’s new post: “With regards to patents, current validations of European patents in the UK will remain unaffected by the Brexit, and as set out by the UK IPO the UK thus intends to stay in the Unified Patent Court and unitary patent system after leaving the EU.”

How can you “stay” in something that does not even exist? These are loaded statements. They’re crafted to deceive.

Here is another new example, coming from a new interview with Kerry Flynn, vice president and chief IP counsel at Vertex Pharmaceuticals Incorporated. He said this: “In our industry we are now considering the impact of the unitary patent system and Brexit in Europe, and inter partes review proceedings in the United States.”

He’s alluding to UPC, which does not exist, then to PTAB inter partes reviews (IPRs), which are generally feared by companies like his. It’s similar to the Boards of Appeals which Battistelli attacked so viciously for at least 4 years.

The Boards of Appeals generally help ascertain patent quality (at least in theory if not in practice too, assuming they’re truly independent). The Boards of Appeals were recently brought up by Mitscherlich PartmbB's Christian Rupp and earlier this week he brought them up again:

Parameters, i.e. new medical values or ranges, are typical limiting features of claims. In the following guidance shall be given as how to avoid pitfalls in the context of parameters and claims and their associated measurement methods.

[...]

In the past, the EPO had taken the view (see e.g. T464/05 of May 14, 2007) that the absence of information in the application/patent regarding the method for measuring a crucial parameter implies substantial differences in the measured values obtainable when using one or the other of possible measuring methods known from the prior art. In the decision T464/05 this had been considered as being objectionable under Art. 83 EPC.

However, meanwhile the Boards of Appeal of the EPO have developed a more subtle approach (see e.g. T608/07 and T482/09 of 2009 and 2011, respectively). In T608/07 the Board had taken the view that an objection of insufficiency of disclosure (Art. 83 EPC) is only justified when the discrepancy in the measured values is of such magnitude that it “permeates the whole claim“ and „hence deprives the skilled person of the promise of the invention”.

As we said in response to Rupp’s writings last week, the Boards of Appeals no longer enjoy even the perception of independence and the EPC no longer applies/holds at the EPO, which repeatedly violated it. Rupp would be wiser to actually tackle EPO scandals, highlighting some of the issues presently under consideration at the German FCC.

Don’t expect the FCC to give the ‘green light’ to UPC Agreement (UPCA) ratification; besides, it can take another year if not a couple more years for the FCC to decide. By that stage, a lot will have changed; the EPO, for example, already rots. We are still deeply concerned about what Battistelli and Michel Barnier have done, knowing that France is reserved a special role in the imaginary (hypothetical) UPC. We suppose Battistelli still fantasises about making a ‘comeback’ as head of UPC, knowing the role is destined to be France’s. Battistelli is a profoundly corrupt person with a proven history of attacks on justice, on judges, and even fundamental laws, treaties (e.g. EPC) and so on. Only a crooked or highly misled FCC would allow the UPCA to move ahead.

António Campinos Already Implements a ‘Shadow’ Layoffs Method at the EPO

Posted in Europe, Patents at 5:27 pm by Dr. Roy Schestowitz

Not a novel trick

Microsoft’s contractor crackdown: ‘Shadow layoff’ could force big cultural changes inside company

Summary: Battistelli’s French successor, whom he chose (António Campinos has long known Battistelli), carries on with the destruction of the EPO — a destruction which was triggered by Battistelli’s awful policies and incredibly bad strategy

THE INEVITABLE has begun; we saw that coming, as did SUEPO, the EPO‘s staff union. It wasn't even hard to see it coming, knowing that the Office is now run/governed/crushed under António Campinos, who long enjoyed if not exploited immunity; he quite likely breaks EU law when he fires many workers (even in his EU-IPO days).

“This means that the process of actual examination isn’t valued/cherished anymore.”Today’s EPO does not value patent quality, only the speed (and volume) of granting. This means that the process of actual examination isn’t valued/cherished anymore. As we have been pointing out many times since July, under António Campinos the EPO constantly promotes software patents (about 2-3 times per day!) — a lot more than under Battistelli. Is this what the EPO foresees as its future? Granting a lot of bogus monopolies? Courts would not honour these. Watch what Jacobacci & Partners has just published; They’re just calling software “AI” — as the EPO now encourages (about twice a day, sometimes even more!) — to patent code/algorithms.

“As we have been pointing out many times since July, under António Campinos the EPO constantly promotes software patents (about 2-3 times per day!) — a lot more than under Battistelli.”Citing this recent post, earlier this week I responded to the German FCC after it had posted a link to this new press release titled “Effective protection of fundamental rights must be guaranteed where sovereign powers are transferred to supranational organisations”.

“The abuses associated with UPC have destroyed the EPO in Munich,” I told them politely. “The EPO is not compatible with anything in the Western world,” I said in relation to this remark from Benjamin Henrion (FFII): “EPO maladministration cannot be brought in front of a court, EPO has legal immunity “It guarantees the basic right to challenge measures of public authority before a court.””

To quote the FCC itself:

Laws that transfer sovereign powers to international organisations (Art. 24(1) of the Basic Law, Grundgesetz – GG) are, as acts of German state authority, bound by the fundamental rights. The core content (Wesensgehalt) of fundamental rights must be guaranteed also with regard to supranational powers. Where sovereign powers are transferred to international organisations, the legislature is obliged to ensure the minimum protection of fundamental rights required under the Basic Law. In addition, within the scope of their competences, all constitutional organs are obliged to take steps towards upholding the minimum standard of fundamental rights protection required under the Basic Law. This obligation applies to the establishment of an international organisation as well as its entire existence. The minimum standard of fundamental rights protection required under the Basic Law includes the guarantee of effective and comprehensive legal protection.

In an order published today, the Second Senate of the Federal Constitutional Court dismissed as inadmissible a constitutional complaint because violations of these requirements were not sufficiently substantiated. The constitutional complaint was directed against judgments of the Frankfurt am Main Higher Regional Court (Oberlandesgericht) and the Federal Court of Justice (Bundesgerichtshof), which held that there was no domestic legal protection against a decision of the Board of Governors of the European Schools, an international organisation, to increase school fees.

[...]

The complainants’ challenge of the German Act of Approval to the Convention defining the Statute of the European Schools does not satisfy the requirements to state reasons. They did not sufficiently substantiate why the Act might be essential or unconstitutional. It cannot be inferred from the complainants’ submission that the Act has become unconstitutional over time because the Board of Governors did not ensure effective legal protection, which led to structural shortcomings regarding implementation. In particular, the complainants did not set out that the report including reasons of the Chairman of the Complaints Board of 8 November 2004, in which he declared that the Complaints Board is not competent for the review of school fee increases, was not just an error of judgment in the individual case.

It is worrying to see that Germany’s relative apathy towards EPO abuses now dooms the Office. As an insider explained a few hours ago, the EPO is in effect laying off a lot of workers:

But Märpel could find an excel program called “Early Certainty Timeliness Simulator”. Do not ask for a download: it only works within the EPO intranet. It was not designed that way for security: more simply it keeps itself up to date on statistics by downloading new ones from the internal databases: new patents filed, patents already searched, grants and withdrawals, etc…

The “Early Certainty Timeliness Simulator” computes future workload per directorate, draws a set of nice curves, etc… Märpel took some time to play with it. In most directorates, stock will reach zero within one or 2 years.

Märpel can only hope for a serious bug in that software. But if the software is right, Märpel knows why President Campinos is not too worried about difficulties in recruiting. And he is not: projections distributed to managers show no recruitment until 2024: 6 years!

How many people will have left by then? Maybe a thousand of so (people are being pushed out). So that’s their way of implementing gradual layoffs. They hope nobody will notice.

“There are even more pressing issues to discuss because the leadership of the EPO now puts at risk/peril Europe’s patent regime.”As mentioned by some Twitter accounts and by SUEPO, the “EPO staff committees reveal three pillars for dialogue with Campinos”. It’s about an article from yesterday which said:

The European Patent Office’s (EPO) Local Staff Committees of Munich and Berlin have outlined three key pillars as a starting point for dialogue with new EPO president António Campinos.

In a post by the committees, three pillars, covering work, social, and legal issues were discussed, with a view to bring “further topics” in the future.

On the first pillar, work, the committees said that “challenging people” represents one of the main strategies of the EPO management to increase productivity and motivate staff, but that this strategy “incited EPO managers to develop a broadly negative perception of their staff and vice-versa”.

“It contributed to a strong production increase at the cost of open collaboration, discussion culture, trust and patent quality.”

The committees said that current production targets were the “wrong incentives” and threaten patent quality.

There are even more pressing issues to discuss because the leadership of the EPO now puts at risk/peril Europe’s patent regime. It’s still Battistelli’s and Michel Barnier‘s UPC strategy, which failed pretty badly because the FCC likely dealt the final blow to the UPC, which is simply unconstitutional and definitely fails to address the needs of Europe; it’s about the needs of some law firms and their multinational clients, including patent trolls. We’ll say more about the UPC in our next post.

Links 30/8/2018: Foundations of Free Software Growing, Mesa 18.2 RC5 Released

Posted in News Roundup at 4:23 pm by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

  • Server

    • Open source hypervisor technical support, update considerations

      Even though open source software itself is completely free to obtain and use, effective hypervisor technical support options for production environments might cost money.

      [...]

      Ultimately, an open source hypervisor might lack a meaningful development roadmap. Features, compatibilities and optimizations might take years to arrive, if ever, depending on the skills and objectives of the developer community. And effective technical support options might cost money, even though the open source software itself is completely free to obtain and use. This means it’s extremely important for potential adopters to perform extensive due diligence testing before adopting an open source hypervisor.

  • Kernel Space

    • The Performance Cost Of Spectre / Meltdown / Foreshadow Mitigations On Linux 4.19

      One of the most frequent test requests recently has been to look at the overall performance cost of Meltdown/Spectre mitigations on the latest Linux kernel and now with L1TF/Foreshadow work tossed into the mix. With the Linux 4.19 kernel that just kicked off development this month has been continued churn in the Spectre/Meltdown space, just not for x86_64 but also for POWER/s390/ARM where applicable. For getting an overall look at the performance impact of these mitigation techniques I tested three Intel Xeon systems and two AMD EPYC systems as well as a virtual machine on each side for seeing how the default Linux 4.19 kernel performance — with relevant mitigations applied — to that of an unmitigated kernel.

    • Linux Foundation on Track for Best Year Ever as Open Source Dominates

      Zemlin noted that Linux now represents 100 percent of the supercomputer market, 90 percent of the cloud, 82 percent of the smartphone market and 62 percent of the embedded systems market. He added that in every market Linux has entered, it eventually dominates.

      The Linux Foundation in 2018 is about much more than Linux and is home to the world’s largest SSL/TLS certificate authority with Let’s Encrypt. It is also home to the Cloud Native Computing Foundation (CNCF), which runs the Kubernetes container orchestration project.

      Zemlin noted the Linux Foundation’s Automotive Grade Linux project is now backed by 12 major auto vendors and is slated for production in millions of vehicles worldwide. The Hyperledger project is another Linux Foundation led effort, which is developing enterprise blockchain technologies.

    • Linux Kernel Developer Criticizes Intel for Meltdown, Spectre Response

      At the Open Source Summit North America here on Aug. 29, Greg Kroah-Hartman warned attendees about the severe impact the Meltdown and Spectre CPU vulnerabilities could have on them, as well as detailed how Linux kernel developers are dealing with the flaws.

      Kroah-Hartman is one of the world’s leading Linux kernel developers, with responsibility for maintaining the stable Linux kernel, and is employed by the Linux Foundation as a Fellow. During his talk, Kroah-Hartman detailed the root impact and the response of Linux kernel developers for seven variants of Meltdown and Spectre, though he saved his strongest criticism for Intel’s initial disclosure.

      “Jann Horn discovered the first issues in July of 2017, but it wasn’t until Oct. 25 of last year that some of us in the kernel community heard rumors of the flaw,” he said. “That’s a long time, and we only heard rumors because another very large operating system vendor told Intel to get off their tails and tell us about it.”

    • Supporting the NDS32 Architecture

      It looks like there’s no controversy over this port, and it should fly into the main tree. One reason for the easy adoption is that it doesn’t touch any other part of the kernel—if the patch breaks anything, it’ll break only that one architecture, so there’s very little risk in letting Green make his own choices about what to include and what to leave out. Linus’s main threshold will probably be, does it compile? If yes, then it’s okay to go in.

      The situation may start to become interesting if other parts of the kernel begin offering special behaviors for the NDS32 architecture, and if those behaviors start deviating too far from other architectures. For example, some architectures have special memory managing features that the kernel proper can take advantage of. Once NDS32 starts influencing code in other parts of the kernel, that likely would be the time Green’s patches start to get a lot more scrutiny.

    • Linux kernel 4.18: Better security, leaner code

      The recent release of Linux kernel 4.18 followed closely by the releases of 4.18.1, 4.18.2, 4.18.3, 4.18.4, and 4.18.5 brings some important changes to the Linux landscape along with a boatload of tweaks, fixes, and improvements.

      While many of the more significant changes might knock the socks off developers who have been aiming at these advancements for quite some time, the bulk of them are likely to go unnoticed by the broad expanse of Linux users. Here we take a look at some of the things this new kernel brings to our systems that might just make your something-to-get-a-little-excited-about list.

    • Linux Foundation

      • Solving License Compliance at the Source: Adding SPDX License IDs

        Accurately identifying the license for open source software is important for license compliance. However, determining the license can sometimes be difficult due to a lack of information or ambiguous information. Even when there is some licensing information present, a lack of consistent ways of expressing the license can make automating the task of license detection very difficult, thus requiring significant amounts of manual human effort. There are some commercial tools applying machine learning to this problem to reduce the false positives, and train the license scanners, but a better solution is to fix the problem at the upstream source.

        In 2013, the U-boot project decided to use the SPDX license identifiers in each source file instead of the GPL v2.0 or later header boilerplate that had been used up to that point. The initial commit message had an eloquent explanation of reasons behind this transition.

      • Yocto Project Welcomes New Members, Advances Open Source Embedded Systems Through Momentum

        The Yocto Project, an open source collaboration project that helps developers create custom Linux-based systems for embedded products, today announces continued growth with two new platinum members, an upcoming project release and ongoing community engagement.

        The Yocto Project provides a flexible set of tools and a space where embedded developers worldwide can share technologies, software stacks, configurations, and best practices to create tailored Linux images for embedded and Internet of Things (IOT) devices. The Yocto Project launched in 2011 and currently has over 22 active members.

      • Arm and Facebook join Yocto Project

        Arm and Facebook have joined Intel and TI as Platinum members of the Yocto Project for embedded Linux development. Meanwhile, the Linux Foundation announced 47 new Silver members.

        The Linux Foundation’s seven-year old Yocto Project was originally an Intel project, and the chipmaker has continued to nurture it over the years. Yet, the Yocto Project’s collection of open source templates, tools, and methods for creating custom embedded Linux-based systems was quickly embraced by the Arm world as well as x86. Now, the technology’s presence in Arm Linux has been reinforced at the membership level with Arm and Facebook joining Intel and Texas Instruments as Platinum members. In other news, the Linux Foundation announced 51 new Silver and Associate members (see farther below).

      • Google Hands Off Kubernetes to the Cloud Native Computing Foundation, Kinetica Joins Automotive Grade Linux, NordVPN Releases NordVPN Linux App, Storj Labs Announces The Open Source Partner Program and Update on Librem 5 Phone

        Google is handing over control of the Kubernetes project to the Cloud Native Computing Foundation. According to the TechCrunch post, Google is providing the foundation $9 million in Google Cloud credits to help cover the costs of building, testing and distributing the software.

      • Going Deeper and More Distributed, Linux Introduces Two New Projects

        There seems to be no stopping the Linux Foundation these days, as their support of open source code and positively disrupting entire industries continues, this week with the announcement of two new projects: Angel and Elastic Deep Learning (EDL).

        This comes at a time when the world’s largest telecom and technology companies are joining the Foundation and contributing substantial projects and source code; in the case of these latest projects, they surfaced as part of the LF Deep Learning Foundation, introduced in March of this year. LF Deep Learning is an umbrella organization to support open source innovation in AI, ML and deep learning.

        AT&T and Tech Mahindra were among the founding members of Deep Learning and donated their Acumos AI project to get a big and growing party started. Acumos is a platform for the development, discovery and sharing of AI models and AI workflows, and is being leveraged by heavyweight co-founders Amdocs, Huawei, Nokia, ZTE, Tencent and Baidu.

      • Corporate Open Source Programs are on the Rise as Shared Software Development Becomes Mainstream for Businesses

        “Almost every organization today uses open source code and it has become table stakes for most businesses, even though it’s not always fully understood at the executive or strategic level,” said Chris Aniszczyk, CTO of the Cloud Native Computing Foundation and Co-Founder of the TODO Group at The Linux Foundation. “The results of the Open Source Program Management Survey point to a growing awareness by decision makers of the need for formal open source programs and policies to manage how open source code is used and produced, as well as an increasing understanding of how it can be strategically integrated into a company’s business plans.”

    • Graphics Stack

      • AMD ROCm 1.8.3 Released To Fix Breakage With Latest Ubuntu 18.04 Kernel

        While still waiting on the ROCm 1.9 release to happen, version 1.8.3 of the Radeon Open Compute stack was released for Linux systems.

        This latest point release to ROCm 1.8 comes just to fix a build regression against the latest Ubuntu 18.04 kernel update.

      • mesa 18.2.0-rc5

        The fifth release candidate for the Mesa 18.2.0 is now available.

      • Mesa 18.2-RC5 Released With Another

        Mesa 18.2 will be slipping into September with two open Intel driver bugs still blocking the official release.

        Andres Gomez of Igalia announced the fifth release candidate of Mesa 18.2 on Thursday. There are 23 bugs part of the RC5 release. But a SynMark performance regression and OpenGL Piglit test case failure both with the Intel driver stack are blocking the official 18.2.0 release, which was originally talked about for last week.

      • Introducing freedesktop.org GitLab

        This is quite a long post. The executive summary is that freedesktop.org now hosts an instance of GitLab, which is generally available and now our preferred platform for hosting going forward. We think it offers a vastly better service, and we needed to do it in order to offer the projects we host the modern workflows they have been asking for.

        In parallel, we’re working on making our governance, including policies, processes and decision making, much more transparent.

    • Benchmarks

      • pvmove speed

        The left part is with pvmove. The right part, two and a half times as fast, is with… tar piping to tar.

        Oh well, I remember the days when pvmove was 1–2 MB/sec. But it’s still not very impressive :-)

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • My experience in Akademy.

        And there I was: Flying the longest flight I’ve ever flown. The journey had started two years ago, when I joined Nitrux. I was a very excited about it! After lots of lines of code (and days, too), I was traveling to Guatemala City, expectant about how would Akademy was going to be like. After landing on Alajuela, again on Madrid, and finally on Vienna, I found myself amazed. I was there! I was there!

        Akademy started for me on august 14, because of a delay on my flight. That day I assisted to the Maui Project BoF, which was lead by my friend Camilo, and to the Kirigami BoF. Both of them were great, as I met awesome people in there and I learnt a bunch of interesting things about Kirigami. After that, I walked by the streets of Vienna with my good friend Uri.

      • Improve your C++ code in KDevelop with Clang-Tidy

        You might be aware of Clang-Tidy, the clang-based C++ “linter” tool which allows static analysis of your code, including fixing it automatically where possible.
        And you remember the introduction of the “Analyzer run mode” with version 5.1 of KDevelop, the extensible cross-platform IDE for C, C++, Python, PHP and other languages.

        [...]

        Learn more about the kdev-clang-tidy plugin from its README.md file, e.g. how to build it, how to package it, how to use it, where to report issues, and what the planned roadmap is.

        The latest released kdev-clang-tidy version is currently also included in the Nightly AppImage builds of the current stable KDevelop code version (which already switched to the 5.3 branch).

    • GNOME Desktop/GTK

      • Work Started This Summer On Adding System Power Information To GNOME-Usage

        GNOME’s Usage application that allows visualizing processor, memory, disk, and network usage may soon be able to report your system’s power consumption data.

        Student developer Aditya Manglik spent the summer participating in Google Summer of Code 2018 where he had been working on implementing a power panel within the GNOME-Usage program. The goal was to provide power metrics backed by UPower for being able to report per-application power usage (percentage), hardware devices consuming the most power, and displaying this all nicely inside gnome-usage.

        The concept is akin to Intel’s PowerTop but for nicely displaying all available system power consumption data — based upon what’s supported by the system hardware, etc — via the GNOME-Usage utility.

  • Distributions

    • Reviews

      • Zorin OS 12.4 Core and Ultimate – The Biggest Release Yet

        Zorin OS is a material-inspired, Ubuntu 16.04 LTS-based GNU/Linux distro that offers users the ability to customize their desktop in any way they like.

        It is powered by the long-term supported Linux 4.4 kernel, and ships with the Zorin Desktop 2.0 desktop environment which is a major revamp given that it comes with an advanced universal search functionality, richer notifications, and support for advanced display features on modern PCs, among others.

        According to the release statement, this release is the biggest the OS has ever seen. This version 12 comes in two variants, Core and Ultimate, and according to its release announcement, it is “the biggest release in the history of Zorin OS” with over a year of planning and development.

        It has 4 editions that you can pick according to your needs and they are Core, Lite, Ultimate, and Business.

    • OpenSUSE/SUSE

      • SUSE builds momentum with innovative open source offerings

        Jay Lyman, principal analyst for 451 Research, said, “Over the past few years, SUSE has expanded its portfolio into new areas, such as storage, cloud, containers and application delivery. With new independence and backing from Swedish private equity (PE) firm EQT Partners, SUSE is answering market demand for a neutral, yet comprehensive hybrid cloud platform that supports multiple public and private clouds as well as on-premises infrastructure integration with software such as its SUSE Linux Enterprise 15.”

      • SUSE Builds Momentum with Innovative Open Source Offerings, Revenue Growth and Commitment to Enterprise Customers

        SUSE® is an open source pioneer that has provided enterprise-grade software to tens of thousands of organizations for more than 25 years. As SUSE prepares to embark upon its next phase of corporate development as a stand-alone company*, it continues to grow and build momentum with its core products, emerging solutions, communities and partners while expanding its presence in new market segments. SUSE is better positioned than ever before to shepherd enterprises through the demands of digital transformation with open source innovation and expertise in software-defined infrastructure, application delivery and cloud technologies.

    • Red Hat Family

    • Debian Family

      • Derivatives

        • Canonical/Ubuntu

          • Ubuntu Podcast from the UK LoCo: S11E25 – The Wrong Side of Twenty-Five – Ubuntu Podcast

            This week we’ve been upgrading a Steam box. We discuss Steam Play beta and Proton, Google’s salty disclosure of security issue in the Android installer for Fortnite, and Windows 95 being available for all the things. We also round up the community news.

          • Recommended GNOME Shell Extensions for Ubuntu 18.04

            Continuing tradition, here’s my list of nice GNOME Shell Extensions for Ubuntu 18.04 LTS. They are Extensions (handy extensions enable/disable switcher), AlternateTab (remove grouping in Alt+Tab), NetSpeed (show internet speed) Focusli (innovative focus-while-working tool), and 7 more. Happy installing and be more productive!

          • The enterprise deployment game-plan: why multi-cloud is the future

            It wasn’t too long ago that hybrid cloud was the go-to strategy for enterprises, garnering the attention of CIOs and CTOs around the world.

            And it’s clearly here to stay. Analyst firm 451 Research estimates that 69% of enterprises will be running hybrid IT environments by 2019, while Gartner predicts that 90% of organisations will adopt hybrid infrastructure management capabilities by 2020.

            But the world of cloud is changing. In recent months, hybrid cloud has been overtaken by its close relative ‘multi-cloud’, with 79% of businesses already admitting to working with more than one cloud provider. For those who are prepared to embrace a mix of providers across both public and private platforms, multi-cloud is now widely considered to be the future of cloud computing.

          • Ubuntu Guide: How To Install Nvidia Drivers And Play Windows Games On Linux
          • Flavours and Variants

            • Enlightenment Has Limits in Bodhi Linux

              Bodhi Linux is elegant and lightweight. It is worth putting this distro through its paces. It will not please every power user, but it offers a nice change of pace.

              This distro can be a productive and efficient computing platform. Bodhi is very easy to use. It has a low learning curve. New Linux users can get acquainted right away.

              Bodhi’s minimum system requirements are a 500mhz processor with 256 MB of RAM and 5 GB of drive space. You will get better performance from a computer with a 1.0ghz processor powered by 512 MB of RAM and 10 GB of drive space.

              The installation routine is driven by the Ubiquity Installer. No surprise there since Bodhi is based on Ubuntu Linux.

  • Devices/Embedded

Free Software/Open Source

  • Pixvana VR Video Streaming Tech Is Now Open Source

    Pixvana today announced that it’s no longer keeping a tight grip on it’s high-resolution VR video streaming technology. The company believes that releasing an open-sourced version of its SPIN Play SDK should spur app developers to adopt its technology and push adoption of immersive video formats.

    Pixvana’s video streaming technology is a cloud-based system with a drag and drop interface that allows developers to import 360-degree and 180-degree video content in both mono and stereo configurations at up to 16K resolution. The open-source SPIN Play SDK and Apache 2.0 library is compatible with the Unity engine, which should enable developers to adopt the platform rapidly and with ease.

    The SPIN Play SDK offers support for VR-native playback projections and Field of View Adaptive Streaming, which reduces the bandwidth requirements by delivering only the image within the user’s current field of view.

  • Pixvana Open-Sources SDK to Advance VR Video Streaming Apps

    Pixvana, a company that powers the future of XR storytelling and immersive media, today announced that it is open-sourcing its software development kit (SDK), allowing third-parties to incorporate Pixvana’s cloud-services and VR video streaming technology with their own publishing infrastructure to create high-quality branded VR video applications.

  • Pixvana Open-Sources its VR Video Streaming SDK

    Pixvana is a company focused on immersive media and XR storytelling by way of its SPIN Play platform. Today, it has announced the open-sourcing of its software development kit (SDK) for third-parties to use.

  • Why Open Source Works for the Renewable Energy Sector
  • EPFL’s Blue Brain Project open sources interactive visualization tool — RTNeuron

    The aim of the Blue Brain Project is to build accurate, biologically-detailed, digital reconstructions and simulations of the rodent brain. The supercomputer-based reconstructions and simulations built by the project offer a radically new approach for understanding the multi-level structure and function of the brain.

  • Airbnb Open-sources MvRx for Android App Development in Kotlin

    MvRx (pronounced “mavericks”) help Android developers implement common features and integrating their apps properly with the OS. MvRx is written in Kotlin and powers all Android development at Airbnb, writes Airbnb engineer Gabriel Peal.

  • Release notes for the Genode OS Framework 18.08

    With Genode 18.08, we enter the third episode of the story of Sculpt, which is our endeavor to shape Genode into a general-purpose operating system. In the first two episodes, we addressed early adopters and curious technology enthusiasts. Our current ambition is to gradually widen the audience beyond those groups. The release reflects this by addressing four concerns that are crucial for general-purpose computing.

    First and foremost, the system must support current-generation hardware. Section Device drivers describes the substantial update of Genode’s arsenal of device drivers. This line of work ranges from updated 3rd-party drivers, over architectural changes like the split of the USB subsystem into multiple components, to experimental undertakings like running Zircon drivers of Google’s Fuchsia project as Genode components.

  • Genode OS 18.08 Brings Support For Intel CPU Microcode Updating, Newer Linux Drivers

    The Genode Operating System Framework is out with its latest release as well as an updated SculptOS that they are forging as their general purpose operating system.

  • Web Browsers

    • Mozilla

      • Changing Our Approach to Anti-tracking

        Anyone who isn’t an expert on the internet would be hard-pressed to explain how tracking on the internet actually works. Some of the negative effects of unchecked tracking are easy to notice, namely eerily-specific targeted advertising and a loss of performance on the web. However, many of the harms of unchecked data collection are completely opaque to users and experts alike, only to be revealed piecemeal by major data breaches. In the near future, Firefox will — by default — protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites.

      • Lunchtime brown bags

        Over the Summer I’ve come to organise quite a number of events in Mozilla’s London office. Early Summer we started doing lunchtime brown bags, where staff give a 10 ~ 15 minute informal talk about what they are currently working on or a topic of their interest.

  • Pseudo-Open Source (Openwashing)

    • The Commons Clause – For Good or Bad

      The current debate about the Commons Clause, and other attempts to place restrictions on open source licences, is dividing opinion. But before taking sides first we need to understand what the Commons Clause does and why it is necessary.

      According to the README.md on its GitHub repo the Commons Clause is a Licence Condition contributed by FOSSA, a company which offers open-source licence management and drafted by Heather Meeker, a lawyer specializing in open source software licensing, including IP strategy, compliance, transactions, and disputes.

      The Commons Clause can be added as a commercial restriction on top of an open source licence to transition an existing open source project to a source availability licensing scheme, which means that while the source can be viewed, and in some cases modified, it is no longer fully open source. The restriction it imposes is that it denies the right to sell the software.

  • FSF/FSFE/GNU/SFLC

    • Challenges in Maintaining A Big Tent for Software Freedom

      In recent weeks, I’ve been involved with a complex internal discussion by a major software freedom project about a desire to take a stance on social justice issues other than software freedom. In the discussion, many different people came forward with various issues that matter to them, including vegetarianism, diversity, and speech censorship, wondering how that software freedom project should handle other social justices causes that are not software freedom. This week, (separate and fully unrelated) another project, called Lerna, publicly had a similar debate. The issues involved are challenging, and it deserves careful consideration regardless of how the issue is raised.

      One of the first licensing discussions that I was ever involved in the mid 1990s was with a developer, who was a lifelong global peace activist, objecting to the GPL because it allowed the USA Department of Defense and the wider military industrial complex to incorporate software into their destructive killing machines. As a lifelong pacifist myself, I sympathized with his objection, and since then, I have regularly considered the question of “do those who perpetrate other social injustices deserve software freedom?”

      I ultimately drew much of my conclusion about this from activists for free speech, who have a longer history and have therefore had longer time to consider the philosophical question. I remember in the late 1980s when I first learned of the ACLU, and hearing that they assisted the Klu-Klux Klan in their right to march. I was flabbergasted; the Klan is historically well-documented as an organization that was party to horrific murder. Why would the ACLU defend their free speech rights? Recently, many people had a similar reaction when, in defense of the freedom of association and free speech of the National Rifle Association (NRA), the ACLU filed an amicus brief in a case involving the NRA, an organization that I and many others oppose politically. Again, we’re left wondering: why should we act to defend the free speech and association rights of political causes we oppose — particularly for those like the NRA and big software companies who have adequate resources to defend themselves?

  • Licensing/Legal

    • Software created using taxpayers’ money should be Free Software

      It might seem obvious that software created using tax money should be available for everyone to use and improve. Free Software Foundation Europe recentlystarted a campaign to help get more people to understand this, and I just signed the petition on Public Money, Public Code to help them. I hope you too will do the same.

    • Major Open Source Project Revokes Access to Companies That Work with ICE [iophk: "former open source now ... however, it is their code and they can change the license"]

      On Tuesday, the developers behind a widely used open source code-management software called Lerna modified the terms and conditions of its use to prohibit any organization that collaborates with ICE from using the software. Among the companies and organizations that were specifically banned were Palantir, Microsoft, Amazon, Northeastern University, Motorola, Dell, UPS, and Johns Hopkins University.

  • Openness/Sharing/Collaboration

    • Open Access/Content

      • California Bill Is a Win for Access to Scientific Research

        The California legislature just scored a huge win in the fight for open access to scientific research. Now it’s up to Governor Jerry Brown to sign it.

        Under A.B. 2192—which passed both houses unanimously—all peer-reviewed, scientific research funded by the state of California would be made available to the public no later than one year after publication. There’s a similar law on the books in California right now, but it only applies to research funded by the Department of Public Health, and it’s set to expire in 2020. A.B. 2192 would extend it indefinitely and expand it to cover research funded by any state agency. EFF applauds the legislature for passing the bill, and especially Assemblymember Mark Stone for introducing it and championing it at every step.

        A.B. 2192’s fate was much less certain a few weeks ago. Lawmakers briefly put the bill in the Suspense File, a docket of bills to be put on the back burner because of their potential impact on the California budget. Fortunately, the Senate Appropriations Committee removed A.B. 2192 from the file after EFF explained that its fiscal impact would be negligible.

    • Open Hardware/Modding

      • Lulzbot hints at SLA 3D printer addition to open source FFF portfolio

        Lulzbot, the open-source brand of the FDM 3D printers from Colorado-based manufacturer Aleph Objects, has hinted the development of an stereolithography (SLA) 3D printer in its latest newsletter.

        The newsletter heading states: “Wash Away Your 3D Printing Preconceptions: We’ve got the cure for the common printer—our newest solution will be released this September! We’re laser focused on the fine details, get on our wavelength to get the info first.”

      • LulzBot Teases New Open Source SLA 3D Printer, Coming September

        Hot on the heels of the release of its LulzBot Mini 2 desktop FDM 3D printer this summer (check out our full review here), LulzBot appears to be readying some new hardware.

        Teased in a fun email newsletter that packs more stereolithography puns than you could shake a resin-covered stick at, LulzBot posits a “cure for your high-resolution 3D printing needs.“.

        Such a system would mark a whole new direction for a company which, to date, has focused solely on fused deposition modeling (FDM) 3D printers.

      • Open source RISC-V implemented from scratch in one night

        Developed in a magic night of 19 Aug, 2018 between 2am and 8am, the darkriscv is a very experimental implementation of the opensource RISC-V instruction set.

  • Programming/Development

    • Federated CI

      In the modern world, a lot of computing happens on other people’s computers. We use a lot of services provided by various parties. This is a problem for user freedom and software freedom. For example, when I use Twitter, the software runs on Twitter’s servers, and it’s entirely proprietary. Even if it were free software, even if it were using the Affero GPL license (AGPL), my freedom would be limited by the fact that I can’t change the software running on Twitter’s servers.

      If I could, it would be a fairly large security problem. If I could, then anyone could, and they might not be good people like I am.

      If the software were free, instead of proprietary, I could run it on my own server, or find someone else to run the software for me. This would make me more free.

      That still leaves the data. My calendars would still be on Twitter’s servers: all my tweets, direct messages, the lists of people I follow, or who follow me. Probably other things as well.

      For true freedom in this context, I would need to have a way to migrate my data from Twitter to another service. For practical freedom, the migration should not be excessively much work, or be excessively expensive, not just possible in principle.

      For Twitter specifically, there’s free-er alternatives, such as Mastodon.

Leftovers

  • Science

    • Indian Government Aims to Take Down Predatory Journals

      Universities in India have until August 30 to present a “white list” of recognized journals to the University Grants Commission, a government body that provides funding and maintains higher-education standards in the country. In previously submitted recommendations, universities have included predatory journals, publishers that charge high fees for low-quality or no peer review.

  • Security

    • Security updates for Thursday
    • How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists

      Here’s the not-so-secret recipe for strong passphrases: a random element like dice, a long list of words, and math. And as long as you have the first two, the third takes care of itself. All together, this adds up to diceware, a simple but powerful method to create a passphrase that even the most sophisticated computer could take at least thousands of years to guess.

      In short, diceware involves rolling a series of dice to get a number, and then matching that number to a corresponding word on a wordlist. You then repeat the process a few times to create a passphrase consisting of multiple words.

  • Defence/Aggression

    • ‘We Were Guinea Pigs’: Soldiers Explain What Nuclear Bomb Blasts Feel Like

      After World War II, the UK, USSR, and US detonated more than 2,000 atomic bombs. In Britain, 20,000 soldiers witnessed atomic blasts conducted by their own government. Only a few of them are still alive today and the nuclear glow of the mushroom cloud they witnessed still haunts them. “Nuclear detonations, that was the defining point in my life,” Douglas Hern, a British soldier who experienced five nuclear bomb tests, told Motherboard.

  • Transparency/Investigative Reporting

  • Environment/Energy/Wildlife/Nature

    • Natural Gas Industry Again Beats a Tiny West Virginia County That Wanted to Control Its Destiny

      A West Virginia county, whose elected leaders have vocally resisted natural gas industry operations, has again been told by a federal judge that it must allow the work to proceed.

      U.S. District Judge John Copenhaver ruled Wednesday that Fayette County commissioners can’t use their county’s local zoning ordinance to block a compressor station proposed as part of a huge natural gas transmission pipeline. The federal Natural Gas Act, he said, trumps any local zoning rules when it comes to regulating pipelines and associated compressor stations.

      It’s the second time in two years that Copenhaver has overruled efforts by Fayette leaders to protect their county from what they view as negative effects of the ongoing boom in West Virginia’s natural gas industry.

      “I am disappointed in the decision, but I’m not surprised,” Fayette County Commission President Matt Wender said. “It’s very unfortunate that local governance is being ignored to the preference of the natural gas industry.”

  • Finance

    • India replaced its currency to wipe out illegal money stashes. The central bank says it didn’t work.

      Now, newly released data from the Reserve Bank of India (RBI) shows that 99.3 per cent of high-value notes in circulation – worth around US$216 billion (S$295 billion)) – came back to the banks. That means that those illicit hoards that the government was hoping to flush out of the system were not in the form of cash and are still out there.

    • Vox Sentences: A NAFTA by any other name
    • Senators Seek Answers From HUD About Public Housing Crisis in East St. Louis

      Illinois’ Democratic senators are asking the U.S. Department of Housing and Urban Development to detail what steps the agency is taking to address problems plaguing public housing apartments in East St. Louis, including mice, mold, leaky ceilings and security concerns.

      In a letter to HUD Secretary Ben Carson, Sens. Dick Durbin and Tammy Duckworth said they were “concerned HUD is failing to use its oversight authority” to ensure decent, safe conditions for residents living in properties owned and managed by the East St. Louis Housing Authority.

      The letter, sent last week, cites findings from an investigative report published by The Southern Illinoisan and ProPublica this month that detailed ongoing problems a year after HUD gave the housing authority back to local control after a 32-year federal receivership.

      At a ceremony in the city last September, Carson praised HUD’s work to improve the local agency, which houses nearly 4,000 residents, more than half of them children. At the time, he declared that residents “and the future of our children” were no longer at risk in East St. Louis.

  • AstroTurf/Lobbying/Politics

    • Trump’s latest misleading attack on Google, explained

      In a statement given to The Verge, a Google spokesperson clarifies that the company promoted neither former President Barack Obama nor Trump’s inaugural SOTU addresses in 2009 and 2017, respectively. That’s because they were not technically State of the Union addresses, but “addresses to a joint session” of Congress, a tradition set back in 1993 so that new presidents didn’t have to immediately deliver SOTU addresses after holding office for just a few weeks. Google resumed promoting Obama’s SOTU address in 2010 and continued to do so through 2016, as he held office for all six of those years.

    • FBI refutes Trump claim that Clinton’s private email server was hacked by China

      A June report from the Department of Justice Office of the Inspector General noted that the FBI had found no evidence of any compromise of Clinton’s mail servers—though full forensic analysis of the servers wasn’t possible, because one (an Apple server) had been disposed of by the time of the investigation.

    • Senate Intel invites Alphabet CEO to testify, rejecting company offer of VP instead

      The panel said it had invited executives from Facebook, Twitter and Google to testify, and that only Google has failed to confirm.

    • Imagine if the BBC Were Honest

      The BBC refuses to answer my Skripal questions to Mark Urban on the grounds they have no legal obligation, instead giving a “statement”. That correspondence follows below. But I want you first to imagine a World in which the BBC and Mark Urban were honest and independent, and imagine these were the answers to my questions:

      1) When the Skripals were first poisoned, it was the largest news story in the entire World and you were uniquely positioned having held several meetings with Sergei Skripal the previous year. Yet faced with what should have been a massive career break, you withheld that unique information on a major story from the public for four months. Why? My interviews with Sergei Skripal were on a strictly off the record basis and I felt honour bound not to mention them until I could obtain his permission.

  • Censorship/Free Speech

    • Mapping The Countries Shutting Down The Internet The Most

      Across the world, as Statista’s Niall McCarthy notes, internet shutdowns and deliberate slowdowns are becoming more common and they generally occur when someone (usually a government) intentionally disrupts the internet or mobile apps to control what people do or say.

    • Google’s Leadership Still Needs To Give Details About Project Dragonfly: Googlers Can Still Help

      Earlier this week, we joined with Human Rights Watch, Amnesty International, Article 19, and 10 other international human rights groups in a letter to Google’s senior leadership, calling on the company to come clean on its intentions in China – both to the public, and within the company.

      A little background: it’s been almost a month since The Intercept first broke the story that Google was planning to release a censored version of its search service inside China. Since that time, very little new information about the effort, known as Project Dragonfly, has come to light. Over 1,400 employees have asked Google to be more transparent about the search giant’s plans, but at an all-hands meeting executives only responded with generalities before the conversation was cut short. Google certainly hasn’t provided the public with any details, leaving many in the human rights community to continue wondering how Google plans to avoid becoming complicit in human rights abuses by the Chinese government.

      Google still owes both audiences—Google employees and the public—an explanation.

    • Why People Named “Wiener,” “Butts,” and “Dikshit” Have Trouble Creating Accounts Online

      Trolls delight in making up “hilarious” fake names, so websites try to filter certain words for new accounts. What if your real name contains one of those words?

      Natalie Weiner, a writer for SB Nation, was recently filtered by just such a system.

  • Privacy/Surveillance

    • Australian Gov’t Likes Intrusive Border Device Searches Just As Much As The US Does

      Hague had no reason to be treated with extra suspicion, but extra suspicion was there all the same, simply because the random selection process told border officers to be as intrusive as possible. He asked officers a reasonable question — if you search my other belongings in public because I’m a randomly selected “threat,” why can’t you search my devices out in the open. There was, of course, no response.

      Other questions about the Border Force’s handling of the contents of Hague’s devices also went unanswered. Officers refused to say whether data would be copied and/or retained, as well as refusing to explain what they were looking for.

      Why did the Border Force perform this intrusive search? Because it can.

    • Facebook Watch rolls out globally in bid to take on YouTube

      Facebook will take a healthy 55 per cent share of ad revenue, leaving 45 per cent for creators. That might seem a little stingy at first, but Facebook Watch potentially gives them access to an audience some 1.5 billion-strong.

    • Data Backed Up from WhatsApp to Google Drive Will Be ‘plaintext’

      According to a recent announcement by Google, Android and iOS users will now be able to backup their Whatsapp data on Google Drive without worrying about storage space. This feature would help save storage space on your Google Drive and will secure your data.

      But secure will it be? Because Google confirmed earlier that your Whatsapp data won’t be encrypted on Google Drive. Yes, the data will be stored without any form of encryption that Whatsapp users have grown accustomed to.

      From November 12 onward, Whatsapp data stored on Google Drive won’t be counted toward your allocated storage quote, Google confirmed. Google isn’t doing this out of the goodness of its heart, in fact, Facebook and Google have come to an agreement regarding Whatsapp data storage on Google Drive.

    • Extension enhances privacy of all embedded YouTube videos

      Get better privacy for embedded YouTube videos with the Privacy Enhanced Mode for Embedded YouTube Videos extension for Firefox.

      Websites like to embed YouTube videos in marketing materials, blog posts, and news stories. It’s much cheaper to offload the bandwidth costs required for hosting high-quality video on a large company like YouTube, and most users get a good experience on most devices most places in the world. It’s a win–win situation, right?

      The elephant in the room is the data collection that happens through embedded content. When embedding a video, you also invite third-parties to track and record information about the interests and movements of people who visit the page. I urged people to stop embedding content over privacy concerns back in 2014. The European Parliament made websites responsible for the data harvesting that happens on their sites (even by third-parties) with the introduction of the General Data Protection Regulation (GDPR).

    • Open Rights Group and the3million launch judicial review challenging the Data Protection Act’s immigration exemption

      Human rights organisations have launched a judicial review challenging the UK Government over the inclusion of a specific clause in the Data Protection Act 2018 which, they argue, would unnecessarily restrict the rights of millions of people across the country for the purpose of ‘effective immigration control’.

      [...]

      Jim Killock, executive director of Open Rights Group said:

      “The Government’s hostile environment may have been renamed, but its policies are clearly still here. Restricting the rights of millions to their personal data in immigration processes risks inaccurate data being used to make life altering decisions. Open Rights Group can’t allow that to pass without challenge.

      The Government is trying to avoid necessary accountability, and remove responsibilities to treat people fairly. This challenge aims to keep fairness and accountability in the immigration system.”

    • 300,000 Finns have stopped using Facebook since April, says social media blogger

      Facebook has lost users particularly in the 30–39 age group, but its popularity seems to be on the decline in all age groups, according to data collected from the advertising tools of Facebook by Pönkä.

      He stresses that he is referring specifically to users who no longer seem to use the service actively, rather than users who have deleted their account altogether.

    • Facebook ‘founder’ claims social media site has caused ‘countless deaths’ by failing to protect users

      Aaron Greenspan, who won a confidential pay-out from Facebook after claiming he came up with the concept for the social network first, has reopened his feud with Mark Zuckerberg by claiming the social media boss sacrificed safeguards on cyberbullying, extremists and data security to pursue growth at all costs.

      In an interview with The Daily Telegraph, Mr Greenspan said Mr Zuckerberg had ignored his warnings and instead designed the platform to be as addictive as tobacco in order to recruit and keep users.

  • Civil Rights/Policing

    • Indian Police Adding Pre-Crime Software To Their Long List Of Snooping Tools

      Lots of tech is being deployed by law enforcement around the world — often far in advance of thorough testing, privacy impact assessments, or public input. Biometric scanning, facial recognition software, cell site simulators, social media monitoring tools, and, of course, “predictive policing.”

      The last one on the list brings together a bunch of data and tells cops where to go to stop crime before it happens. Pre-crime is no longer relegated to sci-fi movies providing chilling glimpses of a totalitarian future. It’s here now and it’s converting certain neighborhoods into instant probable cause.

      The Chicago PD is only one of several agencies using the software to generate “heat lists” of citizens in need of arresting. There may be no criminal activity occurring when patrols begin, but the algos say it’s inevitable, so off the cops go to round up people who may be likely to commit crimes.

    • Marines Move to Tackle Racial Extremists in the Corps

      The United States Marine Corps has taken steps to combat racial extremists in its ranks, issuing an updated order emphasizing that participation in white supremacist and other groups is prohibited and encouraging service members to report fellow Marines involved with such groups.

      The actions come after an active-duty Marine was documented taking part in last year’s deadly white supremacist rally in Charlottesville, Virginia, and two others were arrested after hanging a racist banner off a building in North Carolina.

      [...]

      Like every branch of service, the Marine Corps has regulations that bar its members from participating in racial extremist groups, but the updated policy clarifies language on prohibited conduct, chiefly by explicitly identifying “supremacist” activity as forbidden. It also consolidates many previous orders, a large number of which haven’t been updated in years, and aims to tighten accountability when rules of conduct are violated. The updated policy encourages service members who see their peers engaging in prohibited behavior to report them through various channels.

    • Federal Data Shows Public Schools Nationwide Are a Hotbed of Racial Injustice

      A new series of reports from the ACLU and UCLA Civil Rights Project reveal glaring racial disparities in school discipline

      Many students heading back to school are being greeted by more police and metal detectors, but few, if any, counselors — this is especially true for students of color. Beyond having more police officers who could be armed, Education Secretary Betsy DeVos is reportedly considering a plan to allow states to buy guns for teachers using federal funds.

      Despite the research demonstrating that harsh “school safety” and disciplinary measures are detrimental to students of color, public schools across the country are enhancing efforts to lockdown classrooms, partly in response to the Parkland school shooting that shook the nation.

      As state legislatures take up the Trump administration’s call for increasing “law and order” with more school police, and as DeVos considers whether to undo the Obama administration’s reforms to curb racial bias in school discipline, it’s important to take a close look at what’s happening in schools. A series of reports produced by the ACLU with UCLA (Center for Civil Rights Remedies, Civil Rights Project) analyzes new data from the U.S. Department of Education, collected from all 96,000 public schools in the country. Part I of our publication focuses on the 11 million days of school students lost to suspension in the 2015-16 school year.

      Dramatic disparities exist at the school, district, state, and national level. Black students were just 15 percent of students nationally, but they accounted for 45 percent of all of the days lost due to suspension. This discipline gap contributes to the achievement gap. The 11 million days of lost instruction translates to over 60,000 school years, over 60 million hours of lost education, and billions of dollars wasted in a single school year.

  • Internet Policy/Net Neutrality

    • FCC can define markets with only one ISP as “competitive,” court rules

      The FCC voted last year to eliminate price caps imposed on some business broadband providers such as AT&T and Verizon. The FCC decision eliminated caps in any given county if 50 percent of potential customers “are within a half mile of a location served by a competitive provider.”

    • What To Expect During the Root KSK Rollover

      After the root KSK rollover begins (currently planned for 11 October 2018), a very small percentage of Internet users are expected to see problems in resolving some domain names. There are currently a small number of Domain Name System Security Extensions (DNSSEC) validating recursive resolvers that are misconfigured, and some of the users relying on these resolvers will experience problems. This document describes which users will see problems and, among them, what kinds of issues they will see at various times.

    • Comcast Is Trying To Ban States From Protecting Broadband & TV Consumers

      The shorter version: the FCC’s Restoring Internet Freedom order effectively cripples the FCC’s ability to protect consumers, then shovels any remaining enforcement authority over to the FTC, which is ill-equipped to actually police the telecom market. Predicting that states would then try to jump in and fill the oversight accountability vacuum (which is precisely what started happening on both net neutrality and privacy), ISPs have also been urging both the FCC and the FTC to ban states from doing so.

      This is all being done under the pretense that blind deregulation of the telecom sector magically results in greater industry investment and broader deployment. But as we’ve explained countless times, that’s not how the U.S. telecom sector works. With neither competition nor reasonable government oversight to constrain it, natural monopolies like Comcast are simply free to double down on all their worst behaviors.

    • That Time Telco Lobbyists Sent Me All Their Talking Points About Trying To Shift The Blame To Internet Companies

      It’s not every day that big telco lobbyists email me their internal documents about how they’re going to try to shift all the negative press about themselves and try to flip it onto internet companies. But it did happen yesterday. In what was clearly a mistake a top exec at the telco’s largest lobbying organization, USTelecom, emailed a 12 page document of talking points yesterday, asking the recipients to “review the document for accuracy and other thoughts” in order to help USTelecom President Jonathan Spalter for when he goes on C-SPAN next week. I found it a bit odd that I would be on the distribution list for such an email — especially when 13 of the 15 recipients of the email were US Telecom employees. And me. The one other non-US Telecom person works at a firm that provides “subject matter experts” and “in-depth legal analysis.”

      The talking points are not all that surprising, if you’re at all familiar with the telco industry, so there aren’t really any huge smoking guns here, but they do cover a huge range of issues, from net neutrality, competition, privacy, cybersecurity, and more. Amusingly, on the net neutrality front, there’s a section on “Verizon Throttling Fire Responders.” Tragically, that appears to be one of the few sections in the document that they hadn’t yet filled in yet — perhaps because the industry still doesn’t have a good response to Verizon throttling fire fighters in California as they were battling wildfires.

    • The lang= attribute in HTML

      Non-native english speaking blind people have their default speech language typically set to their native language. When they end up browsing to a site in english (or any language other than their native one for that matter) the screen reader starts to read english with pronounciation from their native language. While some people start to understand such speech output after a while, it is really a pain to work with. Of course, you can switch to a different speech language manually, but that takes time, and people end up not doing it in a lot of situations.

      Some screen readers have automatic language detection implemented, but it fails to work correctly in many cases, which is why most users have autodetection actually turned off.

  • Intellectual Monopolies

    • New Document On Traditional Knowledge, Folklore At WIPO; Chair Calls For New Conceptual Approach

      The protection of traditional knowledge and folklore against misappropriation is a topic that has been occupying World Intellectual Property Organization delegates for close to two decades. This week a new draft document, presenting a proposed revision of a set of draft articles of potential treaties, was released by a drafting team. As some countries are keen on preserving their original language and ideas, the committee chair called for delegates to move on with their work, and lift themselves above how the patent and copyright system works.

    • How Not To Freak Out When Someone Copies Your Product

      One of the things we’ve talked about for decades at Techdirt is that companies need to not freak out so much when someone copies their product — whether physical or digital. There are some who believe you need to stop copying at any cost. That always seemed silly for multiple reasons. First, if you have something people want, it’s going to get copied. At some point you have to do something of a cost benefit analysis of whether or not it’s truly worth it to go crazy stopping every copy. Second, if you truly created the original, then you have a leg up on any copycat, in that you have a much better understanding of just about everything: you understand the customers better, you’ve built up brand loyalty and you understand the hidden reasons why people like your product. So you’ll almost certainly continue to innovate above and beyond any copycats. Third, many efforts to stop copycats end up punishing your actual customers, saddling them with a worse product because you’re so overly concerned about copying. This is a story of a company that has gone in the other direction.

      For the last year or so, I’ve been telling a bunch of people about my exercise regime (my coworkers are sick of hearing about it). It began two years ago when I saw a Kickstarter project for Monkii Bars 2 — a suspension training system not unlike TRX (if you’re familiar with that), but a lot more portable. If you spend time on Kickstarter, there are a ton of exercise equipment products there, but nearly all of it looks like most late night infomercial crap (also, I noticed that most of them are based in LA, which perhaps isn’t too surprising). Most of them look snazzy, but also are likely to be the kinds of things that no one ever uses for more than a week. The Monkii bars didn’t look like that at all, though. First, it was from a Colorado company, and the team who made it seemed more like the kind of people I’d actually hang out with, rather than the folks who pitch most exercise equipment. More importantly, though, something about the way the Monkii Bars worked just seemed like a perfect way to get a workout. For whatever reason, I knew that they wouldn’t be a “use it for a week and forget about it” kind of thing (though, I did still at least worry a little bit they would turn out that way).

    • Trademarks

      • Unpacking the S-shape Benelux mark invalidation

        A Netherlands court has invalidated a shape mark for packing peanuts registered in 1994, once again illustrating the difficulty in obtaining and maintaining such registrations in Europe – even those that are old and well-established

    • Copyrights

      • The Mystery Of Columbia Pictures DMCAing Its Own Leaked Promotional Posters For Its ‘Holmes And Watson’ Movie

        It’s no secret that the DMCA process is often abused. Typically, this abuse takes the form of one entity issuing a takedown notice not over true copyright concerns, but rather to either silence speech it doesn’t like or to harm a competitor. It’s a very real problem. But sometimes the misuse of the DMCA takedown process takes a turn towards the bizarre.

        [...]

        That explanation makes more sense than any other out there, including the idea that Columbia Pictures would want to nuke its own advertising material that had begun to go viral. The company isn’t talking, which is unhelpful. But if that is the explanation, it should be clear that this sort of thing is not what the DMCA process is for and there can be consequences for innocent internet users that are suddenly having DMCA strikes against them, including on social media.

      • ‘Perma.cc’: is the fight against “link rot” copyright compliant?

        From news outlets to academic writing, publishing online is now part of the mainstream amongst publishers. It is relatively inexpensive, instantaneous and reaches readers worldwide. But the dynamism of internet publications does have one inconvenient– “link rot”.

        ‘Link rot’ refers to the decoupling of the hyperlink (or URL) with the webpage with which it was originally associated, rendering the link useless. While you may not be familiar with the phrase link rot itself, undoubtedly you will have experienced some of its most irritating symptoms: ‘page error 404’, ‘The URL you requested was not found’ or ‘Oops! Something wrong happened’. Research shows that, on average, a staggering 50% of links will be decoupled from their original content, i.e. turned to rot, two years following publication (see here and here).

      • Yandex Has Less Than 48 Hours to Tackle Piracy or Get Blocked

        Russian search giant Yandex is facing a copyright crisis. Late last week the Moscow City Court handed down a ruling that required Yandex to remove links to pirated content owned by Gazprom-Media. On Monday, that instruction was reiterated by telecoms watchdog Roscomnadzor. If Yandex does not take action by Thursday, its video platform will be blocked by the country’s ISPs.

      • US and Mexico Modernize Copyright Protection in New Trade Deal

        The US Government has reached a new trade agreement with Mexico. The preliminary deal provides strong and effective copyright protection and enforcement, including criminal sanctions against movie cammers. It will also “extend” the minimum copyright term to 75 years, an issue that triggered quite a bit of confusion.

      • Public Knowledge Responds to President Trump’s Outrageous Copyright Giveaway

        “The inclusion of a copyright term extension in the trade agreement announced today is a staggeringly brazen attempt by the entertainment industries to launder unpopular policies through international agreements. Not only would a copyright term extension never survive domestic debate, but it also violates the instructions Congress gave in trade promotion authority, which directed the U.S. Trade Representative to negotiate intellectual property provisions consistent with existing law. This is a slap in the face to the public interest, to consumers, and to Congress.

      • Google and Oracle’s $8.8 Billion Copyright Clash to Go to Supreme Court [iophk: "incorrect: Java has a license and the API is part of that"]

        The case revolves around Google’s use of Java APIs (without a licence) to enable Java programmers to build Android apps. When Oracle bought the rights to Java in 2009, it fired the starting gun on the case. Those who have taken similar steps – which are common – could face a wave of litigation if Oracle wins.

      • EU Copyright Directive – who pays the bill for the upload filter?

        Social media companies and content sharing apps could have to foot the bill for a vast automated copyright protection scheme under the most recent EU proposal to update copyright law. For those who remember, this is Hadopi on steroids. It’s a proposal that, history tells us, is unlikely to be workable.

      • Lending Emulations?

        Video games are an important cultural artifact. Unlike books, movies, and even music, national libraries and other archives typically don’t have organized programs to collect and preserve them, much less make them available to scholars. AFAIK the Internet Archive’s accessible collections of console and arcade games are unique among established archives, but they lack Nintendo’s catalog. Figuring out a way for institutions to preserve this history without undue legal risk is important.

Links 30/8/2018: Purism’s Chatty and HHVM 3.28.0

Posted in News Roundup at 5:15 am by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

Free Software/Open Source

  • 389 Directory Server set to replace OpenLDAP as Red Hat and SUSE withdraw support for OpenLDAP in their Enterprise Linux offerings

    Red Hat and SUSE have withdrawn their support for OpenLDAP in their Enterprise Linux offers, which will be replaced by Red Hat’s own 389 Directory Server.

    The openldap-server packages were deprecated starting from Red Hat Enterprise Linux (RHEL) 7.4, and will not be included in any future major release of RHEL. SUSE, in their release notes, have mentioned that the OpenLDAP server is still available on the Legacy Module for migration purposes, but it will not be maintained for the entire SUSE Linux Enterprise Server (SLE) 15 lifecycle.

  • Open Source Integration Leader WSO2 Appoints Darin Bartik as New Chief Marketing Officer
  • Autogrow releases OpenMinder root monitoring system

    Global ag-tech innovator Autogrow has unveiled an open-source root zone monitor as part of an “open-collaboration” platform.

    “OpenMinder is a product that someone can build themselves, but more than that it represents where this industry is going with open-collaboration, APIs and a focus on water sustainability,” explains CEO Darryn Keiller.

    “Governments and local legislators around the world are tightening the rules for growers when it comes to water usage and run-off. Growers need to use any and all tools at their disposal to ensure they are not only growing sustainably but have the data to back it up.”

    OpenMinder is an open-source DIY project from Autogrow targeted to technology developers and for application with small growers. Released under a Creative Commons BY-NC-SA license, OpenMinder provides an open-source API used in conjunction with a Raspberry Pi HAT.

  • Web Browsers

    • Brave Open Source Blockchain Web Browser Sees 10 Million Downloads

      A recent tweet shared by Brave Software has uncovered yet another milestone the firm has attained. Since the launch of Brave, a total of 10 million downloads have been made through Google Play. This particular browser is unique as it not only focuses on one’s web surfing experience, but also prevents advertisements from further ruining it. Most importantly, content creators and regular users get compensated for their contributions (i.e. through Basic Attention Token or BAT).

    • Brave Browser Surpasses 10 Million Downloads on Android

      The user-privacy oriented web browser has passed ten million downloads, a huge milestone for both Brave and the BAT team

    • BAT-Enabled Brave Browser Hits 10 Million Downloads
    • Mozilla

      • Nebulet: A Rust Microkernel Running WebAssembly In Ring 0

        You should likely be familiar with WebAssembly as the binary format for executing code within web pages that can be nearly as fast as running native machine code — and certainly much faster than JavaScript. A new research project has been exploring running WebAssembly in the CPU’s Ring 0 — yes, the highest privileged state of the processor — in the name of better performance.

      • Dweb: Building Cooperation and Trust into the Web with IPFS

        In this series we are covering projects that explore what is possible when the web becomes decentralized or distributed. These projects aren’t affiliated with Mozilla, and some of them rewrite the rules of how we think about a web browser. What they have in common: These projects are open source, and open for participation, and share Mozilla’s mission to keep the web open and accessible for all.

        [...]

        We’re a team of people all over the world working on IPFS, an implementation of the distributed web that seeks to replace HTTP with a new protocol that is powered by individuals on the internet. The goal of IPFS is to “re-decentralize” the web by replacing the location-oriented HTTP with a content-oriented protocol that does not require trust of third parties. This allows for websites and web apps to be “served” by any computer on the internet with IPFS support, without requiring servers to be run by the original content creator. IPFS and the distributed web unmoor information from physical location and singular distribution, ultimately creating a more affordable, equal, available, faster, and less censorable web.

        IPFS aims for a “distributed” or “logically decentralized” design. IPFS consists of a network of nodes, which help each other find data using a content hash via a Distributed Hash Table (DHT). The result is that all nodes help find and serve web sites, and even if the original provider of the site goes down, you can still load it as long as one other computer in the network has a copy of it. The web becomes empowered by individuals, rather than depending on the large organizations that can afford to build large content delivery networks and serve a lot of traffic.

      • Data Science is Hard: Counting Users

        These cars all count if you’re interested in usage. It’s all well and good to know the number of cars using your parking lot right now… but is it lower on weekends? Holidays? Are you measuring on a rainy day when fewer people take bicycles, or in the Summer when more people are on vacation? Do you need better signs or more amenities to get more drivers to stop? Are you going to have expand capacity this year, or next?

        Yesterday we released the Firefox Public Data Report. Go take a look! It is the culmination of months of work of many mozillians (not me, I only contributed some early bug reports). In it you can find out how many users Firefox has, the most popular addons, and how quickly Firefox users update to the latest version. And you can choose whether to look at how these plots look for the worldwide user base or for one of the top ten (by number of Firefox users) countries individually.

        It’s really cool.

        The first two plots are a little strange, though. They count the number of Firefox users over time… and they don’t agree. They don’t even come close!

      • On leaving Mozilla

        I didn’t want to write one of those “all@” goodbye emails. At best, they generate ambivalence, maybe some sadness. And maybe they generate clutter in the inboxes of people who prefer to their inboxes uncluttered. The point is, they don’t seem to improve things. I’m not sending one.

        But I have taken the decision to leave Mozilla as a full-time employee. I’m leaving the industry, in fact. For the last 10 years, for everything I’ve learned, for the many opportunities and for the shared achievements, I’ve got nothing but gratitude towards my friends and colleagues. I cannot imagine I’ll work anywhere quite like this again.

        Long before I joined Mozilla, it was the organisation that had restored my optimism about the future of tech. From the dark days of the dot-com crash and the failure of platform-independent client-side internet applications to live up to their initial promise (I’m looking at you, Java applets), Firefox showed the world that openness wins. Working here was always more than a job. It has been a privilege.

      • These Weeks in Firefox: Issue 44
      • Siggen (Socorro signature generator) v0.2.0 released!

        Siggen (sig-gen) is a Socorro-style signature generator extracted from Socorro and packaged with pretty bows and wrapping paper in a Python library. Siggen generates Socorro-style signatures from your crash data making it easier for you to bucket your crash data using the same buckets that Socorro uses.

      • Standup report: End of days

        Standup is a system for capturing standup-style posts from individuals making it easier to see what’s going on for teams and projects. It has an associated IRC bot standups for posting messages from IRC.

  • Databases

    • Lab Notes: How We Made Joins 23 Thousand Times Faster, Part Three

      This post is the final part of a three-part miniseries that looks at how we improved join performance in the CrateDB 3.0 release.

      In part one of this miniseries, I went over the reasons we chose to implement the hash join algorithm as an alternative to the nested loop algorithm. With that initial set of changes in place, we were able to make joins up to two thousand times faster.

      In part two, I explained how we addressed the memory limitations of the basic hash join algorithm with a switch to block-based processing. That is, dividing a large dataset up into smaller blocks that can be worked on separately. This change improved our performance gains by another 50%.

      This brings us to the final set of changes.

  • Pseudo-Open Source (Openwashing)

  • FSF/FSFE/GNU/SFLC

    • Friday Hack Chat: GNU RadioFriday Hack Chat: GNU Radio

      Our guests for this week’s Hack Chat will be Derek Kozel and Nate Temple, officers of the GNU Radio project. They’re also organizers of this year’s GNU Radio Conference. Also joining in on the Hack Chat will be Martin Braun, community manager, PyBOMBS maintainer, and GNU Radio Foundation officer.

    • bison-3.1 released
  • Openness/Sharing/Collaboration

    • Open Hardware/Modding

      • Video: A Different Linus talks about an Open CPU

        We have had a few discussions about the RISC-V development (at the BozemanLUG meetings). Some Fedora folks have gotten Linux working on some of the RISC-V development boards. There appear to be several layers to the overall design from the low-end moving up. Can RISC-V ever become a viable, mainstream alternative? Time will tell… but at the very least, seeing such developments gives me some hope. Here’s a somewhat mainstream “youtuber” talking about RISC-V and given the number of views so far, maybe the word / information will break through.

      • Essential should open source its accessories platform

        With all these shortcomings, the company has struggled under the father of Android, Andy Rubin. Sales estimations of the PH-1 have come in well below 200,000 units. Subsequently, the rumors have been rampant that the company is up for sale to get out from under its debts. Another struggle has been its proprietary accessory system. That’s the topic I’d like to take on in this post. Essential should open source its plans for mods.

      • 3D-Printed Firearms Are Blowing Up

        If you follow 3D printing at all, and even if you don’t, you’ve likely seen some of the recent controversy surrounding Defense Distributed and its 3D-printed firearm designs. If you haven’t, here’s a brief summary: Defense Distributed has created 3D firearm models and initially published them for free on its DEFCAD website a number of years ago. Some of those 3D models were designed to be printed with a traditional home hobbyist 3D printer (at least in theory), and other designs were for Defense Distributed’s “Ghost Gunner”—a computer-controlled CNC mill aimed at milling firearm parts out of metal stock. The controversy that ensued was tied up in the general public debate about firearms, but in particular, a few models got the most attention: a model of an AR-15 lower receiver (the part of the rifle that carries the serial number) and “the Liberator”, which was a fully 3D-printed handgun designed to fire a single bullet. The end result was that the DEFCAD site was forced to go offline (but as with all website take-downs, it was mirrored a million times first), and Defense Distributed has since been fighting the order in court.

        The political issues raised in this debate are complicated, controversial and have very little to do with Linux outside the “information wants to be free” ethos in the community, so I leave those debates for the many other articles on this issue that already have been published. Instead, in this article, I want to use my background as a hobbyist 3D printer and combine it with my background in security to build a basic risk assessment that cuts through a lot of the hype and political arguments on all sides. I want to consider the real, practical risks with the 3D models and the current Ghost Gunner CNC mill that Defense Distributed provides today. I focus my risk assessment on three main items: the 3D-printed AR-15 lower receiver, the Liberator 3D-printed handgun and the Ghost Gunner CNC mill.

  • Programming/Development

    • HHVM 3.28.0

      HHVM 3.28 is released! This release contains new language features, bugfixes, performance improvements, and improvements to the debugger and editor/IDE support.

    • Mozilla’s Firefox Nightly Experiment Results, EFF’s Back to School Tips, HHVM 3.28 Released, Oracle Solaris 11.4 Now Available and Dropbox Vulnerability Discovered

      HHVM 3.28 was released yesterday. This new release of the open-source virtual machine for executing programs written in Hack and PHP “contains new language features, bugfixes, performance improvements, and improvements to the debugger and editor/IDE support.”

    • HHVM 3.28 Released With More Performance Improvements, Language Features

      Facebook developers maintaining the HHVM interpreter for running PHP and Hack code have announced the HHVM 3.28.0 update.

      HHVM 3.28 continues their theme of introducing minor language additions, various performance improvements, better debugging support, and different bug-fixes.

    • MIT Releases A Free and Open Source Computer Programming Language to the Public

      The MIT-developed programming language, Julia 1.0 has been officially released to the public. Julia has been in development by MIT for almost a decade and made its official public debut during JuliaCon, an annual conference of Julia users.

      Julia 1.0 is a free open source programming language available worldwide. “Julia has been revolutionizing scientific and technical computing since 2009,” says MIT Professor Alan Edelman.

    • rlife : a cellular automata library written in Rust

      So rlife is a life library written in Rust. It aims at allowing to do manipulations on cellular automata, like computing the next generation of a CA, loading/saving a CA from/to a file, do various analysis on it (like locating the coordinates of a pattern, counting the number of living cells) and other manipulations. The main object of this library is the Gridthat represents the grid of the CA and it also stores all its properties (the file format used, the rulesets, the current size of the grid, etc…). This library could allow some developers to use CAs with a high level of abstraction and have the possibility to do many (in the future…) operations on it.

    • cmocka version 1.1.2 released

      I’m happy to announce version 1.1.2 of cmocka, a unit testing framework for C with mocking support.

Leftovers

  • Hardware

    • Working Apple-1 computer could sell for price of a supercar

      Steve Jobs and Steve Wozniak produced about 200 Apple-1 computers in the mid-1970s and around 60 of those are known to still exist today. Every so often one pops up at auction and manages to sell for a price that could easily purchase a home in most locations.

    • For Sale: 1976 Apple 1. Still Works, Asking $300,000 OBO

      An original Apple 1, hand-built by Steve Wozniak in 1976, is up for auction in September. It’s expected to sell for $300,000 or more.

      Steve Jobs and Wozniak only made 200 Apple 1 devices, making this an extremely rare piece of computer history. It was one of the first home computers that didn’t require soldering.

  • Security

    • Security updates for Wednesday
    • Password managers: Please make sure AutoFill is secure!

      Dear developers of password managers, we communicate quite regularly, typically within the context of security bug bounty programs. Don’t get me wrong, I don’t mind being paid for finding vulnerabilities in your products. But shouldn’t you do your homework before setting up a bug bounty program? Why is it the same basic mistakes that I find in almost all password managers? Why is it that so few password managers get AutoFill functionality right?

      Of course you want AutoFill to be part of your product, because from the user’s point of view it’s the single most important feature of a password manager. Take it away and users will consider your product unusable. But from the security point of view, filling in passwords on the wrong website is almost the worst thing that could happen. So why isn’t this part getting more scrutiny? There is a lot you can do, here are seven recommendations for you.

    • Kali Linux’s New Version 2018.3, Open-Source License War, Lenovo Announces Five New Android Tablets, Google Releases Open-Source Reinforcement Learning Framework and KD Chart Update

      Kali Linux recently announced its third release of 2018. Version 2018.3 features several new tools: idb, an iOS research/penetration-testing tool; gdb-peda, Python Exploit Development Assistance for GDB; datasploit, OSINT Framework to perform various recon techniques; and kerberoast, Kerberos assessment tools. See the Change Log for more information on all the changes, and download Kali from here.

    • The Difference Between Sandboxing, Honeypots & Security Deception

      A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.

      Networks, cyberattacks, and the strategies used to stop them are continuously evolving. Security deception is an emerging cyber-defense tactic that allows researchers and information security professionals to observe the behavior of attackers once they’ve gained access to what they think is a business network.

      The term “security deception” only came into wide usage in the last year, so it can be difficult to tell how exactly these solutions are different from other tools that try to trick attackers, such as sandboxing and honeypots. Like these other tactics, security deception fools attackers and malicious applications into revealing themselves so that researchers can devise effective defenses against them, but it relies more on automation and scale, and requires less expertise to set up and manage. Each of these technologies has unique requirements and ideal use cases. To understand what those are, we’ll need to look at each of them in more detail.

    • Windows Task Scheduler Zero-Day Exposed; No Patch Available

      A zero-day flaw has been revealed by a Twitter user SandboxEscaper, for the Windows Task Scheduler in 64-bit Windows 10 and Windows Server 2016 systems. Apparently, this vulnerability is out in the wild, and there are no known patches or specific workarounds at present.

      US-CERT has confirmed that the exploit works on 64-bit Windows 10 and Windows Server 2016 systems and is rooted in the Windows task scheduler.

    • Task Scheduler ALPC exploit high level analysis

      Yesterday SandboxEscaper tweeted an local privilege escalation exploit for Windows, which currently has no patch. It’s a really neat flaw, in particular how it is exploited.

    • OpenSSH Versions Since 2011 Vulnerable to Oracle Attack [Ed: Bleeping Computer is not a security news site but alarmist site that hypes up pretty ordinary bugs; Catalin is a lot worse]

      Security researchers from Qualys discovered a new username enumeration problem in the latest version of OpenSSH. It allows an attacker to try out various usernames on the server and determine which ones are valid. The vulnerability received tracking number CVE-2018-15919.

    • ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem

      AT commands, originally designed in the early 80s for controlling modems, are still in use in most modern smartphones to support telephony functions. The role of AT commands in these devices has vastly expanded through vendor-specific customizations, yet the extent of their functionality is unclear and poorly documented. In this paper, we systematically retrieve and extract 3,500 AT commands from over 2,000 Android smartphone firmware images across 11 vendors. We methodically test our corpus of AT commands against eight Android devices from four different vendors through their USB interface and characterize the powerful functionality exposed, including the ability to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, and inject touch events solely through the use of AT commands. We demonstrate that the AT command interface contains an alarming amount of unconstrained functionality and represents a broad attack surface on Android devices.

    • How These Android Smartphone Can Be Hacked With Simple AT commands

      According to a research, millions of Android devices from 11 OEMs are vulnerable to attacks from simple AT commands.

      These AT commands or Attention commands are a short collection of strings which were designed to transmit via phone line and modems, back in the 1980s. Earlier, these commands were used for a modem dial-up, hang up, and change specific connection settings.

    • Slackware Releases L1TF Mitigation Updates for v14.2

      The Slackware Linux Project team has just released kernel updates for its Slackware version 14.2 which was initially released on the first of July this year. According to the advisory released with the updates, the new kernel packages made available are specifically drafted to mitigate several imminent and emerging security concerns in the operating system.

  • Defence/Aggression

    • Ex-CIA officer responded to reports of informants in Russia

      The American intelligence service, which claimed to have informants in Russia was bluffing, RIA “Novosti” the statement of former CIA officer, Executive Director of the American Council for the national interest Philip Giraldi.

      “Senior intelligence officials never so simple and openly admit that they have sources rank high in the Kremlin,” said Giraldi.

    • Using the CIA to Extricate Us From Endless Cycle of Wars

      War in the Middle East is every U.S. president’s own ice cream challenge. It seems as if they all declare at the outset of their term that they want to focus on a domestic agenda to grow economic prosperity at home. Americans and much of the world breathe a sigh of relief over the idea of break from war. Unfortunately, it never pans out because some kind of pretext for re-engagement inevitably materializes.

      But what if an American president decided that even if the freezer conked out, melting all the ice cream, he still wasn’t going to rationalize the need to touch it?

      No recent president has been able to do that. Instead, the melted ice cream — now basically a milkshake — beckons to them. Suddenly, they’re having nightmares about another country stealing and drinking their disgustingly warm milkshake, so they raid the broken freezer and gorge themselves.

      Soon they discover that they’re in too deep and will never purge all those calories at the gym, so they double down by camping out in case more freezer items just happen to end up defrosting. Camp Leatherneck in Afghanistan’s Helmand Province didn’t come about much differently than Camp Busted Freezer.

    • WaPo Uses Photo of John McCain Next to Nazi to Praise His ‘Human Rights’ Work

      The Washington Post (8/27/18) published an op-ed by conservative staff opinion columnist Jennifer Rubin praising the late Sen. John McCain for his supposed commitment to “human rights.”

      Rubin waxed poetic on the ostensible “lost champion” of human rights, who “model[ed] for others the behavior of a free society.” She declared, quite paradoxically, “With the possible exception of the US military…no group was more indebted to Sen. John McCain (R-Ariz.) than the human rights community.”

      There was an, er, optical problem, however: For the header image on this column, the Washington Post used a photo of McCain speaking next to the notorious Ukrainian neo-Nazi leader Oleh Tyahnybok.

      Tyahnybok, a longtime fascist, has called for a war on the so-called “Muscovite-Jewish mafia” (BBC, 12/26/12). The far-right leader has attacked the role of “Jews-Bolsheviks” in his country’s history, and claims that there is still today a cabal of “Jewish oligarchs who control Ukraine” (JTA, 3/25/09).

      John McCain met with Tyahnybok and stood next to him as the senator gave a speech in Ukraine in late 2013, as Business Insider (12/16/13) reported at the time. The Washington Post indicated in the caption on its header image that McCain was “wav[ing] to protesters during a mass rally of the opposition in Kiev, Ukraine, on December 15, 2013.” But it failed to identify the man standing next to the Arizona senator—or his extremist politics, which are the antithesis of human rights.

      McCain was in the Eastern European nation—along with Democratic Senator Chris Murphy — to cheer on the ongoing right-wing protest movement. In February 2014, this movement was successful: Ukraine’s democratically elected, pro-Russian government was overthrown in a coup, in which fascist forces played a significant role (FAIR.org, 3/7/14).

      [...]

      Tyahnybok is far from a minor player in Ukraine. And since the US-backed coup, he has become increasingly influential.

      Tyahnybok has been the leader of the fascist, ultra-nationalist Ukrainian political party Svoboda since its founding in 2004. Svoboda has its origins in the explicitly neo-Nazi Social-National Party of Ukraine, which proclaimed, “We are the last hope of the white race, of humankind as such.”

    • Flordia AG Somehow Pivots To The Danger Of Video Games After The Latest Florida Shooting

      There is a long tradition in conservative politics for blaming video games whenever a mass shooting is carried out by a relatively young person. It’s a monumentally stupid argument, given the complicated and twisted nature of mass shootings and the motivations behind them. But, since policy and politics are now offered merely in soundbite formats, the end result of a mass shooting is for every person to retreat to their familiar corners and make lots of noises that ultimately accomplish nothing but stagnation.

      The mass shooting that happened in Florida recently could have been a different story. While it indeed happened at a video game tournament, the gamers involved were playing Madden, not some violent shoot ‘em up. If playing a football video game makes people angry enough to shoot people, just wait until those decrying video game violence turn on their TVs on Sunday and realize that there are actual people playing the same game for real. There was no indication anywhere that this shooting was carried out by anything other than an individual that likely had some severe mental problems and access to weapons. And, yet, somehow Florida Attorney General Pam Bondi addressed this latest shooting by pivoting directly to the dangers of kids playing video games and the predators that will harm them.

    • Florida’s Attorney General Finds Baffling New Way to Blame Jacksonville Shooting on Video Games

      After a mass shooting, pro-gun activists often reach for ways to explain how it could have happened yet again that isn’t “there too many people have guns and they’re too easy to get.” This weekend’s shooting in Jacksonville, FL, at a Madden video game tournament has proved to be no exception, with Florida Attorney General Pam Bondi supplying the obvious alternate explanation—it’s about video games—but with a fascinating twist.

  • Transparency/Investigative Reporting

  • Environment/Energy/Wildlife/Nature

    • Nuclear Safety Board Slams Energy Department Plan to Weaken Oversight

      A new Department of Energy order that could be used to withhold information from a federal nuclear safety board and prevent the board from overseeing worker safety at nuclear facilities appears to violate longstanding provisions in the U.S. Atomic Energy Act, the board’s members said Tuesday.

      Members of the Defense Nuclear Facilities Safety Board, both Democrats and Republicans, were united in their criticism of the Energy Department’s order, published in mid-May. It prevents the board from accessing sensitive information, imposes additional legal hurdles on board staff, and mandates that Energy Department officials speak “with one voice” when communicating with the board.

      The Santa Fe New Mexican and ProPublica first reported on the order’s existence in July but the board called for a special hearing, saying its members had no formal input before the document was finalized.

      At that hearing in Washington, D.C., Tuesday morning, the first of three on the topic, officials from the Energy Department and its National Nuclear Security Administration, which oversees the nation’s nuclear stockpile, said the changes were largely innocuous and were necessary to update a 17-year-old guidance manual.

  • Finance

  • AstroTurf/Lobbying/Politics

  • Censorship/Free Speech

    • Facebook has removed all cross-posted tweets

      Facebook users are complaining the company has removed the cross-posted tweets they had published to their profiles as Facebook updates. The posts’ removal took place following the recent API change that prevented Twitter users from continuing to automatically publish their tweets to Facebook. According to the affected parties, both the Facebook posts themselves, as well as the conversation around those posts that had taken place directly on Facebook, are now gone. Reached for comment, Facebook says it’s aware of the issue and is looking into it.

    • Facebook is deleting timeline posts that users cross-published from Twitter

      The changes went into effect starting August 1st. But it now appears that not only did Facebook disable the ability to use cross-posting between Twitter and its own social network on that date, but it also forcibly removed all the posts users had made using that feature. For users that may have been deleting their tweets but keeping a repository of the information on Facebook, where it’s more easily kept hidden from the public, it would seem the posts are gone for good.

    • Punjab’s proposed amendment to blasphemy law Section 295 AA: Amarinder’s move arms religious fanatics against free speech

      # https://www.firstpost.com/india/uproar-expected-in-punjab-as-amarinder-govt-moves-to-table-bill-introducing-amends-to-section-295-aa-blasphemy-law-today-5059111.html

      The proposed law inserts Section 295AA to the IPC to provide: “whoever causes injury, damage or sacrilege to Sri Guru Granth Sahib, Srimad Bhagwad Geeta, Holy Quran and Holy Bible with the intention to hurt the religious feelings of the people, shall be punished with imprisonment for life.” For the past few centuries, there has been a movement of ideas worldwide to separate religion from the state. Chief Minister Amarinder is seeking to revert this process of enlightenment.

      [...]

      In India, there has been a long tradition of free speech, which is now under attack from a range of forces who have roots in religion and institutions of the government in India. In 2017, a group of University of Lucknow students, including girls, spent three weeks in jail for showing black flags to Chief Minister Yogi Adityanath. Indian youths are being imprisonment for posting political comments on Facebook and other social media. This is an attack on our democratic tenets.

    • Microsoft’s president explains how the Gab shutdown notice went from customer support to his desk

      In a wide-ranging interview on The Vergecast this week, Microsoft president and chief legal officer Brad Smith expanded on why the company nearly shut down Gab.ai, the “free-speech” absolutist platform that’s become an alt-right favorite.

      Earlier this month, Microsoft sent a notice to Gab threatening to end the company’s Azure cloud service if it did not remove two anti-Semitic hate speech posts within 48 hours. The notice, which Gab said would cause the social network to “go down for weeks/months,” sent the social network’s operators into a frenzy. But Smith said Microsoft headquarters in Redmond, Washington, was asleep when the notice was sent.

      [...]

      The posts, which advocated for genocidal violence against Jewish people, were removed by the poster before Microsoft’s takedown deadline. “Whoever made that call while we were sleeping made the right call,” Smith said.

  • Privacy/Surveillance

    • WhatsApp Data Backed Up On Google Drive Won’t Be Encrypted

      WhatsApp had recently announced that Android users will be able to store their chats on Google Drive starting from November 12, 2018.

      Those backups won’t be counted towards Google Drive’s storage quota. But WhatsApp has warned that the free backup service offered by Google will no longer be protected with end-to-end encryption.

    • Appeals Court Asks the Right Questions in NSA Surveillance Case

      On Monday, the Second Circuit Court of Appeals in New York held argument in United States v. Hasbajrami, an important case involving surveillance under Section 702 of the FISA Amendments Act. It is only the second time a federal appeals court has been asked to rule on whether the government can collect countless numbers of electronic communications—including those of Americans—and use these communications in criminal investigations, all without a warrant. In a lengthy and engaged argument [.mp3], a three-judge panel of the Second Circuit heard from lawyers for the United States and the defendant Agron Hasbajrami, as well as from ACLU attorney Patrick Toomey representing ACLU and EFF, which filed a joint amicus brief in support of the defendant. As we explained to the court in our amicus brief and at the argument, this surveillance violates Americans’ Fourth Amendment rights on a massive scale.

      Hasbajrami is a U.S. resident who was arrested at JFK airport in 2011 on his way to Pakistan and charged with providing material support to terrorists. Only after his conviction did the government explain that its case was premised in part on emails between Hasbajrami and an unnamed “Individual #1”—a foreigner associated with terrorist groups—obtained using PRISM, one of the government’s Section 702 programs.

      Under Section 702, the government is authorized to warrantlessly intercept private online communications of foreigners located outside the U.S., an authority that the government claims extends to conversations between foreigners and Americans, so long as it doesn’t intentionally target specific Americans.

    • German antitrust watchdog plans action on Facebook this year

      The Federal Cartel Office objects in particular to how Facebook acquires data on people from third-party apps – including its own WhatsApp and Instagram services – and its online tracking of people who aren’t even members.

    • ‘Digital shackles’: the unexpected cruelty of ankle monitors

      Birts pays $30 per day – that’s $840 per month – for the privilege of wearing the bulky device. It sucks up all his income, leaving him homeless and sleeping in his Ford Escape in Oakland.

      [...]

      Edwards is using the legal system to fight back. He is part of a class-action lawsuit against LCA and Alameda county, filed in early August, which accuses the county of allowing a private company to make profit-driven decisions about people’s freedoms, denying them due process. It accuses LCA of extorting fees from people through the threat of incarceration, in violation of federal racketeering laws.

    • Indiana Appeals Court Says Forcing Someone To Unlock Their Phone Violates The 5th Amendment

      Passwords and PINs still beat fingerprints when it comes to the Fifth Amendment. But just barely. Nothing about the issue is settled, but far more cases have been handed down declaring fingerprints to be non-testimonial. Fingerprints are obtained during the booking process — a physical, traceable representation of the suspect. If they can be obtained during booking, they can certainly be obtained again to unlock a device. A physical aspect of a human being can’t be considered “testimonial” as far as courts have interpreted the Fifth Amendment.

      Passwords are a different story, but not by much. In a handful of cases, courts have said the compelled production of passwords and PINs has no Fifth Amendment implications. Defendants, conversely, have argued compelled password production forces them to testify against themselves by facilitating the production of evidence to be used against them.

      This argument hasn’t had much success. Judges have frequently found password production to be just as non-testimonial as a person’s fingerprint. The argument here is that all law enforcement wants is a password, not the production of evidence. Under the “foregone conclusion” theory, all the government has to prove is that the person being asked to unlock a device can unlock the device.

      This decouples password production from its consequences: the production of evidence by defendants that the government will use against them in court. When this theory is applied, the Fifth Amendment is sidelined and replaced with the ultra-low bar of foregone conclusion.

    • WhatsApp is storing unencrypted backup data on Google Drive

      However, the company has now confirmed that the act of encrypting the data between WhatsApp and Google is not part of the end-to-end encryption that the company offers for its conversations.

  • Civil Rights/Policing

    • Facebook fugitive fights U.S. request to extradite him from Ecuador: lawyer

      The criminal case arose from Ceglia’s conduct related to a2010 civil lawsuit he had filed against Zuckerberg.

      Ceglia claimed that Zuckerberg had, while a student at Harvard University, signed a 2003 contract giving him half of a planned social networking website that later became Facebook.

    • Alleged Facebook scammer arrested in Ecuador, will resist extradition

      In a new court filing submitted last week, federal prosecutors said that a criminal defendant accused of attempting to extort Facebook itself has now been arrested in Ecuador.

       

      That man, Paul Ceglia, has been a fugitive since 2015. At that time, he cut off his ankle monitor and fled with his wife, kids, and dog. The American government is now trying to extradite Ceglia.

    • Tech Titans Dish Advice About Phone Addiction

      Your phone is training you to be its servant. Here’s how to fight back.

    • FrOSCon 2018

      In her keynote “Blessed by the algorithm – the computer says no!” Lorena detailed the intersection of ethics and technology when it comes to automated decision making systems. As much as humans with a technical training shy away from questions related to ethics, humans trained in ethics often shy away from topics that involve a technical layer. However as technology becomes more and more ingrained in everyday life we need people who understand both – tech and ethical questions.

      Lorena started her talk detailing how one typical property of human decision making involves inconsistency, otherwise known as noise: Where machine made decisions can be either accurate and consistent or biased and consistent, human decisions are either inconsistent but more or less accurate or inconsistent and biased. Experiments that showed this level of inconsistency are plenty, ranging from time estimates for tasks being different depending on weather, mood, time of day, being hungry or not up to judges being influenced by similar factors in court.

    • Check Out My Presentation “How To Win A Grassroots Media Rebellion“ At The Ron Paul Institute Conference

      Here’s a speech I gave for the Ron Paul Institute Peace and Prosperity Conference titled “How To Win A Grassroots Media Rebellion“. The audio feed for this recording doesn’t pick up the audience, so when you see me pausing with a delighted look on my face it’s because people are applauding, not because I’m having a stroke.

    • Fact-Checking The Prison Strike: Marshall Project Reveals Bias Against Prisoner-Led Resistance

      One of the primary differences between this year’s prison strike for basic human rights and dignity and the one that took place in 2016 is the level of media attention it has attracted.

      Far more journalists are paying attention this year, but rather than examine the message of the strike seriously, several outlets—especially those claiming to specialize in these issues—are more concerned with interrogating the messengers. It is as if the prison strike might be a stunt by conniving prisoners and backed by clueless activists—both which want to see their names splashed all over the internet.

      A quintessential example of this came from the Marshall Project, a nonprofit news organization that was founded by former hedge fund manager Neil Barsky in 2014. The organization prides itself on being a credible and reliable source of information on everything from prisons to police and the courts. According to their website, they “[seek] to create and sustain a sense of national urgency about the U.S. criminal justice system.”

      The Marshall Project managed to get out in front of other mainstream reporting on the prison strike, establishing themselves as an expert source for interviews and insights on the action. Reporting fellow, Nicole Lewis, was invited on popular national media platforms to discuss her piece, “What’s Really Happening With The Prison Strike?”

      But Lewis’s article is littered with prejudice and innuendo that casts doubt on the legitimacy and trustworthiness of strikers and their outside supporters. It includes the perspectives of activists, but plays into biases against incarcerated people by suggesting they might not be telling the truth about their struggle for human rights.

      The article from the Marshall Project appears to be a fact check of the prison strike. “Some outlets simply reported unchecked information put out by the outside strike organizers,” Lewis writes, without naming any particular outlets. But the only “unchecked information” Lewis seems to highlight is the number of prisons participating.

      Lewis clearly believes organizers are exaggerating the extent of the strike. Yet, by focusing on this aspect, she ignores the demands and the conditions that fueled the latest round of resistance.

    • On National Security, Kavanaugh Has a History of Extreme Deference to the President

      Trump’s pick for the Supreme Court has a record of extreme deference to the executive on national security cases, including unlawful detention.

      A week before his confirmation hearing, the public record on Judge Brett Kavanaugh’s possible involvement in some of the Bush administration’s most abusive policies and programs is woefully incomplete.

      Kavanaugh, President Trump’s nominee for the Supreme Court, served in the White House soon after 9/11 when the Bush administration launched many of its most infamous programs in the name of national security. Leading senators have said that, during his 2006 confirmation hearing for the D.C. Circuit Court of Appeals, Kavanaugh may have provided misleading or inaccurate information about his involvement in developing those policies. Senators have rightly called for access to and public release of all documents from his White House stint, so we know any role he might have played in developing or reviewing the Bush administration’s torture, detention, and surveillance programs.

      But despite these holes, Kavanaugh does have a well-developed record in cases involving national security, civil liberties, and human rights from his time on the D.C. Circuit. That record shows extreme deference to presidential claims to act unchecked in the name of war or national security. It also demonstrates hostility to international law as a constraint on government action as well as an unwillingness to hold the government to account when it violates the constitutional and human rights of U.S. citizens and noncitizens.

    • Amazon Pays Employees To Chirp Happily On Twitter About Wonderful Working Conditions

      For several years now, there have been a parade of articles examining the “churn and burn” culture at Amazon. For example a 2015 New York Times piece profiled the “bruising” culture at the company while noting that employees weeping at their desk was not an uncommon sight. And while the profile was contested by some employees at the company, a substantial number of different reports have also highlighted the poor working conditions in Amazon distribution warehouses, including employees having to pee in garbage cans for fear of missing targets by going to a proper restroom.

      Hoping to correct the “public perception” of poor working conditions at the company’s warehouses, Amazon executives have crafted a new “solution” to the problem. They’ve started paying some warehouse employees to create Twitter accounts and speak positively of not only their working experiences, but CEO Jeff Bezos.

  • Internet Policy/Net Neutrality

    • To protect big telcos, Zambia wants to tax calls made over social media apps

      The new tariff, announced last week, will be collected through mobile phone companies and [I]nternet service providers. The fee will be charged at a daily rate at 30 ngwee (3c) per day, irrespective of how many [I]nternet calls are made, explained minister of information and broadcasting Dora Siliya.

    • Zambia to tax internet calls to protect telecoms firms

      Internet has become important for civil society in Zambia, and activists worry the tax will curtail freedom of expression.

       

      “We have noted that it’s part of the systematic attempt by the state to stifle freedom of expression online. This is an assault to freedom of expression and association,” said Richard Mulonga, head of the online rights group Bloggers of Zambia.

    • Big Telecom Is Using Robocalls to Fight a Net Neutrality Bill in California

      CJAC’s robocalls ares not the only campaign spreading scary claims about soaring cell phone bills: ads on Facebook and Twitter, as well as physical flyers opposing the net neutrality bill and paid for by AT&T-backed advocacy group CALInnovates have been reported across California.

    • Big Telecom Resorts To Lying To Senior Citizens To Scuttle Net Neutrality In California

      With the bipartisan majority of Americans supporting net neutrality, the broadband industry often has to resort to outright falsehoods to try and make its case that we don’t need net neutrality rules (or any meaningful oversight of natural telecom monopolies). From paying civil rights groups to parrot industry positions to hiring fake journalists to deny the obvious, the broadband industry has a long, proud, multi-decade history of using outright bullshit to scare the public, press and regulators away from the idea of net neutrality.

      The latest case in point: after AT&T lobbyists successfully sabotaged initial efforts to pass new net neutrality rules in California, the state this week revisited the effort with a new vote on the state assembly floor. In a bid to try and scuttle the effort, an AT&T-linked group by the name of Civil Justice Association of California (CJAC) has been robocalling senior citizens in the state, informing them that their cell phone bill will jump $30 if the new rules pass.

  • Intellectual Monopolies

    • Data Driven Creativity

      My broader point, then, is that how we consider the effect of data driven works will depend a lot on how we view creativity.

      [...]

      To be clear, Raustiala and Sprigman don’t say anything that contradicts my intuitions here. They make clear that creativity is on a continuum, and that data merely slides to one side. But they do question how viewers will perceive works, and it is there that I disagree with them. I suppose that we could hit that limit where everything is automated, but my gut says that despite having preferences for particular story aspects, viewers will always be able to separate the wheat from the chaff (though not the way I would – as just about every American Idol vote shows) and thus will always look for something new and different within their preferences. At least, I sure hope so.

    • Trademarks

      • Mexico expands trade mark protection

        Mexico’s industrial property law has been amended to include more types of trade marks. It also introduces some small changes that bring Mexico’s trade mark system more in line with the US and beyond

    • Copyrights

      • Danish ISPs Get Win That Could End Copyright Trolling In Denmark

        We have talked in recent years how the scourge of copyright trolling has hit the nation of Denmark particularly hard. While trolling operations started off about the same as they do elsewhere in the world, their requests to unmask ISP customers soon ramped up to enormous levels. It was enough to turn two ISP rivals into allies, with Telenor and Telia fighting in court for their respective customers’ privacy rights. After an initial loss, the companies appealed up the legal chain and managed to get a win with the court siding with the ISPs’ privacy concerns over the copyright trolls’ nefarious business model. After that, one of the copyright trolls appealed to Denmark’s Supreme Court, hoping to reverse the decision once again.

      • Significant Concerns About The New NAFTA Agreement’s Impact On Innovation And The Internet

        Earlier this week, we wrote about how the USTR itself appeared to be totally confused about its own NAFTA-replacement agreement with Mexico in the “Intellectual Property” section, in that it was reporting that the agreement included copyright in some works for “75 years” in places and “life + 75 years” in other places, and acted as though they were the same thing. The USTR seemed legitimately confused over this issue, which did not give people much confidence that it knew what it was doing in these negotiations on the intellectual property questions. However, since that issue appeared to be one of pure confusion, which should be easily fixed in the final text, we should put our attention more towards the actual problems with what the USTR appears to be doing here.

        We don’t yet have the full text — though that should be available soon — but from the USTR’s fact sheet there are many reasons to be concerned that this agreement is a massive handout to Hollywood and patent trolls, and against innovation.

      • IP Address is Not Enough to Identify Pirate, US Court of Appeals Rules

        The owner of an adult foster care home who operated an open WiFi network has booked a big win against a copyright troll. Thomas Gonzales was accused of downloading the Adam Sandler movie The Cobbler but won $17k last year after being wrongfully targeted. The case went to appeal and in a ruling handed down yesterday by the Ninth Circuit Court of Appeals, Gonzales emerged victorious again.

      • Important Appeals Court Ruling States Clearly That Merely Having An IP Address Is Insufficient For Infringement Claims

        The case involved well known copyright trolling lawyer Carl Crowell representing Cobbler Nevada LLC. As we discussed in our article on the district court decision, the actions in this case were particularly nefarious. Crowell quickly learned that the IP address in question belonged to an adult foster care home, but decided to go after the operator, Thomas Gonzales, even though he was aware that any of the many residents or staff may have actually been responsible for the infringement. Gonzales (reasonably) refused to just cough up the names and details of residents and staff without a court order, and Crowell’s response was just to go after Gonzales directly. But the facts of this case made it especially easy for the lower court to highlight how a mere IP address is not nearly enough to allege infringement.

      • No do-overs! Appeals court won’t hear $8.8bn Oracle v Google rehash

        Over eight years of feuding between Oracle and Google over the use of Java code in Android may be nearing its end following a Tuesday court ruling.

        The US Federal Circuit Court of Appeals has declined [PDF] to re-hear the case in which it found Google to be in violation of Oracle’s copyright on Android API code. The Chocolate Factory faces a demand from Oracle for $8.8bn in damages.

        Tuesday’s ruling means that the only remaining hope for Google to avoid a massive payout to Oracle is a hearing and decision from the US Supreme Court, something Google said it will pursue after today’s verdict.

        “We are disappointed that the Federal Circuit overturned the jury finding that Java is open and free for everyone,” Google told The Register.

      • Federal Circuit denies Oracle v Google en banc rehearing

        Google has already said it will appeal to the Supreme Court in the latest development in the dispute over unauthorised use of 37 packages of Oracle’s Java application programming interface

      • A Link Tax Won’t Bring Back Journalists; It Will Do Even More Harm To Them

        While most of the attention on the upcoming votes around the EU Copyright Directive is on the mandatory filters found in Article 13, we should be just as concerned about the link tax in Article 11. European publishers have been flat out lying about the proposal, which is little more than an attempt to just demand cash from Google and Facebook.

        We’ve already explained why this is a bad idea. And it’s not a theoretical issue either. This very same proposal has been tried in Germany and Spain and it failed miserably in both places, to the point of doing serious damage to traffic to news sites, without increasing revenue.

        Unfortunately, it appears that at least some journalists don’t want to hear about the facts. AFP’s Baghdad Bureau Chief, Sammy Ketz has pieces in the Guardian and La Stampa (and possibly elsewhere) making an impassioned — if somewhat confused — plea in support of Article 11.

        The reasoning is fuzzy, because there is no legitimate basis for Article 11, but Ketz basically says “there are fewer reporters these days, because news orgs are failing, but Google and Facebook have lots of money, so Article 11 is important, because they’ll give us money.” Really.

08.29.18

Links 29/8/2018: Solaris 11.4, More Intel Issues

Posted in News Roundup at 6:28 am by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

  • Desktop

    • 10 Reasons To Replace Windows With Linux

      A lot of people run Windows on their laptop and desktop computers and quite often the reason for that is because it was already installed when they bought the machine.

      What is interesting though is that if you give people a better option then there is every chance they will switch to something else.

      If you don’t believe me look at the rise of Google Chrome. Internet Explorer used to dominate the browser market share but now Chrome controls over 60% compared to Internet Explorer which has under 10%.

      Linux is better than Windows, especially for home use and in this guide I will provide 10 reasons why.

  • Kernel Space

    • The world’s largest open source project, Linux, turned 27

      27 years ago, on the 25th of August in 1991 to be exact, a student from University of Helsinki posted on a newsgroup seeking for feedback for what he called a hobby project.
      That is of course Linux, the hobby project started by Linus Torvals, that has since conquered the world. In the original post Linus was looking for feedback for fellow Minix users. He had been working on his replacement for Minix since April, and was ready to get it out there.

      It obviously still took a while before Linux was ready for a proper spotlight, but the cat was out of the bag.

    • Is the Linux 4.18 kernel heading your way?

      In case this URL isn’t familiar, www.kernel.org is the web site of the organization that distributes the Linux kernel and other Open Source software to the public without charge. The site provides kernel archives where anyone can download source. And, yes, even you, can go and download source code for Linux.

      The latest stable version is currently 4.18.5. The kernel.org site provides extensive and easily navigated directories that can shed as much light on the Linux kernel as you might care to absorb. That includes the ability to view individual files that represent portions of the code base or download past or current releases.

      If you go to www.kernel.org, you will see options for downloading kernel tarballs, viewing the verification signatures for the tarballs, and investigating patches. If you have never considered the amount of code that comprises the Linux kernel or imagined how accessible it is, visiting the site and spending a little time wandering around might prove to be quite an exciting experience. Try drilling down to a single script as in this example picked at random and you’ll see how easy it is to probe into code that makes up the core of Linux.

    • Linux 4.4.153
    • Linux 3.18.120
    • Realtek USB3 Hubs Will See Firmware Updates Delivered On Linux Via Fwupd/LVFS

      Linux firmware updating is on a roll with the fwupd updating utility and the Linux Vendor Firmware Service (LVFS) for the distribution of these firmware files recently seeing AKiTiO Thunderbolt device support and NVMe SSD firmware updating being the next big task. Richard Hughes of Red Hat has also revealed he’s been working on USB3 hub firmware support in conjunction with Realtek.

    • Linux 4.19 lets you declare your trust in AMD, IBM and Intel

      Linux v4.19-rc1, release candidate code published on Sunday, allows those building their own kernel or Linux distribution to choose whether or not to trust the CPU hardware random number generator, a decision that has become complicated in the wake of the revelations about government surveillance over the past five years.

      When random number generation is insufficiently random, encryption based on such numbers can be broken with less effort. Among the security-minded, there’s concern that hardware makers might offer subpar randomization unknowingly, as a result of espionage, or to accommodate demands from government law enforcement or intelligence agencies.

      The paranoia wasn’t always so palpable. Back in 2013, Linus Torvalds, Lord of the Linux, dismissed calls to ditch Intel’s RDRAND processor instruction, noting that the Linux kernel uses multiple sources of input to generate random numbers.

    • Intel’s 13 Patches For SGX Linux Support See Their 13th Revision

      One of the features sadly not making it into the in-development Linux 4.19 kernel is the support for Intel’s SGX — the Software Guard Extensions.

      Intel Software Guard Extensions allow for allocating “enclaves” or private regions of memory for secure computing, DRM, and other purposes. SGX support was introduced to Intel CPUs with Skylake while the Linux support has remained a work-in-progress.

    • Bug in Linux 4.18 Kernel Causes CPU Stall and System Freezes on Older Hardware

      If ever you needed a good reason to upgrade your old CPU, it seems a “show-stopping” bug has found its way into the Linux 4.18 stable kernel series – though its only effecting older hardware, mostly the Intel Core 2 Duo era processors. This bug in Linux 4.18 kernel currently has two submitted bug reports on the bugzilla tracker.

    • Linux 4.18 Is Appearing To Cause Problems For Those Running Older CPUs

      As a P.S.A. for those tending to quickly upgrade to new major kernel releases but are doing so on older hardware, there appears to be a show-stopping bug that made it into the stable Linux 4.18 series.

      [...]

      Those encountering this problem have bisected it to clocksource: Remove kthread as the problematic commit. If building the Linux 4.18 kernel with that commit reverted, those old CPUs begin to happily run on this latest stable kernel release. Another alternative to workaround this problem is booting with the kernel parameter of clocksource=hpet. Of course, if you are running on a system as old as the Core 2 Duo days (2006~2010), you can choose any number of older stable Linux LTS releases to boot your system until this situation is resolved upstream and back-ported to the 4.18 series.

    • Graphics Stack

      • NVIDIA 390.87 Linux Driver Backports That Important Performance Fix

        NVIDIA has today shipped the 390.87 Linux driver as their latest update to the 390 “long-lived” driver series

      • GPUOpen’s Vulkan Memory Allocator 2.1 Being Prepped With Many Additions

        AMD’s GPUOpen group has released their first beta of the Vulkan Memory Allocator 2.1 release after “many months of development” and as such comes with many new features.

        VulkanMemoryAllocator as a refresher is the open-source AMD effort to provide an easy-to-use and integrate Vulkan memory allocation library to ease the process of bringing up new Vulkan code. The VulkanMemoryAllocator is used by the likes of Google’s Filament renderer, vkDoom3, LWJGL, the Anvil framework, and others.

      • Mir’s EGMDE “Edge” Now Has Experimental X11 Support, Static Display Configuration

        Ubuntu’s Mir display server that has been chasing Wayland support and earlier this year introduced EGMDE as the example Mir desktop environment has picked up some extra functionality on its “edge” channel.

        Thanks to Ubuntu’s Snappy, via Snap it’s now possible to have both beta and edge channels of EGMDE with easy installation. Their edge channel of EGMDE will be where they ship their experimental/bleeding-edge features. In making use of this new functionality, to the EGMDE edge channel they have introduced some new capabilities.

      • More Vega 20 Enablement Heading To Linux 4.20~5.0, No Longer Marked Experimental

        While the Linux 4.19 kernel merge window just ended this past weekend and the development cycle for Linux 4.20 (or most likely to be called Linux 5.0) won’t kick off until around the middle of October, AMD has already begun staging a ton of changes for this next kernel version. In particular, it looks like with this next kernel release their Vega 20 enablement will be in order.

      • The DRM GPU Scheduler Got Beefed Up This Summer, More Improvements Possible

        In addition to the VKMS driver for virtual kernel mode-setting, the other successful Google Summer of Code (GSoC) project this summer under the X.Org umbrella was improving the DRM GPU scheduler.

        The DRM GPU scheduler is what was the AMDGPU scheduler before it was punted out into DRM common code so this GPU scheduler could be re-used by other Direct Rendering Manager drivers like Etnaviv and Linux-Lima. As part of GSoC 2018, Nayan Deshmukh worked on improvements to the DRM GPU scheduler with a particular focus on being able to feed one entity into multiple run queues.

      • wineSHOCK: The Automated Direct3D Game Benchmarks On Wine

        Given Valve’s now public Steam Play for Linux using the Wine-derived Proton and their ongoing relationship with Code Weavers to improve the experience for Windows games on Linux, it perhaps adds better context why this summer for GSoC there was the automated Direct3D game benchmarking work with mentorship by a CodeWeavers developer.

        This summer we’ve been covering the work by student developer Dimitris Gounaridis on better Direct3D game benchmarks within Wine. After all, this Google Summer of Code project is facilitated using the Phoronix Test Suite and OpenBenchmarking.org.

      • Vulkan VirGL Ends The Summer Being Able To Execute A Compute Shader

        One of the most interesting projects we’ve seen attempted for Google Summer of Code 2018 was adding Vulkan support to VirGL for allowing Vulkan access within guest virtual machines.

        The VirGL stack has been getting into great shape with its OpenGL 4 support while up until this summer there wasn’t much effort on getting the Vulkan graphics/compute API handled by this stack that leverages Mesa, VirtIO-GPU, and the “virglrenderer” component to make all of this magic happen.

    • Benchmarks

      • Benchmarks Of Intel’s Latest Linux Microcode Update

        With all of the confusion last week over Intel’s short-lived CPU microcode license change that forbid benchmarking only for them to change it a short time later — to a much nicer license in that the microcode files can be easily redistributed and don’t curtail it in other manners (and also re-licensing their FSP too), here are some performance benchmarks when trying out this latest Intel microcode on Linux.

        [...]

        In the benchmarks run over the weekend, the latest Intel microcode files for August (taking Xeon Scalable CPUs to 0x200004d appeared to have only minimal impact on the system performance… Mostly in I/O cases were there some slight differences in performance, but nothing overly shocking and not as bad as the L1TF Linux kernel mitigation itself — see those benchmarks for all the details. Going into this microcode comparison I was expecting much more volatile results given their short-lived benchmark restriction, but it looks like it may have just been an overzealous Intel lawyer who thought it would be a good idea to forbid benchmarking and further lock-down their microcode license…

      • Fresh NVIDIA vs. AMD Radeon OpenCL GPU Benchmarks For August 2018

        It has been a while since last delivering some OpenCL GPU compute benchmarks across several different graphics cards on the latest Linux drivers, so here is a fresh look.

        Tests were done using the the NVIDIA 396.54 Linux driver with the GeForce GTX 1070 / 1070 Ti / 1080 / 1080 Ti graphics cards. On the AMD side was the newest AMDGPU-PRO 18.30 driver release with testing a Radeon RX Vega 56 and RX Vega 64.

      • The Tighter NVIDIA GeForce vs. AMD Radeon Linux Gaming Battle With 396.54 + Mesa 18.3-dev Drivers

        Last week NVIDIA released the 396.54 driver that has a significant performance fix for OpenGL/Vulkan Linux performance due to a resource leak regression introduced at the start of the 390 driver series. With that updated driver (also as of yesterday back-ported to 390.87 too), there is a measurable boost in performance after running a few games on NVIDIA Linux systems. But at the same time, the Mesa 18.3-dev open-source graphics driver stack with RadeonSI/RADV continues improving on the open-source AMD front. Here is a fresh look at how the latest AMD Radeon and NVIDIA GeForce graphics cards compare using these latest drivers.

      • Clear Linux Rolling Out KDE Plasma Desktop Support, Plus Some Benchmarks Against GNOME Shell

        The performance-optimized Clear Linux distribution out of Intel’s Open-Source Technology Center started out with Xfce as its lone desktop option and then added and moved over to the GNOME Shell as the default desktop. While GNOME Shell remains the default desktop choice for this rolling-release Linux distribution, KDE components have begun appearing in recent days.

        On Clear Linux it’s now just a swupd bundle-add desktop-kde command away from getting a Plasma 5 desktop on this high-performance Linux stack. Also new are the desktop-kde-apps and desktop-kde-libs bundles, though they are included as part of the desktop-kde bundle. Over the weekend the KDE Plasma desktop became functional on Clear Linux.

  • Applications

  • Desktop Environments/WMs

    • Getting started with the i3 window manager on Linux

      In my article 5 reasons the i3 window manager makes Linux better, I shared the top five reasons I use and recommend the i3 window manager as an alternative Linux desktop experience.

      In this post, I will walk through the installation and basic configuration of i3 on Fedora 28 Linux.

    • K Desktop Environment/KDE SC/Qt

      • KD Chart 2.6.1 Released

        This is the latest release of our powerful open-source Qt component, KD Chart, that allows you to create business charts and much more.

      • KDAB at SIGGRAPH – 2018
      • KDAB Talks at Qt World Summit – Boston

        KDAB is offering two talks at Qt World Summit in Boston. Here’s a preview before the full program is published.

        The first, from Qt 3D expert Mike Krus, gives an in-depth look at how to make the collaboration between designers and developers smoother.

      • Akademy 2018 Trip Report

        I recently had the opportunity to attend Akademy – the annual world summit of KDE. This blog post covers my experience of the event, and is mostly a brain-dump memory aide. Akademy attracts KDE developers, enthusiast users and others from the wider Qt, KDE and distro communities. The event is a week-long in-person combination of talks and BoF (Birds of a Feather) sessions. This year Akademy was held at TU Wein in Vienna, Austria.

        I’d never attended Akademy before, as I am not a KDE developer, and only recently starting running Plasma on my ThinkPad T450. My employer – Canonical – is a sponsor of the KDE project, and a silver level sponsor of Akademy. A recent reorganisation inside Canonical meant I was able to take someone else’s place at the last minute. So I booked travel and accomodation to attend from Saturday to Tuesday.

      • Plasma Mobile at a demoparty?

        Chaos Constructions is an annual computer festival held in Saint Petersburg, Russia. It is centered around demoscene — a form of computer art where participants write programs that produce short audio-visual presentations. Apart from the demoscene contests, you can enjoy computer-related seminars, live acts, and a computer exhibition.

      • Human Interface Guidelines

        The Visual Design Group has been hard at work to improve our Human Interface Guidelines. These set of rules and guidelines are meant for our developers and designers to use when creating applications, submitting patches, suggesting UI changes, etc. Every developer that we work with will feel a little more safe that their application is headed in the right visual direction for KDE.

        However, as with most things, our guidelines have become outdated. Recent development into Kirigami and further work into the desktop have made it clear that we must change and update our guidelines to accommodate for these new developments.

        In fact, during Akademy 2018 in Vienna, updating our guidelines was one of the most cited suggestions that I received.

      • TableView

        I’m happy to announce that in Qt 5.12, a new TableView item will be available in the QtQuick module. TableView is similar to the existing ListView, but with additional support for showing multiple columns.

        Like with ListView, you can assign data models of any kind to TableView, like ListModels or plain Javascript arrays. But to create models with more than one column, you currently need to subclass QAbstractItemModel in C++. A QML TableModel is also in the works, but will come later.

      • Calendar progress

        As we’re closing in on a simple but functional calendar for Kube, I’d like to share our progress with you.

        We’ve decided to start with a week view, as that seems to be a good compromise between information density and enough information for day-to-day use.
        We will eventually complement that with a month view, which is probably all we need for the time being.

      • Krita Comic Managemer: Improving the other exporters.

        There’s still more that can be done, like for example accessibility metadata entries, but for now I am pretty pleased with this.

        It is in master, so Krita 4.2 will carry the updated plugin!

    • GNOME Desktop/GTK

      • GTK+ and the application id

        tl;dr: If you want to be sure your application will be displayed with the correct icon under different Wayland compositors make sure that your GApplication (or GtkApplication) uses

        g_set_prgname(your_g_application_id);

        on GTK+3. On GTK+4 this is handled for you.

      • What ails GHashTable?

        I promised a closer look at GHashTable and ways to improve it; here’s that look and another batch of benchmarks to boot.

        This time around I’ve dropped most of the other tables from the plots, keeping only khash and adding results from my GLib branch and Rust’s HashMap, the latter thanks to a pull request from Josh Stone. These tables have closely comparable performance and therefore provide a good reference. Besides, every table tested previously is either generally slower or more memory-hungry (or both), and including them would compress the interesting parts of the plot.

      • What this blog will become after GSoC

        Hello everyone, I am back after some weeks of vacation!

        So GSoC 2018 officially ended last week but I’ve decided to keep using this blog for posting news of the work I will be doing for some time (i.e. until I find a better place for this).

  • Distributions

    • Intel To Develop Safety-Critical Linux OS Distribution

      Imad Sousou of Intel’s Open-Source Technology Center has announced their plans to develop a safety-critical Linux distribution. This Linux distribution will be geared for running on safety-compliant solutions from autonomous vehicles to drones and more.

    • Slackware Family

      • Calibre 3.30.0 for Slackware with internal Qt5 libraries

        It took me quite a while to release a new package for Calibre, the e-book library manager. That had a reason.

        In July I switched the Qt5 package in my repositories to version 5.11 to support the latest KDE Plasma5 software and because it offers advantages over the previous 5.9 releases. Unfortunately, as I found out soon afterwards, the Calibre software fails to work with Qt 5.11 – its GUI components were not built and there was no obvious error to explain why.

        Therefore I had to re-visit the calibre.SlackBuild‘s internals and try to revive the internal functions that compile an embedded Qt library set. This was last tested in the early days of my Calibre packages when Qt4 was the running champion. Adding internal Qt5 support was quite a different beast. Qt5 is a lot bigger than the venerable Qt4 so the build process needed some pruning to keep the compilation times acceptable and the package size under control.

    • Red Hat Family

      • Red Hat to Explore Blockchain Software Tracking Benefits for Cloud Computing Usage

        Multinational firm offering open-source software essentials, Red Hat is apparently seeking the help of blockchain technology to better assess consumer usage of cloud computing platforms. News regarding Red Hat’s recent endeavor was publicised via a patent filed with the U.S Patent & Trademark Office, officially dubbed, “Blockchain-based Software Instance Usage Determination,” as of Thursday, August 23.

        The reason for considering blockchain stems from the challenges that arise when it comes to keeping track of cloud computing costs. In general, software products are licensed annually and have some fixed fee attached to them. This, however, is not the case with cloud computing, as both the necessary licenses and fees are dependent on usage. Therefore, Red Hat’s need to understand usage in terms of the number of users and amount of time used came about.

      • Red Hat Announces Changes to RHCA Certification
      • FusionLayer Joins Red Hat Partner Program
      • Securing apps and services with Keycloak (Watch DevNation Live video)

        The video from the last DevNation Live: Securing apps and services with Keycloak is now available to watch online. In this session, you will learn how to secure web/HTML5 applications, single-page and mobile applications, and services with Keycloak. Keycloak can be used to secure traditional monolithic applications as well as microservices and service mesh-based applications that need secure end-to-end authentication for all front- and back-end services. The examples in the video cover PHP, Node.js, and HTML/JavaScript.

        Securing applications and services is no longer just about assigning a username and password. You need to manage identities. You need to integrate with legacy and external authentication systems to provide features that are in demand like social logins and single sign-on (SSO). Your list of other requirements may be long. But you don’t want to develop all of this yourself, nor should you.

      • Breaking the legacy virtualization cycle: How Red Hat and our partners are transforming IT through open source

        Across nearly every industry, organizations of all shapes and sizes are embracing digital transformation in an effort to modernize their IT departments. They want to deliver better, faster and more dynamic services to customers — and they’re starting from their infrastructure, up. But for companies locked into legacy technologies, transformation isn’t always an option.

        Organizations with proprietary virtualization solutions know all too well how this technology can stifle enterprise IT innovation and advancement. For many, the cost of simply maintaining existing infrastructure investments ties up an overwhelming majority of budgets, leaving little room to invest in new technologies, and the closed vendor ecosystem can make integrating and adopting cloud-native solutions based on Kubernetes and Linux containers nearly impossible.

      • Finance

      • Fedora

    • Debian Family

      • Debian Stretch Gets Patch for Regression Causing Boot Failures on ARM Systems

        In a recent security advisory, Salvatore Bonaccorso writes that the last Linux kernel update released for Debian GNU/Linux 9 “Stretch” to mitigate the L1 Terminal Fault (L1TF) security vulnerabilities is causing boot failures for users on the ARM architecture.

        Also known as Foreshadow, these security vulnerabilities are similar to the Spectre security vulnerabilities and allow an attacker that has access to an unprivileged process to read the memory from arbitrary addresses that aren’t controlled by users, including from the kernel.

      • Debian Policy call for participation — August 2018

        Here’s a summary of some of the bugs against the Debian Policy Manual. Please consider getting involved, whether or not you’re an existing contributor.

      • Derivatives

        • Debian-Based Neptune Linux 5.5 Operating System Released with LibreOffice 6.1

          Coming only a month after the Neptune 5.4 release that introduced a new dark theme and updated several components, Neptune 5.5 bumps the kernel version to Linux kernel 4.17.8 and updates the graphics stack to Mesa 18.1.6, AMDGPU DDX 18.0.1, Nouveau DDX 1.0.15, and ATI/Radeon DDX 18.0.1.

          “This update represents the current state of Neptune 5 and renews the ISO file so if you install Neptune you don’t have to download tons of Updates,” writes Leszek Lesner in today’s announcement. “In this update we improved hardware support further by providing Linux Kernel 4.17.8 with improved drivers and bugfixes.”

        • Canonical/Ubuntu

          • Ubuntu Weekly Newsletter Issue 542

            Welcome to the Ubuntu Weekly Newsletter, Issue 542 for the week of August 19 – 25, 2018. The full version of this issue is available here.

          • UBports releases Ubuntu Touch OTA-4, the biggest update yet

            When Canonical ceased development of Ubuntu Touch for smartphones and tablets last year, an independent group of developers formed the UBports project to continue supporting and updating the Linux-based smartphone operating system.

            Now the team has released Ubuntu Touch OTA-4, a major update that fixes bugs, updates software packages, adds new features and performance enhancements, and updates the base of the operating system from Ubuntu 15.04 to Ubuntu 16.04 LTS.

          • Ubuntu 18.10 Will (Once Again) Ship with an Older Version of Nautilus

            April’s release of Ubuntu 18.04 LTS offered up the majority of GNOME 3.28 but devs chose to include Nautilus 3.26 rather than the newer v38 release. That made sense; it was an LTS release and v3.26 was the last version of the file manager to support desktop icons.

            This time around Ubuntu 18.10 will offer up the majority of GNOME 3.30 but, where the file manager is considered, once again stick with Nautilus 3.26.

            We speculated several months back that Ubuntu’s preference for keeping desktop icons around (a feature that newer version of Nautilus do not provide) would override the lure of sure-wrought ‘newness’.

          • Minimal Ubuntu for the cloud delivers some maximum benefits

            Ubuntu is used everywhere. In fact, I’m writing this on an Ubuntu machine, specifically, the oh-so-elegant Ubuntu Mate distro. Hundreds of millions of personal computers, servers, mobile devices, and containers are booting Ubuntu, and aren’t looking back. Ubuntu even runs inside the International Space Station and controls the BYU Mars Rover. Ubuntu phones are being rolled out by Meizu and BQ, and it is worth mentioning that Ubuntu can even be installed on Google Nexus tablets and phones. Ubuntu is also running on Hubu, the world’s cleverest robot. Ubuntu powers the infrastructure at leading organizations like Snapchat, Instagram, Pinterest, Reddit, Netflix, Walmart, Bloomberg, WETA Digital, and even Wikipedia. Ubuntu is also behind the largest supercomputer Tianhe-2. Ever since cloud computing has taken off, Ubuntu has become a big key player in the market. Over 60 million Ubuntu images are launched by Docker users. There’s plenty of Ubuntu in Kubernetes, Apache Mesos, Cloud Foundry, and Heroku. And now, there is a brand new version of Ubuntu on the block — Minimal Ubuntu.

          • Canonical Outs Intel Microcode Security Update for All Supported Ubuntu Releases

            According to the advisory, the new Intel microcode firmware security update mitigates the L1 Terminal Fault (L1TF) vulnerability documented as CVE-2018-3646, which could allow an attacker in a guest virtual machine to expose sensitive information from either the host operating system or other guests.

            It also fixes the well known Spectre Variant 4 security vulnerability (CVE-2018-3639) that could allow an attacker to expose sensitive information, including kernel memory via a side-channel attack, and another side-channel attack known as Rogue System Register Read (RSRE) and documented as (CVE-2018-3640).

          • Ubuntu Server development summary – 28 August 2018

            The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode. Alternatively, you can sign up and use the Ubuntu Server Team mailing list.

          • Flavours and Variants

  • Devices/Embedded

Free Software/Open Source

  • Open Mainframe Project Announces Zowe: A Platform for the Mainframe

    The Open Mainframe Project today announced Zowe. Zowe provides an open source software framework to bridge the gap between modern applications and the mainframe. It gives users easier interoperability and scalability for tools from multiple vendors. Zowe is the first open source project based on z/OS.

    As hybrid cloud architectures grow in popularity, organizations will need intuitive, productive, and better-integrated capabilities for z/OS. The project’s mission centers around hybrid delivery through an open source framework. It will also build an ecosystem of independent software vendors, system integrations, clients, and end users. This framework enables an ecosystem of software solutions intended to provide a simple, intuitive environment for IT professionals across teams.

  • Google releases open source reinforcement learning framework for training AI models

    Reinforcement learning — an artificial intelligence (AI) technique that uses rewards (or punishments) to drive agents in the direction of specific goals — trained the systems that defeated Alpha Go world champions and mastered Valve’s Dota 2. And it’s a core part of Google subsidiary DeepMind’s deep Q-network (DQN), which can distribute learning across multiple workers in the pursuit of, for example, achieving “superhuman” performance in Atari 2600 games. The trouble is, reinforcement learning frameworks take time to master a goal, tend to be inflexible, and aren’t always stable.

    That’s why Google is proposing an alternative: an open source reinforcement framework based on TensorFlow, its machine learning library. It’s available from Github starting today.

  • Liberty Activists Migrating from Twitter to Censorship-Proof “Mastodon” Decentralized Platform

    There has been a lot of controversy recently over social media websites like Twitter swinging their ban hammer on personalities with opinions they don’t like. As a libertarian, I believe in property rights and so Twitter, Facebook, Youtube, and the like should certainly be free to ban people for whatever reason they want. I also believe in the free market’s potential reactions to bad decisions by business owners, which include boycott and competition.

    Thankfully, the competition has arrived! Mastodon is a decentralized social media replacement for Twitter and it does an excellent job. I recently joined the “Liberdon” server intended for libertarians and voluntarists. Not only is Mastodon decentralized, in that anyone who wants to can run a server, but it’s also “federated”. Federated means your server can be connected to all the other Mastodon servers, that is so long as the other servers want to be connected to you. Each server sets its own rules for which other servers they’ll federate with. So if the NAZIs or Communists start a server, no one has to link up to them – the market decides instead of a centralized corporation like Twitter. However, even if no other servers federate with, say Chris Cantwell‘s server (I don’t think he has one – just as an example), he can still run his server and hate-filled bigots and racists can join it and talk to each other. Of course, each server can be controlled and its policy set by its administrator, so intra-server censorship is still possible (most servers prohibit spam, for instance), but given you are free to start your own server and set your own policy, you can’t be censored if you start your own platform.

  • Now available: The open source guide to DevOps monitoring tools

    Once upon a time, I was troubleshooting some vexing problems in an application that needed to be scaled several orders of magnitude, with only a couple of weeks to re-architect it. We had no log aggregation, no metrics aggregation, no distributed tracing, and no visualization. Most of our work had to be done on the actual production nodes using tools like strace and grepping through logs. These are great tools, but they don’t make it easy to analyze a distributed system across dozens of hosts. We got the job done, but it was painful and involved a lot more guessing and risk than I prefer.

    At a different job, I helped troubleshoot an app in production that was suffering from an out-of-memory (OOM) issue. The problem was inconsistent, as it didn’t seem to correlate with running time, load, time of day, or any other aspect that would provide some predictability. This was obviously going to be a difficult problem to diagnose on a system that spanned hundreds of hosts with many applications calling it. Luckily, we had log aggregation, distributed tracing, metrics aggregation, and a plethora of visualizations. We looked at our memory graph and saw a distinct spike in memory usage, so we used that spike to alert us so we could diagnose the issue in real time when it occurred.

  • 4 open source monitoring tools

    Isn’t monitoring just monitoring? Doesn’t it include logging, visualization, and time-series data?

    The terminology around monitoring has caused a lot of confusion over the years and has led to some poor tools that tout the ability to do everything in one format. Observability proponents recognize there are many levels for observing a system. Metrics aggregation is primarily time-series data, and that’s what we’ll discuss in this article.

  • Google improves AI model training by open-sourcing framework
  • AI: Google releases open source framework for reinforcement learning
  • An Introduction to Quantum Computing with Open Source Cirq Framework

    As the title suggests what we are about to begin discussing, this article is an effort to understand how far we have come in Quantum Computing and where we are headed in the field in order to accelerate scientific and technological research, through an Open Source perspective with Cirq.

    First, we will introduce you to the world of Quantum Computing. We will try our best to explain the basic idea behind the same before we look into how Cirq would be playing a significant role in the future of Quantum Computing. Cirq, as you might have heard of recently, has been breaking news in the field and in this Open Science article, we will try to find out why.

    [...]

    It will be easier for us to understand Quantum Computing by comparing it first to Classical Computing. Classical Computing refers to how today’s conventional computers are designed to work. The device with which you are reading this article right now, can also be referred to as a Classical Computing Device.

  • Events

    • Reports from Netdev 0×12

      The Netdev 0×12 networking conference was held in mid-July. Participants at the event have put together a set of reports of the talks that were held on the last two days; Day 2 includes eleven talks, including the keynote by Van Jacobson, while Day 3 covers another ten topics.

    • Netdev day 3

      In this talk Tushar Dave presents his work on using eBPF for Reliable Datagram Socket (RDS) filtering. Tushar started his talk by explaining that RDS is a high performance, low latency connectionless protocol that sits on top of TCP (sk_buff) and IB (scatterlist) transport layers.

      The problem Tushar tried to solve was to implement RDS filtering and firewall to do DPI of a full RDS packet in a unified solution for both TCP and IB. Netfilter is a possibility but Netfilter only uses sk_buff. An alternative is eBPF which has been adopted into the Linux kernel and used for a lot of things.

      In order to use eBPF as it was, Tushar had to add a new BPF prog type (similar to socket filter) that deals with scatterlist. In addition he had to create a new function to setup needed data structures to run filter program attached to the socket. As POC Tushar created a BPF helper to help users to traverse the sg elements in the scatterlist.

    • Netdev 2018 day 2

      The first of these saved us until ~1995, then the second and third until ~2012. Since then the problem has been increasing. Dennard’s scaling stopped. Usually, the switch’s speed was faster than the host speed. CPU upgrades cannot solve network problems anymore. This had a big impact on the network. Google has been working to try and address some of these issues; Van mentioned several Google authored papers: – Hull, BwE, FQ/pacing, Timely, BBR, Carousel. All these papers tried to figure out how to find the bottleneck link downstream and prevent pressure in downstream buffers. BwE discussed how to fix things at the host to prevent queue buildup in switches. FQ/pacing was about desire to prevent many packets traveling to the same destinations in bursts.

      Van argued that AFAP isn’t working for us now because it’s local to the host and our problems aren’t local. We need a mechanism that allows for more control of packet spacing on the wire. To enforce relationships between all outgoing packets, the enforcement mechanism needs to be just in front of the NIC. Carousel is a great example of this.

  • Web Browsers

    • Chrome

    • Mozilla

      • Thank You, Cathy Davidson

        Cathy Davidson joined the Mozilla Foundation board in 2012, and has been a force helping us broaden our horizons and enter new areas. Cathy was the first person to join the Foundation board without a multi-year history with browsers or open source. This was an act of bravery!

      • SUMO Days Firefox 62: you are invited!

        On these days, Support contributors will be online answering questions live and hanging out. If you do not see anyone active online, please contact Rachel (username: guigs) or another Administrator or Operator in the #sumo IRC channel listed in the wiki.

        There is also the two Telegram channels that are active for assignments of tweets and collaboration. You may need an account to participate, so just send a message to social Telegram group – there are guidelines on how to set up Tweetdeck for social if you would like your own workspace, or you can message guigs to add your trello account to the trello board with delegated tweets for the day.

      • Experiment: Adjusting SETA to run individual files instead of individual jobs

        I did an experiment in June (was PTO and busy on migrating a lot of tests in July/August) where I did some queries on the treeherder database to find the actual test cases that caused the failures instead of only the job names. I came up with a list of 171 tests that we needed to run and these ran in 6 jobs in the tree using 147 minutes of CPU time.

      • Dear Venmo: Update Your Privacy Settings

        Last month, privacy researcher and Mozilla Fellow Hang Do Thi Duc released Public By Default, a sobering look at the vast amount of personal data that’s easily accessible on Venmo, the mobile payment app.

        By using Venmo’s public API and its “public by default” setting for user transactions, Hang was able to watch a couple feud on Valentine’s Day, observe a woman’s junk food habits, and peer into a marijuana dealer’s business operations. Seven million people use Venmo every month — and many may not know that their transactions are available for anyone to see.

        Privacy, and not publicity, should be the default.

        Despite widespread coverage of Hang’s work — and a petition by Mozilla that has garnered more than 17,000 signatures — Venmo transactions are still public by default.

      • Taskcluster Credential Derivation in EC2 using S/MIME, OpenSSL’s C api and Node.js’s N-API
      • Shrinking Go Binaries
      • Firefox Nightly Secure DNS Experimental Results

        A previous post discussed a planned Firefox Nightly experiment involving secure DNS via the DNS over HTTPS (DoH) protocol. That experiment is now complete and this post discusses the results.

        Browser users are currently experiencing spying and spoofing of their DNS information due to reliance on the unsecured traditional DNS protocol. A paper from the 2018 Usenix Security Symposium provides a new data point on how often DNS is actively interfered with – to say nothing of the passive data collection that it also endures. DoH will let Firefox securely and privately obtain DNS information from one or more services that it trusts to give correct answers and keep the interaction private.

      • Taskcluster Artifact API extended to support content verification and improve error detection
      • Let’s be Transparent

        Two years ago, we released the Firefox Hardware Report to share with the public the state of desktop hardware. Whether you’re a web developer deciding what hardware settings to test against or someone just interested in CPUs and GPUs, we wanted to provide a public resource to show exactly what technologies are running in the wild.

        This year, we’re continuing the tradition by releasing the Firefox Public Data Report. This report expands on the hardware report by adding data on how Firefox desktop users are using the browser and the web. Ever wanted to know the effect of Spring Festival on internet use in China? (it goes down.) What add-on is most popular this week in Russia? (it’s Визуальные закладки.) What country averages the most browser use per day? (Americans, with about 6 to 6.5 hours of use a day.) In total there are 10 metrics, broken down by the top 10 countries, with plans to add more in the future.

  • Oracle/Java/LibreOffice

    • Oracle Solaris 11.4 Released for General Availability

      I’m pleased to announce the release of Oracle Solaris 11.4. Of the four releases of Oracle Solaris that I’ve been involved in, this is the best one yet!

      Oracle Solaris is the trusted business platform that you depend on. Oracle Solaris 11 gives you consistent compatibility, is simple to use and is designed to always be secure.

    • Solaris 11.4 released

      Congrats to my colleagues in the Solaris team who released Solaris 11.4 today. Despite the 11.x moniker, this is actually a major Solaris release; Oracle has just decided to go down the perpetual macOS X / Windows 10 version numbering route from now on. (This development is unlikely to faze Solaris veterans, who have been using SunOS 5.x since 1992.)

    • Oracle Solaris 11.4 Officially Released

      Two years after Solaris 11.3 and Oracle opting for a “continuous delivery” model of 11.next updates instead of a “Solaris 12″, Solaris 11.4 is out the door today.

      Oracle is talking up Solaris 11.4 with its general availability release as “the trusted business platform”, “consistent compatibility, is simple to use and is designed to always be secure”, “more than 3,000 applications certified to run on it”, and “the only operating system that has completed UNIX V7 certification.”

  • Pseudo-Open Source (Openwashing)

    • No lasers or Linux hacks, but Better Call Saul remains one of TV’s techiest shows [Ed: Conde Nast throws terms like "Linux hacks" into headlines that have nothing to do with Linux. Knowing that many people associate "hacks" with malice...]
    • Open Source Components Save Time but Need to be Closely Monitored [Ed: Proprietary software also needs to be closely monitored, but I understand that some rather parasitic firms -- some connected closely to Microsoft -- create a stigma to sell their blobs. Zev Brodsky from WhiteSource, which works with Microsoft, is attacking FOSS here, as usual.]
    • Opening Doors to Collaboration with Open Source Projects [Ed: Here we have the Linux Foundation once again propping up Microsoft; this is the company currently investigated by DoJ for corruption and bribery. If the Linux Foundation was a wild animal, it would not survive very long. It’s putting its head inside the lion’s mouth, expecting the lion to lick it instead of biting it. Or maybe the Linux Foundation no longer pursues the success of Linux but instead just wants to get as much money and influence as possible...]
  • BSD

    • OBSD.ams : The setup

      For all the people who want to know what our setup looks like. Below is a write-up of our setup and configuration. There aren’t any packages installed on the servers running the Virtual Machines.

  • FSF/FSFE/GNU/SFLC

    • bison-3.1 released [stable]

      We are very happy to announce the release of GNU Bison 3.1. It introduces new features such as typed midrule actions, brings improvements in the diagnostics, fixes several bugs and portability issues, improves the examples, and more.

  • Licensing/Legal

    • GPL Violations Cost Creality a US Distributor

      One of the core tenets of free and open source software licenses is that you’re being provided source code for a project with the hope that you’ll “pay it forward” if and when you utilize that code. In fact some licenses, such as the GNU Public License (GPL), require that you keep the source code for subsequent spin-offs or forks open. These are known as viral licenses, and the hope is that they will help spread the use of open source as derivative works can’t turn around and refuse to release their source code.

    • Sign up for the FSF’s next seminar on GPL Enforcement and Legal Ethics

      The Free Software Foundation (FSF) is the recognized canonical source on best practices for the use of GNU licenses. As stewards of the GNU family of licenses, we provide a wide variety of resources for helping developers and lawyers alike to improve their understanding of software freedom. In addition to published resources, we also routinely provide in-person instruction in the form of continuing legal education seminars. The FSF is proud to announce again that we are offering a seminar to take place on the west coast on September 27th.

    • Open-source licensing war: Commons Clause

      Most people wouldn’t know an open-source license from their driver’s license. For those who work with open-source software, it’s a different story. Open-source license fights can be vicious, cost serious coin, and determine the fate of multi-million dollar companies. So, when Redis Labs added a new license clause, Commons Clause, on top of Redis, an open-source, BSD licensed, in-memory data structure store, all hell broke loose.

      Why? First, you need to understand that while you may never have heard of Redis, it’s a big deal. It enables real-time applications such as advertising, gaming financial services, and IoT to work at speed. That’s because it can deliver sub-millisecond response times to millions of requests per second.

      But Redis Labs has been unsuccessful in monetizing Redis, or at least not as successful as they’d like. Their executives were discovering, like the far more well-known Docker, that having a great open-source technology did not mean you’d be making millions. Redis’ solution was to embrace Commons Clause.

  • Programming/Development

    • Stop! Don’t blindly take that coding challenge.

      If we can collectively reject awful hiring practices, we all win. Employers already have most of the power in this relationship, so we need to band together and consider how each of our individual actions affect the community as a whole.

       

      Don’t ever do a code test before speaking with an engineer on the team. You have the power to stop employers from lazily looking at your “hacker rank” or some other arbitrarily defined score. If you want to be treated like a human being, just stop doing things that put you in a box and force you to be seen as a number.

       

      You have the power. You can do this.

    • Is “C Programming language” Still Worth Learning in 2018?

      C has been an evergreen language and played a prominent role for most of the system developments that took place in the last few decades. C programming was originally developed by Dennis Ritchie between 1969 and 1973 at Bell Labs and was made for general-purpose, imperative computer programming, that supported structured programming, lexical variable, scope, and recursion etc.

      Today, we have lots of programming languages to choose and learn but as a beginner, everybody has a question “Which programming language should I learn first?” and most of the answers that we get on the internet or through suggestions are “C”. In this article, we’ll try to find out if C Programming is still worth learning in 2018. If yes then why?

    • This Week in Rust 249

      This Week in Rust is openly developed on GitHub. If you find any errors in this week’s issue, please submit a PR.

    • Add GUIs to your programs and scripts easily with PySimpleGUI

      Few people run Python programs by double-clicking the .py file as if it were a .exe file. When a typical user (non-programmer types) double-clicks an .exe file, they expect it to pop open with a window they can interact with. While GUIs, using tkinter, are possible using standard Python installations, it’s unlikely many programs do this.

      What if it were so easy to open a Python program into a GUI that complete beginners could do it? Would anyone care? Would anyone use it? It’s difficult to answer because to date it’s not been easy to build a custom GUI.

      There seems to be a gap in the ability to add a GUI onto a Python program/script. Complete beginners are left using only the command line and many advanced programmers don’t want to take the time required to code up a tkinter GUI.

    • Containers in Perl 6

      In the first article in this series comparing Perl 5 to Perl 6, we looked into some of the issues you might encounter when migrating code into Perl 6. In the second article, we examined how garbage collection works in Perl 6. Here, in the third article, we’ll focus on Perl 5′s references and how they’re handled in Perl 6, and introduce the concepts of binding and containers.

Leftovers

  • Health/Nutrition

    • What is the stance on plain packaging across Asia?

      IP practitioners are concerned that the WTO ruling on plain packaging encroaches on IP rights and could spell trouble for other industries

    • Brexit no-deal could send cigarette packaging up in flames

      The UK government’s Brexit no-deal guidance has raised uncertainty over tobacco plain packaging that uses EU copyrighted images. IP practitioners say the potential disruption to UK cigarette companies will depend on the EU Commission’s attitude to its IP

    • Indonesia, Cuba Do Not Appeal WTO Plain-Packaging Ruling

      The governments of Cuba and Indonesia today chose not to appeal a June ruling at the World Trade Organization that upheld Australia’s law requiring tobacco products sold in the country to be packaged without logos or other trademarked designs. That leaves Honduras and the Dominican Republic alone in their appeals of the decision.

      [...]

      Cuba called the panel’s report “very deceiving,” said it relied on fundamentally non-objective analysis, and that it was structured to reach a predetermined outcome. “In other words,” it said, the report was subjected to “reverse engineering.” Notwithstanding its serious concerns about the report, the country chose not to participate in the next phase. Indonesia reportedly also indicated its displeasure with the ruling but chose not to appeal.

      Australia, for its part, praised the panel for confirming that WTO rules do not inhibit the right of members to “implement legitimate, non-discriminatory public health measures.” It also noted the number of other countries which have since adopted their own plain packaging laws, including the United Kingdom, France, Ireland, New Zealand, Hungary and Slovenia. It named others that are currently working to adopt such measures, including Canada, Uruguay, Singapore, Belgium and Chile.

      Canada, a third party to the case, applauded the panel’s decision, saying it reflects a “careful balance struck between rights and obligations to facilitate trade and a Member’s right to take legitimate public health measures.” Canada confirmed it is currently working to adopt plain packaging measures.

  • Security

    • Kali Linux 2018.3 Release

      Another edition of Hacker Summer Camp has come and gone. We had a great time meeting our users, new and old, particularly at our Black Hat and DEF CON Dojos, which were led by our great friend @ihackstuff and the rest of the Offensive Security crew. Now that everyone is back home, it’s time for our third Kali release of 2018, which is available for immediate download.

      Kali 2018.3 brings the kernel up to version 4.17.0 and while 4.17.0 did not introduce many changes, 4.16.0 had a huge number of additions and improvements including more Spectre and Meltdown fixes, improved power management, and better GPU support.

    • Kali Linux 2018.3 Ethical Hacking OS Adds iOS Research, Penetration Testing Tool

      Offensive Security announced today the release of Kali Linux 2018.3, a new snapshot of the Debian-based ethical hacking and penetration testing operating system formerly known as BackTrack Linux that brings updated components and several new tools.

      Powered by the Linux 4.17 kernel series, Kali Linux 2018.3 adds more fixes for the latest Spectre and Meltdown security vulnerabilities, better power management, improved GPU support, and lots of updated hacking and penetration testing tools, including Aircrack-ng, Burp Suite, OpenVAS, Wifite, and WPScan. A full changelog with all the fixes and updates is available here.https://bugs.kali.org/changelog_page.php

      “Another edition of Hacker Summer Camp has come and gone. We had a great time meeting our users, new and old, particularly at our Black Hat and DEF CON Dojos,” writes the Offensive Security team. “Now that everyone is back home, it’s time for our third Kali release of 2018, which is available for immediate download.”

    • Fortnite Installer Vulnerabilities Highlight Mobile App Store Risks

      There are many good reasons why it’s often best for organizations looking to deploy or consume Android applications to use the Google Play mobile apps store.

      The discovery of a high-profile flaw in one of the world’s most popular games highlights why you should stick to apps in Google Play. Epic Games’ Fortnite is played by millions of players around the world on different platforms, including Android. Fortnite, however, isn’t available on the Google Play store for Android; rather, Epic Games decided to bypass Google and use a third-party store to deliver its game. That fact, however, didn’t stop Google from discovering a serious vulnerability that was publicly disclosed on Aug. 25.

    • Command Injection Vulnerability found in WordPress Plainview Activity Monitor v20161228 and Prior

      A command injection vulnerability has been found in the renowned personal blogging and website creation management platform: WordPress. The vulnerability is found to exist in the Plainview Activity Monitor WordPress Plugin component, and it has been assigned a CVE identifier of CVE-2018-15877.

    • Reproducible Builds: Weekly report #174
    • Latest Mirai variant leverages open source project for cross platform infections [Ed: Actually, it leverages bad devices where the passwords and usernames are both uniform, the same, among other issues]
    • Bubblewrap Security Feature Will Be Removed From Ubuntu and CentOS

      Ubuntu and CentOS are disabling a security feature which was added to the GNOME Desktop environment last year. The Security feature named Bubblewrap creates a sandbox environment that secures GNOME’s thumbnail parsers.

      Thumbnail parsers are the scripts that read files inside a folder and create a thumbnail image that can be used with the GNOME, KDE and different Linux Desktop Environments. The operation takes place whenever the user navigates to directories within the OS where there is a need to display thumbnail images.

    • Security updates for Tuesday
    • DLL Injection and Code Execution Vulnerability in v54.5.90 lets Hackers spread Malware
    • Back to School Essentials for Security

      Going back to school? This is a perfect time for a digital security refresh to ensure the privacy of you and your friends is protected!

      It’s a good time to change your passwords. The best practice is to have passwords that are unique, long, and random. In order to keep track of these unique, long and random passwords, consider downloading a password manager.

      As a great additional measure: You can add login notifications to your accounts, so that you can monitor logins from devices you don’t recognize.

      If you’re a regular user of a public computer, like at the school library or lab, keep in mind that public computers can remember information from your logins. Adding two factor authentication to your accounts is a great way to bolster your security. Adding a second factor in addition to your unique, long, and random password makes it much harder for someone else to access your account. There are many types of two factor authentication, including SMS text messages, apps like Authenticator, or hardware tokens like Yubikey.

    • Security reviews and microservices

      Humans don’t scale, not even linearly. In fact adding more humans probably results in worse performance. If you need to review a thousand services you will need an incredible number of people, and anytime people are involved there are going to be a lot of mistakes made. There is no secret option three where we just staff up to get this done. Staffing up probably just means you now have two problems instead of one.

      Automation is the only plausible solution.

    • WhatsApp Vulnerable to Memory Corruption and DoS Crash with Crafted Message in v2.18.61

      WhatsApp is not new to memory corruption vulnerabilities. After a series of infamous and chronically frustrating special character message circulations which would cause the application to crash fiercely until the troublesome message was deleted (note that deleting the message was a feat immensely difficult to accomplish as the application would crash repeatedly and not launch properly in the first place to allow you to delete the message), there is now another such crafted message which is lending itself to a memory corruption vulnerability in the popular instant messaging social media platform.

      The new-found Memory corruption vulnerability has been found to affect the iPhones 5, 6s, and X with iOS 10 and 11.4.1 which was the latest iOS version when the tests were conducted. The vulnerability exists in WhatsApp’s versions 2.18.61 and older on these platforms.

  • Defence/Aggression

    • Skripals – When the BBC Hide the Truth

      On 8 July 2018 a lady named Kirsty Eccles asked what, in its enormous ramifications, historians may one day see as the most important Freedom of Information request ever made. The rest of this post requires extremely close and careful reading, and some thought, for you to understand that claim.

    • [Likely fabricated, see below] Bob Marley Assassination Rumours Surface: Ex-CIA Agent Allegedly Claims His Murder

      A report has many Bob Marley fans tripping. The piece contains quotes from a supposed CIA retiree named Bill Oxley. The 79-year-old is said to have confessed to the assassination of Marley. Oxley was inspired by his mortality to share his secrets from his deathbed.

    • FAKE NEWS ALERT: The CIA did NOT kill Bob Marley

      The report was first posted online by YourNewsWire.com.

      It’s one of the most notorious Fake News websites. For instance, it spread rumours that Hillary Clinton was linked to a paedophile ring.

      Another time, it claimed US authorities were plotting to assassinate Donald Trump.

      The site is registered by Sean Adl-Tabatabai, a former BBC producer who went on to work for the conspiracy theory website of David Icke, who believes the world is controlled by predatory lizards who demand human sacrifice.

      The Bob Marley article is written by Baxter Dmitry, whose other articles include fake claims that the FBI carefully deleted evidence from the Las Vegas shooting, the Pope believes Jesus has turned into Satan, and that Britney Spears had admitted to escaping from the Illuminati.

    • Germany to Shield 9/11 Plotter from CIA Amid Repatriation to Morocco – Report

      Former Al-Qaeda member Mounir al-Motassadeq, convicted of preparing the 2001 terrorist attacks, is to be released after 15 years in a German prison and sent home to Morocco. According to German media he will be taken there on board of a chartered plane in a special operation, as local security services fear that US intelligence may intercept him.

      Forty-four-year-old Mounir el-Motassadeq, imprisoned in Germany for taking part in organizing terror attacks on the US on September 11, 2001, is to be secretly deported to his homeland of Morocco after October 15, the Bild news outlet reported.

    • Ex-CIA Officer: US Intelligence ‘Likely Bluffing’ About Its Agents in Kremlin

      The New York Times reported on Friday, citing unnamed US intelligence officials, that US sources in the Kremlin who had warned about Russian intervention in the US 2016 presidential election were now remaining silent about any possible Russian plans to intervene in the upcoming congressional elections in November.

      [...]

      The story that had been fed to the New York Times reporters was also probably an attempt to spread disinformation among the Russian security services and authorities, Giraldi advised.

      “It is far more likely that US intelligence officials are trying to pull off a double bluff and convince the Russians that they have agents there in order to set off a fruitless and distracting counter-intelligence search,” he said.

      Also, contrary to insinuations in the New York Times article, there was no evidence to indicate that Russia was trying to kill US sources or intelligence agents, Giraldi added.

    • US Intelligence Sources ‘Likely Bluffing’ About Human Agents In Kremlin – Ex-CIA Officer

      US intelligence officials who told the New York Times they had high level intelligence sources in the Kremlin were probably bluffing to bolster their discredited allegations about Russia interfering in the 2016 US elections, retired CIA case officer Philip Giraldi told Sputnik.

      “Senior US intelligence officers would never so casually and publicly admit they had high-level intelligence sources in the Kremlin,” Giraldi said on Monday. “That is the most elementary of procedures.”

  • Transparency/Investigative Reporting

  • AstroTurf/Lobbying/Politics

    • ‘Using Media to Create This Idea There’s a Gang on Every Street Corner’

      Janine Jackson: When local and federal law enforcement conducted an early morning raid in the Bronx in May 2016, arresting more than 100 people accused of “gang membership,” tabloids didn’t waste any ink on words like “alleged.” But the New York Times wasn’t less cartoonish: They told readers, “For the last ten years, life in the northern Bronx has largely been defined by wanton violence.” And the Times was no less quick to cheer for this kind of militarized intervention, supposedly aimed at reducing violence. CounterSpin asked writer and organizer Josmar Trujillo for some context.

      Josmar Trujillo: Raids, and gang raids in particular, aren’t new in New York City, or really in the United States. But last Wednesday’s raid, the size of it and the media hype around it, they’re expanding from the last, I’d say, two to three years. And probably even more so since the death of a police officer in my neighborhood, Spanish Harlem, last October. A lot of that had to do with the strategy of the district attorney there, Cy Vance.

    • The President Is a White-Nationalist Mob Boss—and His Base Doesn’t Care

      Diehard Trump supporters represent at most a quarter of the electorate, but dominate media discussions of the president’s standing. They shouldn’t.

    • How Do We Verify Anonymous Sources?

      In the movie “All the President’s Men,” a young Bob Woodward repeatedly goes to a dimly lit parking garage to meet with a man whose face was shrouded by shadows as he dispenses bits of information. That information fuels the Washington Post’s reporting on Watergate and, ultimately, helps lead to the resignation of President Richard Nixon.

      The source was known as “Deep Throat,” and he became perhaps the most famous anonymous source in modern journalism history. But he wasn’t anonymous to Woodward, who near the beginning of the movie calls him from a pay phone hoping he’ll provide information about the break-in at the Democratic National Committee headquarters, located in the Watergate complex.

    • Media Continues Writing Premature Obituaries for the Democratic Left

      Despite these eager obituaries, there were also plenty of wins for insurgent Democrats on August 7. Democratic Socialist and Our Revolution candidate Rashida Tlaib won her primary for the House seat in Michigan’s 13th district; since she is running unopposed in the general election, she will become the first Palestinian-American woman in Congress. James Thompson also won the Democratic nomination in Kansas’s 4th district, and will face Ron Estes in a tough race in a deep-red district. Sarah Smith came in second in Washington’s 9th district top-two primary, and will face incumbent Democrat Adam Smith in the general election. Progressive candidates also earned big wins in a number of state and local races, and Missouri voters overwhelmingly approved a ballot measure to overturn the state’s anti-union right-to-work laws.

      More wins for left-leaning candidates came the following week on August 14. Somali refugee Ilhan Omar, who won her primary in Minnesota’s 5th district, will join Rashida Tlaib to become the first Muslim women to be elected to Congress. Randy Bryce won his primary to run for Paul Ryan’s soon-to-be-vacant seat in Wisconsin’s 1st district. Progressive Jahana Hayes won against Mary Glassman (who was surprisingly supported by a local Our Revolution chapter) in Connecticut’s 5th district, and will likely become the state’s first female African-American Democrat in Congress. Sanders-endorsee Christine Hallquist won the gubernatorial primary in Vermont, becoming the first trans woman nominated for a major political office.

      There were losses as well as wins in the August 14 primary, like Kaniela Saito Ing in Hawaii’s 11th district. Yet the major wins on August 14 made the premature obituaries of Sanders’s candidates look like wishful reporting.

  • Censorship/Free Speech

    • Internet Content Moderation Isn’t Politically Biased, It’s Just Impossible To Do Well At Scale

      The narrative making the political rounds recently is that the big social media platforms are somehow “biased against conservatives” and deliberately trying to silence them (meanwhile, there are some in the liberal camp who are complaining that sites like Twitter have not killed off certain accounts, arguing — incorrectly — that they’re now overcompensating in trying to not kick off angry ideologues). This has been a stupid narrative from the beginning, but the refrain on it has only been getting louder and louder, especially as Donald Trump has gone off on one of his ill-informed rants claming that “Social Media Giants are silencing millions of people.” Let’s be clear: this is all nonsense.

      The real issue — as we’ve been trying to explain for quite some time now — is that basic content moderation at scale is nearly impossible to do well. That doesn’t mean sites can’t do better, but the failures are not because of some institutional bias. Will Oremus, over at Slate, has a good article up detailing why this narrative is nonsense, and he points to the episode of Radiolab we recently wrote about, that digs deep on how Facebook moderation choices happen, where you quickly begin to get a sense of why it’s impossible to do it well. I would add to that a recent piece from Motherboard, accurately titled The Impossible Job: Inside Facebook’s Struggle to Moderate Two Billion People.

    • Event: Amnesty International Hong Kong hosts 8th Human Rights Documentary Film Festival

      The festival will feature six documentaries focusing on five human rights themes: peace and freedom, migrant workers, freedom of speech, civil society, Israeli-Palestinian conflict, democracy, and internet surveillance.

    • When Freedom of Expression Isn’t Free: Journalism, Facebook, and Censorship in Bhutan

      On August 6, a Bhutanese journalist was sentenced to three months in prison for libel. The journalist had written a post on her personal Facebook account about a woman mistreating her 6-year-old stepdaughter. The post went viral, the police and other related agencies became involved. There were testimonies made in defense of the journalist by several parties, but the court found them to be “inadmissible.” The court verdict, besides meting out this punishment, asked the journalist to post an “apology statement” addressed to the “victim” – not the child, but the stepmother – on Facebook and to keep it for a month.

      This is the second time a Bhutanese journalist has been dragged to court for defamation via Facebook. I was the other journalist, the first to be the defendant of such a defamation suit in the country in 2016. The case, which involved a property dispute, received international attention and was considered important for freedom of expression in Bhutan. I would have been sentenced to three years in prison for libel had the case not been withdrawn at the end of the trial by the plaintiff. I did not see the end as having been a victory for me. There was no judgment in favor of a constitutional right.

      The Constitution of Bhutan guarantees every Bhutanese the fundamental right to free speech, opinion, and expression. But there are many ways in which this is curtailed. For instance, civil servants are “gagged” by the Bhutan Civil Service Rules and Regulations, a section of which, called Civil Service Core Values, states: “A civil servant shall not criticise his agency and the Royal Government.”

    • When the news media is news: A new book details censorship and self-censorship in the Chávez regime

      Since Hugo Chávez became President of Venezuela in 1999, approximately 21 journalists have been attacked every year; others lost their jobs, or were murdered. The escalation of violence against the press was because of the implementation of a systematic policy of harassment of freedom of expression that ended up framing the press as the main enemy of the revolution.

      [...]

      Which media organizations supported Chávez’s candidacy and his rise to power? Which channel was the first to make the decision to split the screen between government programming and their own content during the coup d’état attempt on April 11, 2002? Who was behind the departure of Teodoro Petkoff from El Mundo? The book answers these questions, and many more.

    • Defending the Digital Commons: A Left-Libertarian Critique of Speech and Censorship in the Virtual Public Square

      Is it now progressive to argue that essential liberties and rights should yield to private corporate power? I ask because the notion that the freedom to transmit and receive information is properly limited on the grounds that businesses profit from the control of ideas has always struck me as a rightwing position: liberty exists beyond the government—or in spite of it. In the rightwing view, the government is not something that should necessarily defend the civil rights of individuals in all circumstances, but something that, in its neutrality, perpetuates the privileges of elites as a class. Yet an argument has emerged on the left appealing to the supposed right of private corporations to legally censor speech as justification for suppressing objectionable expressions and opinions.

      The case that prompts this essay is the suppression of Alex Jones and InfoWars (its podcasts, webcasts, etc.), a fringe media outfit with a rightwing bent and an aggressive edge, by several large social media platforms—including Facebook, YouTube, Apple, and Spotify—for violating their policies against “glorifying violence” and “hate speech.” Jones is notorious for promoting what are popularly called “conspiracy theories,” such as the claim that the terrorist attack on the United States on September 11, 2001 was a false flag operation designed to bring the population under greater government control. Although Facebook, for example, has been aggressively censoring pages and posts for more than a decade, Jones’ infamy has drawn attention to the practice. “Glorifying violence,” Facebook explains in a statement released to the media, “violates our graphic violence policy.” “Hate speech” is evidenced by “dehumanizing language to describe people who are transgender, Muslims and immigrants.”

    • Facebook Censorship, Mad Ben Nimmo and the Atlantic Council

      Facebook has deleted all of my posts from July 2017 to last week because I am, apparently, a Russian Bot. For a while I could not add any new posts either, but we recently found a way around that, at least for now. To those of you tempted to say “So what?”, I would point out that over two thirds of visitors to my website arrive via my posting of the articles to Facebook and Twitter. Social media outlets like this blog, which offer an alternative to MSM propaganda, are hugely at the mercy of these corporate gatekeepers.

      Facebook’s plunge into censorship is completely open and admitted, as is the fact it is operated for Facebook by the Atlantic Council – the extreme neo-con group part funded by NATO and whose board includes serial war criminal Henry Kissinger, Former CIA Heads Michael Hayden and Michael Morrell, and George Bush’s chief of Homeland Security Michael Chertoff, among a whole list of horrors.

      The staff are worse than the Board. Their lead expert on Russian bot detection is an obsessed nutter named Ben Nimmo, whose fragile grip on reality has been completely broken by his elevation to be the internet’s Witchfinder-General. Nimmo, grandly titled “Senior Fellow for Information Defense at the Atlantic Council’s Digital Forensic Research Lab”, is the go-to man for Establishment rubbishing of citizen journalists, and as with Joseph McCarthy or Matthew Clarke, one day society will sufficiently recover its balance for it to be generally acknowledged that this kind of witch-hunt nonsense was not just an aberration, but a manifestation of the evil it claimed to fight.

      There is no Establishment cause Nimmo will not aid by labeling its opponents as Bots. This from the Herald newspaper two days ago, where Nimmo uncovers the secret web of Scottish Nationalist bots that dominate the internet, and had the temerity to question the stitch-up of Alex Salmond.

    • Billionaire Steve Wynn, Who Once Tried To Kill Nevada’s Anti-SLAPP Law, Loses Defamation Case Under That Law

      Back in 2015, we wrote about some apparent backroom dealing in Nevada, in which the legislature seemed poised to get rid of that state’s very good and thorough anti-SLAPP law. As a reminder, anti-SLAPP laws are designed to stop an unfortunately common practice of wealthy individuals and companies from suing critics and reporters for defamation, even though the defamation cases themselves had no chance. The plaintiffs knew that merely dragging the defendant to court would be costly in terms of time, money and general stress. Anti-SLAPP laws were a way to deal with that unfortunately common practice usually by (1) putting the immediate burden on the plaintiff to show a likelihood of success and then dismissing the case quickly if they fail to do so, (2) halting the expensive and time-consuming discovery process, and (3) often making the plaintiffs pay the defendants’ legal fees. The idea is that this is a deterrent to frivolous lawsuits, while leaving legitimate defamation lawsuits unharmed. As we’ve pointed out for years, unfortunately, only about half of the states have such anti-SLAPP laws, of varying quality, and there is still no federal anti-SLAPP law.

      In 2013, Nevada passed one of the best anti-SLAPP laws in the country. But, by 2015, there was an effort underway to throw it out. Nevada-based lawyer, Marc Randazza, pointed out that it appeared that billionaire Steve Wynn was a driving force behind the effort to kill Nevada’s anti-SLAPP law, perhaps in response to having recently lost a defamation lawsuit in California, thanks to California’s own anti-SLAPP law. Thankfully, that effort failed.

    • Conservatives: Stop Crying Wolf On Tech Bias Or No One Will Ever Take You Seriously

      Aha! A big tech company caught red handed pushing its progressive agenda. Well…not so fast. Rather than uncovering compelling evidence of bias, this article’s author and its promoters merely reveal their ignorance of how search engines work.

      First, the author seems to conflate Google Search and Google News, two products which use different algorithms and serve different functions. Google News is a searchable news aggregator and app (with some overt editorial functions), whereas Google Search tries to give users the most useful and relevant information in response to a query.

      In order to determine what constitutes a relevant and useful result, search engines use complex algorithms to rank the quality of different pages based on a variety of signals such as keywords, authoritativeness, freshness or site architecture. A big part of this quality determination is based on outside links to a site – an idea going back to Larry Page and Sergey Brin’s work at Stanford in the late 1990s that culminated in the creation of the PageRank algorithm.

      Page and Brin realized that incoming links to a site served as a proxy for quality markers like authoritativeness, trustworthiness and popularity. Today, Google Search is much more complex, utilizing complex machine-learning functions like RankBrain and an evolving set of algorithms with names like Hummingbird, Panda, Penguin and Pigeon. However, incoming links are still a key factor. Additionally, while Google uses manual quality raters to test new algorithm changes, they do not use them on live search results.

    • Donald Trump: “Rigged” Google Search Is Hiding Positive News About Me

      Fake news and manipulated content are rapidly becoming prevalent in our daily life. While many common people have been subjected to appalling abuse and digital misinformation, the USA President himself has claimed to have become a target of “bad stories.” And this time, he has blamed Google. Look at the tweets and see it for yourself.

    • How To Get Your Dissident Ideas Heard In The New Media Environment

      I often say that my long-term goal here is to become obsolete so that I can focus on making art and poetry. Ideally this will look like our society shifting to a mode of operation that is so healthy that there is no longer any demand for an Australian political blogger who points out the fact that it’s wrong to manipulate public thought with mass media and drop explosives on children, but I’ll also settle for a world in which there are enough people doing this sort of thing that I’m no longer wanted or needed in this role.

  • Privacy/Surveillance

    • Fugitive Fraudster Who Demanded Half Of Facebook Arrested After Three Years On The Run

      It’s been a while since we last wrote about Paul Ceglia. If you don’t recall, way back in 2010, Ceglia suddenly claimed that years earlier, he had hired Mark Zuckerberg to do some software development, and bizarrely (and literally unbelievably), that part of the contract for Zuck to work on Ceglia’s project… was an agreement to hand over 50% of Facebook, which didn’t even exist yet. Making it more ridiculous, Ceglia then claimed some weird interest amounts, and therefore was demanding ownership of 84% of Facebook. The whole thing was nonsensical, and while Zuckerberg admitted he had done some work for Ceglia prior to starting Facebook, nothing about the supposed contract made any sense at all. Beyond the bizarre nature of the contract Ceglia claimed he had with Zuckerberg, it quickly became clear that other evidence Ceglia presented, including purported emails, didn’t look real.

    • Trust Us, We’re Secretly Working for a Foreign Government: How Australia’s Proposed Surveillance Laws Will Break The Trust Tech Depends On

      In the last few years, we’ve discovered just how much trust — whether we like it or not — we have all been obliged to place in modern technology. Third-party software, of unknown composition and security, runs on everything around us: from the phones we carry around, to the smart devices with microphones and cameras in our homes and offices, to voting machines, to critical infrastructure. The insecurity of much of that technology, and increasingly discomforting motives of the tech giants that control it from afar, has rightly shaken many of us.

      But latest challenge to our collective security comes not from Facebook or Google or Russian hackers or Cambridge Analytica: it comes from the Australian government. Their new proposed “Access and Assistance” bill would require the operators of all of that technology to comply with broad and secret government orders, free from liability, and hidden from independent oversight. Software could be rewritten to spy on end-users; websites re-engineered to deliver spyware. Our technology would have to serve two masters: their customers, and what a broad array of Australian government departments decides are the “interests of Australia’s national security.” Australia would not be the last to demand these powers: a long line of countries are waiting to demand the same kind of “assistance.”

      In fact, Australia is not the first nation to think of granting itself such powers, even in the West. In 2016, the British government took advantage of the country’s political chaos at the time to push through, largely untouched, the first post-Snowden law that expanded not contracted Western domestic spying powers. At the time, EFF warned of its dangers —- particularly orders called “technical capability notices”, which could allow the UK to demand modifications to tech companies’ hardware, software, and services to deliver spyware or place backdoors in secure communications systems. These notices would remain secret from the public.

    • Ron Wyden Wants The DOJ To Provide Answers On Stingray Devices’ Disruption Of Emergency Call Service

      The FBI has admitted — albeit not that publicly — that Stingray devices disrupt phone service. Spoofing a cell tower has negative effects on innocent phone users as the device plays man-in-the-middle while trying to locate the targeted device. An unsealed document from a criminal prosecution and assertions made in warrant affidavits alleging “minimal” disruption are all we have to go on, at least in terms of official statements.

      Supposedly, Stingrays are supposed to allow 911 service to continue uninterrupted. But it’s hard to square that with the fact every phone in the device’s range is forced to connect to the Stingray first before being allowed to connect with a real cell tower. In some cases, the device might force every phone in range to drop to a 2G connection. This may still allow 911 calls to take place, but almost any other form of communication will be impossible as long as the Stingray is in use.

      Ron Wyden’s staff technologist, Chris Soghoian (formerly of the ACLU), will be fielding answers from the DOJ and FBI about 911 service disruptions, if those answers ever arrive. Wyden’s office has sent a letter [PDF] demanding to know the extent of cell service disruption when Stingrays are deployed. And he’d also like to know if these agencies are being honest about the negative side effects when agents seek warrants.

    • Sen. Wyden Confirms Cell-Site Simulators Disrupt Emergency Calls

      It is striking, but unfortunately not surprising, that law enforcement has been allowed to use these technologies and has continued to use them despite the significant and undisclosed risk to public safety posed by disabling 911 service, not to mention the myriad privacy concerns related to CSS use. What’s more, a cell-site simulator wouldn’t just disrupt service for the specific person or persons being tracked but would likely disrupt service for every mobile device in the area as it tricks every phone in the area into connecting to the fake base station in search of the target phone. This could be especially dangerous during a natural disaster when IMSI catchers are being used to locate missing persons in damaged buildings or other infrastructure, cutting off 911 service at a time like that could be a grave danger to others trapped in dangerous situations.

      Harris Corporation claims that they have the ability to detect and deliver calls to 911, but they admit that this feature hasn’t been tested. Put bluntly, there is no way for the public or policy makers to know if this technology works as intended. Thanks to the onerous non-disclosure agreements that customers of Harris Corp and other CSS vendors’ customers have regularly been required to enter into there is very little public information about how CSS work and what their capabilities are. Even if a security researcher did audit a CSS, the results would be unlikely to ever see the light of day.

      Furthermore, even if Harris’ technology works the way they claim it does, they are far from the only manufacturer of CSS devices. There are several other companies that manufacture such technology and we know even less about the workings of their technologies or whether they have any protections against blocking 911 calls. Cell-site simulators are now easy to acquire or build, with homemade devices costing less than $1000 in parts. Criminals, spies, and anyone else with malicious intent could easily build a CSS specifically to disrupt phone service, or use it without caring whether it disrupts 911 service.

  • Civil Rights/Policing

    • American Muslim Challenges Warrantless Border Device Search From An Unexpected Legal Angle

      This motion is normally used in criminal cases to argue for the return of property seized by the government. Lazoja was never accused of a crime, nor was she given any justification for the phone search. Her phone was returned to her intact 130 days[!] after it was seized, so she technically has her property back already. But with the help of the Council on American-Islamic Relations (last seen challenging the TSA’s suspicionless surveillance program “Quiet Skies”), Lazoja is hoping to force the federal government to delete any of her data it still has in its possession.

      The motion [PDF] details Lazoja’s experience with US customs officials, who took her into a room and demanded she unlock her phone for them. She refused, so the CBP seized it, giving her a receipt for her phone and sent her on her way without her personal property. Lazoja alleges a number of Constitutional violations and cites recent phone-related Supreme Court decisions, but it’s unlikely these arguments will be availing, what with the courts’ deference to the government’s assertions that border security trumps individual rights.

    • Suspected CIA black site in Thailand to become tourist destination

      Not many tourist attractions promote themselves by saying “there’s nothing to see here”. But the Ramasun Camp Historical Museum in north-eastern Thailand isn’t your average destination: it’s among the locations suspected of hosting a CIA black site and secret torture prison.

    • CIA ‘black site’ in Thailand where terrorists linked to 9/11 and the Bali bombings ‘were waterboarded and tortured’ opens to tourists
    • More Than 60 Years After His Brutal Murder, Emmett Till Deserves Justice

      The Justice Department has reopened the Emmett Till case at a time when we’re constantly reminded of how much racial injustice persists in the US.

      Sixty-three years ago, Mamie Elizabeth Till-Mobley made the unbearably painful decision to have an open coffin funeral for her 14-year-old son Emmett. On Aug. 28, 1955, Emmett was tortured and murdered by white men in Mississippi for allegedly acting disrespectfully toward a white woman.

      The sight of Emmett’s body, mutilated beyond recognition, spread throughout the world in photographs published in Jet Magazine and other outlets. The shocking sight so outraged people in the United States and in other countries that it helped spark the civil rights movement of the 1950s and 60s. That outrage did nothing to assure accountability for Till’s death — no one was ever found guilty in spite of confessions in Look Magazine by one of the murderers.

      In July, the United States Department of Justice announced that an investigation of Emmett Till’s lynching will be reopened. Skepticism about the motives of the administration and the fact that such an investigation is decades late does not change the fact that a new, credible investigation is sorely needed as a necessary examination of the inexcusable racism that existed in 1955 and, sadly, persists today.

      Till’s murder was not the aberrational act of two men whose behavior fell outside of the norms of society. It was instead just one of a long series of examples of racial violence perpetrated in the name of preserving white supremacy and protecting white women from black men. Given the accusation that Till had wolf-whistled at the white wife of one of the murderers, it was not surprising that violence would result in 1955 Mississippi. Nor was it a surprise that an all-white, all-male jury would refuse to hold the white defendants responsible for the murder despite clear and convincing evidence of their guilt.

    • FBI, Border Patrol Bypass Hate Groups As Leading Perpetrators Of Anti-Muslim Incidents

      The Council on American-Islamic Relations filed suit on August 8 against Customs and Border Protection, the Federal Bureau of Investigation, and other federal agencies, which it accuses of creating “a kind of second-class citizenship” for American Muslims.

      The lawsuit argues these agencies use an interagency watchlisting system that separates American Muslims from their children, denies them employment opportunities, prevents them from traveling by air, and rejects or delays their immigration benefits.

      CAIR’s challenge comes months after an annual report on the status of civil rights for Muslims in the United States, which found more Islamophobic episodes were instigated by federal agencies than either hate groups or individual bigots.

      The report, based on complaints made to or investigated by CAIR, found the number of anti-Muslim incidents rose 17 percent between 2016 and 2017. It described some of the personal experiences of discrimination.

    • Embattled Garbage Hauler Co-Owns Dump With Person Expelled From Trash Industry, Records Show

      On Friday, the agency that oversees New York City’s commercial trash industry suspended the license of Sanitation Salvage, saying the Bronx company posed an “imminent danger to life and property” after two fatal accidents and a spate of other collisions. The agency outlined a pattern of unsafe practices including unlicensed vehicle operators, drivers working excessive hours and high rates of failed safety inspections for Sanitation Salvage trucks.

      But a ProPublica review of records shows that the oversight agency may have overlooked another potential impropriety hiding in plain sight: The owners of Sanitation Salvage are co-owners of a Bronx garbage dump with a person who was expelled from New York City’s commercial trash industry years ago.

      State and city records show that the Squitieri brothers, who run Sanitation Salvage, jointly own Metropolitan Transfer Station with Rosemarie Isabella, who was a principal of Isabella City Carting. In 2013, the Business Integrity Commission, or BIC, the city agency charged with oversight of private trash companies, revoked Isabella City Carting’s license, citing its long and troubled history in the mob-controlled industry and the fact that the company’s barred founder was still actively collecting payments from its clients.

    • Protest Song Of The Week: ‘Move Along’ By Sihasin

      Several hundred immigrant children remain in the custody of the United States government, separated from their parents. Attorney General Jeff Sessions and the Justice Department have escalated the war on immigrants by deciding domestic violence and gang violence are no reason to grant individuals asylum. The family of a child that died shortly after she was released from the custody of Immigration and Customs Enforcement filed a $40 million lawsuit.

      To challenge the anti-immigrant policies of the government under President Donald Trump, a collective of artists compiled songs for an album called “Never Illegal.”

      “Never Illegal” is a “collective statement from artists across the U.S. that we are better than the events that are taking place at the Mexican border. No human being is never illegal, and no child should ever be separated from their loving parents,” the album’s Bandcamp page states.

  • Internet Policy/Net Neutrality

    • When ISPs Tell Seniors Net Neutrality Laws Will Increase Their Bills, They’re Lying and Losing

      The fight to secure net neutrality protections for Californians keeps showing how far ISPs and their surrogates will go to make a buck off of ending the free and open Internet. The latest maneuver is a flood of deceptive robocalls targeting seniors and stating that net neutrality will raise their cell phone bills by $30 a month and slow down the Internet. It’s not just a lie, it’s proof that you’ve successfully put them on the defensive by contacting your representatives about net neutrality.

      The robocalls don’t mention net neutrality by name. Instead, they simply assert that S.B. 822 will raise their bills and slow down their Internet. If ISPs decided to make this true by coordinating to raise prices in reaction to net neutrality legislation it would probably be illegal under federal antitrust law. There is no evidence that says net neutrality harms ISPs to the point where they must raise prices to make money. In fact, the evidence says the exact opposite. The fact that this is even possible reveals that we seriously lack sufficient competition in the wireless market. Such intentional misrepresentations demonstrate the extent major ISPs oppose any legal requirements to keep the Internet free and open, even after it has been discovered that they would go so far as to upsell public safety during an emergency in California.

      The thing is, we know that none of these large companies is operating on so small a margin that complying with net neutrality would “force” them to raise their prices. We also know net neutrality rules have never raised their operational costs. We know these things because the evidence is already publicly available.

    • Verizon couldn’t have restricted Santa Clara County’s internet service during the fires under net neutrality

      Federal Communications Commission Chairman Ajit Pai and his staff are fond of taking to Twitter to assert that, in the just over two months since the repeal of the FCC’s 2015 network neutrality rules took effect, the “Internet remains free and open” — and that opponents’ concerns that unconstrained broadband providers will act in a way that harms consumers and competition are overblown. The 2015 rules prohibited broadband providers like Verizon, Comcast and AT&T from picking winners and losers by blocking, throttling or otherwise discriminating against or favoring certain Internet traffic.

    • Don’t Hold Your Breath Waiting For The FCC, FTC To Punish Verizon For Screwing Firefighters

      We’ve noted how the telecom industry been having great success in the Trump era eliminating FCC, FTC, and state authority over telecom monopolies. The underlying industry justification is that gutting consumer protections will somehow magically improve competition and spur investment by regional telecom monopolies, a decades-old claim that has never been true, and yet somehow never dies. In reality, when you kill regulatory oversight of natural monopolies (without shoring up the underlying competition issues beneath), the problem only tends to get worse. It’s something you probably noticed if you’ve had any interactions with Comcast lately.

      Last week the perils in this particular course of action were laid bare when Verizon was busted first throttling and then trying to upsell first responders while they were trying to combat wildfires in California. Gigi Sohn, one of the ex-FCC staffers that helped craft the rules, did a good job pointing out how the FCC’s “Restoring Internet Freedom” order didn’t just kill net neutrality,

  • DRM

    • Denuvo Announces Plan To Fail To Combat Online Game Cheaters After Failing To Stop Piracy With Its DRM

      On the one hand, look, cheaters in online games suck out loud. These cheaters break the online gaming experience for all the non-cheaters out there. Perhaps more importantly, anti-cheating software is going to become a very real market ripe to be exploited, given the explosive growth in competitive online eSports and online gaming in general. If any company or group of companies could manage to end this infestation for gamers, they’d deserve a hero’s parade.

      On the other hand: this is Denuvo. Few companies have rivaled Denuvo’s boisterous claims and posture coupled with the failure of its product. It would be very easy to change out the references to anti-cheating software in the Irdeto quote above and replace them with references to Denuvo’s DRM and map that onto how Denuvo talked about its DRM product but a few years ago. Same promises, different product. I can only assume that anyone partnering with Irdeto for Denuvo anti-cheating software are basing that decision more on the reputation of Irdeto than Denuvo.

  • Intellectual Monopolies

    • Brazil’s patent backlog may resolve without fast-track procedure

      Forces against Brazil’s patent system may have killed the proposal to fast-track pending applications, but examiners’ individual productivity could solve the backlog in the long term

    • Trademarks

      • Tai Chi Tea: Beware of TM Infringement

        A difficulty here is that Zheng Cai represented himself pro se and did not exactly follow either TTAB or Federal Circuit procedure. In particular, Cai presented a set of factual assertions and images in his brief, but did not follow the particular brief filing rules. Because of the procedural failure, the TTAB refused to consider the materials presented — finding that Mr. Cai “introduced no evidence.” As Manafort can attest — it is difficult to win a case without presenting any evidence.

    • Copyrights

      • Honest Government Ads Takes On EU Parliament’s Plan To Censor The Internet With Article 13

        If you’re in the EU and this kind of clueless, dangerous regulating concerns you, speak out now. If you’re not in the EU, it still helps to speak out about this. Contact the EU Parliament or just spread the word so that others know just how much damage the EU may do to the internet if this moves forward.

      • How The EU May Be About To Kill The Public Domain: Copyright Filters Takedown Beethoven

        Over in the EU Parliament, they’re getting ready to vote yet again on the absolutely terrible Copyright Directive, which has serious problems for the future of the internet, including Article 13′s mandatory censorship filters and Article 11′s link tax. Regrading the mandatory filters, German music professor Ulrich Kaiser, has written about a a very disturbing experiment he ran on YouTube, in which he kept having public domain music he had uploaded for his students get taken down by ContentID copyright claims.

      • Save the date: CC Global Summit is happening May 9-11 in Lisbon!

        Since 2015, the CC Summit has nearly doubled in size. We’ve lined up two great venues to host this international event. Workshops, talks, planning sessions, and small group sessions will be held in Museu do Oriente, a vibrant new museum in a refurbished industrial building on the Alcântara Waterfront. Our keynotes and our Friday night party will be held at Cineteatro Capitólio, a major Art Deco cultural landmark that recently reopened its doors. The event will be co-hosted by CC and CC Portugal, and we owe tremendous gratitude to the CC Portugal team for their insight and assistance. We also want to congratulate and thank Teresa Nobre and Timothy Vollmer, our Program Committee Chairs, for stepping up to lead our community planning.

      • US Copyright Office Review Board denies UEFA copyright protection over Starball logo

        Although the World Cup is over, this Kat can’t keep his mind off thinking about MORE football … or soccer (as Americans call it).

        In 2016, the Union des Associations Européennes de Footbal (UEFA) filed an application with the US Copyright Office to have the famous Starball logo registered as a copyright work of two-dimensional visual art. The Starball logo is composed of a round ball, made up of black stars, with white polygons in the negative space between the stars. The shapes are arranged into a circular space, with the outer stars curved to follow the circumference (see below).

      • USTR: Mexico Agrees To Raise IP Enforcement Standards With The US

        Mexico and the United States have reached a preliminary agreement to raise standards of enforcement of intellectual property rights, according to the Office of the US Trade Representative (USTR). Among the terms, the agreement appears to toughen requirements for internet service providers in protecting against copyright theft and extend copyright terms, and might make it harder for Mexico to agree elsewhere to strengthen its protection of geographical indications.

      • US Trade Rep Appears To Misreport Its Own Trade Agreement To Include Copyright Extension

        Soooooooo, you’ve probably heard the news on Monday about how the Trump adminstration had struck a preliminary trade agreement with Mexico to replace NAFTA. Most of the attention over the deal has to do with the lack of Canada being a part of it, with Mexico making it clear it still thought that this was a new deal with both the US and Canada and President Trump repeatedly acting as if this deal was a “take it or leave it” deal for Canada, and if they left it, it would just be US and Mexico.

        There will, of course, be plenty of time to dig into the details of what’s in the actual agreement, but on stuff that matters to us, it already looks bizarre. The USTR put out a “fact sheet” about the intellectual property part of the agreement and it’s causing quite a bit of consternation. In particular, it claims that copyright will be extended to life+75 years. Literally no one has been asking for this. While the movie and recording industries have pushed to extend copyrights in the past, this time around, they more or less acknowledged that it was a bridge too far to keep extending copyrights this long, and some have even expressed a willingness to shorten copyright terms.

        But there’s been a lot of confusion about what the “life+75 years” even means here — and it now seems quite likely that the USTR simply misunderstood its own agreement (yes, really). Current in the US, for works made for hire or corporate works, copyright lasts 95 years, and for those made by individuals, it’s life+70 years. In Mexico, it’s been an upward ratchet from life+50 years, to life+75 years, to life+100 years as of 2003. There were some stories that during TPP negotiations, Mexico had pushed for life+100 years in the US as well, but that seemed like a non-starter.

        So why would the USTR give an okay for life+75 years when basically no one in the US is still pushing for such a thing, and in fact seem to be in general agreement that, if anything, the term should go in the other direction? Either the USTR negotiators have no idea what they’re doing (possible!), don’t realize why this is a big deal (also possible) or are misreporting what’s actually in the agreement. It appears the last one is likely. While the USTR told reporters on a call that they absolutely mean extending copyright to life+75 years, after that, USTR representatives started claiming that this is not an extension of copyright, but was merely supposed to be setting the floor on copyright terms of 75 years, not “life plus 75 years,” in which case copyright wouldn’t change in either country. But, because this administration appears to be so clueless, someone at the USTR may have taken this news and mistakenly claimed it was now life plus 75, rather than a 75 year floor.

      • New Campaign Aims to “Save Music” Ahead of EU Copyright Filter Vote

        In just 15 days’ time, MEPs will again vote on the now-controversial copyright proposals of Article 13. The legislation would see platforms such as YouTube compelled to introduce upload filters, to prevent unlicensed content being offered to the public. The new ‘Love Music’ campaign, supported by powerful industry players, aims to ensure a thumbs-up from MEPs. But the opposition is out, in force

08.28.18

Instead of Stopping Software Patent Grants the USPTO Actively ‘Advertises’ Such Patents, e.g. Patents on Cryptocurrencies

Posted in America, Patents at 3:48 am by Dr. Roy Schestowitz

The USPTO isn’t being impartial or compliant with respect to SCOTUS

Advertising blockchain patents

Summary: Patent applications on blockchains/cryptocurrencies should be tossed out based on 35 U.S.C. § 101, but the numbers-driven US patent office continues to demonstrate its reluctance to reject such software patents (same at the EPO)

The Patent Trial and Appeal Board (PTAB) definitely needs to step in, possibly joined by courts like the Federal Circuit, and tackle (e.g. by inter partes reviews (IPRs)) the plague of “blockchain”-themed patents that the U.S. Patent and Trademark Office (USPTO) keeps granting and even promoting in spite of 35 U.S.C. § 101/Alice. Cryptocurrencies are gaining a foothold/traction in a lot of places. This poses a threat/risk to today’s large banks and financial institutions because it weakens their monopoly/oligopoly. Bank of America is still trying to trip up its competitors using bogus software patents, as we mentioned on Monday (early morning). All the usual suspects (Intuit, Wells Fargo, IBM, and Bank of America) want their competition terrified of patents even if they’re invalid/bunk abstract/software patents that would be rejected by courts. To quote one new report:

The Bank of America is the succeeding largest United States bank regarding its total assets. The bank has filed a manifest with the U.S. Patent and Trademark Office that published on 23 August. This development is similar to the patents that are awarded, or functioned, by many multinational establishments such as Intuit, Wells Fargo, and IBM.

Bank of America simply wraps patent barbwire around cryptocurrencies [1, 2, 3, 4, 5]. It’s all over the news this week (not just towards the weekend).

“They’re not machinery or chemistry or whatever.”Why are such patents being filed and often granted? Because of hype? Cryptocurrencies are a relatively new concept and the same can be said about blockchain, but they’re still abstract concepts. They’re not machinery or chemistry or whatever.

This problem goes well beyond finance. VoIP-Pal.com v Twitter was mentioned here before (e.g. earlier this month) in relation to venue shifting, which invokes TC Heartland. VoIP-Pal.com has already been going after other companies and it faces legal challenges, e.g. with IPRs filed against its patents. These tactless attempts to drag patent litigation to totally irrelevant (to the defendant) states was mentioned yesterday by Patent Docs. To quote:

Last month, in VoIP-Pal.com, Inc. v. Twitter, Inc., District Judge Richard F. Boulware, II of the U.S. District Court for the District of Nevada issued an Order granting a Motion to Change Venue filed by Defendant Twitter, Inc. The dispute between the parties began when Plaintiff VoIP-Pal.com, Inc. filed suit against Twitter, asserting infringement of U.S. Patent Nos. 8,542,815 and 9,179,005. Following a stay of the case due to pending proceedings before the Patent Trial and Appeal Board, Twitter filed its Motion to Change Venue, VoIP-Pal.com filed a response to Twitter’s Motion, and Twitter filed a Reply to VoIP-Pal.com’s response. Prior to issuing its Order, the District Court held a hearing on the matter and ordered Twitter to file a Supplemental Declaration to address whether it had any physical equipment or leased any space in Nevada, including space for data storage, or other support equipment or hardware.

The District Court began by noting that for the purposes of determining venue under the patent venue statute, the location where a defendant corporation “resides” is limited to the corporation’s State of incorporation, citing TC Heartland LLC v. Kraft Foods Grp. Brands LLC, 137 S. Ct. 1514, 1517 (2017). The District Court also noted that in view of TC Heartland, the Federal Circuit addressed the question of where a defendant corporation has a “regular and established place of business” under the patent venue statute in In re Cray Inc., 871 F.3d 1355 (Fed. Cir. 2017). In Cray, the Federal Circuit set forth three requirements to establish the second prong of the § 1400(b) venue test: “(1) there must be a physical place in the district; (2) it must be a regular and established place of business; and (3) it must be the place of the defendant” (In re Cray, 871 F.3d at 1360), all three of which must be satisfied for venue to be proper.

These abstract software patents would likely be voided by PTAB, but in the meantime we assume that VoIP-Pal.com hopes for a quick settlement (over these dubious patents). Therein lies the great danger associated with the USPTO granting software patents in the first place.

Pen One Acquisition Group is a Patent Troll Indirectly Connected to Microsoft and There’s No Simple Solution to Such Problems

Posted in Microsoft, Patents at 2:54 am by Dr. Roy Schestowitz

Dominion Harbor too is connected to Microsoft and it’s hiding behind lots of shells in Texas

Hublink, LLC, a Dominion Harbor subsidiary

Summary: The latest example of patent trolls that receive their patents from Microsoft’s troll, Intellectual Ventures, and the urgent need for a permanent solution which isn’t just Microsoft’s ‘protection’ racket [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]

THE USPTO has facilitated patent trolling by saturating the ‘market’ with lots of low-quality patents — something which the EPO too is nowadays doing. Cleaning up this mess can take decades. Some trolls have as many as thousands of proxies, e.g. Intellectual Ventures. These proxies, in turn, use their own proxies too, e.g. Dominion Harbor. It’s far from trivial tracking who controls who because they register a lot of shells so as to obscure things (see the above diagram which relates to Dominion Harbor’s ‘enforcers’).

“Limiting patent scope (a la Alice) and actively voiding patents accordingly would be ideal.”A patent troll tackled by a Patent Trial and Appeal Board (PTAB) inter partes review (IPR) is called “Pen One Acquisition Group,” which according to Robert Jain (Unified Patents) is merely a ‘proxy’ of Equitable, which is led by Dean Becker and remains closely connected to Intellectual Ventures (in turn heavily connected to Microsoft). Here is what Jain wrote this week about something which had happened on Friday:

On August 24, 2018, Unified Patents and Pen One Acquisition Group (an Equitable IP subsidiary and NPE) filed a joint motion to terminate the previously instituted IPR2017-02167 pursuant to settlement. U.S. Patent 7,281,135, the subject of the IPR petition, is directed to an identity verification system.

Sounds like a software patent.

Meanwhile, LOT Network’s Seddon was speaking to Watchtroll (he had spoken to IP Watch a couple of years ago). It’s what we dubbed “a Wolf in Sheep’s Clothing” back in May because it’s “in effect a reinforcer of the status quo.” They market themselves as the answer/solution to trolling and now they claim to have enlisted almost 300 members. From yesterday’s article:

Ken Seddon, the CEO and president of LOT Network, told IPWatchdog that members sign the exact same 10-page agreement, which attaches a non-exclusive conditional license to that company’s patents. This license protects other members in the event that one of the patents to which the license is attached ever becomes owned by a patent assertion entity (PAE), thereby preventing the PAE from asserting the patent against LOT Network members.

As we explained at the start of the summer, LOT Network is not the solution to the problem (the same can be said about OIN); the trolls need to actually lose their patents and PTAB is one way for achieving this. Having said that, there are far too many patents out there which trolls actively (but covertly) use for blackmail. Limiting patent scope (a la Alice) and actively voiding patents accordingly would be ideal.

Patents on Steroids: ITC is Rushing Embargoes Before the Facts Are Even Known

Posted in America, Asia, Patents at 1:18 am by Dr. Roy Schestowitz

Hytera (company from Shenzhen, China) is barred — using patents — by a US company with six times as many employees (and a lot more US patents)

Hytera

Summary: When patents are put ahead of justice itself there’s greater risk that wrongly-granted patents and inappropriate allegations of patent infringement would result not only in lawsuits but also fast injunctions/embargo orders

WE have long argued that ITC helps US-based firms embargo foreign competition. It does this with prejudice and it’s almost always deciding against non-US companies. It’s doing it again.

“It does this with prejudice and it’s almost always deciding against non-US companies.”This time the ITC decided (“Notice of Initial Determination”) before the facts were even known; it’s like the EPO‘s “Early Certainty” (except for actual sanctions/embargo) and in the case of the USPTO the quality of patents is questionable and merits a review at the Patent Trial and Appeal Board (PTAB), perhaps with an appeal to the Federal Circuit. To quote one of three reports published about that yesterday [1, 2, 3]:

The US International Trade Commission has released its Notice of Initial Determination, regarding Motorola’s patent infringement case with Hytera. The intial determination was first unveiled in July, in favour of Motorola. ITC will now conduct a mandatory review of the initial determination and come out with a final one by 6 November.

Is this really justice or just a “mob lynch” like the nationalist trade wars of the Trump administration? Only yesterday we saw a front group of patent zealots (AEI) publishing “Chinese intellectual property theft” and IAM, the patent trolls’ think tank, saying that “Huawei [of China] transferred hundreds of patents to Qualcomm in months after NDRC settlement” (Qualcomm‘s patent aggression is widely documented).

“This is the sort of vision laid out by UPC proponents in Europe.”This isn’t about whether China or Hytera is infringing; it’s about whether ITC offers proper due process or just shoots first, asking questions later. We have already seen the ITC even ignoring PTAB rulings and causing financial damage/ruin. This is the sort of vision laid out by UPC proponents in Europe.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts