EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.10.18

Links 11/8/2018: PGP Clean Room 1.0, Ring-KDE 3.0.0, Julia 1.0

Posted in News Roundup at 11:48 pm by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

Free Software/Open Source

  • Social Mapper: A free tool for automated discovery of targets’ social media accounts

    The tool takes advantage of facial recognition technology and searches for targets’ accounts on LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo and Douban.

  • Social Mapper uses facial recognition to track ‘targets’ on social media

    RESEARCHERS at US security company Trustwave have released a rather scary new open source tool called ‘Social Mapper’ that can be used to track “targets” across social media networks using facial recognition.

    The potentially-devious tool works by taking an “automated approach” to searching popular social media sites for names and pictures of people you’re looking to track. It can accurately detect and group a person’s presence, outputting the results into a report that a human operator can quickly review.

    “Performing intelligence gathering is a time-consuming process, it typically starts by attempting to find a person’s online presence on a variety of social media sites,” the company asked itself in a news release announcing the software.

  • Social Mapper: This Open Source Tool Lets “Good” Hackers Track People On Social Media

    There are tons of automated tools and services that any shady hacker can employ to grab the public data on Facebook, Twitter, Google, or Instagram, and use it for notorious purposes. But what about the ethical hackers and security researchers who are looking for a means to achieve the same?

    To tackle this issue, security firm Trustwave has released an open source tool that can reduce the time being consumed for such intelligence collection process at a large scale. Called Social Mapper, the tool uses facial recognition to connect the dots on different social media and collect data.

  • Need a facial recognition auto-doxxx tool? Social Mapper has you covered

    Finding people’s social media profiles can be a slow and manual business – so why not get facial recognition to help?

    That’s the pitch coming from Trustwave’s SpiderLabs, which wants to make life easier for penetration testers trying to infiltrate clients’ networks and facilities using social engineering and targeted hackery.

    SpiderLabs’ Jacob Wilkin explained that new tool Social Mapper can start with the name of an organisation on LinkedIn, a folder full of named images, or a CSV listing of names with URLs to images. With those inputs, he explained this week, the software’s facial recognition capabilities can “correlate social media profiles across a number of different sites on a large scale.”

  • Open source Kaa IoT middleware to take on enterprise IoT

    To benefit from IoT, businesses need a way to network, manage and secure all of their connected devices. While there are proprietary IoT middleware platforms available to do this for the home and heavy industries like manufacturing, the Kaa IoT platform is one of the few open source options on the market today that is business-ready.

  • bzip.org changes hands

    The bzip2 compression algorithm has been slowly falling out of favor, but is still used heavily across the net. A search for “bzip2 source” returns bzip.org as the first three results. But it would seem that the owner of this domain has let it go, and it is now parked and running ads. So we no longer have an official home for bzip2.

  • Three Capabilities Banks Need to Work On While Adopting Open Source

    As banks are now willing to experiment and adopt new age technologies such as artificial intelligence and blockchain, the next big step of its digital disruption has to do with open source banking.

    With the adoption of open source, banks are likely to open their APIs and share customer data with third-party players to develop innovative products and offer customized real-time bespoke services to customers.

    Industry experts consider it to be the best time to embrace open banking as customer buying patterns are changing.

    In a previous interaction with Entrepreneur India, Rajeev Ahuja, Executive Director, RBL Bank accredited this change to “the emergence of nontraditional competition such as fintech startups, growing domination of technologies like blockchain, artificial intelligences, machine learning, etc and lastly, the initiatives taken by the Reserve Bank Of India to regulated the payments banks, peer to peer lending platforms, linking of Aadhar, and e-kyc.”

  • 5G futures: Why Huawei when open source may be the new black?

    So, the Australian government has a big decision to make about whether it will allow Huawei to be a provider of Australia’s 5G communications network that will power the internet of things for us. The national security concerns with having the large Chinese firm take on such an important role have been outlined well by ASPI’s cyber policy team and others in a series of recent Strategist posts.

    The big question people have asked, though, is, if not Huawei, then what? Ex-head of the UK’s GCHQ signals intelligence organisation Robert Hanigan, for example, has said, ‘The dilemma for western governments is that Chinese technology is no longer derivative or cheap, it’s often world-leading. Do we cut ourselves off from this technology by banning it, or find ways of managing the risk?’ It sounds like there’s an inevitability to embracing the solutions of China’s big tech firms, either now or sometime in the future.

    But that may well be just plain wrong. Rather than asking who’s the alternative supplier to Huawei, the better question might be, why would Australia go with an outdated approach to hardware and software provision at a time when new approaches might play to industry

  • The Top 3 Open Source Tools for AWS Incident Response

    Welcome to our third blog on incident response in the cloud. The first two posts primarily focused on the built-in capabilities from cloud service providers that can help your incident response efforts. We also discussed how to configure your Amazon Web Services (AWS) environment to take advantage of those features.

    Today, we are going to look at some tools that are extremely helpful for responding to cloud incidents. I’m only going to look at open source tools for AWS in this post, so you can go download and play with them in your training or test environment now.

  • Events

    • Free and open-source software con returns to International House

      FOSSCon, a free and open-source software conference, will be held Aug. 25 at the International House Philadelphia. Lectures and workshops will teach participants about free software and new ways to use it.

      Unlike most software, which is only available under restrictive licensing, free and open-source software is available under licenses that let people distribute, run and modify the software for their own purposes. It includes well-known projects like the Firefox browser or the Linux kernel. Those who talk about “free software” emphasize the way copyright law restricts users’ freedom, while those who talk about “open source” emphasize the economic and technical benefits of shared development.

      However, most of the scheduled events are far from philosophical, focusing on technical subjects like the use of domain name systems or the filesystem ZFS. The speakers range from professional programmers to enthusiasts. Most famous on the list is Eric S. Raymond, one of the thinkers behind “open source,” who will speak about the history of the C programming language and what might replace it. Of particular local interest is a talk by Eric O’Callaghan, a systems administrator at Thomas Jefferson University, on how to use public data from Indego Bike Share.

  • Web Browsers

    • Mozilla

      • Firefox DevEdition 62 Beta 18 Testday, August 17th

        We are happy to let you know that Friday, August 17th, we are organizing Firefox 62 DevEdition Beta 18 Testday. We’ll be focusing our testing on Activity Stream, React Animation Inspector and Toolbars & Window Controls features. We will also have fixed bugs verification and unconfirmed bugs triage ongoing.

      • How to DoH-only with Firefox

        Firefox supports DNS-over-HTTPS (aka DoH) since version 62.

        You can instruct your Firefox to only use DoH and never fall-back and try the native resolver; the mode we call trr-only. Without any other ability to resolve host names, this is a little tricky so this guide is here to help you. (This situation might improve in the future.)

        In trr-only mode, nobody on your local network nor on your ISP can snoop on your name resolves. The SNI part of HTTPS connections are still clear text though, so eavesdroppers on path can still figure out which hosts you connect to.

        [...]

        network.trr.uri – set this to the URI of the DoH server you want to use. This should be a server you trust and want to hand over your name resolves to. The Cloudflare one we’ve previously used in DoH tests with Firefox is https://mozilla.cloudflare-dns.com/dns-query.

      • #5 State of Mozilla Support: 2018 Mid-year Update – Part 5

        We are happy to share with you the final post of the series, which started with two external research report analyses, moved on to sharing updates and plans for support forums, social support, and localization, and now is about to conclude with our strategic summary.

      • Rep of the Month – July 2018

        Please join us in congratulating Lívia Takács, our Rep of the Month for July 2018!

        Livia is a UI developer and visual designer from Hungary and has been part of the Reps program for a bit more than a year. In that time she organized a lot of events with different communities (like LibreOffice) and also workshops.

      • Updated Firefox 61.0.2 includes Bug Fixes and Automatic Recovery feature for Windows

        The latest update to Firefox 61.0.2 adds support for automatic restoring of Firefox session after Windows is restarted. Presently this feature is not available by default for majority of users but will possibly be enabled gradually in the coming few weeks.

      • Make your Firefox browser a privacy superpower with these extensions

        Privacy is important for everyone, but often in different ways. That’s part of why Firefox Extensions are so powerful. Starting with a browser like Firefox, that’s built for privacy out of the box, you can use extensions to customize your browser to suit your personal privacy needs.

      • The Video Wars of 2027

        This post imagines a dystopian future for web video, if we continue to rely on patented codecs to transmit media files. What if one company had a perpetual monopoly on those patents? How could it limit our access to media and culture? The premise of this cautionary tale is grounded in fact. However, the future scenario is fiction, and the entities and events portrayed are not intended to represent real people, companies, or events.

        [...]

        In 1998, the U.S. Congress passed the Sonny Bono Copyright Term Extension Act. This new law extended copyrights on corporate works to the author’s lifetime plus 95 years. The effort was driven by the Walt Disney Company, to protect its lucrative retail franchise around the animated character Mickey Mouse. Without this extension, Mickey would have entered the public domain, meaning anyone could create new cartoons and merchandise without fear of being sued by Disney. When the extension passed, it gave Disney another 20 years to profit from Mickey. The news sparked outrage from lawyers and academics at the time, but it was a dull and complex topic that most people didn’t understand or care about.

        In 2020, Disney again lobbied to extend the law, so its copyright would last for 10,000 years. Its monopoly on our culture was complete. No art, music, video, or story would pass into the public domain for millennia. All copyrighted ideas would remain the private property of corporations. The quiet strangulation of our collective creativity had begun.

    • MDN Changelog for July 2018: CDN tests, Goodbye Zones, and BCD

      We moved MDN Web Docs to a CDN in April 2018, and saw a 16% improvement in page load times. We shipped with 5 minute expiration times for MDN pages, so that the CDN will request a fresh copy after a short time. MDN is a wiki, and we can’t predict when a page will change. 300 seconds was a compromise between some caching for our most popular pages, and how long an author would need to wait for a changed page to be published to all visitors. 80% of visitors are getting an uncached page.

    • GSoC wrap-up – Splitting Servo’s script crate

      The solution introduces a TypeHolder trait which contains associated types, and makes many structures in the script crate generic over this new trait. This allows the generic structs to refer to the new trait’s associated types, while the actual concrete types can be extracted into a separate crate. Testing shows significant improvement in memory consumption (25% lower) and build time (27% faster).

    • This Week in Mixed Reality: Issue 15

      This week is mainly about bug fixing and getting some new features to launch.

  • Oracle/Java/LibreOffice

    • New LibreOffice Version Offers Fresh Take

      Potential LibreOffice adopters should consider possible downsides, urged king. With more than two decades into the “revolution” sparked by Linux and open source solutions, LibreOffice still constitutes a small fraction of the productivity applications and tools market.

      Would that be the case if these offerings really were superior? Adopting any new platform requires retraining, and that includes LibreOffice, he said. Most employees arrive knowing at least the rudiments of Word and other Microsoft apps.

      Plus, to its credit, Microsoft has addressed many user complaints and Office 365 makes it cheaper and easier to use the company’s solutions than ever before, added King.

      “So companies have to sort out why they are considering LibreOffice,” he suggested, to determine “what potential benefits are actually achievable and whether leaving behind a longtime market leading solution (Office) really makes sense.”

  • Pseudo-Open Source (Openwashing)

  • BSD

    • 6 Reasons Why Linux Users Switch to BSD

      Thus far I have written several articles about BSD for It’s FOSS. There is always at least one person in the comments asking “Why bother with BSD?” I figure that the best way to respond was to write an article on the topic.

    • LibreSSL 2.8.0 Released

      This is the first development release from the 2.8 series, which will eventually be part of OpenBSD 6.4. It includes the following changes [...]

  • Programming/Development

    • Julia 1.0

      The much anticipated 1.0 release of Julia is the culmination of nearly a decade of work to build a language for greedy programmers. JuliaCon2018 celebrated the event with a reception where the community officially set the version to 1.0.0 together.

      [...]

      Try Julia by downloading version 1.0 now. If you’re upgrading code from Julia 0.6 or earlier, we encourage you to first use the transitional 0.7 release, which includes deprecation warnings to help guide you through the upgrade process. Once your code is warning-free, you can change to 1.0 without any functional changes. The registered packages are in the midst of taking advantage of this stepping stone and releasing 1.0-compatible updates.

      The single most significant new feature in Julia 1.0, of course, is a commitment to language API stability: code you write for Julia 1.0 will continue to work in Julia 1.1, 1.2, etc. The language is “fully baked.” The core language devs and community alike can focus on packages, tools, and new features built upon this solid foundation.

    • Julia 1.0 Released, 2018 State of Rust Survey, Samsung Galaxy Note 9 Launches Today, Margaret Dawson of Red Hat Named Business Role Model of the Year in Women in IT Awards and Creative Commons Awarded $800,000 from Arcadia

      Julia 1.0 made its debut yesterday—the “culmination of nearly a decade of work to build a language for greedy programmers”. The language’s goal: “We want a language that’s open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that’s homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled.” You can download it here.

      The Rust Community announced the 2018 State of Rust Survey, and they want your opinions to help them establish future development priorities. The survey should take 10–15 minutes to complete, and is available here. And, you can see last year’s results here.

    • Julia 0.7 arrives but let’s call it 1.0: Data science code language hits milestone on birthday

      Julia, the open-source programming language with a taste for science, turned 1.0 on Thursday, six years after its public debut in 2012. The occasion was presented on YouTube, live from JuliaCon 2018 in London.

      Created by Jeff Bezanson, Stefan Karpinski, Viral Shah, and Alan Edelman, the language was designed to excel at data science, machine learning, and scientific computing.

      That’s a niche – a rather substantial one these days – also served by Python and R, among other languages. However, the Julia aspires to be better, undaunted by being ranked 50 on Tiobe’s programming language popularity index for August 2018. For what it’s worth, Python presently sits at number 4 while R comes in at 18.

    • Julia 1.0 Programming Language Released

      Julia, the LLVM-based, speed-focused, dynamic and optional typing, full-featured programming language focused on numerical computing has reached the version 1.0 milestone.

      The Julia language has been in the works for nearly a decade while now the 1.0 milestone has been reached. Julia remains committed to its key focus areas for the language. With Julia 1.0 the developers are committing to language API stability.

    • Rust’s Low-Level Graphics Abstraction Layer Is Showing A Lot Of Potential

      The Rust programming language’s “GFX-RS” initiative that is backed by Mozilla continues working on exposing a universal “Vulkan-like” graphics API within Rust that in turn would have back-ends for Vulkan, OpenGL, Metal, and Direct3D 11/12 in order to reach all major platforms. Early benchmark results are quite promising for GFX-RS.

Leftovers

  • Telecommuting Tips

    If you work remotely and a lot of your team is in an office, it’s more important than ever to stay responsive in chat. In an office, people know you are there by whether you are at your desk, but when telecommuting, it all comes down to whether you respond when someone contacts you in chat. If your chat program provides ways to escalate notifications from your desktop to the phone app, take advantage of them. That way if you step away from your desk for a moment, your phone still can tell you when someone needs you. If you are going to step away from your desk for an extended amount of time to get lunch or run an errand, make sure someone on your team knows (or set a proper away message if your chat supports it). If you are in the office, realize that chat is the main way remote workers will communicate, so try to reward their responsiveness by being responsive yourself.

    In summary, the key to telecommuting being a success is to treat remote team members as equals and to take advantage of all of the great collaboration tools that exist these days to keep teams connected. These small steps can make all the difference in helping remote workers be productive and feel like part of the team.

  • Science

    • Tech industry is leaving behind women of color, report shows

      Women of color are entrepreneurs. But if you look at the tech scene, you’d hardly know it.

      A new study from the Kapor Center, Pivotal Ventures and Arizona State University’s Center for Gender Equity in Science and Technology found that women of color make up 80 percent of all new women-led small businesses in the US. In tech, however, that figure plummets to 4 percent.

      This is just one stat highlighted in Women and Girls of Color in Computing, a report released Monday.

  • Health/Nutrition

    • Famed Houston Surgeon Updates Conflict-of-Interest Disclosures

      When Houston surgeon O.H. “Bud” Frazier co-authored a research paper about mechanical heart pumps in the New England Journal of Medicine last year, he reported that his only potential conflict of interest was a fellowship in his name established by the maker of one of the devices tested in the study.

      “Dr. Frazier does not receive any financial gain from this,” his disclosure said of the fellowship.

      In June, Frazier submitted an updated disclosure listing more potential conflicts, including lecture fees and travel reimbursements he received from three medical device makers; one of those was from HeartWare, the company that established the fellowship in his name. The updated disclosure also included travel expenses from a fourth company and a patent granted in 2012 for a pulseless artificial heart system.

      The updated disclosures followed an investigation in May by ProPublica and the Houston Chronicle that found, among other things, that Frazier had often failed to fully report potential conflicts of interest related to his research in the field of mechanical heart pumps. Most medical journals require such disclosure so that other scientists and the public can judge whether personal interests may have influenced research findings.

  • Security

    • People Think Their Passwords Are Too Awesome For Two Factor Authentication. They’re Wrong.
    • Security updates for Thursday
    • Let’s Encrypt Now Trusted by All Major Root Programs

      Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

      While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

    • WPA2 flaw lets attackers easily crack WiFi passwords

      The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2′s Pre-Shared Key exchange process and WPA3′s Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.

    • ​Linux kernel network TCP bug fixed

      Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University’s CERT/CC, claimed the Linux kernel’s TCP network stack could be “forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS).”

    • State of Security for Open Source Web Applications 2018

      ach year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker’s quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner’s accuracy.

      This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

    • New Actor DarkHydrus Targets Middle East with Open-Source Phishing [Ed: Headline says "Open-Source Phishing," but this is actually about Microsoft Windows and Office (proprietary and full of serious bugs)]

      Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

      Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work.

      The attacks follow a well-worn pattern, according to Palo Alto Networks’ Unit 42 group: Spear-phishing emails with attached malicious Microsoft Office documents are leveraging the “attachedTemplate” technique to load a template from a remote server.

    • PostgreSQL 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24, and 11 Beta 3 Released!
    • PostgreSQL Rolls Out New Releases To Address Two Security Issues

      The latest high profile open-source project bitten by some fresh CVE security vulnerabilities is the PostgreSQL database server.

      PostgreSQL 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24, and 9.3.24 are now out as updates to all supported versions of this SQL server. PostgreSQL 11 Beta 3 is also out as an updated development build.

    • Over 20 Flaws Discovered in Popular Healthcare Software [Ed: Unnecessary sensationalism about OpenEMR, e.g. quoting number of patients affected. How about all those hospitals that got shut down worldwide because of intentional back doors in Microsoft Windows and leaks thereof?]
    • Ring-KDE 3.0.0 Released, Intel Debuts 32TB Ruler-Shaped SSDs, OpenEMR Security Issues, PostgreSQL Updates and New Version of Unigine

      Several security vulnerabilities were discovered recently in OpenEMR, developer of open-source electronic health records and practice management tools, possibly affecting the data of more than 90 million patients. Info Security Magazine reports that the issues “included nine separate SQL injection vulnerabilities, four remote code execution flaws and several arbitrary file read, write and delete bugs. Others included a portal authentication bypass, unauthenticated information disclosure, and cross-site request forgery”. Info Security notes that OpenEMR team has since patched “most” of the vulnerabilities.

    • New Wi-Fi attack cracks WPA2 passwords with ease

      The attack technique can be used to compromise WPA/WPA2-secured routers and crack Wi-Fi passwords which have Pairwise Master Key Identifiers (PMKID) features enabled.

      Security researcher and developer of the Hashcat password cracking tool Jens “Atom” Steube made the discovery and shared the findings on the Hashcat forum earlier this month.

      At the time, Steube was investigating ways to attack the new WPA3 security standard. Announced in January by industry body the Wi-Fi Alliance, WPA3 is the latest refresh of the Wi-Fi standard.

    • Black Hat USA 2018: Google, Microsoft and Red Hat dish on the Meltdown/Spectre backstory
    • Meltdown and Spectre disclosure suffered “extraordinary miscommunication”
    • Qualcomm CPUs have been shown to be unprotected against the Meltdown exploit, researchers say
    • WPA3: How and why the Wi-Fi standard matters

      WPA2 has given us 14 years of secure wireless networking. WPA3 will fix a number of big problems in WPA2 and make strong security the default condition.

    • How one man could have hacked every Mac developer (73% of them, anyway)

      OK, in some ways that’s only very loosely true, when you think of all the non-Unixy stuff on top of the Darwin base layer, and we welcome your comments below to explain just how carelessly loose we have been…

      [...]

      The potential impact of a well-thought-out hack into one of the many package management ecosystems out there is a pet concern of security researcher Eric Holmes.

      Hacks against the very repositories that many of us rely upon for software updates are known in the jargon as supply-chain attacks – after all, the modern supply chain often doesn’t involve any factories, ships, trains, inventories, trucks, pallets or forklifts.

      So, Holmes decided to take a look at the supply chain for Homebrew, or Brew for short – we’re guessing he picked Brew not only because he knew it was the most popular amongst the Mac community, but also because he uses it himself.

      The results were, in a word, salutary.

    • SD Times Open-Source Project of the Week: Fizz

      In order to implement the new generation of Transport Layer Security, TLS 1.3, at Facebook, the company built a TLS library in C++ 14 called Fizz. Earlier this week, Facebook announced it was open sourcing that library.

      TLS 1.3 added several new features to make Internet traffic more secure, such as encrypting handshake methods, redesigning how secret keys are derived, and a zero round-trip connection setup.

      “We are excited to be open-sourcing Fizz to help speed up deployment of TLS 1.3 across the internet and help others make their apps and services faster and more secure,” Facebook wrote in a post.

    • Crowdfense Announces Vulnerability Research Platform v1.0 to streamline 0day Market

      Crowdfense, a premiere vulnerability research channel based in Dubai, has just announced that it will be launching a web-based Vulnerability Research Platform (VRP) to facilitate vulnerability sharing, researching, and the selling of single zero-day exploits as well as exploit chains. This entails that Crowdfense purchase such exploits from researchers or submitting users and sell it onto research institutions and other bodies such as government intelligence to facilitate their interests in the study of known vulnerabilities.

    • Windows Lock Screen Bypassed Using Cortana Vulnerability; Already Patched
    • Hackers can Steal your Credit Card Information and Money through Cheap Mobile POS Card Reader Flaws
    • Remote Denial of Service Vulnerability in Linux Kernel Patched in v4.9.116 and v4.17.11
    • Security updates for Friday
    • DevSecOps: Security Automation in Enterprise DevOps

      Another day, another portmanteau. DevSecOps — an expensive target on AdWords — tries to fit security into the DevOps process. It’s kind of silly because of course companies should be factoring security into their development, particularly when much of DevOps is about enterprises releasing applications faster.

      Amazon Web Services’ Senior Solutions Architect Margo Cronin kicked off her talk at the European DevOps Enterprise Summit by saying how personally she doesn’t like the term DevSecOps.

    • WhatsApp Vulnerability Lets Attackers Alter Your Messages And Spread Fake News
    • Black Hat 2018: Satellite Communication Systems Hackable; Threat For Aviation Industry

      Black Hat USA 2018 which commenced on August 4 has seen some of the famous researchers putting out their research works. While all the demos were impressive, one that stood out from the rest was a research activity from Ruben Santamarta of IOActive team.

    • Black Hat 2018: A Pacemaker Hack That Can Stop The Heart

      Hackers from all over the world flocked to the Black Hat 2018 security conference that was held in Las Vegas this week. There, two researchers revealed a pacemaker hack that makes it possible for attackers to remotely install malicious updates. It causes the device to malfunction by delivering additional shocks or denying it which can threaten patients’ lives.

  • Defence/Aggression

    • Report: Montenegro seeks ex-CIA agent in failed coup
    • Venezuela set to scrap lawmakers’ immunity after drone explosions

      Venezuela confirmed the arrest of one lawmaker and ordered the detention of another on Wednesday, accusing the opposition politicians of scheming to assassinate President Nicolas Maduro with explosives-laden drones at a rally last weekend.

      Two drones detonated during a military parade on Saturday, injuring seven officers and sending soldiers scurrying for cover during a Maduro speech broadcast live. Maduro himself was unharmed.

    • Venezuelan Pres. Nicolás Maduro Targeted in 1st Assassination Attempt by Drone Against Head of State

      Venezuelan President Nicolás Maduro survived an apparent assassination attempt Saturday. Officials say two drones loaded with explosives detonated above Maduro as he gave a nationally televised speech at a military event in Caracas. It was the first known attempted assassination by drone strike against a sitting head of state. We get responses from Alejandro Velasco, executive editor for NACLA Report on the Americas; Gabriel Hetland, assistant professor of Latin American studies at SUNY Albany; and Mark Weisbrot, co-director of the Center for Economic and Policy Research and president of Just Foreign Policy.

    • Election Results Could be Good for Pakistan, Bad for US

      A bold new political face has come to power in the recent Pakistani elections, possibly offering the US a new opportunity in that country. Sadly the opportunity will likely be squandered—again. There’s something about Pakistani and US interests that seem doomed to collision course—mainly because Pakistan’s national interests are rarely what the US thinks they should be.

      Pakistanis themselves can be pleased the country has just experienced for only the second time in its history a democratic electoral transition from one political party to another. Over long decades democratically-elected governments have been routinely dethroned by the all-powerful Pakistani military-dominated intelligence service ISI.

  • Transparency/Investigative Reporting

  • Finance

    • In major defeat for Uber and Lyft, New York City votes to limit ride-hailing cars

      The council voted to halt the issuance of new for-hire vehicle licenses for 12 months while it studies the booming industry. Under the cap, Uber and Lyft could still be granted licenses for wheelchair-accessible vehicles — which both companies sorely lack — but would be prevented from adding new ride-hail vehicles for one year. The city’s Taxi and Limousine Commission could also issue licenses in particular neighborhoods that are running low on ride-hail vehicles. Another bill that passed would establish a $15 living wage for drivers. The bills now go to the desk of Mayor Bill de Blasio, who has indicated his support for a cap.

    • New York City imposes temporary cap on Uber, Lyft vehicles

      “We’ve seen a race to the bottom in terms of wages and in terms of the livelihoods of these drivers, not just in the for-hire vehicle sector but in the yellow cab sector as well,” Mayor Bill de Blasio said on NY1, a local news television channel on Wednesday.

      “So the Uber business model is ‘flood the market with as many cars and drivers as possible, gain more market share, and to hell with what happens to those drivers or anybody else involved,’” he continued. “And in the end, what that has created is the kind of race to the bottom that has literally driven down wages below minimum-wage level for a lot of Uber drivers and even for other drivers.”

    • When Mapping the Many Disparities in Chicago, It Can Feel Like It’s the Same Story Being Told

      There’s a saying among data nerds that every map is the same map.

      That’s not literally true, of course, but plenty of social phenomena display similar geographic patterns.

      That’s what you’ve seen if you’ve been following our reporting with WBEZ on parking tickets driving poor, black Chicagoans into debt — and even into bankruptcy.

      This fact makes maps a double-edged sword. Maps can help us understand the invisible geographies of the world around us and, at the same time, show us what we think we already know, confirming our suspicions without deepening our understanding.

      Often, these maps mainly tell us where people live rather than actually showing a geographic trend other than population density.

    • Giants: The Global Power Elite

      My new book, Giants: The Global Power Elite follows in the tradition of C. Wright Mills’s work the Power Elite in 1956. Like Mills, I am seeking to bring a consciousness of power networks affecting our lives and the state of society to the broader public. Mills described how the power elite were those “who decide whatever is decided” of major consequence. Sixty-two years later power elites have globalized and built institutions for preserving and protecting capital investments everywhere in the world.

      Central to the idea of a globalized power elite is the concept of a transnational capitalist class theorized in academic literature for some 20 years. Giants reviews the transition from nation-state power elites, as described by Mills, to a transnational power elite centralized on the control of global capital around the world. The global power elite function as a non-governmental network of similarly educated, wealthy people with common interests of managing, and protecting concentrated global wealth and insuring its continued growth. Global power elites influence and use international institutions controlled by governmental authorities like the World Bank, International Monetary Fund (IMF), NATO, World Trade Association (WTO), G-7, G-20, and others. These world governmental institutions receive instructions and recommendations for policy actions from networks of non-governmental global power elite organizations and associations.

  • AstroTurf/Lobbying/Politics

    • Election 2016 Gets a Report Card

      A new report out today by researchers at MIT contains some good news about America’s election process. States seem to have fixed the long lines and sky-high wait times that plagued voters in 2012. Overall, it’s getting easier to vote, the research shows.

      The report, called the Election Performance Index, also found evidence of a large group of voters who cast a protest vote in 2016.

      The index is based on a variety of sources, including public surveys and census data. It grades each state on 17 factors that are designed to measure how well they administered the 2016 elections, from voter turnout to provisional ballot rates to the quality of a state’s public data.

    • Laundering a Massacre By Labeling It a ‘Clash’

      As FAIR has noted before (e.g., Extra!, 1/17; FAIR.org, 4/2/18), the term “clash” is almost always used to launder power asymmetry and give the reader the impression of two equal warring sides. It obscures power dynamics and the nature of the conflict itself, e.g., who instigated it and what weapons if any were used. “Clash” is a reporter’s best friend when they want to describe violence without offending anyone in power—in the words of George Orwell, “to name things without calling up mental pictures of them.”

    • The Faulty Logic Behind the Attack on BDS

      However, by arbitrarily conflating all Jews with the Israeli state, the Zionists tell us that criticism or opposition to Israeli state behavior—even if that behavior is criminal—is anti-Semitic. This is because Israel stands in for all Jews. Thus, they redefine anti-Semitism in a way that allows Israel to sidestep all moral responsibility by turning the argument around and pointing fingers at their critics. For instance, do you object to Israel’s ethnic cleansing of Palestinians? Well, for the Zionists the issue is no longer the criminal nature of ethnic cleansing, but the alleged anti-Semitism of those criticizing that behavior.

    • Media Econ 101

      When the New York Times wants to write about the plights and travails of low-wage workers, they can tug a heartstring with the best of them. When it comes to reporting about “the economy”—serious, fact-based stuff, not “human interest”—we get things like the piece the paper ran in late July, with the lead on how “analysts expect the strong economy and Trump administration’s tax cuts to lead to another batch of knockout earnings reports.” One blot on the landscape: “wage growth.” “Rising labor costs can cut into profits, muting the impact of a robust economy,” the Times warns, citing a trucking firm where “driver pay and retention costs” were described as “outlays that nibbled away at the benefits of higher prices and booming volumes.”

  • Censorship/Free Speech

    • China’s Winnie The Pooh Crackdown Intensifies As Half-Naked Bear Becomes Resistance Icon
    • China bans Winnie the Pooh film after comparisons to President Xi

      Another comparison between Xi and Winnie during a military parade in 2015 became that year’s most censored image, according to Global Risk Insights. The firm said the Chinese government viewed the meme as “a serious effort to undermine the dignity of the presidential office and Xi himself”.

    • Platforms, Speech And Truth: Policy, Policing And Impossible Choices

      Internet sites have every right in the world to kick people off their platforms, and there’s no legal or ethical problem with that. No one’s free speech is being censored. That said, we should be at least a bit concerned about the idea that giant internet platforms get to be some sort of arbiter of what speech is okay and what speech is not, and how that can impact society more generally. But there are possible solutions to this, even if none are perfect and some may be difficult to implement, and we should explore those more thoroughly, rather than getting into screaming fights over who should or shouldn’t be allowed to use various internet platforms.

    • Judge Bypasses The First Amendment, Conjures Up A Right To Be Forgotten For The Complainant

      So, this doesn’t necessarily seem like the normal courtroom runaround where someone’s trying to slide an unconstitutional order past a judge. The targeted content isn’t the normal “disparaging” content people tend to want vanished, but rather an article about an altercation with cops in which the cops come out looking the worst.

      But Greg Malandrucco wants it gone… or at least delisted. This follows a string of DMCA takedown notices issued by Malandrucco claiming the selfie he took is his intellectual property and can’t be used without permission. (Matthew Clark appears to make the same claim in the single DMCA notice he sent out.) Malandrucco appears to have applied pressure elsewhere, resulting in this weird bit of redaction in the Chicago Maroon’s coverage which removes Malandrucco’s name from the post. (Matthew Clark’s name remains.)

      Google, understandably, has not delisted this blog post. First off, the use of the photo is clearly fair use and is used in an article discussing a topic (alleged police brutality) of significant public interest. Malandrucco may have a personal interest in seeing this post delisted (he claims it has harmed his reputation and affected his income), but that doesn’t mean his personal interests override the rights of others. (As is noted by Volokh, any attempt to drag copyright into this is doomed to fail since this isn’t a federal court case.)

    • In A Corporatist System Of Government, Corporate Censorship Is State Censorship

      Last year, representatives of Facebook, Twitter, and Google were instructed on the US Senate floor that it is their responsibility to “quell information rebellions” and adopt a “mission statement” expressing their commitment to “prevent the fomenting of discord.”

      “Civil wars don’t start with gunshots, they start with words,” the representatives were told. “America’s war with itself has already begun. We all must act now on the social media battlefield to quell information rebellions that can quickly lead to violent confrontations and easily transform us into the Divided States of America.”

      Yes, this really happened.

      Today Twitter has silenced three important anti-war voices on its platform: it has suspended Daniel McAdams, the executive director of the Ron Paul Institute, suspended Scott Horton of the Scott Horton Show, and completely removed the account of prominent Antiwar.com writer Peter Van Buren.

    • The Modern Age of Censorship – Silicon Valley Style

      On this episode of Fault Lines, host Garland Nixon is joined in-studio by producers Kameran Evans and Eric Ladny to discuss Silicon Valley and their obsession with controlling the flow of information. Why do tech companies seem so intent on monitoring what people see; what is the great threat?

    • Chinese censors poo-poo new Winnie the Pooh movie [Ed: Over a billion people worldwide now know that the Chinese regime is afraid of dolls and cartoons; wouldn't have happened if they did not resort to censorship]
    • Disney’s ‘Christopher Robin’ Won’t Get China Release Amid Pooh Crackdown (Exclusive)

      A source pins the blame on the country’s crusade against images of the Winnie the Pooh character, which has become a symbol of the resistance with foes of the ruling Communist Party, namely Chinese leader Xi Jinping.

  • Privacy/Surveillance

    • Third Comcast Website Flaw Exposes User Data In As Many Months

      To tackle this issue, security firm Trustwave has released an open source tool that can reduce the time being consumed for such intelligence collection process at a large scale. Called Social Mapper, the tool uses facial recognition to connect the dots on different social media and collect data.

    • TSA Admits ‘Quiet Skies’ Surveillance Program Is Useless, Promises To Continue Engaging In Useless Surveillance

      More news comes from the Boston Globe about the TSA’s “Quiet Skies” program. Having decided the skies were too quiet, the TSA started nominating people for surveillance based on god knows what and sent air marshals all over the US to tail “suspects” as they unsuspectingly went about their travels. Some of the targets included flight attendants and law enforcement officers. To those tasked with this futile (and likely unconstitutional) surveillance, the program is a waste of time and resources, if not a full-blown civil liberties catastrophe.

      To the TSA, this previously-hidden bullshit is just some more discretion-flexing on behalf of the American public to save them from terrorists it inadvertently admitted aren’t even targeting aircraft anymore. Why go through the hassle of the boarding process, smuggling precursors past half-inept, half-asleep TSA agents when you can just rent a van from Home Depot and drive it into a crowd?

      The TSA insists the program has value and that it will continue to send air marshals out to tail flagged randos. It also insists better education of air marshals will shut complaining marshals the hell up. But what it failed to do in a Congressional hearing, called after the Globe’s expose, is actually present any evidence the program works.

    • Memphis Police Surveillance of Activists Is a Betrayal and a Reminder

      Memphis police collecting data on activists reminds us they did this decades ago in the Civil Rights Movement.

      A lawsuit by the ACLU of Tennessee recently produced evidence that Memphis police spied on Black activists. As Yogi Berra said, “It’s like déjà vu all over again.” This is the same city where five decades ago the police spied on Martin Luther King, Jr. It’s the city where he was murdered. And it’s my hometown.

      I know enough that I can’t claim surprise, but it hurts all the same to see yet another overstep by law enforcement, one with echoes in the history of the civil rights movement, and, make no mistake, it includes the struggle going on today for civil rights

      In 2016 and 2017, Memphis Police Department’s Office of Homeland Security (created after the September 11 attacks) decided it was legally appropriate and a good use of resources to create a fraudulent Facebook profile whose purpose was to deceive activists and gather information from them, including information from private posts. One activist recommended a book by community organizer Saul Alinsky in a private post, and Memphis police collected it. They also collected the names of 58 friends who “liked” it. MPD went further, making a PowerPoint presentation about BLM activists who protested police shootings at several places including an Elvis Presley vigil.

      What did police call their surveillance dossier on activists? “Blue Suede Shoes.”

    • EFF Tells Bay Area Regional Transit: Reject Proposed Face Surveillance Scheme

      Around the country, communities concerned about privacy and surveillance are seeking to secure a robust role for public community oversight to constrain the co-optation of local police departments by electronic surveillance. EFF supported recent victories for community control in Oakland and Berkeley, CA, before recommending today that the Bay Area Regional Transit (BART) Board reject recent proposals to expand surveillance on the BART system.

      The Board considered two proposals today. One was for a hastily crafted “Safety and Security Action Plan,” including a provision for a “Physical Security Information Management system” (PSIM) that “would be capable of monitoring thousands of simultaneous video streams and automating response recommendation.” The other was for a face surveillance scheme that seems to lack any awareness of the profound threat it could present to privacy, dissent, communities of color, and immigrants.

      Facial recognition is an especially menacing surveillance technology, and BART should reject it. Given the wide proliferation of surveillance cameras and the choice of most people to expose their face in public, facial recognition technology can enable the government to track all of our movements and activities as we go about our days in public places.

    • NSA leaker Reality Winner to appear in court this month for sentencing hearing

      AUGUSTA, Ga. (WJBF) – NSA leaker Reality Winner will face sentencing later this month.

      Winner will appear before a judge on August 23rd for sentencing.

    • NSA leaker Reality Winner will be sentenced later this month
    • Sentencing date set for Georgia woman who leaked secrets
    • How to Recover Deleted Files on Your Mac

      Even when you empty your trash, deleted files aren’t removed from your hard drive right away. Instead, macOS marks them as available space. Your data is still there until it gets overwritten by something else. This means that if you have an app that can read the files directly off your hard drive, you could recover them in full if you do it quickly enough after deletion.

    • EFF Amicus Brief: The Privacy Act Requires the FBI to Delete Files of Its Internet Speech Surveillance

      U.S. law makes clear that the government cannot keep surveillance records on a person or group because of their political views or the way that they express their First Amendment rights. Unfortunately, the FBI has flouted these laws by maintaining records of its probe of two people whose website criticized U.S. policy in the Middle East. EFF is urging a court to make this right.

      EFF filed an amicus brief in support of an ACLU of Northern California lawsuit to enforce privacy protections that Congress put in place in the 1970s against government surveillance. Rigorous enforcement of this law is needed to prevent the FBI from maintaining information it collects on the Internet about our First Amendment activity for many years after that information is no longer relevant to an ongoing investigation.

      After the FBI tracked Dr. Martin Luther King, Jr. and other civil rights activists, the Army monitored domestic protests, and President Nixon ordered surveillance of his political opponents, Congress stepped in and passed the Privacy Act of 1974, which established rules about what types of information the government can collect and keep about people. The Act gives individuals the right to access records the government has on them and change or even delete that information. One of the most protective provisions is a prohibition against maintaining records of First Amendment activity, but law enforcement was given an exception for “authorized law enforcement purposes.”

      In this case, plaintiffs Mr. Raimondo and Mr. Garris ran the website antiwar.com, where they wrote pieces criticizing U.S policy in the Middle East in the early 2000s. After reposting a widely available FBI document, they caught the notice of the FBI, which began tracking the website and the two men through a practice called “threat assessment.” The FBI did not find any wrongdoing or basis to further investigate. Nonetheless, the FBI maintained for many years a record of the postings on this advocacy website and its writers. The First Amendment clearly protects their online journalism and advocacy. Now they are requesting that the FBI expunge their surveillance files.

    • Is Apple Really Your Privacy Hero?

      The campaign is working, as evidenced by media reports depicting Apple as hero to Facebook’s villain. But that marketing coup masks an underlying problem: The world’s most valuable company—its market value crossed the $1 trillion mark on Aug. 2—has some of the same security problems as the other tech giants when it comes to apps. It has, in effect, abdicated responsibility for possible misuse of data, leaving it in the hands of the independent developers who create the products available in its App Store.

    • Big Telecoms with Questionable Motives are Starting VPN Services

      The world is waking up to the Internet’s privacy problem, and an arms race has started between groups trying to harvest your information and activists trying to protect your information from unwanted intrusion. As this race heats up, one of the primary issues facing Internet users today is exposure of their IP address, which is often directly tied to their identity online. A VPN is touted as a good solution to this issue, as it masks an individuals traffic by mixing it with the traffic of other users to make tying specific actions to specific users difficult.

  • Civil Rights/Policing

    • ‘None will be spared’: students fear reprisals over Bangladesh unrest

      The same social media posts they used to organise and fan the demonstrations could serve as evidence to arrest dozens under Bangladesh’s onerous digital communications law.

    • ‘Turn the Plane Around’: Government Wrongfully Deports Asylum Seekers

      Judge orders administration to ‘turn the plane around’ and temporarily blocks deportations of asylum seekers fleeing sexual and gang violence.

      The ACLU and the Trump administration squared off in court on Thursday over Jeff Sessions’ new policy that denies asylum protections to immigrants fleeing domestic violence and gang violence. The hearing focused on whether U.S. District Judge Emmet Sullivan would issue an emergency order to block the deportation of our plaintiffs, many of whom are women and children fleeing extreme sexual and gang violence, while the case proceeds.

      As the judge deliberated the stay, disturbing news came to light: Early Thursday morning the government had pulled two of our clients—a mother and her young daughter—out of their detention rooms and put them on a deportation flight back to El Salvador. This directly violated government promises in open court the previous day that no one in the case would be removed before 11:59 p.m. Thursday night.

      Judge Sullivan was outraged, saying “it was unacceptable” that someone who had alleged a credible fear and was “seeking justice in a U.S. court” would be “spirited away” while her attorneys were literally arguing on her behalf.

      He ordered the government to “turn the plane around.” Further, the judge suggested that if the situation was not fixed, he would hold contempt proceedings for those responsible—starting with Attorney General Jeff Sessions.

    • Across New York, People of Color and the Poor Can Face Eviction for Calling 911

      A new report released by the NYCLU and ACLU reveals how “nuisance ordinances” hurt vulnerable tenants who need police assistance

      In March 2016, Fulton, New York, police received a call that a man and a woman were involved in a physical domestic dispute and that the woman was “yelling for someone to call 911.” When the police arrived, the woman described her boyfriend pushing her and punching her in the eye. The police helped make sure that the woman was safe. But the 911 call led to a threatening letter from the city to the landlord.

      Citing the “volume of calls for service” from the property, the city threatened that it would take action, including closing the entire building, unless the landlord stopped the “nuisance activity.”

      The ACLU has long been concerned about nuisance ordinances and has taken them on in more than a dozen states, advocating against them in state and local legislatures and successfully challenging them in Arizona, California, and Pennsylvania. These local laws, which are also sometimes called crime-free ordinances or criminal activity nuisance ordinances, allow a city to label a property a nuisance when it is the site of a certain number of police responses or alleged “nuisance conduct,” a category that can include assault, harassment, stalking, disorderly conduct, city code violations, and much more.

    • Appeals Court Says Law Criminalizing Threats To Sue Or Complain About Police Officers Is Unconstitutional

      A few months ago, we wrote about (YET ANOTHER) terrible law Louisiana has on the books. Like its other terrible laws, this one is abused by law enforcement. The law itself — which forbids the “intimidation” of public officials — has already been ruled unconstitutional by a federal judge.

      This law is wielded by officers and prosecutors to ring people up for “intimidating” cops by doing things like threatening to sue or file complaints. The wording lends itself to this. It criminalizes anything that might “influence” a public official’s “conduct.” No doubt threats of lawsuits or complaints have some effect on officers and how they behave and react. The most noticeable effect isn’t on the public officials. It’s the addition of a charge specifically related to what a citizen says to a law enforcement officer if they’re unhappy with the way they’re being treated.

      Travis Seals was the recipient of one of these bogus charges as the result of him informing an officer he was going to file “lawful complaints” during his arrest for unknown charges. (The opinion only says “conduct not specifically reflected in the record.”) He verbally objected to the arrest, which apparently led to the application of pepper spray and Seals’ announcement of the pending filing of complaints.

      The lower court said the law was unconstitutional. Even though Seals was never officially charged by the DA, the DA still chose to fight for the bad law in court. And again, it’s the state appealing the lower court’s ruling. The state tried to get the case tossed for lack of standing, saying it had promised not to use that law against Seals in the future. The court disagrees, using a couple of footnotes (p. 5) to explain why this promise isn’t really worth the PDF it’s printed on before ruling on the law itself. It also points out the state has brought this charge in circumstances like these against 150 people, so it’s not as though it’s restraining itself for abusing a bad, broadly-written law.

    • ICE Contractor Tries to Scare Activists With Legal Threats, Free Speech Be Damned

      It has been a rough week for the GEO Group, a private prison company that contracts with U.S. Immigration and Customs Enforcement to lock up undocumented immigrants. And it’s making the contractor lash out in erratic fashion.

      All week, activists have been raising support for a national day of action against GEO Group, which has been profiting off of the Trump administration’s war on undocumented immigrants. And on Tuesday, a federal judge certified a class action against GEO for systematic wage theft of detained immigrants, who are paid $1 a day as part of GEO’s Voluntary Work Program.

      Under pressure from activists, GEO did what too many embattled corporations do: It threatened to sue. GEO’s lawyers served a cease-and-desist letter on Dream Defenders, the Florida-based human rights organization that had called on allies to push their elected officials to cut ties with GEO, rally at GEO prisons and detention centers, and “creatively disrupt” GEO offices on August 7.

    • Federal Judge Calls City’s Asset Forfeiture Program Unconstitutional

      In 2015, the state of New Mexico overhauled its asset forfeiture program. The reform bill all but eliminated civil asset forfeiture by creating a conviction requirement. This eliminated roadside shopping trips by New Mexico law enforcement in which “perps” were free to go, so long as they left everything else (cash, vehicles) behind.

      Despite the passage of this law, the Albuquerque PD continued to engage in asset forfeiture on pre-reform terms. The especially aggressive program saw citizens losing their vehicles to law enforcement because of acts committed by other drivers and the PD seized cars by the dozens during DWI arrests. The PD was sued by state legislators for its continued violations of the new law while the law enforcement agency repeatedly claimed the legislation just didn’t apply to it.

    • What Happens When a Pipeline Runs Afoul of Government Rules? Authorities Change the Rules.

      A week ago, the federal government halted work on a massive pipeline project that runs from Northern West Virginia through Southern Virginia.

      The government said it had no choice but to order work on the multibillion-dollar Mountain Valley Pipeline stopped after a federal appeals court ruled that two federal agencies had neglected to follow important environmental protections when they approved the project.

      The court had found that the U.S. Forest Service had suddenly dropped — without any explanation — its longstanding concerns that soil erosion from the pipeline would harm rivers, streams and aquatic life. It also found that the Bureau of Land Management approved a new construction path through the Jefferson National Forest, ignoring rules that favor sticking to existing utility rights-of-way.

      “American citizens understandably place their trust in the Forest Service to protect and preserve this country’s forests, and they deserve more than silent acquiescence to a pipeline company’s justification for upending large swaths of national forestlands,” Judge Stephanie Thacker wrote for a unanimous ruling from a three-judge panel of the 4th U.S. Circuit Court of Appeals. “Citizens also trust the Bureau of Land Management to prevent undue degradation to public lands by following the dictates” of federal law.

      It turns out, those weren’t the only times state and federal regulators bent environmental standards for the project, which began construction in February.

    • Voters Hold Bob McCulloch Accountable in St. Louis County

      This week, voters in St. Louis County sent a clear message of support for the creation of a smarter justice system.

      In the race for St. Louis County Prosecuting Attorney, the incumbent Bob McCulloch was handily defeated by Wesley Bell, a Ferguson councilman and McCulloch’s first challenger in years, in the Democratic primary. There is no Republican candidate in the race.

      McCulloch, who was first elected in 1990, drew national scrutiny and sharp criticism over how he handled the investigation into the killing of Michael Brown, a tragedy which occurred four years ago this week.

      [...]

      As part of our voter education campaign, we set out to work with the St. Louis County Reform Coalition, an alliance of civil rights groups, and others in the community to address the issues in the race. Our volunteers knocked on thousands of doors and made phone calls, having countless conversations with voters about the civil liberties issues at stake.

      Along with the PickYourPA.org website, we launched a radio ad addressing McCulloch’s refusal to end the unjust cash bail system and shared an online video detailing one woman’s experience with the prosecutor’s office. When her husband was convicted of a crime in federal court, McCulloch used the federal case to needlessly lengthen his sentence in the state system. This incident was emblematic of McCulloch’s heavy-handed approach throughout his tenure that relied on incarceration as a first resort.

    • 9th Circuit Denies Cops Who Shot Innocent People 15 Times Qualified Immunity For The Second Time

      Two Los Angeles Sheriff’s Department deputies are hearing — for the fourth time — they’ll be personally responsible for a string of Constitutional violations resulting in them filling two innocent people with bullets. At this point, the officers have lost at the district level, the Appeals Court, got a partial remand (but no grant of immunity) from the Supreme Court, and are back in front of the Ninth Circuit Court of Appeals losing again.

      Deputies Christopher Conley and Jennifer Pederson were searching for a parolee named Ronnie O’Dell. A department briefing claimed O’Dell lived in a one-room shack behind a home owned by Paula Hughes. O’Dell did not live there. Instead, the deputies found — after entering the shack without announcing their presence or obtaining a warrant — Angel Mendez and Jennifer Garcia. Mendez, who had been sleeping on a futon, started to move a BB gun off the bed (the BB gun was used to shoot pests) and set it on the floor so he could stand up. Deputy Conley shouted “Gun!” and the rest — all fifteen bullets of it — is tragic history.

    • Brief To FISA Court Says The Presumption Of Openness Should Apply There, Too

      The court system belongs to the people. That’s what a “presumption of openness” means. It’s a public system, accessed by the public or by representatives of the public. With rare exception, documents filed with the court system should be made available for viewing by the public.

      The FISA court, which oversees a multitude of surveillance programs and national security investigations is a closed book. Until very recently, it operated in total darkness, much like the agencies seeking its approval for surveillance. The Snowden leaks changed that, moving it very slightly closer to a presumption of openness.

      The Director of National Intelligence — nodding towards transparency in a mostly self-serving way — has begun to declassify orders and rulings from the FISC. But a majority of FISC documents released by the ODNI haven’t come from this hesitant step towards transparency. They’ve been forced out the government’s hands by numerous FOIA lawsuits.

      Access to court documents shouldn’t have to be litigated, even in the FISA court. That’s the argument being made by Georgetown professor Laura K. Donohue in her FISA court brief [PDF]. The long, very interesting brief covers a number of issues and government arguments, but it all boils down to public access as a presumption, rather than a grudging concession after a courtroom loss in a FOIA case.

  • Internet Policy/Net Neutrality

    • Decentralized Web Summit 2018: Quick Takes

      Last week I attended the main two days of the 2018 Decentralized Web Summit put on by the Internet Archive at the San Francisco Mint. I had many good conversations with interesting people, but it didn’t change the overall view I’ve written about in the past. There were a lot of parallel sessions, so I only got a partial view, and the acoustics of the Mint are TERRIBLE for someone my age, so I may have missed parts even of the sessions I was in. Below the fold, some initial reactions.

    • Large ISPs, Flushed with Capital, Blame Consumer Protections for Their Disregard of Rural America

      Companies like AT&T, Comcast, and Verizon are going around to state legislatures and telling them that any laws they pass that protect consumers will harm their ability to deploy networks in rural America. They claim that any legislator eager to protect their constituents from the nefarious things that can be done by companies that control access to the Internet is somehow hurting residents most desperate for an Internet connection. But their lack of willingness to invest has nothing to do with laws like net neutrality or privacy, because today they are nearly completely deregulated, sitting on a mountain of cash, and have no shown intention of connecting rural Americans to high-speed Internet while their smaller competitors take up the challenge.

      [...]

      Not only do we know what these large ISPs aren’t doing with their money, we know that nothing about consumer protections prevents them from using that money to reach new customers in rural areas. We have concrete examples of smaller ISPs, with substantially less cash on hand, are doing just that.

      In Maine, a small ISP called Axiom has deployed fiber to local communities that major incumbents ignored. When the island community of Chebeague, Maine approached other ISPs about building a faster alternative to dial-up Internet access, nothing happened. But when local residents, working together found private and institutional investors, they were able to make progress in a very difficult market. To date, Axiom has deployed 30 miles of fiber optic gigabit connections and continues to deploy today. In California, a small ISP (Spiral Internet) that supports the state’s net neutrality legislation is aggressively working on deploying a fiber optic network in Nevada County, a rural part of the state.

      These ISPs are part of nearly half of the FTTH deployments that are happening across the entire and are also part of the dozens of small ISPs that opposed the FCC’s decision to completely deregulate the industry. That is because regulation of their business practices has nothing to do with their ability to deploy networks in difficult to serve markets. In fact, they were important to promote competition, which in turn promotes greater investment in networks as ISPs fight for customers.

    • Tribune Kills Merger, Sues Sinclair For Its ‘Unnecessarily Aggressive’ Merger Sales Pitch

      If you recall, the merger was on life support after the FCC shoveled the merger off to an administrative law judge for review, a move traditionally seen as a death knell for such deals. The FCC was prompted, in part, by allegations from numerous critics on both sides of the partisan aisle alleging that the company had tried to use “sham” transactions to pretend the merger fell within media ownership limits.

      As it stands, law prohibits any one broadcaster from reaching more than 38% of U.S. homes, a rule designed to protect local reporting, competition and opinion diversity from monopoly power. The Sinclair deal would have given the company ownership of more than 230 stations, extending its reach to 72% of U.S. households. Critics charge Sinclair attempted to skirt around this limit by trying to offload numerous stations to Sinclair-linked companies and allies, some of which had absolutely no broadcast experience, with an eye on simply re-acquiring them later at bargain-basement prices.

      If you’ve watched the viral Deadspin video or John Oliver segment on Sinclair’s creepy, facts-optional “news” reporting, you should have a pretty good idea why the merger was so controversial. It was, effectively, an attempt to dominate local broadcasting and fill the airwaves with what many have argued is little more than Trump-friendly disinformation.

  • DRM

    • Captive Audience: How Florida’s Prisons and DRM Made $11.3M Worth of Prisoners’ Music Disappear

      The Florida Department of Corrections is one of the many state prison systems that rely on private contractors to supply electronic messaging and access to electronic music files and books for prisoners.

      For seven years, Florida’s prisoners have bought music through Access Corrections, a company that took in $11.3 million selling songs at $1.70 each—nearly twice what the typical song costs on the marketplaces available to people who aren’t incarcerated. This is hardly exceptional: prisons also charge extremely high rates for phone calls. The FCC briefly capped this at $1/minute (much higher than normal calling rates), only to have the Trump FCC abandon the policy rather than fight a court challenge.

      Florida prisoners used Access Corrections’ $100 MP3 players to listen to their music purchases and access their other digital files. But the Florida Department of Corrections has terminated its contract with Access Corrections in favor of the notorious industry-leader Jpay, a company that once claimed ownership of inmates’ correspondence with their families, and had inmates who violated the company’s lengthy terms of service punished with solitary confinement, and who became notorious for selling digital postage stamps to prisoners who want message their loved ones (prisoners need to spend one “postage stamp” per “page” of electronic text, and the price of postage stamps goes up around Mother’s Day).

      (Jpay is a division of Securus, a company notorious for selling and even giving away access to US and Canadian cellphone location data, without a warrant, and without notice to the tracked individuals.)

  • Intellectual Monopolies

    • Instruction That Jury “Should” Consider Objective Indicia Not Erroneous

      Following a jury verdict of invalidity, the court denied plaintiff’s motion for a new trial because the jury instructions regarding obviousness were proper.

    • US pharma companies under increasing legislative pressure, key EU SPC decision and much more in July’s life sciences IP round-up

      In this month’s round-up of patent news from the life sciences, we report on the latest blow to the St Regis Mohawks’ attempt shield their Restasis patents from inter partes review, the new bill seeking to roll out compulsory licensing in the US, and the Indian Supreme Court’s hearing on seed patentability. Market Radar Compulsory licensing bill attracts support in the US – A proposed legislative amendment that among other things seeksto allow compulsory licences for patented drug products has been tabled in the US House of Representatives, where it has found significant support.

    • Rejoining Written Description and Enablement in Amgen v. Sanofi

      In July 2018, Amgen filed its petition for certiorari asking the Supreme Court to reject the Federal Circuit’s imposition of separate “written description” and “enablement” requirements along with their various requirements and standards. Amgen argues that the Court should simply follow the statute — requiring “a written description of the invention . . . in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains . . . to make and use the same.” Amgen Inc. v. Sanofi, Aventisub LLC, SCT Docket No. 18-127 (Petition filed July 23, 2018) (Cert Petition).

      The basic push here is against the “possession” standard that serves as the core of the Federal Circuit’s written description requirement. Apart from any policy arguments — Amgen argues that the statute spells out the test — and it is enablement, not possession. Rather than focusing on what the inventor possesses, the Act requires the specification simple teach others — “as to enable an person skilled in the art . . . to make and use” the invention.

    • Germany: Kinderbett, Federal Court of Justice of Germany, X ZR 59/16, 27 March 2018

      The FCJ held that the general suitability of a technical means of the common general knowledge to solve a technical problem can only suffice as a motivation for the skilled person to make use of this technical means if it is directly recognisable for the skilled person that the technical circumstances of the problem make the technical means appear objectively appropriate.

    • Japan to develop an IP asset platform for matching global challenges with Japanese technology seeds

      As previously reported, the progress of open innovation is slow in Japan. However, the government has been actively developing measures to promote open innovation. For example, it prepared “University Factbook” which provides contact information of business-academia collaboration office, performance of joint / contract research, performance of patent filing and utilization, and technology field of patent applications and other information of each university, and also announced the scheme of “Innovation Management Hub” which sets up a proven TLO to assist technology transfer for local universities.

    • Knowledge of Potential Infringement During Prior Settlement Does Not Trigger Equitable Estoppel

      Following jury and bench trials, the court found that equitable estoppel did not preclude plaintiff’s claims for infringement of its footwear design patents because there was no misleading conduct following the parties’ settlement of an earlier case.

    • Swedish Court requests CJEU to clarify meaning of ‘preparatory design material’ and ‘employee’ within Software Directive

      Y owned a share in Dacom Ltd, a company in Sweden of which he subsequently was the sole owner between 2007-2011. Informed Portfolio Management (IPM) is a Swedish company that deals with capital management. In 2003, Y entered into a contract with IPM under which it was agreed that IPM would employ Y. The employment would commence later that year and Y would also be granted partnership in IPM’s parent company.

      Throughout Y’s employment with IPM a specific type of computer program was developed for the purpose of capital management. A first version of that program was subsequently published in 2010.

      Note: A core question regarding the reference for preliminary ruling in Dacom, C-313/18 (keep reading) is how the term ‘preparatory design material’ should be understood and established if someone has acted as an employee and joint author of the work.

    • Brazil “on the verge” of increasing prison time for IP violations

      Businesses are pushing to amend Brazil’s industrial property law in order to increase prison sentences for trade mark, industrial design, and patent infringement

    • Trademarks

      • Aloha Poke Co. Rewarded For Trademark Bullying With Protests Outside Its Headquarters In Chicago

        On the matter of trademark bullying, we typically talk about these cases as matters of legal outcomes and courtroom repercussions. Less discussed is the power of the masses in the form of protest and public shaming in order to combat trademark bullies. And, yet, that appears to be part of the equation trying to solve the irritation that is Aloha Poke Co.’s trademark bullying of actual Hawaiian poke joints out of their own culture.

        You will recall that we recently discussed Aloha Poke Co., the Chicago-based poke chain that doesn’t count any actual Hawaiians among its founders, firing off cease and desist letters to all manner of other joints that use some version of “Aloha” and “Poke” in their names. Most of these other entities are owned and operated by actual Hawaiians, from which both words and their cultural relevance stems. With so many entities out there using what are fairly generic terms in the realm of anything Hawaiian, the suggestion for public confusion made by Aloha Poke Co. seems spurious at best. Perhaps as importantly, if the company thought that the public wouldn’t get wind of its bullying, it appears that it was very, very wrong, as protests at its Chicago headquarters have been organized.

    • Copyrights

      • Protecting Innovation During the 3D Revolution

        3D printers have revolutionized research and development. Where it used to take weeks to get a prototype built for testing, now one can be printed in hours. New and innovative uses for 3D printers keep popping up in more and more industries – from food, to homes, and even prosthetic limbs. Additionally, 3D printers are becoming steadily more affordable and portable. However, for producers of potentially (and / or intentionally) 3-D printed goods, the question of how to protect their innovations rises front and center.

      • Accused Pirate Tries For Attorney’s Fees After Copyright Troll Attempts To Run Away From Discovery

        When we talk about the scourge that is copyright troll operations, and the wide path of legal destruction they’ve caused throughout the world, it can be easy to lose sight of just how precarious a business model it can be for the trolls. Loathe as any writer should be to engage in cliche, it is simply true that the best response to shut down this kind of non-litigious bullying is to simply punch back. After all, it is quite clear at this point that the last thing these trolling operations want as a response to their lawsuit-threat letters is for any actual lawsuit to be conducted. More specific to this story is how Guardaley, the shady German company that appears to setup shell operations throughout the world and cultivate law firms to enforce its operations, all too often forgets to bring any actual evidence to the courtroom when it does show up there and which otherwise does everything it can to stay out of the courtroom altogether.

        Again, bullies will tend to back down when you fight back against them. But backing down doesn’t have to be the end of the story, as demonstrated by one Utah man that received a copyright trolling threat letter from an outfit called Criminal Productions (super on the nose, there, guys…), immediately lawyered up, and demanded that discovery begin.

      • Topple Track Attacks EFF and Others With Outrageous DMCA Notices

        At EFF, we often write about abuse of the Digital Millennium Copyright Act (DMCA) takedown process. We even have a Hall of Shame collecting some of the worst offenders. EFF is not usually the target of bad takedown notices, however. A company called Topple Track has been sending a slew of abusive takedown notices, including false claims of infringement levelled at news organizations, law professors, musicians, and yes, EFF.

      • Vodafone Blocks Libgen Following Elsevier, Springer & Macmillan Injunction

        An ISP in Germany says it is required to block access to Libgen, a huge online repository of free books and academic articles. Vodafone says that publishing giants Elsevier, Springer, and Macmillan obtained an injunction from the Munich Regional Court in July, one that will prevent users from accessing the service directly.

      • Nintendo ROM Fallout: EmuParadise Terminates All Game Downloads

        EmuParadise, a site dedicated to retro gaming for the past 18 years, has announced that it will no longer be offering classic game ROMs for download. Hinting at Nintendo’s recent lawsuits against other ROM sites, EmuParadise’s operator notes that the climate around retro games has changed and he’s not prepared to gamble with the future of his team members.

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts