Bonum Certa Men Certa

Links 30/8/2018: Purism's Chatty and HHVM 3.28.0



GNOME bluefish

Contents





GNU/Linux



Free Software/Open Source



  • 389 Directory Server set to replace OpenLDAP as Red Hat and SUSE withdraw support for OpenLDAP in their Enterprise Linux offerings
    Red Hat and SUSE have withdrawn their support for OpenLDAP in their Enterprise Linux offers, which will be replaced by Red Hat’s own 389 Directory Server.

    The openldap-server packages were deprecated starting from Red Hat Enterprise Linux (RHEL) 7.4, and will not be included in any future major release of RHEL. SUSE, in their release notes, have mentioned that the OpenLDAP server is still available on the Legacy Module for migration purposes, but it will not be maintained for the entire SUSE Linux Enterprise Server (SLE) 15 lifecycle.


  • Open Source Integration Leader WSO2 Appoints Darin Bartik as New Chief Marketing Officer


  • Autogrow releases OpenMinder root monitoring system
    Global ag-tech innovator Autogrow has unveiled an open-source root zone monitor as part of an "open-collaboration" platform.

    “OpenMinder is a product that someone can build themselves, but more than that it represents where this industry is going with open-collaboration, APIs and a focus on water sustainability,” explains CEO Darryn Keiller.

    “Governments and local legislators around the world are tightening the rules for growers when it comes to water usage and run-off. Growers need to use any and all tools at their disposal to ensure they are not only growing sustainably but have the data to back it up.”

    OpenMinder is an open-source DIY project from Autogrow targeted to technology developers and for application with small growers. Released under a Creative Commons BY-NC-SA license, OpenMinder provides an open-source API used in conjunction with a Raspberry Pi HAT.


  • Web Browsers



    • Brave Open Source Blockchain Web Browser Sees 10 Million Downloads
      A recent tweet shared by Brave Software has uncovered yet another milestone the firm has attained. Since the launch of Brave, a total of 10 million downloads have been made through Google Play. This particular browser is unique as it not only focuses on one’s web surfing experience, but also prevents advertisements from further ruining it. Most importantly, content creators and regular users get compensated for their contributions (i.e. through Basic Attention Token or BAT).



    • Brave Browser Surpasses 10 Million Downloads on Android
      The user-privacy oriented web browser has passed ten million downloads, a huge milestone for both Brave and the BAT team


    • BAT-Enabled Brave Browser Hits 10 Million Downloads


    • Mozilla



      • Nebulet: A Rust Microkernel Running WebAssembly In Ring 0
        You should likely be familiar with WebAssembly as the binary format for executing code within web pages that can be nearly as fast as running native machine code -- and certainly much faster than JavaScript. A new research project has been exploring running WebAssembly in the CPU's Ring 0 -- yes, the highest privileged state of the processor -- in the name of better performance.


      • Dweb: Building Cooperation and Trust into the Web with IPFS


        In this series we are covering projects that explore what is possible when the web becomes decentralized or distributed. These projects aren’t affiliated with Mozilla, and some of them rewrite the rules of how we think about a web browser. What they have in common: These projects are open source, and open for participation, and share Mozilla’s mission to keep the web open and accessible for all.

        [...]

        We’re a team of people all over the world working on IPFS, an implementation of the distributed web that seeks to replace HTTP with a new protocol that is powered by individuals on the internet. The goal of IPFS is to “re-decentralize” the web by replacing the location-oriented HTTP with a content-oriented protocol that does not require trust of third parties. This allows for websites and web apps to be “served” by any computer on the internet with IPFS support, without requiring servers to be run by the original content creator. IPFS and the distributed web unmoor information from physical location and singular distribution, ultimately creating a more affordable, equal, available, faster, and less censorable web.

        IPFS aims for a “distributed” or “logically decentralized” design. IPFS consists of a network of nodes, which help each other find data using a content hash via a Distributed Hash Table (DHT). The result is that all nodes help find and serve web sites, and even if the original provider of the site goes down, you can still load it as long as one other computer in the network has a copy of it. The web becomes empowered by individuals, rather than depending on the large organizations that can afford to build large content delivery networks and serve a lot of traffic.


      • Data Science is Hard: Counting Users
        These cars all count if you’re interested in usage. It’s all well and good to know the number of cars using your parking lot right now… but is it lower on weekends? Holidays? Are you measuring on a rainy day when fewer people take bicycles, or in the Summer when more people are on vacation? Do you need better signs or more amenities to get more drivers to stop? Are you going to have expand capacity this year, or next?

        Yesterday we released the Firefox Public Data Report. Go take a look! It is the culmination of months of work of many mozillians (not me, I only contributed some early bug reports). In it you can find out how many users Firefox has, the most popular addons, and how quickly Firefox users update to the latest version. And you can choose whether to look at how these plots look for the worldwide user base or for one of the top ten (by number of Firefox users) countries individually.

        It’s really cool.

        The first two plots are a little strange, though. They count the number of Firefox users over time… and they don’t agree. They don’t even come close!


      • On leaving Mozilla
        I didn’t want to write one of those “all@” goodbye emails. At best, they generate ambivalence, maybe some sadness. And maybe they generate clutter in the inboxes of people who prefer to their inboxes uncluttered. The point is, they don’t seem to improve things. I’m not sending one.

        But I have taken the decision to leave Mozilla as a full-time employee. I’m leaving the industry, in fact. For the last 10 years, for everything I’ve learned, for the many opportunities and for the shared achievements, I’ve got nothing but gratitude towards my friends and colleagues. I cannot imagine I’ll work anywhere quite like this again.

        Long before I joined Mozilla, it was the organisation that had restored my optimism about the future of tech. From the dark days of the dot-com crash and the failure of platform-independent client-side internet applications to live up to their initial promise (I’m looking at you, Java applets), Firefox showed the world that openness wins. Working here was always more than a job. It has been a privilege.


      • These Weeks in Firefox: Issue 44


      • Siggen (Socorro signature generator) v0.2.0 released!
        Siggen (sig-gen) is a Socorro-style signature generator extracted from Socorro and packaged with pretty bows and wrapping paper in a Python library. Siggen generates Socorro-style signatures from your crash data making it easier for you to bucket your crash data using the same buckets that Socorro uses.


      • Standup report: End of days


        Standup is a system for capturing standup-style posts from individuals making it easier to see what's going on for teams and projects. It has an associated IRC bot standups for posting messages from IRC.






  • Databases



    • Lab Notes: How We Made Joins 23 Thousand Times Faster, Part Three

      This post is the final part of a three-part miniseries that looks at how we improved join performance in the CrateDB 3.0 release.

      In part one of this miniseries, I went over the reasons we chose to implement the hash join algorithm as an alternative to the nested loop algorithm. With that initial set of changes in place, we were able to make joins up to two thousand times faster.

      In part two, I explained how we addressed the memory limitations of the basic hash join algorithm with a switch to block-based processing. That is, dividing a large dataset up into smaller blocks that can be worked on separately. This change improved our performance gains by another 50%.

      This brings us to the final set of changes.



  • Pseudo-Open Source (Openwashing)



  • FSF/FSFE/GNU/SFLC



    • Friday Hack Chat: GNU RadioFriday Hack Chat: GNU Radio
      Our guests for this week’s Hack Chat will be Derek Kozel and Nate Temple, officers of the GNU Radio project. They’re also organizers of this year’s GNU Radio Conference. Also joining in on the Hack Chat will be Martin Braun, community manager, PyBOMBS maintainer, and GNU Radio Foundation officer.


    • bison-3.1 released




  • Openness/Sharing/Collaboration



    • Open Hardware/Modding



      • Video: A Different Linus talks about an Open CPU
        We have had a few discussions about the RISC-V development (at the BozemanLUG meetings). Some Fedora folks have gotten Linux working on some of the RISC-V development boards. There appear to be several layers to the overall design from the low-end moving up. Can RISC-V ever become a viable, mainstream alternative? Time will tell... but at the very least, seeing such developments gives me some hope. Here's a somewhat mainstream "youtuber" talking about RISC-V and given the number of views so far, maybe the word / information will break through.


      • Essential should open source its accessories platform
        With all these shortcomings, the company has struggled under the father of Android, Andy Rubin. Sales estimations of the PH-1 have come in well below 200,000 units. Subsequently, the rumors have been rampant that the company is up for sale to get out from under its debts. Another struggle has been its proprietary accessory system. That’s the topic I’d like to take on in this post. Essential should open source its plans for mods.


      • 3D-Printed Firearms Are Blowing Up


        If you follow 3D printing at all, and even if you don't, you've likely seen some of the recent controversy surrounding Defense Distributed and its 3D-printed firearm designs. If you haven't, here's a brief summary: Defense Distributed has created 3D firearm models and initially published them for free on its DEFCAD website a number of years ago. Some of those 3D models were designed to be printed with a traditional home hobbyist 3D printer (at least in theory), and other designs were for Defense Distributed's "Ghost Gunner"—a computer-controlled CNC mill aimed at milling firearm parts out of metal stock. The controversy that ensued was tied up in the general public debate about firearms, but in particular, a few models got the most attention: a model of an AR-15 lower receiver (the part of the rifle that carries the serial number) and "the Liberator", which was a fully 3D-printed handgun designed to fire a single bullet. The end result was that the DEFCAD site was forced to go offline (but as with all website take-downs, it was mirrored a million times first), and Defense Distributed has since been fighting the order in court.

        The political issues raised in this debate are complicated, controversial and have very little to do with Linux outside the "information wants to be free" ethos in the community, so I leave those debates for the many other articles on this issue that already have been published. Instead, in this article, I want to use my background as a hobbyist 3D printer and combine it with my background in security to build a basic risk assessment that cuts through a lot of the hype and political arguments on all sides. I want to consider the real, practical risks with the 3D models and the current Ghost Gunner CNC mill that Defense Distributed provides today. I focus my risk assessment on three main items: the 3D-printed AR-15 lower receiver, the Liberator 3D-printed handgun and the Ghost Gunner CNC mill.






  • Programming/Development



    • HHVM 3.28.0
      HHVM 3.28 is released! This release contains new language features, bugfixes, performance improvements, and improvements to the debugger and editor/IDE support.


    • Mozilla's Firefox Nightly Experiment Results, EFF's Back to School Tips, HHVM 3.28 Released, Oracle Solaris 11.4 Now Available and Dropbox Vulnerability Discovered
      HHVM 3.28 was released yesterday. This new release of the open-source virtual machine for executing programs written in Hack and PHP "contains new language features, bugfixes, performance improvements, and improvements to the debugger and editor/IDE support."


    • HHVM 3.28 Released With More Performance Improvements, Language Features
      Facebook developers maintaining the HHVM interpreter for running PHP and Hack code have announced the HHVM 3.28.0 update.

      HHVM 3.28 continues their theme of introducing minor language additions, various performance improvements, better debugging support, and different bug-fixes.


    • MIT Releases A Free and Open Source Computer Programming Language to the Public


      The MIT-developed programming language, Julia 1.0 has been officially released to the public. Julia has been in development by MIT for almost a decade and made its official public debut during JuliaCon, an annual conference of Julia users.

      Julia 1.0 is a free open source programming language available worldwide. “Julia has been revolutionizing scientific and technical computing since 2009,” says MIT Professor Alan Edelman.


    • rlife : a cellular automata library written in Rust
      So rlife is a life library written in Rust. It aims at allowing to do manipulations on cellular automata, like computing the next generation of a CA, loading/saving a CA from/to a file, do various analysis on it (like locating the coordinates of a pattern, counting the number of living cells) and other manipulations. The main object of this library is the Gridthat represents the grid of the CA and it also stores all its properties (the file format used, the rulesets, the current size of the grid, etc…). This library could allow some developers to use CAs with a high level of abstraction and have the possibility to do many (in the future…) operations on it.
    • cmocka version 1.1.2 released
      I’m happy to announce version 1.1.2 of cmocka, a unit testing framework for C with mocking support.






Leftovers



  • Hardware

    • Working Apple-1 computer could sell for price of a supercar

      Steve Jobs and Steve Wozniak produced about 200 Apple-1 computers in the mid-1970s and around 60 of those are known to still exist today. Every so often one pops up at auction and manages to sell for a price that could easily purchase a home in most locations.



    • For Sale: 1976 Apple 1. Still Works, Asking $300,000 OBO
      An original Apple 1, hand-built by Steve Wozniak in 1976, is up for auction in September. It’s expected to sell for $300,000 or more.

      Steve Jobs and Wozniak only made 200 Apple 1 devices, making this an extremely rare piece of computer history. It was one of the first home computers that didn’t require soldering.




  • Security



    • Security updates for Wednesday


    • Password managers: Please make sure AutoFill is secure!
      Dear developers of password managers, we communicate quite regularly, typically within the context of security bug bounty programs. Don’t get me wrong, I don’t mind being paid for finding vulnerabilities in your products. But shouldn’t you do your homework before setting up a bug bounty program? Why is it the same basic mistakes that I find in almost all password managers? Why is it that so few password managers get AutoFill functionality right?

      Of course you want AutoFill to be part of your product, because from the user’s point of view it’s the single most important feature of a password manager. Take it away and users will consider your product unusable. But from the security point of view, filling in passwords on the wrong website is almost the worst thing that could happen. So why isn’t this part getting more scrutiny? There is a lot you can do, here are seven recommendations for you.


    • Kali Linux's New Version 2018.3, Open-Source License War, Lenovo Announces Five New Android Tablets, Google Releases Open-Source Reinforcement Learning Framework and KD Chart Update
      Kali Linux recently announced its third release of 2018. Version 2018.3 features several new tools: idb, an iOS research/penetration-testing tool; gdb-peda, Python Exploit Development Assistance for GDB; datasploit, OSINT Framework to perform various recon techniques; and kerberoast, Kerberos assessment tools. See the Change Log for more information on all the changes, and download Kali from here.


    • The Difference Between Sandboxing, Honeypots & Security Deception
      A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.

      Networks, cyberattacks, and the strategies used to stop them are continuously evolving. Security deception is an emerging cyber-defense tactic that allows researchers and information security professionals to observe the behavior of attackers once they've gained access to what they think is a business network.

      The term "security deception" only came into wide usage in the last year, so it can be difficult to tell how exactly these solutions are different from other tools that try to trick attackers, such as sandboxing and honeypots. Like these other tactics, security deception fools attackers and malicious applications into revealing themselves so that researchers can devise effective defenses against them, but it relies more on automation and scale, and requires less expertise to set up and manage. Each of these technologies has unique requirements and ideal use cases. To understand what those are, we'll need to look at each of them in more detail.


    • Windows Task Scheduler Zero-Day Exposed; No Patch Available
      A zero-day flaw has been revealed by a Twitter user SandboxEscaper, for the Windows Task Scheduler in 64-bit Windows 10 and Windows Server 2016 systems. Apparently, this vulnerability is out in the wild, and there are no known patches or specific workarounds at present.

      US-CERT has confirmed that the exploit works on 64-bit Windows 10 and Windows Server 2016 systems and is rooted in the Windows task scheduler.
    • Task Scheduler ALPC exploit high level analysis
      Yesterday SandboxEscaper tweeted an local privilege escalation exploit for Windows, which currently has no patch. It’s a really neat flaw, in particular how it is exploited.
    • OpenSSH Versions Since 2011 Vulnerable to Oracle Attack [Ed: Bleeping Computer is not a security news site but alarmist site that hypes up pretty ordinary bugs; Catalin is a lot worse]
      Security researchers from Qualys discovered a new username enumeration problem in the latest version of OpenSSH. It allows an attacker to try out various usernames on the server and determine which ones are valid. The vulnerability received tracking number CVE-2018-15919.
    • ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem

      AT commands, originally designed in the early 80s for controlling modems, are still in use in most modern smartphones to support telephony functions. The role of AT commands in these devices has vastly expanded through vendor-specific customizations, yet the extent of their functionality is unclear and poorly documented. In this paper, we systematically retrieve and extract 3,500 AT commands from over 2,000 Android smartphone firmware images across 11 vendors. We methodically test our corpus of AT commands against eight Android devices from four different vendors through their USB interface and characterize the powerful functionality exposed, including the ability to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, and inject touch events solely through the use of AT commands. We demonstrate that the AT command interface contains an alarming amount of unconstrained functionality and represents a broad attack surface on Android devices.

    • How These Android Smartphone Can Be Hacked With Simple AT commands
      According to a research, millions of Android devices from 11 OEMs are vulnerable to attacks from simple AT commands.

      These AT commands or Attention commands are a short collection of strings which were designed to transmit via phone line and modems, back in the 1980s. Earlier, these commands were used for a modem dial-up, hang up, and change specific connection settings.


    • Slackware Releases L1TF Mitigation Updates for v14.2
      The Slackware Linux Project team has just released kernel updates for its Slackware version 14.2 which was initially released on the first of July this year. According to the advisory released with the updates, the new kernel packages made available are specifically drafted to mitigate several imminent and emerging security concerns in the operating system.




  • Defence/Aggression



    • Ex-CIA officer responded to reports of informants in Russia
      The American intelligence service, which claimed to have informants in Russia was bluffing, RIA “Novosti” the statement of former CIA officer, Executive Director of the American Council for the national interest Philip Giraldi.

      “Senior intelligence officials never so simple and openly admit that they have sources rank high in the Kremlin,” said Giraldi.


    • Using the CIA to Extricate Us From Endless Cycle of Wars
      War in the Middle East is every U.S. president’s own ice cream challenge. It seems as if they all declare at the outset of their term that they want to focus on a domestic agenda to grow economic prosperity at home. Americans and much of the world breathe a sigh of relief over the idea of break from war. Unfortunately, it never pans out because some kind of pretext for re-engagement inevitably materializes.

      But what if an American president decided that even if the freezer conked out, melting all the ice cream, he still wasn’t going to rationalize the need to touch it?

      No recent president has been able to do that. Instead, the melted ice cream — now basically a milkshake — beckons to them. Suddenly, they’re having nightmares about another country stealing and drinking their disgustingly warm milkshake, so they raid the broken freezer and gorge themselves.

      Soon they discover that they’re in too deep and will never purge all those calories at the gym, so they double down by camping out in case more freezer items just happen to end up defrosting. Camp Leatherneck in Afghanistan’s Helmand Province didn’t come about much differently than Camp Busted Freezer.


    • WaPo Uses Photo of John McCain Next to Nazi to Praise His ‘Human Rights’ Work
      The Washington Post (8/27/18) published an op-ed by conservative staff opinion columnist Jennifer Rubin praising the late Sen. John McCain for his supposed commitment to “human rights.”

      Rubin waxed poetic on the ostensible “lost champion” of human rights, who “model[ed] for others the behavior of a free society.” She declared, quite paradoxically, “With the possible exception of the US military…no group was more indebted to Sen. John McCain (R-Ariz.) than the human rights community.”

      There was an, er, optical problem, however: For the header image on this column, the Washington Post used a photo of McCain speaking next to the notorious Ukrainian neo-Nazi leader Oleh Tyahnybok.

      Tyahnybok, a longtime fascist, has called for a war on the so-called “Muscovite-Jewish mafia” (BBC, 12/26/12). The far-right leader has attacked the role of “Jews-Bolsheviks” in his country’s history, and claims that there is still today a cabal of “Jewish oligarchs who control Ukraine” (JTA, 3/25/09).

      John McCain met with Tyahnybok and stood next to him as the senator gave a speech in Ukraine in late 2013, as Business Insider (12/16/13) reported at the time. The Washington Post indicated in the caption on its header image that McCain was “wav[ing] to protesters during a mass rally of the opposition in Kiev, Ukraine, on December 15, 2013.” But it failed to identify the man standing next to the Arizona senator—or his extremist politics, which are the antithesis of human rights.

      McCain was in the Eastern European nation—along with Democratic Senator Chris Murphy — to cheer on the ongoing right-wing protest movement. In February 2014, this movement was successful: Ukraine’s democratically elected, pro-Russian government was overthrown in a coup, in which fascist forces played a significant role (FAIR.org, 3/7/14).

      [...]

      Tyahnybok is far from a minor player in Ukraine. And since the US-backed coup, he has become increasingly influential.

      Tyahnybok has been the leader of the fascist, ultra-nationalist Ukrainian political party Svoboda since its founding in 2004. Svoboda has its origins in the explicitly neo-Nazi Social-National Party of Ukraine, which proclaimed, “We are the last hope of the white race, of humankind as such.”


    • Flordia AG Somehow Pivots To The Danger Of Video Games After The Latest Florida Shooting
      There is a long tradition in conservative politics for blaming video games whenever a mass shooting is carried out by a relatively young person. It's a monumentally stupid argument, given the complicated and twisted nature of mass shootings and the motivations behind them. But, since policy and politics are now offered merely in soundbite formats, the end result of a mass shooting is for every person to retreat to their familiar corners and make lots of noises that ultimately accomplish nothing but stagnation.

      The mass shooting that happened in Florida recently could have been a different story. While it indeed happened at a video game tournament, the gamers involved were playing Madden, not some violent shoot 'em up. If playing a football video game makes people angry enough to shoot people, just wait until those decrying video game violence turn on their TVs on Sunday and realize that there are actual people playing the same game for real. There was no indication anywhere that this shooting was carried out by anything other than an individual that likely had some severe mental problems and access to weapons. And, yet, somehow Florida Attorney General Pam Bondi addressed this latest shooting by pivoting directly to the dangers of kids playing video games and the predators that will harm them.


    • Florida's Attorney General Finds Baffling New Way to Blame Jacksonville Shooting on Video Games
      After a mass shooting, pro-gun activists often reach for ways to explain how it could have happened yet again that isn’t “there too many people have guns and they’re too easy to get.” This weekend’s shooting in Jacksonville, FL, at a Madden video game tournament has proved to be no exception, with Florida Attorney General Pam Bondi supplying the obvious alternate explanation—it’s about video games—but with a fascinating twist.




  • Transparency/Investigative Reporting



  • Environment/Energy/Wildlife/Nature



    • Nuclear Safety Board Slams Energy Department Plan to Weaken Oversight
      A new Department of Energy order that could be used to withhold information from a federal nuclear safety board and prevent the board from overseeing worker safety at nuclear facilities appears to violate longstanding provisions in the U.S. Atomic Energy Act, the board’s members said Tuesday.

      Members of the Defense Nuclear Facilities Safety Board, both Democrats and Republicans, were united in their criticism of the Energy Department’s order, published in mid-May. It prevents the board from accessing sensitive information, imposes additional legal hurdles on board staff, and mandates that Energy Department officials speak “with one voice” when communicating with the board.

      The Santa Fe New Mexican and ProPublica first reported on the order’s existence in July but the board called for a special hearing, saying its members had no formal input before the document was finalized.

      At that hearing in Washington, D.C., Tuesday morning, the first of three on the topic, officials from the Energy Department and its National Nuclear Security Administration, which oversees the nation’s nuclear stockpile, said the changes were largely innocuous and were necessary to update a 17-year-old guidance manual.






  • Finance



  • AstroTurf/Lobbying/Politics



  • Censorship/Free Speech



    • Facebook has removed all cross-posted tweets

      Facebook users are complaining the company has removed the cross-posted tweets they had published to their profiles as Facebook updates. The posts’ removal took place following the recent API change that prevented Twitter users from continuing to automatically publish their tweets to Facebook. According to the affected parties, both the Facebook posts themselves, as well as the conversation around those posts that had taken place directly on Facebook, are now gone. Reached for comment, Facebook says it’s aware of the issue and is looking into it.



    • Facebook is deleting timeline posts that users cross-published from Twitter

      The changes went into effect starting August 1st. But it now appears that not only did Facebook disable the ability to use cross-posting between Twitter and its own social network on that date, but it also forcibly removed all the posts users had made using that feature. For users that may have been deleting their tweets but keeping a repository of the information on Facebook, where it’s more easily kept hidden from the public, it would seem the posts are gone for good.

    • Punjab's proposed amendment to blasphemy law Section 295 AA: Amarinder's move arms religious fanatics against free speech
      # https://www.firstpost.com/india/uproar-expected-in-punjab-as-amarinder-govt-moves-to-table-bill-introducing-amends-to-section-295-aa-blasphemy-law-today-5059111.html

      The proposed law inserts Section 295AA to the IPC to provide: "whoever causes injury, damage or sacrilege to Sri Guru Granth Sahib, Srimad Bhagwad Geeta, Holy Quran and Holy Bible with the intention to hurt the religious feelings of the people, shall be punished with imprisonment for life." For the past few centuries, there has been a movement of ideas worldwide to separate religion from the state. Chief Minister Amarinder is seeking to revert this process of enlightenment.

      [...]

      In India, there has been a long tradition of free speech, which is now under attack from a range of forces who have roots in religion and institutions of the government in India. In 2017, a group of University of Lucknow students, including girls, spent three weeks in jail for showing black flags to Chief Minister Yogi Adityanath. Indian youths are being imprisonment for posting political comments on Facebook and other social media. This is an attack on our democratic tenets.



    • Microsoft’s president explains how the Gab shutdown notice went from customer support to his desk
      In a wide-ranging interview on The Vergecast this week, Microsoft president and chief legal officer Brad Smith expanded on why the company nearly shut down Gab.ai, the “free-speech” absolutist platform that’s become an alt-right favorite.

      Earlier this month, Microsoft sent a notice to Gab threatening to end the company’s Azure cloud service if it did not remove two anti-Semitic hate speech posts within 48 hours. The notice, which Gab said would cause the social network to “go down for weeks/months,” sent the social network’s operators into a frenzy. But Smith said Microsoft headquarters in Redmond, Washington, was asleep when the notice was sent.

      [...]

      The posts, which advocated for genocidal violence against Jewish people, were removed by the poster before Microsoft’s takedown deadline. “Whoever made that call while we were sleeping made the right call,” Smith said.





  • Privacy/Surveillance



    • WhatsApp Data Backed Up On Google Drive Won’t Be Encrypted
      WhatsApp had recently announced that Android users will be able to store their chats on Google Drive starting from November 12, 2018.

      Those backups won’t be counted towards Google Drive’s storage quota. But WhatsApp has warned that the free backup service offered by Google will no longer be protected with end-to-end encryption.
    • Appeals Court Asks the Right Questions in NSA Surveillance Case
      On Monday, the Second Circuit Court of Appeals in New York held argument in United States v. Hasbajrami, an important case involving surveillance under Section 702 of the FISA Amendments Act. It is only the second time a federal appeals court has been asked to rule on whether the government can collect countless numbers of electronic communications—including those of Americans—and use these communications in criminal investigations, all without a warrant. In a lengthy and engaged argument [.mp3], a three-judge panel of the Second Circuit heard from lawyers for the United States and the defendant Agron Hasbajrami, as well as from ACLU attorney Patrick Toomey representing ACLU and EFF, which filed a joint amicus brief in support of the defendant. As we explained to the court in our amicus brief and at the argument, this surveillance violates Americans' Fourth Amendment rights on a massive scale.

      Hasbajrami is a U.S. resident who was arrested at JFK airport in 2011 on his way to Pakistan and charged with providing material support to terrorists. Only after his conviction did the government explain that its case was premised in part on emails between Hasbajrami and an unnamed “Individual #1”—a foreigner associated with terrorist groups—obtained using PRISM, one of the government’s Section 702 programs.

      Under Section 702, the government is authorized to warrantlessly intercept private online communications of foreigners located outside the U.S., an authority that the government claims extends to conversations between foreigners and Americans, so long as it doesn’t intentionally target specific Americans.


    • German antitrust watchdog plans action on Facebook this year

      The Federal Cartel Office objects in particular to how Facebook acquires data on people from third-party apps - including its own WhatsApp and Instagram services - and its online tracking of people who aren’t even members.



    • ‘Digital shackles’: the unexpected cruelty of ankle monitors

      Birts pays $30 per day – that’s $840 per month – for the privilege of wearing the bulky device. It sucks up all his income, leaving him homeless and sleeping in his Ford Escape in Oakland.

      [...]

      Edwards is using the legal system to fight back. He is part of a class-action lawsuit against LCA and Alameda county, filed in early August, which accuses the county of allowing a private company to make profit-driven decisions about people’s freedoms, denying them due process. It accuses LCA of extorting fees from people through the threat of incarceration, in violation of federal racketeering laws.



    • Indiana Appeals Court Says Forcing Someone To Unlock Their Phone Violates The 5th Amendment
      Passwords and PINs still beat fingerprints when it comes to the Fifth Amendment. But just barely. Nothing about the issue is settled, but far more cases have been handed down declaring fingerprints to be non-testimonial. Fingerprints are obtained during the booking process -- a physical, traceable representation of the suspect. If they can be obtained during booking, they can certainly be obtained again to unlock a device. A physical aspect of a human being can't be considered "testimonial" as far as courts have interpreted the Fifth Amendment.

      Passwords are a different story, but not by much. In a handful of cases, courts have said the compelled production of passwords and PINs has no Fifth Amendment implications. Defendants, conversely, have argued compelled password production forces them to testify against themselves by facilitating the production of evidence to be used against them.

      This argument hasn't had much success. Judges have frequently found password production to be just as non-testimonial as a person's fingerprint. The argument here is that all law enforcement wants is a password, not the production of evidence. Under the "foregone conclusion" theory, all the government has to prove is that the person being asked to unlock a device can unlock the device.

      This decouples password production from its consequences: the production of evidence by defendants that the government will use against them in court. When this theory is applied, the Fifth Amendment is sidelined and replaced with the ultra-low bar of foregone conclusion.


    • WhatsApp is storing unencrypted backup data on Google Drive

      However, the company has now confirmed that the act of encrypting the data between WhatsApp and Google is not part of the end-to-end encryption that the company offers for its conversations.



  • Civil Rights/Policing



    • Facebook fugitive fights U.S. request to extradite him from Ecuador: lawyer

      The criminal case arose from Ceglia’s conduct related to a2010 civil lawsuit he had filed against Zuckerberg.

      Ceglia claimed that Zuckerberg had, while a student at Harvard University, signed a 2003 contract giving him half of a planned social networking website that later became Facebook.



    • Alleged Facebook scammer arrested in Ecuador, will resist extradition

      In a new court filing submitted last week, federal prosecutors said that a criminal defendant accused of attempting to extort Facebook itself has now been arrested in Ecuador.

      € 

      That man, Paul Ceglia, has been a fugitive since 2015. At that time, he cut off his ankle monitor and fled with his wife, kids, and dog. The American government is now trying to extradite Ceglia.



    • Tech Titans Dish Advice About Phone Addiction

      Your phone is training you to be its servant. Here’s how to fight back.

    • FrOSCon 2018
      In her keynote "Blessed by the algorithm - the computer says no!" Lorena detailed the intersection of ethics and technology when it comes to automated decision making systems. As much as humans with a technical training shy away from questions related to ethics, humans trained in ethics often shy away from topics that involve a technical layer. However as technology becomes more and more ingrained in everyday life we need people who understand both - tech and ethical questions.

      Lorena started her talk detailing how one typical property of human decision making involves inconsistency, otherwise known as noise: Where machine made decisions can be either accurate and consistent or biased and consistent, human decisions are either inconsistent but more or less accurate or inconsistent and biased. Experiments that showed this level of inconsistency are plenty, ranging from time estimates for tasks being different depending on weather, mood, time of day, being hungry or not up to judges being influenced by similar factors in court.


    • Check Out My Presentation “How To Win A Grassroots Media Rebellion“ At The Ron Paul Institute Conference
      Here’s a speech I gave for the Ron Paul Institute Peace and Prosperity Conference titled “How To Win A Grassroots Media Rebellion“. The audio feed for this recording doesn’t pick up the audience, so when you see me pausing with a delighted look on my face it’s because people are applauding, not because I’m having a stroke.


    • Fact-Checking The Prison Strike: Marshall Project Reveals Bias Against Prisoner-Led Resistance
      One of the primary differences between this year’s prison strike for basic human rights and dignity and the one that took place in 2016 is the level of media attention it has attracted.

      Far more journalists are paying attention this year, but rather than examine the message of the strike seriously, several outlets—especially those claiming to specialize in these issues—are more concerned with interrogating the messengers. It is as if the prison strike might be a stunt by conniving prisoners and backed by clueless activists—both which want to see their names splashed all over the internet.

      A quintessential example of this came from the Marshall Project, a nonprofit news organization that was founded by former hedge fund manager Neil Barsky in 2014. The organization prides itself on being a credible and reliable source of information on everything from prisons to police and the courts. According to their website, they “[seek] to create and sustain a sense of national urgency about the U.S. criminal justice system.”

      The Marshall Project managed to get out in front of other mainstream reporting on the prison strike, establishing themselves as an expert source for interviews and insights on the action. Reporting fellow, Nicole Lewis, was invited on popular national media platforms to discuss her piece, “What’s Really Happening With The Prison Strike?”

      But Lewis’s article is littered with prejudice and innuendo that casts doubt on the legitimacy and trustworthiness of strikers and their outside supporters. It includes the perspectives of activists, but plays into biases against incarcerated people by suggesting they might not be telling the truth about their struggle for human rights.

      The article from the Marshall Project appears to be a fact check of the prison strike. “Some outlets simply reported unchecked information put out by the outside strike organizers,” Lewis writes, without naming any particular outlets. But the only “unchecked information” Lewis seems to highlight is the number of prisons participating.

      Lewis clearly believes organizers are exaggerating the extent of the strike. Yet, by focusing on this aspect, she ignores the demands and the conditions that fueled the latest round of resistance.


    • On National Security, Kavanaugh Has a History of Extreme Deference to the President
      Trump’s pick for the Supreme Court has a record of extreme deference to the executive on national security cases, including unlawful detention.

      A week before his confirmation hearing, the public record on Judge Brett Kavanaugh’s possible involvement in some of the Bush administration’s most abusive policies and programs is woefully incomplete.

      Kavanaugh, President Trump’s nominee for the Supreme Court, served in the White House soon after 9/11 when the Bush administration launched many of its most infamous programs in the name of national security. Leading senators have said that, during his 2006 confirmation hearing for the D.C. Circuit Court of Appeals, Kavanaugh may have provided misleading or inaccurate information about his involvement in developing those policies. Senators have rightly called for access to and public release of all documents from his White House stint, so we know any role he might have played in developing or reviewing the Bush administration’s torture, detention, and surveillance programs.

      But despite these holes, Kavanaugh does have a well-developed record in cases involving national security, civil liberties, and human rights from his time on the D.C. Circuit. That record shows extreme deference to presidential claims to act unchecked in the name of war or national security. It also demonstrates hostility to international law as a constraint on government action as well as an unwillingness to hold the government to account when it violates the constitutional and human rights of U.S. citizens and noncitizens.


    • Amazon Pays Employees To Chirp Happily On Twitter About Wonderful Working Conditions
      For several years now, there have been a parade of articles examining the "churn and burn" culture at Amazon. For example a 2015 New York Times piece profiled the "bruising" culture at the company while noting that employees weeping at their desk was not an uncommon sight. And while the profile was contested by some employees at the company, a substantial number of different reports have also highlighted the poor working conditions in Amazon distribution warehouses, including employees having to pee in garbage cans for fear of missing targets by going to a proper restroom.

      Hoping to correct the "public perception" of poor working conditions at the company's warehouses, Amazon executives have crafted a new "solution" to the problem. They've started paying some warehouse employees to create Twitter accounts and speak positively of not only their working experiences, but CEO Jeff Bezos.




  • Internet Policy/Net Neutrality



    • To protect big telcos, Zambia wants to tax calls made over social media apps

      The new tariff, announced last week, will be collected through mobile phone companies and [I]nternet service providers. The fee will be charged at a daily rate at 30 ngwee (3c) per day, irrespective of how many [I]nternet calls are made, explained minister of information and broadcasting Dora Siliya.



    • Zambia to tax internet calls to protect telecoms firms

      Internet has become important for civil society in Zambia, and activists worry the tax will curtail freedom of expression.

      € 

      "We have noted that it’s part of the systematic attempt by the state to stifle freedom of expression online. This is an assault to freedom of expression and association," said Richard Mulonga, head of the online rights group Bloggers of Zambia.



    • Big Telecom Is Using Robocalls to Fight a Net Neutrality Bill in California

      CJAC’s robocalls ares not the only campaign spreading scary claims about soaring cell phone bills: ads on Facebook and Twitter, as well as physical flyers opposing the net neutrality bill and paid for by AT&T-backed advocacy group CALInnovates have been reported across California.



    • Big Telecom Resorts To Lying To Senior Citizens To Scuttle Net Neutrality In California
      With the bipartisan majority of Americans supporting net neutrality, the broadband industry often has to resort to outright falsehoods to try and make its case that we don't need net neutrality rules (or any meaningful oversight of natural telecom monopolies). From paying civil rights groups to parrot industry positions to hiring fake journalists to deny the obvious, the broadband industry has a long, proud, multi-decade history of using outright bullshit to scare the public, press and regulators away from the idea of net neutrality.

      The latest case in point: after AT&T lobbyists successfully sabotaged initial efforts to pass new net neutrality rules in California, the state this week revisited the effort with a new vote on the state assembly floor. In a bid to try and scuttle the effort, an AT&T-linked group by the name of Civil Justice Association of California (CJAC) has been robocalling senior citizens in the state, informing them that their cell phone bill will jump $30 if the new rules pass.




  • Intellectual Monopolies



    • Data Driven Creativity


      My broader point, then, is that how we consider the effect of data driven works will depend a lot on how we view creativity.

      [...]

      To be clear, Raustiala and Sprigman don't say anything that contradicts my intuitions here. They make clear that creativity is on a continuum, and that data merely slides to one side. But they do question how viewers will perceive works, and it is there that I disagree with them. I suppose that we could hit that limit where everything is automated, but my gut says that despite having preferences for particular story aspects, viewers will always be able to separate the wheat from the chaff (though not the way I would - as just about every American Idol vote shows) and thus will always look for something new and different within their preferences. At least, I sure hope so.


    • Trademarks



      • Mexico expands trade mark protection
        Mexico’s industrial property law has been amended to include more types of trade marks. It also introduces some small changes that bring Mexico’s trade mark system more in line with the US and beyond




    • Copyrights



      • Danish ISPs Get Win That Could End Copyright Trolling In Denmark
        We have talked in recent years how the scourge of copyright trolling has hit the nation of Denmark particularly hard. While trolling operations started off about the same as they do elsewhere in the world, their requests to unmask ISP customers soon ramped up to enormous levels. It was enough to turn two ISP rivals into allies, with Telenor and Telia fighting in court for their respective customers' privacy rights. After an initial loss, the companies appealed up the legal chain and managed to get a win with the court siding with the ISPs' privacy concerns over the copyright trolls' nefarious business model. After that, one of the copyright trolls appealed to Denmark's Supreme Court, hoping to reverse the decision once again.


      • Significant Concerns About The New NAFTA Agreement's Impact On Innovation And The Internet
        Earlier this week, we wrote about how the USTR itself appeared to be totally confused about its own NAFTA-replacement agreement with Mexico in the "Intellectual Property" section, in that it was reporting that the agreement included copyright in some works for "75 years" in places and "life + 75 years" in other places, and acted as though they were the same thing. The USTR seemed legitimately confused over this issue, which did not give people much confidence that it knew what it was doing in these negotiations on the intellectual property questions. However, since that issue appeared to be one of pure confusion, which should be easily fixed in the final text, we should put our attention more towards the actual problems with what the USTR appears to be doing here.

        We don't yet have the full text -- though that should be available soon -- but from the USTR's fact sheet there are many reasons to be concerned that this agreement is a massive handout to Hollywood and patent trolls, and against innovation.


      • IP Address is Not Enough to Identify Pirate, US Court of Appeals Rules

        The owner of an adult foster care home who operated an open WiFi network has booked a big win against a copyright troll. Thomas Gonzales was accused of downloading the Adam Sandler movie The Cobbler but won $17k last year after being wrongfully targeted. The case went to appeal and in a ruling handed down yesterday by the Ninth Circuit Court of Appeals, Gonzales emerged victorious again.



      • Important Appeals Court Ruling States Clearly That Merely Having An IP Address Is Insufficient For Infringement Claims
        The case involved well known copyright trolling lawyer Carl Crowell representing Cobbler Nevada LLC. As we discussed in our article on the district court decision, the actions in this case were particularly nefarious. Crowell quickly learned that the IP address in question belonged to an adult foster care home, but decided to go after the operator, Thomas Gonzales, even though he was aware that any of the many residents or staff may have actually been responsible for the infringement. Gonzales (reasonably) refused to just cough up the names and details of residents and staff without a court order, and Crowell's response was just to go after Gonzales directly. But the facts of this case made it especially easy for the lower court to highlight how a mere IP address is not nearly enough to allege infringement.
      • No do-overs! Appeals court won’t hear $8.8bn Oracle v Google rehash
        Over eight years of feuding between Oracle and Google over the use of Java code in Android may be nearing its end following a Tuesday court ruling.

        The US Federal Circuit Court of Appeals has declined [PDF] to re-hear the case in which it found Google to be in violation of Oracle’s copyright on Android API code. The Chocolate Factory faces a demand from Oracle for $8.8bn in damages.

        Tuesday’s ruling means that the only remaining hope for Google to avoid a massive payout to Oracle is a hearing and decision from the US Supreme Court, something Google said it will pursue after today's verdict.

        "We are disappointed that the Federal Circuit overturned the jury finding that Java is open and free for everyone," Google told The Register.
      • Federal Circuit denies Oracle v Google en banc rehearing
        Google has already said it will appeal to the Supreme Court in the latest development in the dispute over unauthorised use of 37 packages of Oracle’s Java application programming interface
      • A Link Tax Won't Bring Back Journalists; It Will Do Even More Harm To Them
        While most of the attention on the upcoming votes around the EU Copyright Directive is on the mandatory filters found in Article 13, we should be just as concerned about the link tax in Article 11. European publishers have been flat out lying about the proposal, which is little more than an attempt to just demand cash from Google and Facebook.

        We've already explained why this is a bad idea. And it's not a theoretical issue either. This very same proposal has been tried in Germany and Spain and it failed miserably in both places, to the point of doing serious damage to traffic to news sites, without increasing revenue.

        Unfortunately, it appears that at least some journalists don't want to hear about the facts. AFP's Baghdad Bureau Chief, Sammy Ketz has pieces in the Guardian and La Stampa (and possibly elsewhere) making an impassioned -- if somewhat confused -- plea in support of Article 11.

        The reasoning is fuzzy, because there is no legitimate basis for Article 11, but Ketz basically says "there are fewer reporters these days, because news orgs are failing, but Google and Facebook have lots of money, so Article 11 is important, because they'll give us money." Really.








Recent Techrights' Posts

2025 Will be Fought and Fraught With LLM Slop or Fake 'Articles' (Former Media/News Sites Turning to Marketing Spam)
The elephant in the room?
Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
 
Microsoft Openwashing Stunts Initiative (OSI) is A Vulture in "Open" Clothing
it's quite telling that the OSI isn't protecting the Open Source Definition
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
Links 26/12/2024: Japan-China Mitigations and Mozambique Prison Escape (1,500 Prisoners)
Links for the day
Links 26/12/2024: Ukraine's Energy Supplies Bombed on Christmas Day, Energy Lines Cut/Disrupted in the Baltic Sea Again
Links for the day
Gemini Links 26/12/2024: Rot Economy, Self-hosted Tinylogs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 25, 2024
IRC logs for Wednesday, December 25, 2024
[Meme] Time to Also Investigate Bill Gaetz
Investigation overdue
IBM Has Almost Obliterated or Killed the Entire Fedora Community (Not IBM Staff)
Remaining Fedora insiders are well aware of this, but bringing this up (an "accusation" against IBM) might be a CoC violation
Links 25/12/2024: Fentanylware (TikTok) Scams and "Zelle Scams Lead to $870M Loss"
Links for the day
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability)
FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok
Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses)
A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative)
Advertise (sponsor) to 'play'
Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors)
It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus
down from 86% to 72% since January
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers)
What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power)
here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024
Links for the day
Microsoft Windows Slides to New Lows in Colombia
Now Windows is at an all-time low
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024
IRC logs for Monday, December 23, 2024