If you're one of the people who own a stylus or touchscreen-capable Windows PC, then there's a high chance there's a file on your computer that has slowly collected sensitive data for the past months or even years.
[...]
The handwriting feature is there since Windows 8 which means the vulnerability has been there for many years. However, if you don’t store valuable information like passwords or email on your PC, you aren’t much likely to get affected much.
There is a Windows file named WaitList.dat that covertly collects your passwords and email information, with the help of Windows Search Indexer service.
Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs first discovered the information about the file back in 2016 but wasn’t paid much attention. However, in after a new and exclusive interview with ZDNet – it appears that the file, in fact, is reasonably dangerous.
One reason became clear recently when Linus Torvalds asked developers to add an entirely new system of dependency checks to the Kconfig language, specifically testing the capabilities of the GCC compiler.
It's actually an important issue. The Linux kernel wants to support as many versions of GCC as possible—so long as doing so would not require too much insanity in the kernel code itself—but different versions of GCC support different features. The GCC developers always are tweaking and adjusting, and GCC releases also sometimes have bugs that need to be worked around. Some Linux kernel features can only be built using one version of the compiler or another. And, some features build better or faster if they can take advantage of various GCC features that exist only in certain versions.
Up until this year, the kernel build system has had to check all those compiler features by hand, using many hacky methods. The art of probing a tool to find out if it supports a given feature dates back decades and is filled with insanity. Imagine giving a command that you know will fail, but giving it anyway because the specific manner of failure will tell you what you need to know for a future command to work. Now imagine hundreds of hacks like that in the Linux kernel build system.
When working on the Linux Kernel, testing via QEMU is pretty common. Many virtual drivers have been recently merged, useful either to test the kernel core code, or your application. These virtual drivers make QEMU even more attractive.
Linux leader Linus Torvalds’ admission of anti-social behavior, and his public promise not to do it any more, now has a sequel: a Code of Conduct for the Linux kernel development community.
The new behavioural document is intended to replace the “Code of Conflict” that Torvalds created in 2015 .
That 220-word Code did not describe unacceptable behavior and offered no guidance other than “Try to keep in mind the immortal words of Bill and Ted, ‘Be excellent to each other’."
The post announcing the new rules says “The Code of Conflict is not achieving its implicit goal of fostering civility” and adds that “Explicit guidelines have demonstrated success in other projects and other areas of the [Linux] kernel.”
The e-mails of the celebrated programmer Linus Torvalds land like thunderbolts from on high onto public lists, full of invective, insults, and demeaning language. “Please just kill yourself now. The world will be a better place,” he wrote in one. “Guys, this is not a dick-sucking contest,” he observed in another. “SHUT THE FUCK UP!” he began in a third.
Torvalds has publicly posted thousands of scathing messages targeting programmers who submit what he deems flawed code to the Linux computer-operating-system kernel, which he brought to life more than twenty-five years ago and now administers as a collaborative, open-source project. Today, the Linux kernel is famous, running the enormous computers of Google, PayPal, Amazon, and eBay, and the two billion mobile phones using the Android operating system. Torvalds, though, retains final say over each precious line of code, just as he did when he first started working on the system as a graduate student at the University of Helsinki. For years, he has been known as Linux’s “benevolent dictator for life.”
On Sunday, the benevolent dictator announced that he would be stepping down temporarily, to “get some assistance on how to understand people’s emotions and respond appropriately.” Torvalds, who is forty-eight and lives with his family outside Portland, Oregon, made clear that he wasn’t burned out. “I very much do want to continue to do this project that I’ve been working on for almost three decades,” he wrote in a post to the Linux-kernel mailing list. “I need to take a break to get help on how to behave differently and fix some issues in my tooling and workflow.” Torvalds named a deputy, Gregory Kroah-Hartman, to run the project while he was away.
WireGuard lead developer Jason Donenfeld sent out the fifth revision of the WireGuard and Zinc crypto library patches this week. They've been coming in frequently with a lot of changes with it looking like this "secure VPN tunnel" could reach the Linux 4.20~5.0 kernel.
With the WireGuard v5 patches there are various low-level code improvements, a "saner" and simpler Kconfig build-time configuration options, a performance regression for tcrypt within the Zinc crypto code has been fixed and is now even faster than before, and there is also now a nosimd module parameter to disable the use of SIMD instructions.
From the kernel development community's point of view, hardware vulnerabilities are not much different from the software variety: either way, there is a bug that must be fixed in software. But hardware vendors tend to take a different view of things. This divergence has been reflected in the response to vulnerabilities like Meltdown and Spectre which was seen by many as being severely mismanaged. A recent discussion on the Kernel Summit discussion list has shed some more light on how things went wrong, and what the development community would like to see happen when the next hardware vulnerability comes around.
The definitive story of the response to Meltdown and Spectre has not yet been written, but a fair amount of information has shown up in bits and pieces. Intel was first notified of the problem in July 2017, but didn't get around to telling anybody in the the Linux community about it until the end of October. When that disclosure happened, Intel did not allow the community to work together to fix it; instead each distributor (or other vendor) was mostly left on its own and not allowed to talk to the others. Only at the end of December, right before the disclosure (and the year-end holidays), were members of the community allowed to talk to each other.
The results of this approach were many, and few were good. The developers charged with responding to these problems were isolated and under heavy stress for two months; they still have not been adequately thanked for the effort they put in. Many important stakeholders, including distributions like Debian and the "tier-two" cloud providers, were not informed at all prior to the general disclosure and found themselves scrambling. Different distributors shipped different fixes, many of which had to be massively revised before entry into the mainline kernel. When the dust settled, there was a lot of anger left simmering in its wake.
Network packet headers contain a great deal of information, but the kernel often only needs a subset of that information to be able to perform filtering or associate any given packet with a flow. The piece of code that follows the different layers of packet encapsulation to find the important data is called a flow dissector. In current Linux kernels, the flow dissector is written in C. A patch set has been proposed recently to implement it in BPF with the clear goal of improving security, flexibility, and maybe even performance.
The kernel's CPU scheduler must, as its primary task, determine which process should be executing in each of a system's processors at any given time. Making an optimal decision involves juggling a number of factors, including the priority (and scheduling classes) of the runnable processes, NUMA locality, cache locality, latency minimization, control-group policies, power management, overall fairness, and more. One might think that throwing another variable into the mix — and a complex one at that — would not be something anybody would want to attempt. The recent coscheduling patch set from Jan Schönherr does exactly that, though, by introducing the concept of processes that should be run simultaneously.
The core idea behind coscheduling is the marking of one or more control groups as containing processes that should be run together. If one process in a coscheduled group is running on a specific set of CPUs (more on that below), only processes from that group will be allowed to run on those CPUs. This rule holds even to the point of forcing some of the CPUs to go idle if the given control group lacks runnable processes, regardless of whether processes outside the group are runnable.
Why might one want to do such a thing? Schönherr lists four motivations for this work, the first of which is virtualization. That may indeed be the primary motivation, given that Schönherr is posting from an Amazon address, and Amazon is rumored to be running a virtualized workload or two. A virtual machine usually contains multiple processes that interact with each other; these machines will run more efficiently (and with lower latencies) if those processes can run simultaneously. Coscheduling would ensure that all of a virtual machine's processes are run together, maximizing locality and minimizing the latencies of the interactions between them.
There are ways to get fixes into the stable kernel trees, but they require humans to identify which patches should go there. Sasha Levin and Julia Lawall have taken a different approach: use machine learning to distinguish patches that fix bugs from others. That way, all bug-fix patches could potentially make their way into the stable kernels. Levin and Lawall gave a talk describing their work at the 2018 Open Source Summit North America in Vancouver, Canada.
Levin began with a quick introduction to the stable tree and how patches get into it. When a developer fixes a bug in a patch they can add a "stable tag" to the commit or send a mail to the stable mailing list; Greg Kroah-Hartman will then pick up the fix, evaluate it, and add it to the stable tree. But that means that the stable tree is only getting the fixes that are pointed out to the stable maintainers. No one has time to check all of the commits to the kernel for bug fixes but, in an ideal world, all of the bug fixes would go into the stable kernels. Missing out on some fixes means that the stable trees will have more security vulnerabilities because the fixes often close those holes—even if the fixer doesn't realize it.
The STACKLEAK kernel security feature has been in the works for quite some time now, but has not, as yet, made its way into the mainline. That is not for lack of trying, as Alexander Popov has posted 15 separate versions of the patch set since May 2017. He described STACKLEAK and its tortuous path toward the mainline in a talk [YouTube video] at the 2018 Linux Security Summit.
STACKLEAK is "an awesome security feature" that was originally developed by The PaX Team as part of the PaX/grsecurity patches. The last public version of the patch set was released in April 2017 for the 4.9 kernel. Popov set himself on the goal of getting STACKLEAK into the kernel shortly after that; he thanked both his employer (Positive Technologies) and his family for giving him working and free time to push STACKLEAK.
The first step was to extract STACKLEAK from the more than 200K lines of code in the grsecurity/PaX patch set. He then "carefully learned" about the patch and what it does "bit by bit". He followed the usual path: post the patch, get feedback, update the patch based on the feedback, and then post it again. He has posted 15 versions and "it is still in progress", he said.
As in previous years we’re trying to organize an audio miniconference so we can get together and talk through issues, especially design decisons, face to face. This year’s event will be held on Sunday October 21st in Edinburgh, the day before ELC Europe starts there.
At the recent Open Source Summit in Vancouver, I participated in a panel discussion called How Writing can Change Your Career for the Better (Even if You don't Identify as a Writer. The panel was moderated by Rikki Endsley, Community Manager and Editor for Opensource.com, and it included VM (Vicky) Brasseur, Open Source Strategy Consultant; Alex Williams, Founder, Editor in Chief, The New Stack; and Dawn Foster, Consultant, The Scale Factory.
A new crop of high-value open source software projects stands ready to make a big impact in enterprise production, but structural issues like governance, IPR, and long-term maintenance plague OSS communities at every turn. Meanwhile, facing significant pressures from open source software and the industry groups that support them, standards development organizations are fighting harder than ever to retain members and publish innovative standards. What can these two vastly different philosophies learn from each other, and can they do it in time to ensure they remain relevant for the next 10 years?
This article is going to be short and sweet as just receiving the GeForce RTX 2080 Ti yesterday and then not receiving the Linux driver build until earlier today... The GeForce RTX 2080 Ti has been busy now for a few hours with the Phoronix Test Suite on the Core i7 8086K system running Ubuntu 18.04 LTS with the latest drivers.
As part of the GeForce RTX 2080 series launching with the new GPU architecture, NVIDIA has published a number of new OpenGL extensions for making use of some of Turing's new capabilities.
Leading up to the Turing launch we weren't sure if NVIDIA was going to deliver same-day Vulkan support for RTX/ray-tracing with the GeForce RTX graphics cards or if it was going to be left up to Direct3D 12 on Windows for a while... Fortunately, as already reported, their new driver has Vulkan RTX support. Additionally, the NVX_raytracing extension and other NVIDIA updates made it into today's Vulkan 1.1.85 release.
A new feature release is out for the Radeon/GPUOpen "OCAT" open-source capture and analytics tool.
OCAT 1.2 is their first release of the year and includes VR head-mounted display (HMD) support, new visualization tools, system information detection, new settings, and other enhancements.
The Linux driver I've been using today for the just-posted GeForce RTX 2080 Ti Linux benchmarks is now publicly available. This NVIDIA 410 Linux driver is most exciting for Volta and Turing GPU owners, but there are also some EGL and Vulkan updates along with other changes.
Following a teaser tweet two days ago, we are thrilled to announce that binb version 0.0.1 arrived on CRAN earlier this evening.
MineTime is a smart calendar application for Windows, macOS and Linux desktops. The application supports calendars from Google Calendar, Outlook.com, Microsoft Exchange, iCloud and any service using CalDAV, allowing you to organize all your calendars in one place.
MineTime is an Electron application started as part of a research project by ETH Zurich students (a science, technology, engineering and mathematics university in the city of Zurich, Switzerland), in which it's investigated "how to bring new technologies, like Artificial Intelligence, into the daily routine in order to help people get more out of their time".
When it comes to backups, experience says it’s better to be safe than sorry. Better to have much than not enough – you get the point. In this article, we will present CloudBerry Backup for Linux, a cross-platform cloud backup and disaster recovery software.
As a leading solution in the industry, CloudBerry stands out for its flexibility, reliability, and its wide set of out-of-the-box features. You not only get to choose where to store your data (locally or using a cloud storage service), but also can encrypt it using AES-128 or AES-256.
With the recent release of version 2.5.1, which introduces support for block-level backups, this tool stands out among its crowd of competitors more than ever. This new feature is particularly important if you need to back up large files with relatively minor changes over time.
With both a GUI and a command-line interface, optional compression to save up on bandwidth and decrease storage costs, and no hidden fees for data restore, CloudBerry is hard to beat!
Descenders, the downhill freeriding game has been updated with a Replay Mode so I took a look to see what fun things you could do with it.
The vehicular combat MMO has released its 1.81 update which brings a number of goodies for players, including several helicopters that are available for testing.
Here’s a picture of my Pinebook running KDE neon — watching Panic! At the Disco’s High Hopes — sitting in front of my monitor that’s hooked up to one of my openSUSE systems. There are still some errata, and watching video sucks up battery, but for hacking on documentation from my hammock in the garden, or doing IRC meetings it’s a really nice machine.
But one of the neat things about running KDE neon off of an SD card on the Pinebook is that it’s portable — that SD card can move around. So let’s talk about multiboot in the sense of “booting the same OS storage medium in different hardware units” rather than “booting different OS from a medium in a single hardware unit”. On these little ARM boards, u-boot does all the heavy lifting early in the boot process. So to re-use the KDE neon Pinebook image on another ARM board, the u-boot blocks need to be replaced.
As usual, it was a great opportunity to catch up with old friends and make new ones specially outside the GNOME community.
This opportunity I talked about the plans I have to integrate Glade with Gnome Builder and other IDEs
As the community around PodCTL has grown (~8000 weekly listeners) we’ve constantly asked them to give us feedback on topics to discuss and areas where they want to learn. This week we discussed and answered a number of questions about big data and analytics, application deployments, routing security, and storage deployment models.
The software security industry uses the term Embargo to describe the period of time that a security flaw is known privately, prior to a deadline, after which time the details become known to the public. There are no concrete rules for handling embargoed security flaws, but Red Hat uses some industry standard guidelines on how we handle them.
When an issue is under embargo, Red Hat cannot share information about that issue prior to it becoming public after an agreed upon deadline. It is likely that any software project will have to deal with an embargoed security flaw at some point, and this is often the case for Red Hat.
Through advanced technologies based on open standards, Red Hat deliver solutions that can support oil and gas companies as they modernize their IT infrastructures and build a framework to meet market and technology challenges. Taking advantage of modern, open architectures can help oil and gas providers attract new customers and provide entry into markets where these kinds of services were technologically impossible a decade ago.
You're moving to a DevOps model for all or part of your organisation: well done! Somebody, somewhere has made the leap. Let's assume, for the sake of this article, that you have management buy-in: whatever hurdles needed to be jumped, whatever mountains needed to be climbed to get that momentous "Yes." You've got tooling agreed, you've worked out your processes, and now all you need to do is convince people to get involved. Should be easy, right? If only.
It turns out that not all people are as enlightened as you, the reader of this article. Not everybody likes change, and if there's one thing you can be sure of, it's that DevOps will bring change to your organisation—how you work, what you do, how you interact with other people within the team and beyond.
Linux operating system distributor Red Hat Inc (RHT.N) reported smaller-than-expected revenue on Wednesday, hurt by disappointing subscription revenue, and forecast current-quarter results below estimates.
The company’s shares fell 2 percent in extended trading.
Red Hat said it expects to post revenue in the range of $848 to $856 million and an adjusted profit of 87 cents per share in the third quarter, below analysts’ estimates of a profit of 92 cents per share and revenue of $862.7 million.
Linux operating system distributor Red Hat Inc reported a 10.5 percent fall in quarterly profit on Wednesday, hurt by a rise in expenses.
The company’s profit fell to $86.85 million, or 46 cents per share, in the second quarter ended Aug. 31, from $97.09 million, or 53 cents per share, a year earlier.
I am quite pleased with the final result of this transformation. But it also requires a lot of non-standard changes, which is a shame, because none of what I did, subjective taste elements aside, is super complicated. Imagine a Fedora, or for that any which distro, that has everything really nicely tailored for max. efficiency, ergonomics, productivity, and fun.
My journey encompasses the use of third-party repos, extra software, Gnome Tweak Tool, about a dozen extensions, new themes, icons, and fonts, the use of a dock, plus some extra visual polish. In the end, though, Fedora 28 looks and behaves the part. This is something I could happily show to other people, and I am convinced they would be inclined to try it. Well, there you go. The guide. Hopefully, you'll find it useful, and perhaps it may even hype up your enthusiasm for Linux. In these dreary times, an injection of fanboyese is quite needed. Take care.
Variscite is prepping a headless version of its Linux-friendly DART-6UL module with NXP’s new i.MX6 ULZ SoC, a cheaper version of the i.MX6 UL without display or Ethernet features.
Variscite is spinning out yet another pin-compatible version of its 50 x 25mm DART-6UL computer-on-module, this time loaded with NXP’s headless new i.MX6 ULZ variant of the single Cortex-A7 core i.MX6 UL. Due for a Q4 launch, the unnamed module lacks display or LAN support. It’s billed as “a native solution for headless Linux-based embedded products such as IoT devices and smart home sensors requiring low power, low size, and rich connectivity options.”
Aaeon’s rugged “Boxer-6405” mini-PC features an Apollo Lake SoC plus 2x GbE, 4x USB 3.0, 3x or 4x serial, and an HDMI port. Options including SATA, wireless, and an UP AI Core card with Movidius technology.
Aaeon announced a Boxer-6405 mini-PC that will be unveiled at the 20th China International Industry Fair, held Sep. 19-23 at the Shanghai National Exhibition Center. The compact embedded system will be demonstrated along with the UP AI Vision Kit at Aaeon’s Smart Factory Artificial Intelligence Edge Computing display.
Business IT is facing storage growth that’s exceeding even the highest estimates, and there’s no sign of it slowing down anytime soon. Unstructured data in the form of audio, video, digital images and sensor data now makes up an increasingly large majority of business data and presents a new set of challenges that calls for a different approach to storage.
For CIOs, storage systems that are able to provide greater flexibility and choice, as well as the capability to better identify unstructured data in order to categorise, utilise and automate the management of it throughout its lifecycle are seen as the ideal solution.
One answer to solving the storage issue is software defined storage (SDS) which separates the physical storage hardware (data plane) from the data storage management logic or ‘intelligence’ (control plane). Needing no proprietary hardware components, SDS is the perfect cost-effective solution for enterprises as IT can use off-the-shelf, low-cost commodity hardware which is robust and flexible.
Software AG launches Nyoka, an open source library that eases transforming machine learning and AI models into standard Predictive Model Markup Language.
Data scientists may breathe a little easier with Software AG’s launch of a new open source library that eases the transformation of machine learning and artificial intelligence (AI) models into an industry-standard language.
The Frankfurt-based company released its Nyoka library that enables data scientists to transform models for predictive analytics, AI and machine learning into the industry standard Predictive Model Markup Language (PMML). It unveiled Nyoka at the Big Data Conference in Santa Clara, CA, this week.
Deutsche Telekom and Aricent today announced the creation of an Open Source, Low Latency Edge Compute Platform available to operators, to enable them to develop and launch 5G mobile applications and services faster. The cost-effective Edge platform is built for software-defined data centers (SDDC) and is decentralized, to accelerate the deployment of ultra-low latency applications. The joint solution will include a software framework with key capabilities for developers, delivered as a platform-as-a-service (PaaS) and will incorporate cloud-native Multi-access edge computing (MEC) technologies.
With Aragon, developers can create new apps, such as voting mechanisms, that use smart contracts to leverage decentralized governance and allow peers to control resources like funds, membership, and code repos.
Aragon is built on Ethereum, which is a blockchain for smart contracts. Smart contracts are software that is executed in a trust-less and transparent way, without having to rely on a third-party server or any single point of failure.
Aragon is at the intersection of social, app platform, and blockchain.
PostgreSQL 11 had its third beta release on August 9; a fourth beta (or possibly a release candidate) is scheduled for mid-September. While the final release of the relational database-management system (currently slated for late September) will have something new for many users, its development cycle was notable for being a period when the community hit its stride in two strategic areas: partitioning and parallelism.
Partitioning and parallelism are touchstones for major relational database systems. Proprietary database vendors manage to extract a premium from a minority of users by upselling features in these areas. While PostgreSQL has had some of these "high-tier" items for many years (e.g., CREATE INDEX CONCURRENTLY, advanced replication functionality), the upcoming release expands the number considerably. I may be biased as a PostgreSQL major contributor and committer, but it seems to me that the belief that community-run database system projects are not competitive with their proprietary cousins when it comes to scaling enterprise workloads has become just about untenable.
Scality today released Zenko 1.0, its multi-cloud data management tool, in an open source and an enterprise edition.
The new subscription cloud data controller builds on an earlier open source version that Scality rolled out last year. But unlike that product, which was based on Docker Swarm, the new editions use a Kubernetes orchestration framework. “It gives us more flexibility and a larger ecosystem around Kubernetes to deploy on prem or in cloud,” said Wally MacDermid, VP of Scality’s cloud business.
San Francisco-based Scality, which is known for its data management software, today announced its first full release of a subscription cloud management tool.
Zenko 1.0 is now generally available for enterprise users and is designed to help them control data as it moves between their private storage and various public clouds. For Scality, which made its name with Ring, (software for managing data on private servers), the release of Zenko is a bet that the future of its business will look quite a bit different from its past.
Blackboard is re-branding its open source learning management system. The LMS formerly known as Moodlerooms will now be called Blackboard Open LMS. The company said it's also "accelerating investment and development of the product."
According to Blackboard: "The rebrand follows Blackboard's strategic decision to exit the Moodle Certified Partner Program. Blackboard remains committed to providing clients with the most mature and stable Moodle-based Software as a Service (SaaS) product in the market and will continue to support the Moodle project. The decision to exit the partner program allows Blackboard to focus its resources on continued development of the Blackboard Open LMS platform."
The developers behind LLVM, the open-source framework for building cross-platform compilers, have unveiled LLVM 7. The new release arrives right on schedule as part of the project’s cadence of major releases every six months.
LLVM underpins several modern language compilers including Apple’s Swift, the Rust language, and the Clang C/C++ compiler. LLVM 7 introduces revisions to both its native features and to companion tools that make it easier to build, debug, and analyze LLVM-generated software.
Due to a known bug in upstream Linux 4.18, users with older multi-core x86 CPUs (Core 2 Duo and earlier?) may not correctly boot up with linux-libre 4.18 when using the default clocksource.
In the high(er)-end world of EDA tools like OrCAD and Altium there is a tight integration between the version control system and the design tools, with the VCS is sold as a product to improve the design workflow. But KiCAD doesn’t try to force a version control system on the user so it doesn’t really make sense to bake VCS related tools in directly. You can manage changes in KiCAD projects with git but as [jean-noël] notes reading Git’s textual description of changed X/Y coordinates and paths to library files is much more useful for a computer than for a human. It basically sucks to use. What you really need is a diff tool that can show the user what changed between two versions instead of describe it. And that’s what plotgitsch provides.
Every programmer knows that coding is fun! Don't you agree with me? However, to be an absolutely professional PHP developer, we have to know a lot about all the specific details of coding.
Selecting the editor you are going to use to happily code is not an easy decision and must be taken unhurriedly.
If you are a beginner, you may try a great code editor with a rich functionality and very flexible customization which is known as Atom Editor, the editor of the XXI century. You may say that we have many pretty alternatives available. Read the explanation below, and the introduced information will knock you off!
We have been tracking milestones in the maturity of eSports as a real cultural pastime for several years now, given how eSports almost perfectly intersects two main topics here at Techdirt: technology and digital economies. While those that claimed eSports would become a real thing have long been the recipients of skeptical narrow eyes, pro gaming has already zoomed past a number of important checkpoints on its way to legitimacy. Tournaments were heavily viewed overseas at first, but pro gaming then became recognized by universities for athletic scholarships. Next came coverage of tournaments on ESPN, followed eSports leagues being created by some of the major professional sports leagues in America and abroad. Even the IOC kicked around the idea of including eSports in future Olympic Games.
While the latest milestone perhaps isn't as grand as the opening of leagues and new broadcast channels, it is still a notable development that the very first pro gamer will be featured on the cover of ESPN The Magazine this week. That honor will go to Tyler "Ninja" Blevins, who has amassed an enormous following on Twitch and elsewhere.
This year Apple actually launched three phones, like last year. But we got two different lineups, the XS and XR. iPhones still have the best chips, the A12 Bionic, but they still lag behind in displays, specially when they are compared to the likes of Samsung.
It was only last year that they moved to OLED displays with the iPhone X. Whereas Android flagships have them for quite sometime now. The new iPhone XS models actually have a OLED display with a resolution of 2436Ãâ1125 and a ppi of 458. These are fairly decent display specs for a flagship phone.
After weeks of uncertainty among civil society organisations as to whether or not the United Nations political declaration on noncommunicable diseases (NCDs) would uphold language on intellectual property flexibilities for affordable access to medicines, the document was finalised today with even stronger language affirming the use of these flexibilities.
The senators are hoping the State Department will have answers to a handful of cybersecurity-related questions by October 12th, but given the agency's progress to compliance with a law that's been on the book for two years at this point, I wouldn't expect responses to be delivered in a timelier fashion.
The agency's track record on security isn't great and these recent developments only further cement its reputation as a government ripe for exploitation. The agency's asset-tracking program only tracks Windows devices, its employees are routinely careless with their handling of classified info, and, lest we forget, its former boss ran her own email server, rather than use the agency's. Of course, given this long list of security failures, there's a good possibility an off-site server had more baked-in security than the agency's homebrew.
A particular vulnerability that has been codenamed EternalBlue is to be blamed for this misfortune. The malware risk especially affects computers which use pirated Windows versions. This gap in security has its traces back in the legacies of US secret service NSA. Even after several years, many systems continue to be vulnerable. For more than three years, US intelligence was using it for performing hidden attacks on all kinds of targets. The agency finally had to leak the vulnerability to Microsoft due to the danger of hacking by a famous hacker group, Shadow Brokers. Microsoft then consequently had to abandon a patch day for the very first time in the company’s history for filling in the gap as quickly as possible.
The Debian Project released an updated Intel microcode firmware for users of the Debian GNU/Linux 9 "Stretch" operating system series to mitigate two of the latest Spectre vulnerabilities on more Intel CPUs.
Last month, on August 16, Debian's Moritz Muehlenhoff announced the availability of an Intel microcode update that provided Speculative Store Bypass Disable (SSBD) support needed to address both the Spectre Variant 4 and Spectre Variant 3a security vulnerabilities.
However, the Intel microcode update released last month was available only for some types of Intel CPUs, so now the Debian Project released an updated version that implements SSBD support for additional Intel CPU models to mitigate both Spectre V4 and V3a on Debian GNU/Linux 9 "Stretch" systems.
Ubuntu is the basis for the majority of cloud-based workloads today. With over 450 million public cloud instances launched since the release of Ubuntu 16.04 LTS, a number that keeps accelerating on a day-per-day basis since, many of the largest web-scale deployments are using Ubuntu. This includes financial, big data, media, and many other workloads and use cases, which rely on the stability and continuity of the underlying operating system to provide the mission-critical service their customers rely on.
Extended Security Maintenance (ESM) was introduced for Ubuntu 12.04 LTS as a way to extend the availability of critical and important security patches beyond the nominal End of Life date of Ubuntu 12.04. Organisations use ESM to address security compliance concerns while they manage the upgrade process to newer versions of Ubuntu under full support. The ability to plan application upgrades in a failsafe environment continues to be cited as the main value for adoption of ESM. With the End of Life of Ubuntu 14.04 LTS in April 2019, and to support the planning efforts of developers worldwide, Canonical is announcing the availability of ESM for Ubuntu 14.04.
Canonical announced today that it would extend its commercial Extended Security Maintenance (ESM) offering to the Ubuntu 14.04 LTS (Trusty Tahr) operating system series starting May 2019.
Last year on April 28, 2017, when the Ubuntu 12.04 LTS (Precise Pangolin) operating system series reached end of life, Canonical announced a new way for corporate users and enterprises to receive security updates if they wanted to keep their current Ubuntu 12.04 LTS installations and had no plans to upgrade to a newer LTS (Long Term Support) release. The offering was called Extended Security Maintenance (ESM) and had a great success among businesses.
The BlackArch Linux penetration testing and ethical hacking computer operating system now has more than 2000 tools in its repositories, announced the project's developers recently.
Used by thousands of hundreds of hackers and security researchers all over the world, BlackArch Linux is one of the most acclaimed Linux-based operating systems for hacking and other security-related tasks. It has its own software repositories that contain thousands of tools.
The OS is based on the famous Arch Linux operating system and follows a rolling release model, where users install once and receive updates forever, or at least until they do something that can't be repaired and need to reinstall.
Noci, the fictional city attacked by malevolent hackers during ICON2018, was saved and the challenge was won by a Swiss team. What is a hacker, how do they define themselves? Two members of ICON, a young non-governmental organisation in Geneva, answered that question for Intellectual Property Watch, with the same affirmation: a hacker is first and foremost a curious mind. View the IP-Watch video interviews below.
ICON 2018, “The journey to digital trust” co-organised by ICON, the Geneva Centre for Security Policy (GCSP,) and the MCI group, took place on 13-14 September. The event held what the organisers qualified as the “World premiere cyber-attack simulation.”
Participants came from France, Italy, Norway and Switzerland, selected after a qualifying competition at the global level, according to an ICON press release. In the end, the challenge was won by Swiss participants Team Sw1ss, it said.
For more than a decade, the worst-kept secret in the world has been the fact that the Central Intelligence Agency owns and operates lethal drones outside of recognized battlefields abroad. Newspapers blare it from their headlines. Legislators discuss it on television. Foreign governments protest it through press releases. And, of course, human beings witness it through the death and destruction foisted upon their communities.
Still, according to the US government and the federal courts, the CIA’s operation of drones to hunt and kill terrorism suspects – a campaign that has killed thousands of people, including hundreds of children, in places like Pakistan, Yemen, and Somalia – remains an official secret.
Toward the end of the Obama administration, the president moderately circumscribed the agency’s role in executing lethal strikes abroad, in part to increase public transparency. Compared to the US military (which also uses lethal force abroad), the CIA is relatively less accountable to policy makers, members of Congress, and the American public. With a diminished role in targeted killings, it appeared then that the CIA’s official secrecy was becoming less important to the overall drone program. But as critics warned could happen, President Trump quickly lifted many of the late-Obama-era limits while ramping up the government’s use of lethal drones abroad and reportedly putting the CIA back in the drone business.
Former Chicago police commander Jon Burge was involved with several officers in the torture of more than 110 black men. He was never held fully accountable for the trauma inflicted on black communities and died on September 19.
At the trial for former Officer Jason Van Dyke, who is accused of murdering Laquan McDonald, former Fraternal Order of Police president Dean Angelo spoke about Burge.
“Jon Burge put a lot of bad guys in prison,” Angelo stated. “You know, people picked a career apart that was considered for a long time to be an honorable career and a very effective career.”
Angelo added, “And I don’t know that Jon Burge got a fair shake based on the years and years and years of service that he gave the city. But we’ll have to wait and see how that eventually plays out in history, I guess.”
The FOP argued the “full story” of the Burge cases has never been told. They clearly plan to keep spreading propaganda about Burge’s actions, even after death, because the reality of his conduct left such a stain on the reputation of the Chicago Police Department.
Burge and his “Midnight Crew” engaged in the torture of dozens of black men from 1972 to 1981. This came directly after the civil rights movement and rise of groups organizing for black power. In fact, Fred Hampton, chairman of the Illinois Black Panther Party, was assassinated by Chicago police in 1969 (along with fellow Black Panther Mark Clark).
WikiLeaks has denied publisher Julian Assange sought a visa from Russia, disputing a recently leaked letter written to Moscow’s consulate in London shortly after the website first started releasing classified U.S. diplomatic documents.
The anti-secrecy organization pushed back on social media Monday after The Associated Press released a “letter of authority to the Russian consulate” from Mr. Assange dated Nov. 30, 2010, two days after WikiLeaks began releasing hundreds of thousands of sensitive U.S. Department of State cables.
“I, Julian Assange, hereby grant full authority to my friend, Israel Shamir, to both drop off and collect my passport, in order to get a visa,” said the letter.
WikiLeaks declined to comment for the AP’s reporting on the letter, instead taking to Twitter to dispute its authenticity in dozens of tweets.
“Mr. Assange did not apply for such a visa at any time or author the document,” WikiLeaks said in a statement posted at least 35 times by its official Twitter account following publication of the AP’s report.
As the iAfrikan article points out, the amendments will mean that statistics published by the Tanzanian government must be regarded as correct, however absurd or obviously erroneous they might be. Moreover, it will be illegal for independent researchers to publish any other figures that contradict, or even simply call into question, official statistics.
This is presumably born of a thin-skinned government that wants to avoid even the mildest criticism of its policies or plans. But it seems certain to backfire badly. If statistics are wrong, but no one can correct them, there is the risk that Tanzanian businesses, organizations and citizens will make bad decisions based on this dodgy data. That could lead to harmful consequences for the economy and society, which the Tanzanian government might well be tempted to cover up by issuing yet more incorrect statistics. Without open and honest feedback to correct this behavior, there could be an ever-worsening cascade of misinformation and lies until public trust in the government collapses completely. Does President Magufuli really want that?
More Android phones will share your precise location when you call 911 in the United States, thanks to a couple of new partnerships worked out by Google. The change will save lives.
Most 911 calls come from cell phones, but until recently mobile devices didn’t share your precise location with emergency dispatchers. Phone companies can provide a rough location, but your phone’s GPS capabilities are a lot more accurate.
As the U.S. ponders what meaningful privacy protections should look like in the Comcast & Cambridge Analytica era, it should probably go without saying that consumers should be part of that conversation. Unsurprisingly, that hasn't really been the case so far. That was exemplified, in part, by the GOP's decision to neuter FCC broadband privacy rules much the same way they dismantled net neutrality: by ignoring any consumer-oriented input that didn't gel with their pre-existing beliefs: namely that all regulation is always bad and a nuanced conversation on the merits of each instance of regulation simply isn't necessary.
When a "conversation" does occur, it tends to be superficial at best, and consumers pretty consistently aren't invited to the table. Case in point: on September 26, the Senate Commerce Committee will be holding a hearing entitled "Examining Safeguards for Consumer Data Privacy." One of the motivating reasons for this hearing, at least according to Senator John Thune,
People like me come from countries where the justice system does not protect women and girls. To deny us refuge says our lives mean nothing.
I don’t have a lot of memories of my childhood that don’t involve violence. My father beat my mother up all the time in our hometown a few hours outside of Mexico City. He hit her with his hands and with any object he could find. Several times he used a knife to cut her. I think my father’s sexual abuse of me started when I was 4 or 5.
I lived in terror of this man who claimed my body as his and thought of me as disposable. He could hit me or touch my most private parts. He could threaten to hurt my mother to get me to do what he wanted. I often wanted to die — and several times I tried to. The authorities in Mexico did nothing to help me, and even when I was hospitalized after a suicide attempt, there were no questions and no follow-up.
In June, Attorney General Jeff Sessions announced that immigrants fleeing domestic abuse and gang violence generally would no longer be eligible for asylum in the United States. Since then, asylum officers have been rejecting applicants who fear domestic and sexual violence in their home countries. It’s so hard for me to understand this new policy because the reason I am alive today is because I was granted asylum in the United States.
People like me come from countries where the police and justice system do not protect women and girls. For the United States to deny us refuge says our lives mean nothing.
The abuse I suffered is very difficult for me to recount. Even now, when I do, it gives me nightmares. My father would touch me inside my pants when my mother was in the kitchen cooking or when my two younger brothers were playing in the same room. He threatened to hurt me and my mom if I said no.
It was a promise he kept.
John Bolton, currently Trump’s national security advisor, savors violent imagery. The International Criminal Court, Bolton wrote last year—referring to the international body founded in 1998 to prosecute war crimes—should be “strangle[d]… in its cradle.” This week, in a speech to the Federalist Society, broadcast by C-SPAN, Bolton declared the ICC “the founders’ worst nightmare come to life” and “dead to us,” an “outright dangerous” entity from whom the US “will use any means necessary to protect its citizens.”
Yes, this is bombast—typical “the US makes its own rules,” “if you aren’t for us you’re agin’ us,” “diplomacy is for suckers” chest-thumping. Reuters called it taking a “tough stance.” The New York Times chose “unyielding.” But what should those interested in peace and justice think? And what do others around the world think, when the US declares itself officially unaccountable when it comes to the worst kinds of crimes?
On its face, the agenda for the Business Integrity Commission’s public hearing on Monday seemed uncontroversial enough: The agency that oversees New York City’s private garbage industry wanted to adopt new safety measures requiring trash companies to regularly report accidents, traffic violations and license suspensions involving their truck drivers.
Turns out, the measures struck the private trash haulers as too much. Testifying before the BIC, industry members called the measures “onerous.” They said they were suspicious about what the oversight body would do with the information, although they did not spell out what they feared. They even sought to question what, exactly, constituted a “crash” worth reporting.
“I start with the definition of crash in the proposed regulations,” Thomas Toscano, chief executive officer of Mr. T Carting, said. “In a highly populated area with millions of parked cars and over 100,000 customers picked up nightly, small property damage incidents are bound to happen. Cars suffer minor damages and carters pay to resolve these issues many times without going through insurance.”
Faced with a mounting pile of lawsuits accusing it of age discrimination — the latest, a class action, was filed this week in federal district court in New York — tech giant IBM appears to be winding down its Millennial Corps, an internal network of young employees that’s been cited in several legal complaints as evidence of the company’s bias toward younger workers.
ProPublica reported in March that IBM, which had annual revenue of $79 billion in 2017, had ousted an estimated 20,000 U.S. employees ages 40 or older in the past five years, in some instances using money saved from the departures to hire young replacements to, in the words of an internal company document, “correct seniority mix.”
IBM deployed several strategies to attract younger workers, establishing a digital platform catering to millennials, a blog called “The Millennial Experience,” a Twitter account, @IBMillennial, as well as creating the Millennial Corps, whose members company executives pledged to consult about major business moves. The Corps was featured in a 2016 FastCompany piece titled “These Millennials Have Become the Top Decision Makers at IBM.”
The Justice Department’s inspector general announced on Tuesday that his office would investigate a Drug Enforcement Administration program linked to violent drug cartel attacks in Mexico that have left dozens, possibly hundreds, of people dead or missing.
In a letter to senior congressional Democrats, Inspector General Michael E. Horowitz said that an internal review had flagged the DEA’s Sensitive Investigative Units program as “an area of high risk.” His office, he wrote, would examine the drug agency’s management of the program and whether internal controls are in place to ensure that “DEA operations, information and personnel are protected from compromise.”
Under the program, the DEA vets and trains teams of Mexican federal police officers, known as SIUs, that conduct DEA-led operations in Mexico. Last year, ProPublica and National Geographic reported that at least two such operations were compromised and triggered deadly spasms of violence, including one that occurred less than an hour’s drive away from the Mexican border with Texas. A June 2017 story revealed that an attack on the small ranching town of Allende in the Mexican state of Coahuila in 2011 was unleashed after sensitive information obtained during a DEA operation wound up in the hands of cartel leaders, who ordered a wave of retaliation against suspected traitors.
Brandon Smith, who sued the city of Chicago to force the release of video of the shooting that killed Laquan McDonald, is covering CPD Officer Jason Van Dyke’s murder trial for Shadowproof.
Please help us reach our $1400 to fund our reporting (learn more here).
Often in cases where a police officer is charged with murder, the predictions of the most cynical observers turn out to be correct—the officer escapes the “justice system” into which they have processed so many others.
But in this case, the murder trial of Jason Van Dyke, the former Chicago police officer who shot 17-year-old Laquan McDonald 16 times, the outcome truly seems up for grabs.
It is the first time an on-duty Chicago police officer has been charged with murder since anyone in the city can remember. And it represents a small part of a system trying to attack its cancer. Someone from inside the department tipped off a journalist to bring the case to light. Plenty of officers have also fought against accountability, beginning with those who “shooed away” witnesses to the homicide, and according to a civil suit, took at least one witness into custody overnight to tell her something akin to “you didn’t see what you think you saw.”
So far, in Van Dyke’s trial, two police officers have testified that they didn’t use lethal force (or indeed any force) because at the scene they decided it wasn’t necessary. Another officer, Joe Walsh, who was shift partner of the accused that night, stood by Van Dyke seemingly at every turn in his testimony—at one point standing in the middle of the courtroom to demonstrate how he remembered Laquan moving before the shooting.
The practice of shackling pregnant women who are incarcerated is as shocking as it is widespread.
When a woman becomes pregnant, the nature of her health care by necessity becomes tailored to her being pregnant. This is no less true when a pregnant woman is incarcerated. But corrections officials across the nation would often rather ignore the fact and needs of incarcerated pregnant women than address their health care needs or even their basic rights. For example, pregnant prisoners are often shackled during childbirth in this country as well as put in solitary confinement, practices that are as shocking as they are pervasive.
When a woman goes to prison or jail, the criminal justice system is very likely to treat her not as a woman with needs particular to women, but as a smaller, more docile man. And they are treated that way even when they are in a hospital setting. This is flawed, and its consequences are great.
Male prisoners are routinely shackled when taken to a hospital when they are considered a flight risk. The reason this rubric has extended to women is not because anyone has thought about the needs and realities of incarcerated women, but because male prisoners are the baseline for all criminal justice and corrections policies. This one-size-fits-all approach puts women at severe and unnecessary risk.
Fortunately, there is now a bipartisan effort in Congress to begin eliminating dangerous and degrading practices for pregnant women. The Pregnant Women in Custody Act (PWCA) places strict limits on the use of shackles and solitary confinement on pregnant women in federal prison and in the custody of the United States Marshals Service. It also sets forth basic standards for pregnancy care.
A little opsec goes a long way. The Massachusetts State Police -- one of the most secretive law enforcement agencies in the nation -- gave readers of its Twitter feed a free look at the First Amendment-protected activities it keeps tabs on… by uploading a screenshot showing its browser bookmarks.
Alex Press of Jacobin Magazine was one of the Twitter users to catch the inadvertent exposure of MSP operations.
Every few minutes, Miguel’s phone pinged with messages, distracting him. Carlota asked who kept texting him and he answered, with teenage vagueness, “Just a boy from school.”
Carlota was just over 5 feet, with thick black hair that fell midway down her back. At 5-foot-10, Miguel towered over her. As he tried on clothes in the dressing room, he teased her, “Why did you make me so handsome?”
The messages kept coming. They were from Alexander, a classmate of Miguel’s at Brentwood High on Long Island, and promised a taste of cool on a dull and frigid February afternoon. “Hey, let’s smoke up today,” Alexander wrote on Facebook Messenger.
“No way. You’re so bad — what did you do?” Miguel responded.
Miguel eventually agreed to join him, but not until later, and he wanted to bring a friend. “No, only us,” came the response. “We’ll get the blunts. That man Jairo is going to treat you. But just you, dog. I can pick you up and bring you here with us. But just us.”
After lunch, Carlota dropped Miguel at a neighbor’s to play video games, calling out to be careful as he jumped out of the car and ran across the quiet street. A man had recently been found dead in the woods, and she was worried.
Miguel and Alexander switched to Facebook voice messages. “Should I wait for you in the woods?” said Alexander, whose Facebook handle was Alexander Lokote, Spanish slang for “Homeboy.”
“No, better at my house — I don’t like to go out there in the trees,” Miguel said, pressing the phone close to his mouth to be heard over the video game music.
The Hollywood Chamber of Commerce is somewhat infamous for its constant trademark bullying over the famed Hollywood sign (you know the one). Its latest target is apparently the Hollywood Babble-On podcast that is done as a live show each week by radio/podcast guy Ralph Garman and filmmaker/entertainer Kevin Smith. Before the show this past weekend, Garman had tweeted out that it might be the last Hollywood Babble-On ever. In the opening minutes of their latest episode, Garman explains that they've received a cease and desist letter from the Hollywood Chamber of Commerce "re: unauthorized use of Hollywood stylized mark and Hollywood Walk of Fame mark."
While I haven't seen the full cease-and-desist letter, from what Garman said on the podcast, the issue is so ridiculous that the Hollywood Chamber of Commerce should be called out for blatant trademark bullying.
It's an open secret that musicians will sometimes borrow portions of music or lyrics from prior works. But how much borrowing is too much? One would think that this is the province of fair use, but it turns out not to be the case - at least not in those cases that reach a decision. Edward Lee (Chicago-Kent) has gathered up the music infringement cases and shown that fair use (other than parody) is almost never a defense - not just that defendants lose, but that they don't even raise it most of the time. His article Fair Use Avoidance in Music Cases is forthcoming in the Boston College Law Review, and a draft is available on SSRN.
[...]
This is an interesting article, and I certainly learned something I didn't know before. Every "yeah but probably..." skeptical thought I had was answered, and that's pretty rare. That said, my one critique is that the background section, which is supposed to be discussing why fair use is the type of thing that we should often see in music (see history of borrowing, above), often conflates a variety of other defenses to copying in the same discussion. For example, the article points to the ubiquitous YouTube video that shows how many songs are based on the same four chords. The use of those chords, though, isn't really a fair use; it's more of scenes a faire or other defense to copying. Those four chords, after all, lead to very different sounding songs, and where they do sound the same, they can be traced to a common source, not to each other. An empirical study that I would like to see is how many songs that fit the four chord mold have been accused of and/or held liable for infringement. Perhaps Professor Lee's data has that, for reported decisions at least.
The reason this conflation is problematic leads back to the study results. Perhaps it should not be surprising that so many defendants win outright on non-copying defenses because there are so many ways to win on non-copying defenses without having to resort to an admission of copying and reliance on fair use. It may be that despite a history of borrowing, musicians can tell the difference between illicit copying and either copying from the same source/methods or real fair use. After all, only an average about four cases per year went to decision.
The Senate passed a new version of the Music Modernization Act (MMA) as an amendment to another bill this week, a marked improvement over the version passed by the House of Representatives earlier in the year. This version contains a new compromise amendment that could preserve early sound recordings and increase public access to them.
Until recently, the MMA (formerly known as the CLASSICS Act) was looking like the major record labels’ latest grab for perpetual control over twentieth-century culture. The House of Representatives passed a bill that would have given the major labels—the copyright holders for most recorded music before 1972—broad new rights in those recordings, ones lasting all the way until 2067. Copyright in these pre-1972 recordings, already set to last far longer than even the grossly extended copyright terms that apply to other creative works, would a) grow to include a new right to control public performances like digital streaming; b) be backed by copyright’s draconian penalty regime; and c) be without many of the user protections and limitations that apply to other works.
Fundamentally, Congress should not be adding new rights in works created decades ago.
The drafting process was also troubling. It seemed a return to the pattern of decades past, where copyright law was written behind closed doors by representatives from a few industries and then passed by Congress without considering the views of a broader public. Star power, in the form of famous musicians flown to Washington to shake hands with representatives, eased things along.
Two things changed the narrative. First, a broad swath of affected groups spoke up and demanded to be heard. Tireless efforts by library groups, music libraries, archives, copyright scholars, entrepreneurs, and music fans made sure that the problems with MMA were made known, even after it sailed to near-unanimous passage in the House. You contacted your Senators to let them know the House bill was unacceptable to you, and that made a big difference.