Bonum Certa Men Certa

Links 11/10/2018: PostgreSQL 11 RC1 Released, Librem 5 Loves GNOME 3.32





GNOME bluefish

Contents





GNU/Linux



  • Plex Media Server Is Now Available as a Snap App for Ubuntu, Other Linux Distros
    Already available as binary packages for Debian- and Red Hat-based operating systems using the DEB and RPM package format, the Plex Media Server over-the-top (OTT) media service used by millions worldwide is now easier to install across a multitude of GNU/Linux distributions as a Snap app from Canonical's Snap Store.

    "The biggest appeal of Snaps is the simple installation mechanism," said Tamas Szelei, Software Engineer at Plex. "Canonical's Snap Store provides an easy and secure way to distribute our software to an increasing number of consumers. What's more, Snaps help cater to the more technical Plex user, who benefits from confined applications and the added sense of software security."


  • The Easy Way to Install Plex Media Server on Ubuntu 18.04 LTS
    Binge watchers, TV addicts, and music lovers rejoice — it just got mighty easy to install Plex Media Server on Ubuntu 18.04 LTS and other Linux distributions, all thanks to Snaps!

    From today Plex is available to install from the Snap store, for free, on any and all Linux distros that support the Snap framework, such as Linux Mint, Solus and Manjaro.




  • Kernel Space



    • When Linux Founder Linus Torvalds Leaves, Pandemonium Breaks Loose
      When Linux founder Linus Torvalds temporarily stepped down from the helm, there was suddenly trouble.


    • Initial HDMI 2.0 Support With Nouveau Slated For The Next Linux Kernel
      Days after Nouveau DRM maintainer Ben Skeggs began staging changes for this open-source NVIDIA driver ahead of the next kernel cycle, this evening Ben Skeggs submitted the DRM-Next pull request to queue this work for the Linux 4.20/5.0 kernel cycle.

      As covered in that previous article, there isn't a whole lot on the Nouveau kernel driver front at this time. Skeggs summed up these open-source NVIDIA driver changes as: "Just initial HDMI 2.0 support, and a bunch of other cleanups."


    • Device-to-device memory-transfer offload with P2PDMA
      One of the most common tasks carried out by device drivers is setting up DMA operations for data transfers between main memory and the device. Often, data read into memory from one device will be immediately written, unchanged, to another device. Common examples include carrying the image between the camera and screen on a mobile phone, or downloading files to be saved on a disk. Those transfers have an impact on the CPU even if it does not use the data directly, due to higher memory use and effects like cache trashing. There are cases where it is possible to avoid usage of the system memory completely, though. A patch set (posted by Logan Gunthorpe with contributions by Christoph Hellwig and Steve Wise) has been in the works for some time that addresses this case for PCI devices using peer-to-peer (P2P) transfers, with a focus on offering an offload option for the NVMe fabrics target subsystem.


    • Exploring the Linux kernel: The secrets of Kconfig/kbuild
      The Linux kernel config/build system, also known as Kconfig/kbuild, has been around for a long time, ever since the Linux kernel code migrated to Git. As supporting infrastructure, however, it is seldom in the spotlight; even kernel developers who use it in their daily work never really think about it.

      To explore how the Linux kernel is compiled, this article will dive into the Kconfig/kbuild internal process, explain how the .config file and the vmlinux/bzImage files are produced, and introduce a smart trick for dependency tracking.


    • Linux Kernel 4.14 LTSI Is Now Officially Available for All Hardware Vendors
      The Long Term Support Initiative (LTSI) project aims to provide hardware vendors using the Linux kernel in their products with support for at least 2-3 years, which is the typical lifetime of a consumer device, in an attempt to remove the fragmentation of the various Linux kernel versions used by device vendors and GNU/Linux distributions.

      It also makes it easier for device vendors to upstream their improvements into the main Linux kernel branches more easily. Coming a year after the Linux 4.9 kernel series, which was released as an LTSI kernel on September 21, 2017, the Linux 4.14.75 LTS kernel is now the latest and most advanced LTSI kernel for hardware vendors.


    • Graphics Stack



      • Proton 3.7 Updated, More RADV Fixes To Help Steam Play Gaming
        Overnight Valve promoted their Proton 3.7-7 build with better alt-tab handling and full-screen behavior for many games. There is also fixed mouse behavior and DXVK 0.80 is now used for the Direct3D-11-over-Vulkan translation to yield better Steam Play gaming performance.

        Steam Play 3.7-8 is also now available in beta with minor compatibility fixes, which Valve says is in preparation for future Proton versions.


      • AMD Stages A Number Of Fixes Ahead Of Linux 4.20~5.0 - Plus Vega 20 "MGPU Fan Boost"
        Following several interesting and exciting feature pull requests for the next Linux kernel (to be released as either version 4.20 or 5.0), AMD developers have moved onto stabilizing this massive amount of new feature code.

        The first "fixes" pull request was submitted today to DRM-Next focusing on stabilizing and fixing issues stemming from all this new code. As a reminder, that feature code ranges from AMD Picasso APU support along with Raven 2, a lot of Vega 20 enablement code including compute support, initial xGMI support, VCN dynamic power gating, DC display code enhancements, VCN JPEG engine support, Raven Ridge GFXOFF support, GPUVM virtual memory performance improvements, and a variety of other interesting work.


      • NVIDIA's Guide For Getting Started With RTX Ray-Tracing In Vulkan
        Last month's Vulkan 1.1.85 release brought NVIDIA's experimental ray-tracing extension (VK_NVX_raytracing) while for those curious how this fits into the Vulkan workflow, NVIDIA today published a guide for getting started with ray-time ray-tracing in the Vulkan space.


      • Freedesktop.org: its past and its future
        At the 2018 X.Org Developers Conference (XDC) in A Coruña, Spain, Daniel Stone gave an update on the status of freedesktop.org, which serves multiple projects as a hosting site for code, mailing lists, specifications, and more. As its name would imply, it started out with a focus on free desktops and cross-desktop interoperability, but it lost that focus—along with its focus in general—along the way. He recapped the journey of fd.o (as it is often known) and unveiled some idea of where it may be headed in the future.

        The talk was billed with Keith Packard as co-presenter, but Packard could not make it to XDC; Stone said that he sent Packard a copy of the slides and heard no complaints, so he left Packard on the slide deck [PDF]. Stone wanted to start with the history of fd.o, because there are lots of new contributors these days—"which is great"—who may not know about it.


      • AMDGPU DC Gets "PERF_TRACE" To Help With Performance Profiling
        Published on Wednesday was the latest batch of AMDGPU DC display code changes for its eventual inclusion into the AMDGPU DRM driver for mainline past the 4.20~5.0 cycle with that feature merge window being over. The most notable change with this latest AMDGPU DC haul is a new "PERF_TRACE" addition.

        The 26 patches sent out on Wednesday refactor the DCE clock code as well as the DC to SMU interface. Most interesting to us though is this PERF_TRACE feature on Linux. This PERF_TRACE functionality isn't to be confused with the perf subsystem nor the perf-trace user-space utility.




    • Benchmarks



      • Hands On & Initial Benchmarks With An Ampere eMAG 32-Core ARM Server
        Especially with Qualcomm's Centriq efforts going quiet in recent months, one of the most interesting ARM server efforts at the moment is Ampere Computing -- the company founded by former Intel president Renee James and with several other ex-Intel employees on staff. They started off with the acquired assets from what was AppliedMicro and their X-Gene ARMv8 IP and for the past year have been improving it into their recently announced eMAG processors.

        The eMAG processors announced back in September by Ampere are up to 32-core with a 3.3GHz turbo while having a launch price of $850 USD. Their second processor is a 16-core model with 3.3GHz turbo for $550. Both processors support eight DDR4-2667MHz memory channels, SATA 3.0 storage connectivity, 42 PCI Express 3.0 lanes, and these 16nm FinFET processors have a 125 Watt TDP. Lenovo and other ODMs will be manufacturing servers with eMAG processors although the expected pricing information isn't yet announced.






  • Applications



  • Desktop Environments/WMs



    • K Desktop Environment/KDE SC/Qt



      • Qt Creator 4.8 Beta released


        We are happy to announce the release of Qt Creator 4.8 Beta!

        In Qt Creator 4.8 we’ll introduce experimental support for the language server protocol. For many programming languages there is a “language server” available, which provides IDEs with a whole lot of information about the code, as long as they support communicating via the protocol.

        This means that by providing a client for the language server protocol, Qt Creator gets (some) support for many programming languages “for free”. Currently Qt Creator supports code completion, highlighting of the symbol under cursor, and jumping to the symbol definition, as well as integrates diagnostics from the language server. Highlighting and indentation are still provided by our generic highlighter, since they are not provided via the language server protocol.


      • Qt Creator 4.8 Rolls Into Beta With C++ Improvements, Language Server Protocol Support
        The Qt Creator 4.8 beta brings experimental support for the Language Server Protocol to provide better integration with various programming languages and implementations offering a language server for communicating code traits to the IDE via this protocol. This language server protocol support will allow for the Qt Creator to pick-up support for more programming languages by supporting this protocol. Most of the LSP testing so far has been in conjunction with Python.


      • Introducing the Distance Field Generator
        At least from the perspective of rendering, text is often the most complex part of a traditional two-dimensional user interface. In such an interface, the two main components are rectangular images and text. The rectangular images are often quite static, and can be represented by two triangles and four indexes into a texture atlas that is uploaded to graphics memory once and then retained. This is something that has low complexity and which the graphics hardware has been optimized to handle quickly.

        Text starts as a series of indexes into an international database of writing systems (Unicode). It is then, based on some selection algorithm, combined with one or more fonts, which is in principle a collection of shapes and some lookup tables and executable programs that convert said indexes into shapes and relative positions. These shapes, basically filled paths made out of bezier curves, then have to be rasterized at a specified size, and this can range from simple and neat outlines to complex ones with lots of detail. (By rasterization, I mean finding out how much of each target pixel, or subpixel in some cases, is covered by the shape.)


      • Krita 4.1.5 Released
        Coming hot on the heels of Krita 4.1.3, which had an unfortunate accident to the TIFF plugin, we’re releasing Krita 4.1.5 today! There’s a lot more than just that fix, though, since we’re currently celebrating the last week of the Krita Fundraiser by having a very productive development sprint in Deventer, the Netherlands.


      • digiKam GSoC 2018
        It was really nice working with Tarek on GSoC 2018 project with KDE. Tarek did a good job supporting new export tool for digiKam so users can upload their local images to more web services. check his work report here




    • GNOME Desktop/GTK



      • Librem 5 loves GNOME 3.32


        I am glad to announce that the tooling I am working on since the beginning of the year is ready to be used!

        Thanks to new features introduced into libhandy 0.0.3 and 0.0.4 and thanks to a few fixes to Adwaita in GTK+ 3.24.1, you can make GTK+ 3 apps adaptive to work both on the desktop and on the upcoming GNOME-based Librem 5 phone.

        We are early in the GNOME 3.32 release schedule and the Librem 5 will be released a bit after it, so if you want your apps to work on the Librem 5, now is the best time: use libhandy 0.0.4 and up, use GTK+ 3.24.1 and up and target GNOME 3.32! A few apps like Fractal, Podcasts, Calls and Chatty are already using libhandy's adaptive capabilities, and other apps are working on their adaptive transition like Contacts, Games, Geary and Settings (all are works in progress). libhandy is available in Debian Unstable and Arch's AUR repository, and I wish it would be in Fedora already to let GNOME Settings' CI pass.


      • Purism's Privacy-Focused Librem 5 Linux Phone Will Ship with GNOME 3.32 Desktop
      • Purism Is Hoping GNOME 3.32 Will Be In Great Shape For Their Librem 5 Smartphone


      • Removing my favorite feature


        So in a decision that was long overdue, I’m removing the real-time graph from Builder 3.32. I never did a great job of porting that code to optimal Wayland use anyway. It was really designed with Xrender/Xshm in mind where XCopyArea() was cheap and done on the GPU.






  • Distributions



    • OpenSUSE/SUSE



      • Tumbleweed Gets Plasma 5.14, Frameworks 5.50
        Four openSUSE Tumbleweed snapshots this week brought new versions of software along with new versions of KDE’s Plasma and Frameworks as well as python-setuptools and many other packages.

        The most recent snapshot, 20181009, updated KDE’s Plasma 5.14. The new Plasma version has several new features like the new Display Configuration widget for screen management, which is useful for presentations. The Audio Volume widget has a built in speaker test feature moved from Phonon settings and the Network widget now works for SSH VPN tunnels again. The Global menu now supports GTK applications as well. Mozilla Firefox 62.0.3 fixed a few Common Vulnerabilities and Exposures including a vulnerability in register allocation of JavaScript that can lead to type confusion, which allows for an arbitrary read and write. The cpupower package, which is a collection of tools to examine and tune power, was updated to version 4.19 and deleted some patches that are now part of the mainline. Source-control-management system mercurial 4.7.2 fixed a potential out-of-bounds read in manifest parsing C code. Other packages including in the snapshot were inxi 3.0.26, lftp 4.8.4, libinput 1.12.1, okteta 0.25.4 and vm-install 0.10.04

        Snapshot 20181004 included several package updates as well. NetworkManager-openvpn 1.8.6 fixed an endless loop checking for encrypted certificate. The open source antivirus engine clamav 0.100.2 disabled the opt-in minor feature of OnAccess scanning on Linux systems and will re-enabled in a future release. Users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. The Linux Kernel was updated to 4.18.11 and had several fixes for Ext4. Developers using python-setuptools 40.4.3 will see a few changes from the previous 40.2.0 version that was in Tumbleweed like the vendored pyparsing in pkg_resources to 2.2.1. Those using Samba will see a fix for cluster CTDB configuration with the 4.9.1 version. Caching proxy squid 4.3 updated systemd dependencies in squid.service and vlc 3.0.4 improve support for broken HEVC inside MKV.




    • Red Hat Family



    • Debian Family



      • Debian/TeX Live updates 20181009
        During this update some color profiles (icc) that had unclear licenses have been removed, which for now creates problems with the pdfx package. So if you use the pdfx package, please explicitly specify a color profile. The next upload will again allow using pdfx without specifying a profile in which case a default profile is used. I have uploaded already a set of free profiles to CTAN and they arrived in TeX Live, but pdfx package isn’t updated till now.During this update some color profiles (icc) that had unclear licenses have been removed, which for now creates problems with the pdfx package. So if you use the pdfx package, please explicitly specify a color profile. The next upload will again allow using pdfx without specifying a profile in which case a default profile is used. I have uploaded already a set of free profiles to CTAN and they arrived in TeX Live, but pdfx package isn’t updated till now.






  • Devices/Embedded





Free Software/Open Source



  • After 16 Years of Development, The First Beta of Haiku is Finally Here
    Haiku’s history begins with the now defunct Be Inc. Be Inc was founded by former Apple executive Jean-Louis Gassée after he was ousted by CEO John Sculley. Gassée wanted to create a new operating system from the ground up. BeOS was created with digital media work in mind and was designed to take advantage of the most modern hardware of the time. Originally, Be Inc attempted to create their own platform encompassing both hardware and software. The result was called the BeBox. After BeBox failed to sell well, Be turned their attention to BeOS.

    In the 1990s, Apple was looking for a new operating system to replace the aging Classic Mac OS. The two contenders were Gassée’s BeOS and Steve Jobs’ NeXTSTEP. In the end, Apple went with NeXTSTEP. Be tried to license BeOS to hardware makers, but in at least one case Microsoft threatened to revoke a manufacturer’s Windows license if they sold BeOS machines. Eventually, Be Inc was sold to Palm in 2001 for $11 million. BeOS was subsequently discontinued.


  • FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid
    Seven years ago, we started building Tutanota, an encrypted email service with a strong focus on security, privacy and open source. Long before the Snowden revelations, we felt there was a need for easy-to-use encryption that would allow everyone to communicate online without being snooped upon.

    As developers, we know how easy it is to spy on email that travels through the web. Email, with its federated setup is great, and that's why it has become the main form of online communication and still is. However, from a security perspective, the federated setup is troublesome—to say the least.

    End-to-end encrypted email is difficult to handle on desktops (with key generation, key sharing, secure storing of keys and so on), and it's close to impossible on mobile devices. For the average, not so tech-savvy internet user, there are a lot of pitfalls, and the probability of doing something wrong is, unfortunately, rather high.


  • Spinnaker is the next big open source project to watch
    Spinnaker is an open source continuous delivery (CD) platform from Netflix and Google, though it now also has the backing of other major software companies. Spinnaker 1.0 launched last July, so it’s not the newest kid on the block, but the service is slowly but surely gaining momentum now, with users that include Target, Adobe, Daimler and Capital One, as well as a growing ecosystem of vendors who support it.

    Today, after a few years of working on the project without any formal structure in place, the Spinnaker project announced that it is growing up and putting a formal governance system in place at the project’s second community summit in Seattle this week.


  • Web Browsers



    • Andy Wingo: heap object representation in spidermonkey
      I was having a look through SpiderMonkey's source code today and found something interesting about how it represents heap objects and wanted to share.

      I was first looking to see how to implement arbitrary-length integers ("bigints") by storing the digits inline in the allocated object. (I'll use the term "object" here, but from JS's perspective, bigints are rather values; they don't have identity. But I digress.) So you have a header indicating how many words it takes to store the digits, and the digits follow. This is how JavaScriptCore and V8 implementations of bigints work.

      Incidentally, JSC's implementation was taken from V8. V8's was taken from Dart. Dart's was taken from Go. We might take SpiderMonkey's from Scheme48. Good times, right??

      When seeing if SpiderMonkey could use this same strategy, I couldn't find how to make a variable-sized GC-managed allocation. It turns out that in SpiderMonkey you can't do that! SM's memory management system wants to work in terms of fixed-sized "cells". Even for objects that store properties inline in named slots, that's implemented in terms of standard cell sizes. So if an object has 6 slots, it might be implemented as instances of cells that hold 8 slots.

      Truly variable-sized allocations seem to be managed off-heap, via malloc or other allocators. I am not quite sure how this works for GC-traced allocations like arrays, but let's assume that somehow it does.


    • Mozilla



      • Pocket Offers New Features to Help People Read, Watch and Listen across iOS, Android and Web
        We know that when you save something to Pocket, there is a reason why. You are saving something you want to learn about, something that fascinates you, something that will help shape and change you. That’s why we’ve worked hard to make Pocket a dedicated, quiet place to focus so that you can come back and absorb what you save when you are ready.

        The trick is, in the reality of our lives, it’s not always that simple. Our lives don’t always have a quiet moment with a coffee cup in hand with Pocket in the other. We have work to do, kids to take care of, school to attend. But with Pocket we’ve always worked hard to ensure that Pocket gives you tools to fit content around your life, freeing you from the moment of distraction and putting you in control.




  • Databases



    • PostgreSQL 11 RC1 Released!
      The PostgreSQL Global Development Group announces that the first release candidate of PostgreSQL 11 is now available for download. As a release candidate, PostgreSQL 11 RC 1 should be identical to the initial release of PostgreSQL 11, though some more fixes may be applied prior to the general availability of PostgreSQL 11.


    • PostgreSQL 11 RC1 Released Ahead Of Stable Release Next Week
      - One week from today will hopefully mark the release of the PostgreSQL 11 stable database server release.

      PostgreSQL 11.0 delivers more performance tuning optimizations with that work being never-ending. There are also various other improvements.




  • Pseudo-Open Source (Openwashing)



  • BSD



    • OpenBSD's unveil()
      One of the key aspects of hardening the user-space side of an operating system is to provide mechanisms for restricting which parts of the filesystem hierarchy a given process can access. Linux has a number of mechanisms of varying capability and complexity for this purpose, but other kernels have taken a different approach. Over the last few months, OpenBSD has inaugurated a new system call named unveil() for this type of hardening that differs significantly from the mechanisms found in Linux.

      The value of restricting access to the filesystem, from a security point of view, is fairly obvious. A compromised process cannot exfiltrate data that it cannot read, and it cannot corrupt files that it cannot write. Preventing unwanted access is, of course, the purpose of the permissions bits attached to every file, but permissions fall short in an important way: just because a particular user has access to a given file does not necessarily imply that every program run by that user should also have access to that file. There is no reason why your PDF viewer should be able to read your SSH keys, for example. Relying on just the permission bits makes it easy for a compromised process to access files that have nothing to do with that process's actual job.




  • FSF/FSFE/GNU/SFLC



    • FSF statement on Microsoft joining the Open Invention Network
      Microsoft's announcements on October 4th and 10th, that it has joined both LOT and the Open Invention Network (OIN), are significant steps in the right direction, potentially providing respite from Microsoft's well-known extortion of billions of dollars from free software redistributors.

      These steps, though, do not by themselves fully address the problem of computational idea patents, or even Microsoft's specific infringement claims. They do not mean that Microsoft has dismantled or freely licensed its entire patent portfolio. The agreements for both LOT and OIN have substantial limitations and exclusions. LOT only deals with the problem of patent trolling by non-practicing entities. OIN's nonaggression agreement only covers a defined list of free software packages, and any OIN member, including Microsoft, can withdraw completely with thirty days notice.

      With these limitations in mind, FSF welcomes the announcements, and calls on Microsoft to take additional steps to continue the momentum toward a complete resolution:

      1) Make a clear, unambiguous statement that it has ceased all patent infringement claims on the use of Linux in Android.


    • The FSF Wants Microsoft To Do More To Help Fight Software Patents
      Microsoft joining the Open Invention Network comes a week after the Redmond company joined LOT Network as well to help fight patent trolls.


    • FSF Issues Statement on Microsoft Joining OIN, RaspEX Build 181010 Now Available for Raspberry Pi 3 Model B+, OpenShift Container Platform 3.11 Released, Kernel Security Update for CentOS 6 and RHEL 6, and Qt Creator 4.8 Beta Is Out
      Following the news of Microsoft joining the Open Invention Network, the Free Software Foundation issued a statement calling on Microsoft to "take additional steps to continue the momentum toward a complete resolution". These steps include "make a clear, unambiguous statement that it has ceased all patent infringement claims on the use of Linux in Android"; "work within OIN to expand the definition of what it calls the 'Linux System' so that the list of packages protected from patents actually includes everything found in a GNU/Linux system"; and "use the past patent royalties extorted from free software to fund the effective abolition of all patents covering ideas in software."


    • ​What does Microsoft joining the Open Invention Network mean for you?
      Before going further, let me say: I am not a lawyer. Heck, I'm not even my old friend Groklaw's Pamela "PJ" Jones. But I have spoken to numerous intellectual property (IP) attorneys, and this is the gist of what the deal means. For real advice, though, consult your IP-savvy lawyer.

      First, all -- yes, all -- of Microsoft's patents are covered by the OIN deal. Microsoft has licensed its entire patent portfolio to OIN licensees covering the Linux System. Yes, Microsoft has 90,000 total patents, but only 60,000 have been approved to date. The 30,000 remaining are still making their way through the Patent and Trademark Office. As to-be-issued patents, these cannot be asserted. Once they are issued, Microsoft intends to license those, as well.




  • Programming/Development



    • digest 0.6.18


      Earlier today, digest version 0.6.18 arrived on CRAN. It will get uploaded to Debian in due course.

      digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64 and murmur32 algorithms) permitting easy comparison of R language objects.


    • Did your first pull request get accepted?


    • Clazy 1.4 released
      Clazy 1.4 has been released and brings 10 new checks.

      Clazy is a clang compiler plugin which emits warnings related to Qt best practices. We’ll be showing Clazy at Qt World Summit in Boston, Oct 29-30, where we are a main Sponsor.






Leftovers



  • I'd like to interject for a moment
    Mastodon is merely an implementation of Fediverse. As it happens, only one of my Fediverse channels runs on Mastodon (the Japanese language one at Pawoo). Main one still uses Gnusocial, the anime one was on Gnusocial and migrated to Pleroma a few months ago. All of them are communicating using the OStatus protocol, although a movement is afoot to switch to ActivityPub. Hopefully it's more successful than the migration from RSS to Atom was.

    Yet, I noticed that a lot of people fall to the idea that Mastodon is an exclusive brand. Rarely one has to know or care what MTA someone else uses. Microsoft was somewhat successful in establishing Outlook as such a powerful brand to the exclusion of the compatible e-mail software. The maintainer of Mastodon is doing his hardest to present it as a similar brand, and regrettably, he's very successful at that.


  • Security



    • Revenge of the modems
      Back in the halcyon days of the previous century, those with a technical inclination often became overly acquainted with modems—not just the strange sounds they made when connecting, but the AT commands that were used to control them. While the AT command set is still in use (notably for GSM networks), it is generally hidden these days. But some security researchers have found that Android phones often make AT commands available via their USB ports, which is something that can potentially be exploited by rogue USB devices of various sorts.

      A paper [PDF] that was written by a long list of researchers (Dave (Jing) Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Christie Ruales, Patrick Traynor, Hayawardh Vijayakumar, Lee Harrison, Amir Rahmati, Michael Grace, and Kevin R. B. Butler) and presented at the 27th USENIX Security Symposium described the findings. A rather large number of Android firmware builds were scanned for the presence of AT commands and many were found to have them. That's not entirely surprising since the baseband processors used to communicate with the mobile network often use AT commands for configuration. But it turns out that Android vendors have also added their own custom AT commands that can have a variety of potentially harmful effects—making those available over USB is even more problematic.

      They started by searching through 2018 separate Android binary images (it is not clear how that number came about, perhaps it is simply coincidental) from 11 different vendors. They extracted and decompressed the various pieces inside the images and then searched those files for AT command strings. That process led to a database of 3500 AT commands, which can be seen at the web site for ATtention Spanned—the name given to the vulnerabilities.


    • XFS, LSM, and low-level management APIs
      The Linux Security Module (LSM) subsystem allows security modules to hook into many low-level operations within the kernel; modules can use those hooks to examine each requested operation and decide whether it should be allowed to proceed or not. In theory, just about every low-level operation is covered by an LSM hook; in practice, there are some gaps. A discussion regarding one of those gaps — low-level ioctl() operations on XFS filesystems — has revealed a thorny problem and a significant difference of opinion on what the correct solution is.

      In late September Tong Zhang pointed out that xfs_file_ioctl(), the 300-line function that dispatches the various ioctl() operations that can be performed on an XFS filesystem, was making a call to vfs_readlink() without first consulting the security_inode_readlink() LSM hook. As a result, a user with the privilege to invoke that operation (CAP_SYS_ADMIN) could read the value of a symbolic link within the filesystem, even if the security policy in place would otherwise forbid it. Zhang suggested that a call to the LSM hook should be added to address this problem.
    • Security updates for Thursday
    • US Weapons Systems Are Easy Cyberattack Targets, New Report Finds

      Specifically, the report concludes that almost all weapons that the DOD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities. “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” the report states. And yet, perhaps more alarmingly, the officials who oversee those systems appeared dismissive of the results.

    • Election security groups warn of cyber vulnerabilities for emailed ballots

      Experts from both the private and public sector have warned about the vulnerabilities of online voting for years, but the report comes at a time of heightened alarm about election interference from hostile nation-states or cyber criminals.



    • How to level up your organization's security expertise
      IT security is critical to every company these days. In the words of former FBI director Robert Mueller: “There are only two types of companies: Those that have been hacked, and those that will be.”

      At the same time, IT security is constantly evolving. We all know we need to keep up with the latest trends in cybersecurity and security tooling, but how can we do that without sacrificing our ability to keep moving forward on our business priorities?

      No single person in your organization can handle all of the security work alone; your entire development and operations team will need to develop an awareness of security tooling and best practices, just like they all need to build skills in open source and in agile software delivery. There are a number of best practices that can help you level up the overall security expertise in your company through basic and intermediate education, subject matter experts, and knowledge-sharing.




  • Transparency/Investigative Reporting



    • WikiLeaks Publishes Alleged 'Highly Confidential' Amazon Document
      Whistleblowing platform WikiLeaks said today that it had obtained and published a “highly confidential” document pilfered from technology company Amazon.

      Naming the release “Amazon Atlas,” the anti-secrecy organization claimed the document, dated late 2015, provided unprecedented insight into the locations of Amazon’s data centers and highlighted the company’s ongoing relationship with the U.S. intelligence community.

      “Until now, this cloud infrastructure controlled by Amazon was largely hidden, with only the general geographic regions of the data centers publicized,” WikiLeaks said in a release.

      The alleged Amazon document itself—headed Data Center Locations—comes with the top-line notice: “Warning: This information is not public and is classed as Highly Confidential!”

      In its post on Thursday, Wikileaks wrote that “the document…lists the addresses and some operational details of over 100 data centers spread across fifteen cities in nine countries.”

      The website posted a link claiming to show a map of where Amazon’s data centers are located.


    • AmazonAtlas
      Amazon is the leading cloud provider for the United States intelligence community. In 2013, Amazon entered into a $600 million contract with the CIA to build a cloud...


    • Swiss Top Court Knocks Down Bid to Extend Banking Secrecy
      Switzerland's highest court ruled on Wednesday that prosecutors cannot extend Swiss banking secrecy rules to all corners of the globe to pursue whistleblowers and other leakers at foreign subsidiaries.

      The Federal Supreme Court by a 3-2 majority rejected an appeal by Zurich prosecutors in a 14-year legal battle involving former private banker Rudolf Elmer, who had been acquitted of breaking secrecy laws.

      The case underscored how Swiss authorities continue to pursue people who leak client data even as strict banking secrecy erodes in an era of automatic sharing of account data among tax authorities to catch cheats.


    • Swiss top court knocks down bid to extend banking secrecy


    • Switzerland's Top Court Knocks Down Bid to Extend Banking Secrecy


    • Swiss court clears ex-banker who gave secrets to WikiLeaks


    • ‘Silk Road’ Lawyer Defending WikiLeaks Against Dems’ Lawsuit
      WikiLeaks has brought in some legal muscle to defend it from a multimillion-dollar lawsuit filed by the Democratic National Committee over Russia’s 2016 election-interference campaign.

      New York attorney Joshua Dratel made a name for himself representing high-profile defendants in complex federal cases, including terrorism prosecutions, and he was the first civilian lawyer to represent a prisoner at Guantanamo Bay. He’s best known for defending Ross Ulbricht, who, as “Dread Pirate Roberts” founded the notorious darknet drug market Silk Road. In 2015, a jury convicted Ulbricht of money laundering, hacking, narcotics trafficking, and other charges, and Ulbricht was sentenced to life in prison.


    • The Trump Campaign Says Exploiting Hacked Emails Is Free Speech
      In a motion to dismiss a new lawsuit accusing President Donald Trump’s campaign team of illegally conspiring with Russian agents to disseminate stolen emails during the election, Trump campaign lawyers have tried out a new defense: free speech.

      The lawsuit, filed in July in the Eastern District of Virginia by two donors and one former employee of the Democratic National Committee, alleges that the Trump campaign, along with former Trump adviser Roger Stone, worked with Russia and WikiLeaks to publish hacked DNC emails, thereby violating their privacy. (Stone is referenced throughout the lawsuit but is not a named defendant.)


    • Silk Road lawyer to defend WikiLeaks in election interference suit


      The lawyer who represented the man behind darknet market Silk Road is to defend WikiLeaks against a lawsuit from the Democratic National Committee (DNC) connected to Russian interference in the 2016 election.

      Joshua Dratel has notified the judge overseeing the DNC's federal lawsuit against WikiLeaks that he would be representing the controversial organisation in court.

      In a statement tweeted by WikiLeaks, Mr Dratel said: "The lawsuit against WikiLeaks is entirely without merit, and this case presents critical First Amendment issues that we look forward to litigating."


    • 'Free Speech': Trump Campaign Defends WikiLeaks' Release of Hacked DNC Emails
    • Trump campaign claims WikiLeaks not liable for releasing hacked emails
    • The Fate of Julian Assange: ClipArt with Boris Malagurski
      After years cooped up in Ecuador's London embassy, it's being rumoured that WikiLeaks founder, Julian Assange will soon be kicked out. Boris Malagurski explains what might be waiting for him and why the persecution of Assange doesn't bode well for freedom of speech.






  • Finance



    • Squalid London
      On the face of it, the Unexplained Wealth Order against Zamira Hajiyeva shows the UK cracking down on the torrent of corrupt money that gushes in to the City of London every single second. But dig deeper.

      Hajiyev’s husband had fallen out of favour with the appallingly kleptocratic Aliev regime in Azerbaijan – a dictatorship whose corruption can be measured by the infallible indicator that Tony Blair is currently working for it. Hundreds of billions have been plundered from Azerbaijan’s oil revenue by the Azeri oligarchs.

      So is the British government going after the very substantial assets in the UK of the ruling Aliev family? No. Is it going after the very substantial assets in the UK of the oligarchs surrounding the Aliev family? No. It is only going after almost the only Azeri oligarch who fell foul of the regime, and is taking an action which the Baku dictator will applaud rather than decry.

      While her father was still dictator of Uzbekistan, Gulnara Karimova was subject to seizure of looted wealth and investigation in Switzerland, France and Sweden, among others. In the UK, where she had a home and very substantial assets, no action whatsoever.

      What are we to make of Theresa May’s huffing and puffing about the Skripal affair, when the UK’s richest resident is Alisher Usmanov, who is Vladimir Putin’s old flatmate, right hand man in the media and business world and chairman of Gazprominvestholdings? There is no chance whatsoever any action will be taken against Usmanov, who acquired his assets in the most dubious manner imaginable. Usmanov is far too entrenched in the City.




  • AstroTurf/Lobbying/Politics



    • With Hurricane Michael Barreling Down on Gulf Coast, Florida Unconstitutionally Refuses to Extend Voter Registration Deadline
      Florida is putting tens of thousands of people at risk of disenfranchisement for no good reason.

      Voters should not have to risk their lives in order to register to vote. Yet, in Florida, that's exactly the position that the state has chosen to put tens of thousands of people in. Despite the state’s Oct. 9 deadline to register to vote arriving amidst a looming Category 4 hurricane, Florida has refused to grant an adequate extension for Floridians to register to vote.

      Hurricane Michael threatens to lash Florida with a life-threatening storm surge, maximum wind speeds of 145 mph, and flash floods. Prolonged power outages in the Gulf Coast region are all but assured. Gov. Scott has declared a state of emergency in 35 counties, calling Hurricane Michael a “deadly threat” and a “monstrous storm” with a forecast that “keeps getting worse.” Evacuation orders are in place for parts of 18 counties, with National Guard search-and-rescue teams being deployed.

      By all accounts, including the governor’s, this was no time for anyone to stroll into their local elections office to fill out a voter registration form. Under state law, Florida has the option of simply extending the deadline, but the state has refused to do so. As a result, tens of thousands of voters may find themselves unable to register in time and therefore unable to vote in the November election.

      Florida’s refusal to extend the deadline statewide is not just nonsensical, it violates voters’ 14th Amendment rights, which protect against unnecessary burdens on the right to vote. Late last night, we filed a federal lawsuit, along with the ACLU of Florida and Lawyers’ Committee for Civil Rights Under Law, seeking a statewide extension of the voter registration deadline.
    • ‘We’ve Seen the Total Failure of Repressive Policies’
      The September 20 Columbus Dispatch ran an op-ed from Jim Carroll, identified as “deputy director of national drug control policy and President Trump’s nominee for drug czar.” Carroll evinced concern for the “lives lost” to drug overdoses and empathy for the “loved ones devastated by their loss,” as well as “those in recovery”—all by way of explaining why he was

      in Columbus to meet with law enforcement officers from Ohio and across the Midwest about working together to stop heroin, fentanyl, cocaine, methamphetamines and other drugs from entering our communities and ruining people’s lives.

      That immediate recourse to a policing response is writ large in Trump’s “call to action” on what his administration calls the “World Drug Problem,” but it doesn’t reflect the direction of much of the actual world. So how much impact can that disconnect have?

      Hannah Hetzer is senior international policy manager at Drug Policy Alliance; she joins us now by phone from here in town. Welcome to CounterSpin, Hannah Hetzer.
    • Texas Cops Seize Anti-GOP Sign From Homeowner's Lawn
      Stupid unconstitutional stuff is happening in Texas. "Again?" I hear you ask, irritated but not surprised. "Yes," I repeat. "In Texas, and involving local politicians and law enforcement." "Again?" I hear you say (again) and the circle of commentary life continues uninterrupted.

      A resident of Hamilton, Texas, posted a political sign in her front yard composed of a white label board remix of political cartoonist Ann Telnaes' remix of the GOP logo.
    • Confusion for Prairie View A&M students on the last day for voter registration
      Thousands of student voter registrations at Prairie View A&M could have the wrong address listed, causing confusion on campus as to whether the registrations are valid.

      The problem goes back to how students get their mail.

      The university does not have individual mailboxes for students on campus. There is a single post office box for all students in the five university dormitories. So, getting students to list a specific mailing address on registration applications was difficult.

      According to Waller County Elections Administrator Christy Eason, a group of officials at the university, the county and the local political parties agreed in 2016 to have students write down 700 or 100 University Drive as their residence when registering to vote. One is the address for the university, the other is the address for the campus bookstore.
    • Common Wants You To Vote Smart Justice in 2018
      This Election Day, voters have an opportunity to hold politicians accountable for their positions on criminal justice reform

      The ACLU launched its Campaign for Smart Justice with a simple but daring goal: cut the incarceration rate in this country by 50 percent and reduce the racial disparities in our prisons and jails. But we can’t get there if elected officials stand in our way.

      Politicians created mass incarceration, and they can end mass incarceration. Most politicians, however, need public pressure to do the right thing, which is why voters have an opportunity to send a real message come Nov. 6.

      To arm voters with the information they need to make the right choice on Election Day, the ACLU launched Vote Smart Justice, a nonpartisan voter education drive to give Americans information about where candidates for state and federal office stand on key criminal justice reform issues, like bail reform, the war on drugs, and police accountability. At VoteSmartJustice.org, users can access information on candidates’ voting history and public statements on criminal justice reform in more than 1,000 federal, state, and local elections. To find out where the candidates in your district stand, all you have to do is go to VoteSmartJustice.org and enter your zip code.




  • Censorship/Free Speech



    • In defence of deadnaming

      For Mr Linehan has now found himself on the receiving end of both police pressure and Twittermob fury simply for something he said; simply for his beliefs; simply because he dissents from the increasingly eccentric and authoritarian ideology of transgenderism.



    • Facebook, Whose Support Made FOSTA Law, Now Sued For Facilitating Sex Trafficking Under FOSTA
      If you don't remember, the momentum around FOSTA/SESTA was that it was going nowhere, until suddenly Facebook did an about face and abruptly (and strongly) supported the bill, leading Congress to incorrectly believe that the tech industry now supported the bill. Facebook's Sheryl Sandberg, who became the public face of supporting the bill, insisted that there were no problems with the bill, that it wouldn't create any real problems for internet companies, and that it would be useful in the fight against sex trafficking.

      At the time, we pointed out that under the broad definitions in the law, it certainly appeared that Facebook was potentially violating the bill in multiple ways. Even if it turned out that courts rule that the vague language of FOSTA should be construed much more narrowly, the damage is already done, as some companies will have to battle the issue out in court.




  • Privacy/Surveillance



    • The Google+ Bug Is More About The Cover-Up Than The Crime
      Earlier this week, Google dropped a bombshell: in March, the company discovered a “bug” in its Google+ API that allowed third-party apps to access private data from its millions of users. The company confirmed that at least 500,000 people were “potentially affected.”

      Google’s mishandling of data was bad. But its mishandling of the aftermath was worse. Google should have told the public as soon as it knew something was wrong, giving users a chance to protect themselves and policymakers a chance to react. Instead, amidst a torrent of outrage over the Facebook-Cambridge Analytica scandal, Google decided to hide its mistakes from the public for over half a year.


    • As Everyone Knows, In The Age Of The Internet, Privacy Is Dead -- Which Is Awkward If You Are A Russian Spy
      Judging by the headlines, there are Russian spies everywhere these days. Of course, Russia routinely denies everything, but its attempts at deflection are growing a little feeble. For example, the UK government identified two men it claimed were responsible for the novichok attack on the Skripals in Salisbury. It said they were agents from GRU, Russia's largest military intelligence agency, and one of several groups authorized to spy for the Russian government. The two men appeared later on Russian television, where they denied they were spies, and insisted they were just lovers of English medieval architecture who were in Salisbury to admire the cathedral's 123-meter spire.

      More recently, Dutch military intelligence claimed that four officers from GRU had flown into the Netherlands in order to carry out an online attack on the headquarters of the international chemical weapons watchdog that was investigating the Salisbury poisoning. In this case, the Russian government didn't even bother insisting that the men were actually in town to look at Amsterdam's canals.




  • Civil Rights/Policing

    • Amazon ditched AI recruiting tool that favored men for technical jobs

      That is because Amazon’s computer models were trained to vet applicants by observing patterns in résumés submitted to the company over a 10-year period. Most came from men, a reflection of male dominance across the tech industry.

      In effect, Amazon’s system taught itself that male candidates were preferable. It penalized résumés that included the word “women’s”, as in “women’s chess club captain”. And it downgraded graduates of two all-women’s colleges, according to people familiar with the matter.



    • The Public Deserves to Know Whether They Can Trust Police Officers Who Testify in Court


      The system is already imperfect, and this secrecy makes it worse. On multiple occasions, the state has failed to inform a criminal defendant that an officer involved in their case was on the list. Furthermore, a single corrupt officer may affect dozens of cases. The firing of a police detective in Manchester, New Hampshire, forced prosecutors to drop 35 felony drug cases. In a separate incident, after two officers were fired for allegedly lying about a case, 20 other cases were dropped.



    • I Was Reported to Police as an 'Agitated Black Male' — for Simply Walking to Work
      A Black employee at the University of Massachusetts Amherst opens up about the racial profiling incident that rocked the campus and upended his life.

      Last month, I walked across the campus of the University of Massachusetts Amherst to get to work. It was an ordinary stroll. But to a bystander, the sight of an educated Black professional going about his day was apparently cause for alarm.

      That bystander called the police. My workplace was shut down. I was, and remain, humiliated.

      Racial profiling at predominantly white institutions is nothing new, and this wasn’t the first time that I had to grit my teeth through a degrading interaction with police at the university. But this time, it made the news.

      The day had started off normally, with my morning exercise routine at the campus recreation center before work. I was still in a positive mood during my daily stroll from the campus recreation center to my office at the Whitmore Administration Building, where I work as a case manager for the university’s disability services office. Over the years, I’ve helped hundreds of UMass Amherst students with physical and intellectual disabilities get the resources they deserve. It’s a role I take pride in, and I give it my all every day.

      But on September 14, campus police were waiting for me when I arrived at the reception desk at Whitmore. I had no idea why, but I knew it couldn’t be good. My heart started pounding.

      Two university detectives sat me down me in an office and closed the door. Bewildered, I asked what was happening. They refused to answer as they peppered me with questions.

      “What time did you wake up?” “What were you doing at the campus recreation center?” “Did you come into the building agitated?” I felt confused, powerless, and scared, but I made sure to maintain my composure. I remembered that even unarmed Black people disproportionately get killed during police encounters, and it was incumbent on me as an innocent Black man to show that I wasn’t a threat.


    • New Laws Will Force Transparency On California Law Enforcement Agencies Starting Next Year
      Starting next year, California law enforcement agencies will finally be subject to a bit more scrutiny and accountability. For years, law enforcement officers have been able to hide misdeeds behind super-restrictive public records laws -- laws so restrictive even law enforcement's best friends (i.e., prosecutors) couldn't see them.

      For the general public, this meant near total opacity. For criminal defendants, this meant rarely having the chance to impeach an officer's testimony by offering evidence of past misconduct or routine untruthfulness.

      Over the past few years, efforts have been made to roll back the restrictions built into California's public records laws. All of these efforts died on the way to the governor's desk, most riddled with rhetorical bullets fired by California police unions who claimed making this information public would endanger the lives of bad cops.

      [...]

      These arguments are pathetic. Anyone arguing their critics are serving up criticism "for the clicks" has already lost the battle. The best way to combat a "false" narrative is openness and transparency. If law enforcement agencies really wanted to set the record straight following a shooting, they'd proactively dump footage and documents. Instead, these agencies spent years hiding behind the state's public records laws, only making long-delayed appearances to claim people criticizing an officer's actions were wrong and were being misled by public enemy #1, the Fourth Estate.

      It's likely good law enforcement officers support this transparency. After all, nothing to hide is nothing to fear, as we've been told when rights are about to be violated. Trust is built through transparency and accountability. Law enforcement agencies have never been fans of either, which has directly resulted in the destroyed community relationships they show so little interest in fixing.


    • Citizen-Led Truth Commission Seeks Justice For Survivors Of North Carolina Torture Flights
      Mohamedou Ould Slahi was shackled and blindfolded. Then the men in black stripped him naked and placed him in a diaper.

      Although his eyes were covered, Slahi could hear the sound of aircraft engines whirring around him. One of the planes came to shuttle him to an United States air base in Afghanistan for interrogation.

      “I was so exhausted, sick, and tired that I couldn’t walk, which compelled the escort to pull me up the steps like a dead body,” Slahi wrote in Guantánamo Diary, a firsthand account of his rendition and subsequent 14-year imprisonment at the U.S. military detention facility at Guantánamo Bay.

      “I was crying silently and without tears,” he recalled. “For some reason, I gave all my tears at the beginning of the expedition, which was like the boundary between life and death.”

      Slahi’s violent apprehension was not unique among other extraordinary rendition operations conducted during the first years of the war on terrorism. Nor was it unusual for terrorism detainees like him to be taxied to torture onboard the same Gulfstream V aircraft—tail number N379P— that Slahi called his “special” plane.

      What people were surprised about, both then and now, was that the rendition flights departed from a small airport in rural North Carolina and were conducted by Aero Contractors Limited, a private front company for the Central Intelligence Agency.

      Now, sixteen years after Slahi’s rendition, members of a citizen-led truth commission in North Carolina hope that a new report will bring him and other survivors one step closer to holding the perpetrators of their torture accountable.


    • Publishing Police Press Releases as Local ‘Crime’ Reporting
      After right-wing billionaire Joe Ricketts shut down the local news site DNAinfo last year, one week after the outlet’s New York City workers unionized, there was justifiable outrage. The move highlighted the dangers of corporate and billionaire-backed media capriciously operating under the umbrella of the super wealthy, who would fold rather than recognize basic labor rights.

      After the initial shock, employees at DNAinfo Chicago announced they were effectively re-opening the brand under a new name, Block Club Chicago, with a new funding model—one seeded by an inspired KickStarter that raised over $180,000. Founded as a nonprofit and underwritten by foundation support from groups like Civil, Block Club Chicago was to usher in a new era of local reporting, promising “nonpartisan and essential coverage of Chicago’s diverse neighborhoods.”

      Except Block Club Chicago suffers, particularly on the issue of “crime” reporting, from the same stunted ethical scope all other local corporate media does. Again and again, Block Club’s “crime” reporting consists of simply copy-and-pasting Chicago police blotters about alleged crimes, with no effort to report any side other than the police’s. When they do engage in actual reporting, the vast majority of the time, it’s just more police stenography.


    • When Police Misuse Their Power to Control News Coverage, They Shouldn’t Be Allowed To Use Probable Cause As a Shield Against Claims of First Amendment Violations
      Journalists face increasingly hostile conditions covering public protests, presidential rallies, corruption, and police brutality in the course of work as watchdogs over government power. A case before the U.S. Supreme Court threatens press freedoms even further by potentially giving the government freer rein to arrest media people in retaliation for publishing stories or gathering news the government doesn’t like.

      EFF joined the National Press Photographers Association and 30 other media and nonprofit free speech organizations in urging the court to allow lawsuits by individuals who show they were arrested in retaliation for exercising their rights under the First Amendment—for example, in the case of the news media by newsgathering, interviewing protestors, recording events—even if the police had probable cause for the arrests. Instead of foreclosing such lawsuits, we urged the court to adopt a procedure whereby when there’s an allegation of First Amendment retaliation, the burden shifts to police to show not only the presence of probable cause, but that they would have made the arrests anyway, regardless of the targets’ First Amendment activities. EFF and its partners filed a brief with the Supreme Court October 9, 2018.

      The court’s decision in this case may well have far-reaching implications for all First Amendment rights, including freedom of the press. Examples abound of journalists and news photographers being arrested while doing their jobs, swept up by police as they try to cover violent demonstrations and confrontations with law enforcement—where press scrutiny is most needed. Last year 34 journalists were arrested while seeking to document or report news. Nine journalists covering violent protests around President Trump’s inauguration were arrested. Police arrested reporters covering the Black Lives Matter protests in Ferguson, Missouri. Ninety journalists were arrested covering Occupy Wall Street protests between 2011 and 2012.
    • DHS Investigators Argue The Border Warrant Exception Covers Searches Performed Miles From The Border
      The DHS is back in court, arguing for its "right" to expand border searches to cover the entire country. The case in which Homeland Security investigators are making this dubious claim involves the placement of a GPS device on a truck crossing the Canadian border… which FBI agents then tracked all the way down into California.

      The "bust" carried out in Southern California turned up plenty of legal frozen pastries and four bags of a cocaine-like substances known as regular-ass sugar. The FBI posited this was a trial run for actual drugs and chose to take its collected evidence to court, where it was promptly thrown out by the presiding judge. As the judge saw it, tracking a vehicle inland requires a warrant. The "border exception" to warrant requirements can't be expanded to cover searches performed miles from the 100-mile "Constitution-free zone."
    • Citizens Count on the Illinois Freedom of Information Act but Keep Getting Shut Out
      Police and other government agencies have offered a series of reasons why Young can’t see certain records from the investigations into Molly’s death. At times they’ve claimed the information should remain under wraps to protect the privacy of his daughter, even though she’s dead and he’s the executor of her estate. On other occasions they’ve simply ignored his requests and disregarded four different rulings from the attorney general’s office.

      In 2009, Madigan and state legislators crafted a new law they promised would help citizens like Young by improving access to government records and proceedings. Under one of its key provisions, the attorney general’s office was given authority to interpret and enforce the state Freedom of Information and Open Meetings acts. Since then, thousands of citizens, mostly individuals but also journalists and businesses, have appealed for help from the office’s public access counselor, known as the PAC. As she prepares to leave office after 16 years, Madigan has touted her work in promoting transparency as one of her signature achievements.


    • Unprotected
      An acclaimed American charity said it was saving some of the world’s most vulnerable girls from sexual exploitation. But from the very beginning, girls were being raped.

      [...]

      In matching neckerchiefs, some sang, some danced. One, 15 years old but betraying no nerves, gave a speech: “There is a saying in Liberia. Nothing good can ever come out of West Point.” Their home was an infamous sandy limb protruding from the city out into the sea, where over 70,000 of the world’s poorest people lived in a labyrinth of zinc-topped houses. The girl spoke of friends her age with multiple babies, friends forced to sell their bodies. “I could have been one of these girls, but I am not. I am not, because More Than Me believed in me.”

      Meyler wanted to save these girls from sexual exploitation. She wanted to educate them, empower them, keep them safe. That’s why she had founded a charity called More Than Me. When the Liberian president, who had won a Nobel Peace Prize for her fight for women’s safety, was asked that day what she wanted from those keen to help her country, she answered, “To expand Katie Meyler’s initiative to as many communities as possible.”




  • Internet Policy/Net Neutrality



    • Ajit Pai’s 5G plans make it harder for small ISPs to deploy broadband

      Pai's FCC says making the license areas bigger will help carriers use this spectrum for large 5G mobile networks. But small ISPs that would use the 3.5GHz band to deliver Internet service to rural homes say the change could prevent them from buying spectrum.



    • 34 State AGs Demand The FCC Do More To End Annoying Robocalls
      The trend continues skyward despite the fact that the FCC passed new rules in 2015 expanding the ability of telecommunication companies to block robocalls and spam messages at the request of customers. And in 2016, the agency created a "robocalling strike force" tasked with crafting solutions for the problem. Additional rules dropped in 2017 taking aim at robocall spoofing.

      So why is this still a problem? For one thing, cheap, internet-routed calling and spoofing options have outpaced both legal and technical solutions, leaving regulators and lawmakers in a perpetual race to catch up from behind. Flimsy security standards embedded in most caller ID systems also make spoofing phone numbers relatively trivial. Enforcement is also inconsistent (in part because smaller robocallers are often much easier to defeat in court than major companies), and years of apathy, blame shifting, and tap dancing by major carriers like AT&T certainly didn't help.




  • DRM



    • EFF To Texas AG: Epson Tricked Its Customers With a Dangerous Fake Update
      If you've ever bought an inkjet printer, you know just how much the manufacturers charge for ink (more than vintage Champagne!) and you may also know that you can avoid those sky-high prices by buying third-party inks, or refilled cartridges, or kits to refill your own cartridges.

      The major printer manufacturers have never liked this very much, and they've invented a whole playbook to force you to arrange your affairs to suit their shareholders rather than your own needs, from copyright and patent lawsuits to technological countermeasures that try to imbue printers with the ability to reject ink unless it comes straight from the manufacturer.

      But in the age of the Internet, it's possible for savvy users to search for printers that will accept cheaper ink. A little bit of research before you buy can save you a lot of money later on.

      Printer companies know that openly warring with their customers is a bad look, which is why they've invented a new, even sleazier tactic for locking their customers into pricey ink: they trick their customers.




  • Intellectual Monopolies



    • German court overturns PIs in SPC Article 3C ruling
      The Dusseldorf District Court has overturned several preliminary injunctions against generics companies after ruling that a supplementary protection certificate did not meet SPC Regulation Article 3C requirements

      In the latest development in the Article 3 saga, the Dusseldorf District Court in Germany has overturned multiple preliminary injunctions after ruling that a combination product of ezetimibe and simvastatin likely did not meet SPC Regulation requirements.


    • Trademarks



      • Hashtag trade marks – #whatyouneedtoknow
        Brands must become hashtag-savvy because they enable direct engagement with modern consumers on social media. But how can they be IP-savvy, too?


      • Titleist Goes After Another Parody Golf Gear Company After Settling With The First
        A little over a year ago, we discussed how Acushnet, the company that owns brands like Titleist and FootJoy in the golf gear industries, had sued I Made Bogey, a company that created parody golf gear. Crude parodies, at that, with the headlining product being a hat styled after Titleist's famous golf hat that read "Titties" instead of "Titleist." While Acushnet had brought claims of trademark infringement and dilution, we noted at the time both that these claims were fairly specious -- the parody only works in all of this if you are clear on the difference between golf's waspy culture and I Made Bogey's sophmoric take on it -- and that the case would almost certainly be settled out of court. It's not like I Made Bogey had the same gobs of money to throw at the case as Acushnet, after all.




    • Copyrights



      • Cryptocurrency Startup Creates a Decentralized ‘Pirate Bay’ Alternative

        A new cryptocurrency startup that popped up recently aims to offer an indestructible alternative to torrent sites. With Quality Magnet Coin (QMC) the platform's users all share the torrent database, with help from the blockchain. Add in some incentives for quality contributors, as well as spam control, and Hollywood may have a scary problem on its hands.



      • Globally, Almost Four Out of Ten Music Consumers Are Pirates

        With record companies licensing more than 45 million tracks to hundreds of digital services around the world, consumers have fewer reasons than ever to pirate music. Nevertheless, a new report by IFPI reveals that 38% of global music consumers still obtain content illegally. While torrent sites and cyberlockers used to be enemy number one, stream-ripping is now the biggest threat.



      • Creative Commons Continues To Try To Help Courts Understand What Its NonCommercial License Means
        Over the years we've expressed some concerns about the NonCommercial license option from Creative Commons. Even as we're incredibly supportive of CC, the NonCommercial license often seemed to raise more questions than answers -- to the point that some have argued that it actually harmed CC's brand and resulted in significant confusion for how CC licenses work. There have even been suggestions that CC should drop the NC license option altogether.

        To its immense credit, people at Creative Commons have appeared to take these concerns quite seriously over the past few years, doing quite a bit of work to try to clarify what NonCommercial means for the purpose of the license. Our specific concern is that NonCommercial could mean all different things to different people. If you're using a NonCommercial CC-licensed image on a personal blog and you have ads on that blog (even if you don't make much money from it) is that non commercial? If you use it in a tweet and your Twitter bio promotes your business is that non commercial?

        Two years ago we wrote about Creative Commons stepping in to file an amicus brief in a case that raised some specific issues concerning a NonCommercial license. An educational non-profit, Great Minds, sued FedEx over FedEx Office shops photocopying some Great Minds works for educational entities, even though the works were licensed under CC's BY-NC-SA 4.0 license. Great Minds argued that because FedEx made money from copying, it's "commercial" and thus in violation of the license. Creative Commons stepped into that lawsuit and explicitly stated that Great Minds interpretation was wrong.

        In the FedEx case, both the district court and the 2nd Circuit appeals court rejected Great Minds' interpretation and tossed out the lawsuit saying that the license in question did not limit FedEx from charging for copies. Great Minds also filed a nearly identical case against Office Depot in California, which also was dismissed, despite Great Minds claiming that this case is different than the FedEx one (specifically, it argued that Office Depot employees were "actively soliciting" schools to copy Great Minds' works). The court didn't buy it.


      • EU hijacking: self-driving car data will be copyrighted...by the manufacturer

        In other words, they've snuck in a space for the telemetry generated by autonomous vehicles to become someone's property. This is data that we will need to evaluate the safety of autonomous vehicles, to fine-tune their performance, to ensure that they are working as the manufacturer claims -- data that will not be public domain (as copyright law dictates), but will instead be someone's exclusive purview, to release or withhold as they see fit.









Recent Techrights' Posts

Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024