Links 4/7/2019: CentOS 8.0 Coming Soon, Rust 1.36.0 is Out

Posted in News Roundup at 1:35 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop

      • An openSUSE foundation proposal

        The idea of spinning openSUSE out into a foundation is not new; it has come up multiple times along the way. The most recent push started back in April at two separate board meetings where it was discussed. It picked up steam during a board meeting at the openSUSE Conference 2019 in late May. While waiting for the outcome from that meeting (though there was a panel session with the board [YouTube] at the conference where some of the thinking was discussed), the community discussed ideas for a name for the foundation (and, possibly, the project itself). Now, board member Simon Lees has posted a draft of the foundation proposal for review.

        The proposal outlines the current thinking of the board. It notes that the move to a foundation is not meant to pull away from SUSE, “but to add more capabilities to the openSUSE Project”. In particular, having a separate entity will allow the project to “receive and provide sponsorships (in terms of money, hardware, or contracted services)”. Currently, any kind of agreement between the project and some other organization has to be done via SUSE, which can complicate those efforts. The new foundation would be able to partner with others, receive donations, spend money, and sign contracts with venues, service providers, and the like, all on behalf of the openSUSE project.

        SUSE would clearly have a role in the new foundation; the board is requesting some funding to set up the organization as well as one or two people to help with the administrative side. The new foundation’s board would take the place of the existing project board, with the same election rules as there are today (which results in a board of six, five elected from the members of the project and the chair appointed by SUSE).

        The board is looking at setting up a German stiftung foundation as the legal entity for the new organization, though that was not clearly specified in the draft proposal. An eingetragener Verein (e. V.) was considered, but the structure of that type of entity is inflexible; in addition, the purpose of an e. V. can be changed if there was a “hostile takeover” at some point. Umbrella organizations (e.g. the Linux Foundation) and simply keeping things the same were also looked at, but were deemed unworkable for various reasons.

        There is also a handful of open questions, including logistical issues such as whether SUSE or the new foundation would own the IT infrastructure, trademarks, and so on. Also, who would be responsible (in a GDPR sense) for the project’s data collection and storage. The biggest open issue is to create a charter for the foundation, which requires legal advice. The Document Foundation (TDF) is something of a model for what openSUSE is trying to achieve; it is also a stiftung and shares some of the attributes with the proposed structure.

      • MintBox 3 is coming soon, which is based on Airtop 3

        Linux Mint team is working with Compulab to bring MintBox 3 soon, which is based on Airtop 3, after successor of Mintbox 2. It was release back in 2014.

        It’s pre-installed with the latest Linux Mint with Linux Mint branding.

        Linux Mint is continuing its long-standing partnership with Compulab and their relationship is going well, there is no doubt about it.

        It is bringing high performance computer powered by an 8-core Intel? Core? i9-9900K Processor and Nvidia Quadro RTX 4000, both passively cooled using Compulab’s Natural Airflow technology.

      • Faster snap development – additional tips and tricks

        Recently, we published several blog posts, aimed at helping developers enjoy a smoother, faster, more streamlined experience creating snaps. We discussed the tools and tricks you can employ in snapcraft to accelerate the speed at which you iterate on your builds.

        We want to continue the work presented in the Make your snap development faster tutorial, by giving you some fresh pointers and practical tips that will make the journey even brisker and snappier than before.

    • Server

      • Microsoft once called Linux ‘a cancer,’ and that was a big mistake [Ed: This war did not end. It just changed (the strategy against GNU/Linux changed, e.g. patent extortion and entryism)]

        But the negative effects of the war against Linux has left scars on Microsoft that are visible today.

      • Linux overtakes Windows Server as most used operating system on Azure [Ed: All the Microsoft sites keep pushing the lie that Microsoft now "loves Linux"; it would love to dominate it, no doubt, but this isn't love.]

        It’s definitely nice to see Microsoft play ball with open source software, which can be especially useful as innovations such as AI, IoT, and 5G gradually become mainstream. What do you think about the growth of Linux, especially on Microsoft’s own Azure?

      • Azure DevOps report: How a bug caused ‘sqlite3 for Python’ to go missing from Linux images [Ed: Microsoft keeps breaking GNU/Linux. Here’s an older example]

        Yesterday, Youhana Naseim the Group Engineering Manager at Azure Pipelines provided a post-mortem of the bug, due to which a sqlite3 module in the Ubuntu 16.04 image for Python went missing from May 14th.

        The Azure DevOps team identified the bug on May 31st and fixed it on June 26th. Naseim apologized to all the affected customers for the delay in detecting and fixing the issue.

      • IBM

        • CentOS 8.0 Completed Its Initial Build Loop

          It looks like CentOS 8 as the “community” version of Red Hat Enterprise Linux 8.0 is still a few weeks away, but good progress is being made.

          In their July newsletter for CentOS, they still anticipate the release coming within “the next month or two.”

        • Announcing Red Hat AMQ streams 1.2 with Apache Kafka 2.2 support

          We are thrilled to announce an updated release of the data streaming component of our messaging suite, Red Hat AMQ streams 1.2, which is part of Red Hat integration.

          Red Hat AMQ streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. AMQ streams makes running and managing Apache Kafka a Kubernetes-native experience, by additionally delivering Red Hat OpenShift Operators, a simplified and automated way to deploy, manage, upgrade and configure a Kafka ecosystem installation on Kubernetes.

    • Audiocasts/Shows

      • Test and Code: 80: From Python script to Maintainable Package

        This episode is a story about packaging, and flit, tox, pytest, and coverage.
        And an alternate solution to “using the src”.

        Python makes it easy to build simple tools for all kinds of tasks.
        And it’s great to be able to share small projects with others on your team, in your company, or with the world.

        When you want to take a script from “just a script” to maintainable package, there are a few steps, but none of it’s hard.

        Also, the structure of the code layout changes to help with the growth and support.

      • Changing face of Unix | BSD Now 305

        Website protection with OPNsense, FreeBSD Support Pull Request for ZFS-on-Linux, How much has Unix changed, Porting Wine to amd64 on NetBSD, FreeBSD Enterprise 1 PB Storage, the death watch for X11 has started, and more.

      • Ubuntu Podcast from the UK LoCo: S12E13 – Prince of Persia

        This week we’ve been giving talks and spending 8 and a half years becoming a Doctor of Philosophy. We discuss 32-bit Intel packages in Ubuntu, the Eoan Ermine wallpaper competition, Mir still not being dead, the new Snap Store, some jobs you might want to apply for, UbuCon Europe, Oggcamp, the new Raspberry Pi 4 and round up some headlines from the tech world.

    • Kernel Space

      • Statistics from the 5.2 kernel — and before

        As of this writing, just over 13,600 non-merge changesets have been pulled into the mainline repository for the 5.2 development cycle. The time has come, once again, for a look at where that work came from and who supported it. There are some unique aspects to 5.2 that have thrown off some of the usual numbers.
        1,716 developers contributed changes for the 5.2 kernel, 245 of whom made their first contribution during this cycle. Those 1,716 developers removed nearly 490,000 lines of code, which is a lot, but the addition of 596,000 new lines of code means that the kernel still grew by 106,000 lines.

      • Lockdown as a security module

        Technologies like UEFI secure boot are intended to guarantee that a locked-down system is running the software intended by its owner (for a definition of “owner” as “whoever holds the signing key recognized by the firmware”). That guarantee is hard to uphold, though, if a program run on the system in question is able to modify the running kernel somehow. Thus, proponents of secure-boot technologies have been trying for years to provide the ability to lock down many types of kernel functionality on secure systems. The latest attempt posted by Matthew Garrett, at an eyebrow-raising version 34, tries to address previous concerns by putting lockdown under the control of a Linux security module (LSM).
        The lockdown patches have a long and controversial history; LWN first wrote about them in 2012. Opposition has come at all kinds of levels; some developers see lockdown as a way of taking control of systems away from their owners, while others see it as ultimately useless security theater. There does appear to be some value, though, in making a system as resistant to compromise as possible, so these patches have persisted and are often shipped by distributors. Disagreement over more recent versions of the lockdown patch set were focused on details like whether lockdown should be tied to the presence of secure boot or integration with the integrity-measurement infrastructure.

        One outcome from the most recent discussion was a concern that the lockdown patches were wiring too much policy into the kernel itself. The kernel has long had a mechanism for pushing security-policy decisions out to user space — the security-module mechanism. So it arguably makes sense to move lockdown decision-making into an LSM; that is indeed what the more recent versions of the patch set do.

        First, though, there is the problem of initialization. LSMs exist to apply policies to actions taken by user space, so as long as the LSM infrastructure is running by the time user space starts, everything is fine. Lockdown, though, must act earlier: it needs to be able to block the action of certain types of command-line parameters and must be functional even before a security policy can be loaded. So the patch set starts by creating a new type of “early security module” that is initialized toward the beginning of the boot process. At this point, the module can’t do much — even basic amenities like kmalloc() are not available — but it’s enough to register its hooks and take control.

      • Graphics Stack

        • AMDVLK Support For Navi Might Be Slightly Delayed

          While there is the open-source OpenGL driver support in RadeonSI now part of Mesa 19.2 for the Radeon RX 5700 series launching on Sunday, for the open-source Vulkan driver support due to timing you might be needing to wait a little bit.

          For the popular RADV Vulkan driver within Mesa that is led by Valve/Google/RedHat developers, there aren’t any indications AMD provided any card samples or documentation in advance to these “community” developers. We’re hopeful though that we’ll still see some Navi 10 support for RADV in Mesa 19.2 that is going into feature freeze in early August and then releasing as stable a few weeks after that point. For now it’s a waiting game.

        • Navi 10 Code Lands In Mesa 19.2 For RadeonSI Ahead Of Radeon RX 5700 Series Launch

          Last week I wrote about Navi (10) support pending for the RadeonSI OpenGL driver to complement the AMDGPU Linux kernel driver support for the Radeon RX 5700 series currently queued into DRM-Next for Linux 5.3. That OpenGL driver support has been now been merged into Mesa 19.2 for debuting as stable around the end of August for providing open-source OpenGL on these next-gen AMD GPUs.

        • RADV Vulkan Driver Switches To The RTLD Linker

          The work by Google developer Bas Nieuwenhuizen introduces the concept of RADV shader binaries that can allow for simplifying some elements of their code and creating RTLD shader binaries. Following the various changes, they switch to using the RTLD ELF linker.

    • Instructionals/Technical

    • Games

      • The awesome co-op space sandbox game “Avorion” now has modding support

        Avorion is a fully 3D co-op space sandbox game, where players build a ship and eventually a fleet from single blocks and it’s quite engrossing. This latest update enables proper modding support, with integrated Steam Workshop support.

        Previously, you were able to download pre-built ships other had made but this goes a massive step further for the game. You can now use Lua to mod all sorts of things in the game, although some things like Materials, Rarities or Blocks cannot yet be modded. What’s fun is that dedicated servers, for those that plan online, also support modding. If you connect to a modded server, it grabs the mods for you—handy.

      • Synergia, a cyberpunk thriller visual novel will support Linux and it has a demo – it’s quite impressive

        Ready to get engrossed in another Visual Novel? Synergia looks promising, with a futuristic yuri cyberpunk setting. Giving off some Ghost in the Shell vibes, it’s actually quite impressive. The intro video especially, not something I was expecting to see with a Visual Novel and sets the mood quite nicely.

      • Superstarfighter, a free and open source local multiplayer party game

        I recently got shown Superstarfighter, a 1-4 player local multiplayer (with AI too) fast-paced action game and it’s actually pretty fun.

        It’s a very frantic arcade game, where each player can shoot out homing missiles to take down other players. With multiple game modes available, it’s surprisingly good. I’m quite a fan of the Take the Crown mode, where each player fights over a single Crown and whoever wears in the longest wins. There’s also a pretty amusing Hive Filling mode, with each player flying over tiles to change the tile into their colour, with opposing colours slowing you down.

      • Kubifaktorium, a voxel colony management and automation game developed on Linux is now in Early Access

        The second game developed by Mirko Seithe and made on Linux, Kubifaktorium, a voxel colony management and automation game is now available in Early Access.

      • Inspired by norse mythology, the action RPG “Viking Vengeance” looks like a lot of fun

        As someone who has been slightly obsessed over the Vikings series from the History network, a game based around Norse mythology is exactly what I need right now.

        Viking Vengeance from Lowpoly Interactive is due out sometime later this year and it is currently advertising Linux support on Steam. When speaking to the developer about it in this forum post, they said “Hello and thank you for the question. Yes if people using Linux will be interested in the game we will definitely bring it to Linux.”, so it might be worth letting them know if you’re interested.

      • Co-op submarine adventure game “We Need To Go Deeper” is releasing on August 1st

        In the official announcement, they said the price is going to be increasing from $9.99 to $15.99 so if you were thinking of getting it you may want to think quicker if you wanted to save a little. After release, they said updates will still be coming, just not as often as they do currently. A special edition will also be offered which will include a PDF art book and an expanded soundtrack. They’re also considering paid DLC as it “gets asked a lot”.

    • Distributions

      • NuTyX 11.1 Released, which Contains more then 1000 Packages Upgrade

        NuTyX Linux, NuTyX Linux 11.1, Linux Distro, Linux Distributions, Distro relese, Distribution release

        NuTyX team have announced the release of NuTyX 11.1 on July 01, 2019. This new release contains more than 1000 packages upgrade.

        It’s offering a 32 bits version of NuTyX 11.1.

        NuTyX is a French Linux distribution (with multi-language support) that built from Linux From Scratch (LFS). It comes with custom package manager called “cards”.

      • Screenshots/Screencasts

        • KaOS 19.07 Run Through
        • KaOS 19.07

          Today we are looking at KaOS 19.07. It comes with KDE Plasma 5.16.2, KDE Apps 19.04.2 and Qt 5.13.0. It uses Linux Kernel 5.1 and it is a rolling independent distro, so not build on off another Linux Distro. It uses about 1.1 GB of ram when idling and with its new default wallpaper and general look, it has truly become a beautiful, clean,, up to date, professional distro. Enjoy!

      • PCLinuxOS/Mageia/Mandriva Family

        • Mageia 7 is Released, Which comes with lots of new Features, Exciting Updates and Support Latest Hardware

          Donald Stewart has announced the release of Mageia 7 on July 01, 2019. Mageia 7 comes with lots of new features, exciting updates and support latest hardware.

          It will be supported with security and bug fix updates for 18 months, up to 2020.

          It support both 32-bit and 64-bit architectures, as well as live DVD’s for 64-bit Plasma, GNOME, Xfce, and 32-bit Xfce. Also, you can install other desktops too.

          It’s offering variety of desktops and window managers, improved support for Wayland and for hybrid graphics cards. Also added many games collections.

          A good progress made on ARM support: aarch64 and ARMv7 but this still being experimental stage.

      • Gentoo Family

        • Case label for Pocket Science Lab V5

          In case you haven’t heard about it, Pocket Science Lab [1] is a really nifty board developed by the FOSSAsia community which combines a multichannel, megahertz-range oscilloscope, a multimeter, a logic probe, several voltage sources and a current source, several wave generators, UART and I2C interfaces… and all of this in the form factor of an Arduino Mega, i.e. only somewhat larger than that of a credit card. Hook it up over USB to a PC or an Android device running the official (free and open source, of course) app and you are all set.

          Well, not quite set yet. What you get for your 50-ish EUR is just the board itself. You will quite definitely need a set of probe cables (sadly, I have yet to find even an unofficial adaptor allowing one to equip PSLab with standard industry oscilloscope probes using BNC connectors) but if you expect to lug yours around anywhere you go, you will quite definitely want to invest in a case of some sort. While FOSSAsia does not to my knowledge sell PSLab cases, they provide a design for one [2]. It is meant to be laser-cut but I have successfully managed to 3D-print it as well, and for the more patient among us it shouldn’t be too difficult to hand-cut one with a jigsaw either.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Social media strike: latest call for decentralised social media

        Wikipedia co-founder Larry Sanger has called for “people with serious grievances against social media” to go on strike from social media for two days to “demand that giant, manipulative corporations give us back control over our data, privacy, and user experience”.

        On July 4 and 5, Sanger is urging users to log out of social media to urge the global developer community to focus on a new system of decentralised social media, encouraging strikers to use the hashtag #socialmediastrike to publicly declare their grievances with social media giants.

      • Windows Clones

        • ReactOS ‘a ripoff of the Windows Research Kernel’ claims Microsoft kernel engineer

          Reitschin does add he is no lawyer, but these claims do raise a number of serious concerns and questions about the ReactOS project. These claims alone will probably ensure no serious commercial entity will ever want to associate itself with ReactOS, and it will be interesting to see if these claims will ever lead to something more serious than mere words.

        • ReactOS ‘a ripoff of the Windows Research Kernel’ claims Microsoft kernel engineer [Ed: The original article is from Microsoft Tim.]
        • Samba 4.11 Aims To Be Scalable To 100,000+ Users

          For those using Samba for better Windows interoperability with SMB/CIFS/AD, the forthcoming Samba 4.11 will be a lot more scalable so it can be used within massive organizations.

          Samba has been undergoing work to improve its performance on the large scale for organizations with 100,000+ users and over one hundred thousand computer objects and memberships. Samba 4.11 will be able to scale a hell of a lot better than previous releases due to performance improvements around reindexing, domain joins, LDAP server memory, custom LMBD map size, better batch operation support, better LDB search performance, better sub-tree rename performance, and other tuning to allow Samba to perform at massive scales.

      • Productivity Software/LibreOffice/Calligra

        • The Document Foundation announces LibreOffice 6.2.5

          The Document Foundation announces LibreOffice 6.2.5, the fifth bug and regression fixing release of the LibreOffice 6.2 family, targeted at tech-savvy individuals: early adopters, technology enthusiasts and power users. Users in production environments can start evaluating LibreOffice 6.2.5.

          LibreOffice’s individual users are helped by a global community of volunteers: https://www.libreoffice.org/get-help/community-support/. On the website and the wiki there are guides, manuals, tutorials and HowTos. Donations help us to make all of these resources available.

      • BSD

        • OpenBSD Is Now My Workstation

          Why OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).

          I will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.

          Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.

        • FreeBSD turns 26

          The FreeBSD operating system is continuing to make progress, 26 years after it got its name. Among the areas where work is being done is on improved support for RISC-V, FUSE filesystem updates, C runtime changes, and security improvements. FreeBSD Day is celebrated on June 19, in recognition of the date in 1993 when the name FreeBSD was coined for a fork of the 386BSD project. The first official release of FreeBSD did not occur until November 1, 1993, however.

          Ahead of FreeBSD Day, the project released its quarterly report for the first quarter of 2019, outlining some of its ongoing efforts. In addition to the quarterly report, the executive director of the FreeBSD Foundation provided LWN with some insights into the state of the project and the foundation that supports it.

      • Programming/Development

        • CVE-less vulnerabilities

          More bugs in free software are being found these days, which is good for many reasons, but there are some possible downsides to that as well. In addition, projects like OSS-Fuzz are finding lots of bugs in an automated fashion—many of which may be security relevant. The sheer number of bugs being reported is overwhelming many (most?) free-software projects, which simply do not have enough eyeballs to fix, or even triage, many of the reports they receive. A discussion about that is currently playing out on the oss-security mailing list.

        • C, Fortran, and single-character strings

          The calling interfaces between programming languages are, by their nature, ripe for misunderstandings; different languages can have subtly different ideas of how data should be passed around. Such misunderstandings often have the effect of making things break right away; these are quickly fixed. Others can persist for years or even decades before jumping out of the shadows and making things fail. A problem of the latter variety recently turned up in how some C programs are passing strings to Fortran subroutines, with unpleasant effects on widely used packages like LAPACK.

          The C language famously does not worry much about the length of strings, which simply extend until the null byte at the end. Fortran, though, likes to know the sizes of the strings it is dealing with. When strings are passed as arguments to functions or subroutines, the GCC Fortran argument-passing conventions state that the length of each string is to be appended to the list of arguments.

        • Announcing Rust 1.36.0

          The Rust team is happy to announce a new version of Rust, 1.36.0. Rust is a programming language that is empowering everyone to build reliable and efficient software.

        • Rust 1.36 Brings Offline Support In Cargo, Stable Alloc Crate

          The Rust language team is marking this US Independence Day by rolling out Rust 1.36.

          Rust 1.36 brings a stabilized Future trait, the Alloc crate as the core allocation and collections library has been marked stable, a new “–offline” argument for Cargo for offline usage, and various other library changes.

        • Further Exploring the Pandas.DataFrame Object method

          In this article, we will further look at the other methods of the DataFrame object, we will continue to explore the DataFrame object methods in a few more chapters before moving forward to the other Pandas objects.

        • Python for NLP: Creating Bag of Words Model from Scratch

          This is the 13th article in my series of articles on Python for NLP. In the previous article, we saw how to create a simple rule-based chatbot that uses cosine similarity between the TF-IDF vectors of the words in the corpus and the user input, to generate a response. The TF-IDF model was basically used to convert word to numbers.

          In this article, we will study another very useful model that converts text to numbers i.e. the Bag of Words (BOW).

          Since most of the statistical algorithms, e.g machine learning and deep learning techniques, work with numeric data, therefore we have to convert text into numbers. Several approaches exist in this regard. However, the most famous ones are Bag of Words, TF-IDF, and word2vec. Though several libraries exist, such as Scikit-Learn and NLTK, which can implement these techniques in one line of code, it is important to understand the working principle behind these word embedding techniques. The best way to do so is to implement these techniques from scratch in Python and this is what we are going to do today.

        • PHP version 7.2.20 and 7.3.7

          RPM of PHP version 7.3.7 are available in remi repository for Fedora 30 and in remi-php73 repository for Fedora 27-29 and Enterprise Linux ≥ 6 (RHEL, CentOS).

          RPM of PHP version 7.2.20 are available in remi repository for Fedora 28-29 and in remi-php72 repository for Fedora 26-27 and Enterprise Linux ≥ 6 (RHEL, CentOS).

        • Switching to Late Bird Tickets — please use your coupons today!
        • How continuous deployment impacts the entire organization

          CD brings fundamental changes to organizations because old scheduling and development cycles disappear. As you move to CD, you need to bring your entire organization—not just your development and operations teams—along in order to reap every advantage.

        • Valve’s new code cuts AMD GPU compile times by over 45% for Linux games

          AMD graphics cards are getting some Linux love from what might seem like an unlikely source: Valve. Source. Valve. C’mon… Whatever. A team of software engineers in Valve has been working on a new shader compiler for AMD GPUs running on Linux operating systems, and it promises dramatically shorter time to compile metrics as well as a few cases where it’s making a positive difference to gaming frame rates on Linux too.

  • Leftovers

    • Hardware

      • India eyes gains from Sino-US trade tension

        “Several global companies engaged in large-scale manufacturing, especially in China, are seriously considering an alternative location, owing to political, economic and strategic reasons. The ongoing US-China trade war has further accelerated the pace of efforts at relocation or towards finding a diverse location,” stated the letter, which calls for setting up an inter-ministerial panel to look at ways to harness India’s potential to become a low-cost manufacturing hub for high-end IT products.

      • Broadcom poised to acquire US security firm Symantec

        Processor manufacturer Broadcom appears set to buy security firm Symantec in what looks to be a bid to increase the range of its business.

      • Broadcom in advanced talks to buy Symantec: sources

        A deal would expand Broadcom’s push into software a year after its $18.9 billion deal to buy U.S. business software company CA Inc. It also follows Broadcom’s failed bid reut.rs/2xn5gVE to buy Qualcomm Inc.

    • Health/Nutrition

    • Security

      • Impact of SKS keyserver poisoning on Gentoo

        The SKS keyserver network has been a victim of certificate poisoning attack lately. The OpenPGP verification used for repository syncing is protected against the attack. However, our users can be affected when using GnuPG directly. In this post, we would like to shortly summarize what the attack is, what we did to protect Gentoo against it and what can you do to protect your system.

        The certificate poisoning attack abuses three facts: that OpenPGP keys can contain unlimited number of signatures, that anyone can append signatures to any key and that there is no way to distinguish a legitimate signature from garbage. The attackers are appending a large number of garbage signatures to keys stored on SKS keyservers, causing them to become very large and cause severe performance issues in GnuPG clients that fetch them.

        The attackers have poisoned the keys of a few high ranking OpenPGP people on the SKS keyservers, including one Gentoo developer. Furthermore, the current expectation is that the problem won’t be fixed any time soon, so it seems plausible that more keys may be affected in the future. We recommend users not to fetch or refresh keys from SKS keyserver network (this includes aliases such as keys.gnupg.net) for the time being. GnuPG upstream is already working on client-side countermeasures and they can be expected to enter Gentoo as soon as they are released.

      • YouTube’s latest ban? Infosec instructional videos are outlawed

        Google’s video-sharing site YouTube has started to ban videos that show users how to get past software restrictions and provide instructions on information security.

      • Youtube’s ban on “hacking techniques” threatens to shut down all of infosec Youtube

        Youtube banning security disclosures doesn’t make products more secure, nor will it prevent attackers from exploiting defects — but it will mean that users will be the last to know that they’ve been trusting the wrong companies, and that developers will keep on making the same stupid mistakes…forever.

      • TN men use Bluetooth-enabled tablet to steal cars

        During the interrogation, one of the accused –a car mechanic- said he bought a Bluetooth-enabled tablet online used by car showroom staff to access the vehicles.

      • Kaspersky reinforce collaboration with INTERPOL in the fight against cybercrime

        This cooperation strengthens the existing relationship between the two organizations, ensuring information and technology sharing can support INTERPOL in cybercrime-related investigations. Within the new agreement, Kaspersky will share information about its cyberthreat research and provide the necessary tools to assist with full digital forensics, aimed at strengthening efforts on the prevention of cyberattacks.

      • China Is Forcing Tourists to Install Text-Stealing Malware at its Border

        The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.

      • Chinese border guards reportedly install spy apps on tourists’ Android phones

        Border guards reportedly took tourists’ phones and secretly installed an app on them which could extract emails, texts and contacts, along with information about the handset; basically a mother-load of privacy-sapping stuff.

        There are reports that in some cases Android phones are returned to those entering the region with an app called Fēng cǎi installed. Apple’s iPhones don’t appear to come back with the app, but they could have been scanned by border control guards in a separate area after travellers were forced to hand them over.

      • China Snares Tourists’ Phones in Surveillance Dragnet by Adding Secret App

        The app gathers personal data from phones, including text messages and contacts. It also checks whether devices are carrying pictures, videos, documents and audio files that match any of more than 73,000 items included on a list stored within the app’s code.

      • Security updates for Thursday

        Security updates have been issued by CentOS (libssh2 and qemu-kvm), Debian (lemonldap-ng), Fedora (tomcat), Oracle (kernel), and SUSE (elfutils, kernel, and php5).

      • Many VMware Products Affected by SACK Linux Vulnerabilities
      • YouTube Bans ‘Hacking And Phishing’ Videos; Pisses Off Infosec Guys

        As the number of users on the platform has increased over the years, so has YouTube’s list of ‘banned content.’ Adding further to the list, YouTube has banned ‘instructional hacking and phishing’ videos.

        The latest bans have led to the deletion of several educational videos on ethical hacking as they now violate YouTube’s Terms of Service. The list also includes ‘extremely dangerous challenges,’ ‘eating disorders’ and ‘violent events’ as banned categories.

      • This Android Malware ‘Records’ Your Screen To ‘Steal’ Banking Details

        Creators behind malicious malware are evolving and coming up with new techniques to make it almost impossible for a normal user to spot them. A new banking trojan named BianLian, which was previously used as a dropper for spreading notorious banking malware like Anubis is affecting Android users all over the world.

      • New Golang malware plays the Linux field in quest for cryptocurrency [Ed: The CBS tech tabloid ZDNet (with Microsoft funding and running it) continues to associate "Linux" with some malware one needs to actually install]

        A new form of malware has been spotted in the wild by cybersecurity companies which say the code’s main focus is the fraudulent mining of the Monero (XMR) cryptocurrency.

      • 10 Best Free Password Manager Software For 2019 [Ed: A site called "FOSS" something recommends proprietary software and worse -- sending all your passwords to some dodgy entity called LastPass (while calling it "free"!)]
    • Defence/Aggression

      • Who disarms Germany’s WWII bombs?

        Between 1940 and 1945, some 2.7 million tons of bombs were dropped on Europe by US and British forces, half of which landed in Germany. Of the roughly quarter million bombs that did not explode, thousands are still hidden underground all over the country.

        Horst Lenz has been defusing bombs since 1984. The 63-year-old director of the Explosive Ordnance Clearance Service in Rhineland-Palatinate and his team of 15 is called in when bombs are found around the state. Last year they found around 35 tons of munitions and munition parts, including 63 unexploded bombs, 319 incendiary devices, 11 anti-tank mines, 444 grenades and 5,045 kilos of bullets.

      • Even as it talks peace, Taliban provides safe haven to LeT, Al Qaeda in Afghanistan, says new UN report

        Intelligence and foreign-policy officials have long been warning that ongoing United States-led power-sharing negotiations with the Taliban could end up again turning Afghanistan into a hub for global Islamist terror groups.

        Last week’s report, produced by the United Nations’ Analytical Support and Sanctions Monitoring Team’s report, says the Taliban “cooperate and retain strong links with al Qaeda, al Qaeda in the Indian Subcontinent, the Haqqani Network, the Lashkar-e-Taiba, the Islamic Movement of Uzbekistan, the East Turkistan Islamic Movement, as well as nearly 20 other regionally and globally-focussed groups.”

    • Environment

      • How Extreme Heat Overwhelms Your Body and Becomes Deadly

        If you don’t get relief, extreme heat reaches a dangerous point as your body temperature rises to 103 or above. Heat stroke, or hyperthermia, comes on suddenly in the form of a throbbing headache, rapid pulse, and red, hot, and dry skin. (You’re no longer sweating.) Your body can’t cool itself down anymore, and your body temperature can rise to 106 or higher within 10 or 15 minutes.

      • Climate scientist calls for ‘world war type mobilization’ to combat climate change

        “We do need a world-war type mobilization and that means putting in place incentives to move our economy as quickly as we can away from fossil fuels to renewable energy,” Mann, a scientist at Pennsylvania State University who is known for taking on climate skeptics, told Hill.TV in an interview that aired Wednesday.

      • Delhi water crisis: AAP govt’s five-pronged approach aims to fill supply-demand gap, prevent depletion of water bodies

        [...] The free lifeline water scheme of providing 700 litres of water per household, for example, brought multi-fold benefits to the DJB (Delhi Jal Board) and its consumers.

        On the one hand, it ensures ‘right to water’ to everyone. On the other hand, it promotes conservation of water resources by those households who would consciously cut their consumption to reduce their water bills. Most importantly, it facilitates the provisioning of piped water to those areas that are currently water stressed or have no piped water supply network by generating demand.

      • Less rain leaves dams with just 10% water: Shivakumar

        Karnataka, the minister said, will not get into a confrontation with Tamil Nadu over the Mekedatu project.

      • Austrian parliament votes to ban glyphosate weedkiller

        Glyphosate was originally developed by chemical giant Monsanto, a US company that became a subsidiary of Germany’s Bayer last year. The herbicide first appeared on the market under the name of Roundup in 1974. The patent for it has since expired and various companies now produce glyphosate-based weedkillers under different names.

      • Keep climate teaching real and honest

        There’s no escaping climate teaching. Gone are the days when the core curriculum at most schools used to consist of reading, writing and ’rithmetic, and not an awful lot more. It’s increasingly rare today to find any that don’t include the facts of life in this warming world.

        But, as global youth concern over the deepening crisis manifests itself in the protests of Fridays for Future, which has earned the backing of leading climate scientists, how do teachers fulfil our obligation to encourage pupils to treat the climate as responsibly as it deserves?

        What are we teaching, and how are we teaching it? What are we trying to achieve?

        The past twenty years in primary and tertiary education have taught me that the answer is, and always has been, quite simple; we must keep the content real and we must teach honestly.

        That means doing away with tokenistic “eco weeks” or days, and embedding climate change teaching in the day-to-day reality of core subjects.

      • 12 Tips for More Equitable Travel

        Share a meal in a local household. Eatwith.com and Mealsharing.com connect travelers with people in host countries who love to entertain. Prices vary. Eight other guests and I recently paid $49 each, staying past midnight sharing food, wine, and conversation in the home of a French journalist covering the yellow vest protests in Paris. Saigon Hotpot sets up meals in university students’ homes as well as city and street food tours in Ho Chi Minh City.


        Lodge locally. Sleep where your dollars make a difference by staying in independently owned hotels, small inns, and homestays rather than internationally owned chain hotels. Look for hotels that partner with nonprofit organizations to train and employ disadvantaged youth. The Responsible Travel Guide Cambodia led me to Robam Inn in Siem Reap, whose owners returned to start the business after taking refuge in Canada during the Khmer Rouge regime.


        DeTour exists to change the image of Hawai‘i as a tourist playground, a perception that ignores its occupation and oppression by the U.S. military and its treatment of Native Hawaiians. DeTours’ decolonizing tourist experience encourages visitors to support Hawaiians’ wish for sovereignty. Stops include areas polluted by the military and sites important to Polynesian and ancient Hawaiian history—all to show a side of Hawai‘i out of the shadows of U.S. imperialism.

        Veterans for Peace was formed in 1985 by U.S. veterans to increase public awareness of the causes and costs of war and to oppose militarism and arms proliferation. The nonprofit has hundreds of chapters worldwide, including one in Vietnam composed of former servicemen who live there and organize annual tours across the country. The tours are designed to show damage left by the war in Vietnam and to raise funds for ongoing work, such as ordnance removal and support for victims of Agent Orange. -Zeb Larson

      • Energy

        • We’ve already built too many power plants and cars to prevent 1.5 ˚C of warming

          In 2010, scientists warned we’d already built enough carbon-dioxide-spewing infrastructure to push global temperatures up 1.3 ˚C, and stressed that the fossil-fuel system would only continue to expand unless “extraordinary efforts are undertaken to develop alternatives.”

          Spoiler: They weren’t.

          In a sequel to that paper published in Nature today, researchers found we’re now likely to sail well past 1.5 ˚C of warming, [...]

        • Energy companies plan pipeline expansion to carry more Bakken oil to Oklahoma

          Another pipeline could soon up its capacity to carry more Bakken oil out of North Dakota, marking the third announcement of a major pipeline project in the state over the past month.

        • We’re Not Done With DAPL: How Investors Can Still Support Indigenous Rights

          In the case of DAPL, scores of local governments passed resolutions supporting the people and communities of Standing Rock — but how did the State government of North Dakota respond? The oil boom peaked in 2012. Oil production and the corresponding man camps housing thousands of oil workers tripled crime by 121 percent from 2005 to 2011 , with Native women being heavily impacted. According to one report, sexual assaults on women on the Fort Berthold reservation have increased by 75.5%. In response to this escalating violence, the Governor of North Dakota allocated $150,000 over 5 years — $30,000 a year — for women’s shelters and violence prevention programs. In response to the potential equipment damage, ETP faced from the DAPL protest North Dakota’s Governor spent over $38 million over a 5 months period to protect the company’s equipment. They made it crystal clear whose side they have been on.

        • Treaties Still Matter: The Dakota Access Pipeline

          The position of the Standing Rock Sioux Tribe is that the Dakota Access Pipeline violates Article II of the Fort Laramie Treaty, which guarantees the “undisturbed use and occupation” of reservation lands surrounding the proposed location of the pipeline. In 2015 the Standing Rock Sioux Tribe, operating as a sovereign nation , passed a resolution regarding the pipeline stating that “the Dakota Access Pipeline poses a serious risk to the very survival of our Tribe and … would destroy valuable cultural resources.”

        • State might not automatically hold public hearing on proposed DAPL pumping station

          “The public must have a say on any move by Energy Transfer that could further endanger the environment in Lakota Country,” he said. “The company’s track record of respect for the land, water and people potentially affected is obviously less than stellar.”

        • Greenpeace asks judge to dismiss lawsuit filed by DAPL developer

          Greenpeace on Tuesday accused Energy Transfer Partners of repackaging racketeering claims that were thrown out of federal court earlier this year.

      • Wildlife/Nature

        • Finland: Euroskeptics vs. the flying squirrel

          The Finnish Forest Association says landowners have been known to cut down trees that provide the perfect habitat for flying squirrels, to stop them making themselves at home in the first place.

      • Overpopulation

    • Finance

      • Jobless Men “Rent” Out Bank Accounts, Aid Cyber Crime In Madhya Pradesh

        The racket was busted after a woman in Bengaluru made a distress call to police in the district alleging that she had been duped out of Rs 4 lakh, out of which Rs 40,000 was deposited in a bank account in Bhind.

        The case was then probed by Madhya Pradesh police’s cyber cell which uncovered over 23 accounts in six-seven public sector banks which were opened by these unemployed young men, allegedly with the purpose of making money via cyber fraud.

      • Gig economy and freelance workers would prefer secure work

        Freelancers, the self employed and workers in the so-called gig economy may like the flexibility but they would prefer a steady job, according to new research from the Centre for Economic Performance (CEP). The rise of non-traditional work arrangements is not due to workers wanting or demanding these jobs, but rather because they have no other choice the report concludes. What’s more, workers would agree to earn less in order to increase their employment security. The results come from analysis of data from over 4,000 UK and US workers, who were surveyed on their current work arrangements and the job attributes they most want.

      • Workers would give up half their hourly wages in exchange for a steady job

        I find that on average, workers are willing to give up approximately 50 per cent of their hourly wage for a permanent contract over a one-month one. There are important institutional differences between the UK and US when it comes to permanent contracts. In the UK, permanent contracts offer a host of additional benefits such as unfair dismissal protection, mandatory redundancy pay and notice periods, and there is no similar legislation in the US. Despite this fact, the valuations of a permanent contract are very similar between the two countries (55.4 per cent of an hourly wage in the UK, and 44.1 per cent in the US).

    • AstroTurf/Lobbying/Politics

      • Democrats decry use of park fees for Trump’s July 4 event as ‘slush fund’

        Recreation fees are collected by national parks through admission fees. The funds typically go toward park maintenance as well as seasonal hiring, such as for additional fire fighters. The NPS system is facing a nearly $12 billion maintenance backlog and the Trump administration has routinely suggested cutting the agency’s budget.

        Some Democrats have raised concerns that the park fees are being used to bolster the spectacle surrounding Trump’s Thursday evening speech from the Lincoln Memorial, which they fear will serve as a campaign-style rally, with VIP seating for top campaign donors, and politicize a national holiday that has otherwise been apolitical.

      • New leaders nominated to take the helm of EU after tense talks [iophk: "Zensursula"]

        After days of fraught negotiations, European Union leaders reached agreement Tuesday on the five key positions to head the EU, with German Defence Minister Ursula von der Leyden poised to take over the European Commission presidency.

      • What Americans Don’t Know About the US Constitution

        Most Americans are familiar with its first three words – “We the People.” Yet they “don’t understand” the venerable document, says Kimberly Wehle, a professor of law at the University of Baltimore.

        To get readers interested in the charter, Wehle recently published “How to Read the Constitution — and Why,” a back-to-the-basics, accessible primer on the U.S. charter of government written for a time when many on the left and some on the right think the Constitution is under assault.

        The book’s launch coincides with the end of a consequential term for the Supreme Court, during which President Donald Trump’s second court nominee, Brett Kavanaugh, joined the bench following a contentious confirmation hearing. It also coincides with the nation’s 243rd observance of Independence Day, July 4.

        VOA spoke with Wehle about the Supreme Court and how and why to read the Constitution. The following excerpts have been edited for clarity and length.

      • Philippines: 1st known Filipino suicide attacker identified

        Interior Secretary Eduardo Ano, who oversees the national police, said, however, that authorities have obtained information indicating the other suicide attacker may also be a Filipino militant from Sulu. Remains of both bombers will be subjected to DNA tests to ascertain their identities, he added.

      • Fears Rise of an ISIS Comeback

        As of August 2018, the Islamic State had as many as 30,000 fighters in Iraq and Syria—far more than the 700-1,000 fighters its predecessor, al Qaeda in Iraq, had in 2011, when the United States withdrew, according to a new report by the Institute for the Study of War (ISW) that warns of the risk for an Islamic State resurgence. During the gradual fall of the caliphate, the group quietly dispersed across both countries and is now waging a capable insurgency, boosted by a global financial network and sufficient supplies, including weapons, hidden in tunnel systems.

    • Censorship/Free Speech

      • MP: Man arrested for abusing CM Nath in Facebook post

        “In a Facebook post-Tuesday night, the accused used abusive words against the chief minister and also mentioned Jawaharlal Nehru while talking about power cuts,” Sablok said.

      • Books Behind Bars: The Right to Read in Prison

        In March, the Washington Department of Corrections issued a new policy banning nonprofit organizations from donating used books to prisoners. After public outcry, the department reversed the ban and scheduled a meeting with Books to Prisoners, a Seattle nonprofit. The outcome has not been made public.

        Federal courts have repeatedly affirmed that prisoners have a First Amendment right to read, and publishers and others have a right to send them reading materials. While those rights can be restricted in the interest of security, blocking the free flow of ideas serves no penological purpose. Proponents of stricter controls on the books available to incarcerated readers argue that some information is inherently dangerous, but the First Amendment is designed to prohibit the suppression of information.

      • Cary officials offer to put artwork critical of China back up, extend exhibit

        Nearly three weeks after removing three pieces of artwork critical of the Chinese government, the town of Cary has offered to reinstall the paintings and extend the exhibit through the end of the month.

        In an e-mail obtained by ABC11, Cary Cultural Arts Manager Lyman Collins made the offer to Durham-based artist Bing Weng on Wednesday morning.

      • Germany: Some Hate Speech ‘More Equal than Others’

        At the very least, it shows that German authorities appear to harbor extremely selective views of what constitutes hate speech, based, it seems, on nothing more than the identity of the group that voices it.

    • Privacy/Surveillance

      • Amazon Alexa keeps your data with no expiration date, and shares it too

        If you have hangups about Amazon and privacy on its smart assistant, Alexa, you’re not alone. Even after Amazon sent answers to a US senator who had questions about how the tech giant retains voice data and transcripts, the lawmaker remains concerned about Alexa’s privacy practices.

        Sen. Chris Coons, a Democrat from Delaware, sent a letter to Amazon CEO Jeff Bezos in May, demanding answers on Alexa and how long it kept voice recordings and transcripts, as well as what the data gets used for. The letter came after CNET’s report that Amazon kept transcripts of interactions with Alexa, even after people deleted the voice recordings.

        The deadline for answers was June 30, and Amazon’s vice president of public policy, Brian Huseman, sent a response on June 28. In the letter, Huseman tells Coons that Amazon keeps transcripts and voice recordings indefinitely, and only removes them if they’re manually deleted by users.

        Huseman also noted that Amazon had an “ongoing effort to ensure those transcripts do not remain in any of Alexa’s other storage systems.” But there are still records from some conversations with Alexa that Amazon won’t delete, even if people remove the audio, the letter revealed.

      • Amazon Confirms: Alexa Keeps Your Voice Recordings Forever

        Apart from Facebook keeping hold of our personal data, Amazon, too, performs the same deed as its virtual assistant — Alexa — has been caught keeping users’ voice recordings. Even though Amazon introduced the delete history feature, it seems like the voice assistant still keeps the user data.

        As per a letter by Amazon to US Senator Chris Coons, it is suggested that Alexa stores users’ transcripts and voice recordings indefinitely. But when the user deletes the voice recording, the company deletes the associated transcripts.

      • Facebook’s image outage reveals how the company’s AI tags your photos

        The same image tags are showing up on Instagram, and as well as detailing general scene and object descriptions, they also suggest who is in a photo based on Facebook’s facial recognition. (The company has been doing this for photos you’re not tagged in since 2017.)

      • Digital license plates now in 3 states, with more on the way

        Experts like Boston say digital plates can produce more revenue for governments than the traditional versions. While most of the additional price goes to the plate manufacturer, Boston said he expects governments will increase their revenues through some of the charges associated with using the new technology.

        The plates also can advertise corporate messages when the vehicle is parked, which offers drivers a potential revenue stream.

      • Maryland Launches Two-Year Digital License Plate Pilot

        MDOT MVA will outfit 20 vehicles in its fleet and two belonging to the Maryland Transportation Authority, including cars, SUVs and trucks. Reviver is providing the 22 Rplate Pro models at no cost to the state and each features LTE connection, a front-lit, high-definition display, plate customization, personalized messages, and advanced telematics. The Rplate Pro retails for $499, according to Reviver’s website.

      • The Strange Politics of Facial Recognition

        But crucially, Jassy and Smith seem to argue, it’s also inevitable. In calling for regulation, Microsoft and Amazon have pulled a neat trick: Instead of making the debate about whether facial recognition should be widely adopted, they’ve made it about how such adoption would work.

      • 5G as a Globalist Tool

        By September, 2018, Intel announced that Nokia and Ericsson would partner to deploy 5G globally describing that, according to an Ericsson spokesman “for 5G we’ve been collaborating since four years back.”

      • “Just don’t have a face”: what it’s like to opt-out of US airports’ “optional” face recognition

        Privacy advocate Allie Funk was surprised to learn that her Delta flight out of Detroit airport would use facial recognition scans for boarding; Funk knew that these systems were supposed to be “opt in” but no one announced that you could choose not to use them while boarding, so Funk set out to learn how she could choose not to have her face ingested into a leaky, creepy, public-private biometric database.

      • I Opted Out of Facial Recognition at the Airport—It Wasn’t Easy

        To figure out how to do so, I had to leave the boarding line, speak with a Delta representative at their information desk, get back in line, then request a passport scan when it was my turn to board. Federal agencies and airlines claim that facial recognition is an opt-out system, but my recent experience suggests they are incentivizing travelers to have their faces scanned—and disincentivizing them to sidestep the tech—by not clearly communicating alternative options. Last year, a Delta customer service representative reported that only 2 percent of customers opt out of facial-recognition. It’s easy to see why.

      • Can I buy a phone that doesn’t use anything from Google or Apple?

        South Korea’s two smartphone manufacturers, Samsung and LG, would also love to have an independent operating system but success is unlikely. Samsung tried with Tizen, which was supported by the Linux Foundation. The Samsung Z series was launched in India and didn’t do well enough but Tizen is used in Samsung Gear smartwatches. LG could have a go with Palm’s Linux-based webOS, which it acquired from HP in 2013. WebOS first appeared on Palm Pre smartphones in 2009 but LG has mainly used it in smart TV sets.

        Sailfish started with another failed Linux project, Nokia and Intel’s MeeGo. The latest version uses a graphical shell from Jolla, the Finnish company that appears to be its major backer. Sailfish can be ported to more alternative smartphones than Ubuntu Touch but I can’t see any current phones with Sailfish pre-installed. The same is true for both /e/ (formerly Eelo), which is a sort of de-Googled Android, and LineageOS, which is a reborn CyanogenMod.

    • Freedom of Information/Freedom of the Press

      • Cartoonist let go from N.B. newspapers days after Trump image goes viral

        But de Adder disputes BNI’s reasoning and said he was told by the company that they would not run cartoons about Trump.

        “It got to the point where I didn’t submit any Donald Trump cartoons for fear that I might be fired,” he said on Twitter, adding that in the past two weeks he drew three viral Trump cartoons.

        “And a day later I was let go. And not only let go, the cartoons they already had in the can were not used. Overnight it was like I never worked for the paper. Make your own conclusions.”

        On Twitter, de Adder also said that every Trump cartoon he submitted for the past year was axed.

      • How Antifa’s Apologists Fell in Love With Street Violence

        A rioter knocked a friend of mine, the journalist Philip Wegmann, to the ground, causing him to briefly lose consciousness—even though, Wegmann told me, he was wearing credentials that clearly identified him as a member of the press. Wegmann is a writer for conservative news outlets such as Washington Examiner and The Daily Signal, however. And one of the main principles of the new activist left is that unfriendly media organizations should not have the right to cover their activities, even on public property.

        But it isn’t just conservative media outlets that bear the “unfriendly” designation; many activists are equally dismissive of mainstream news sources. One activist told me that she hates CNN just as much as Trump supporters do. Only explicitly leftist media organizations are permitted to cover the antics of the #Resistance.

    • Civil Rights/Policing

      • Gender-segregated sharia beach in E. Java spurs accusations and denials of ‘Arabization’

        While some conservative Indonesian culture warriors are concerned about the increasing “westernization” of Indonesian culture and social norms, those on the other end of the political spectrum often object to what they call the “Arabization” of Indonesia, particularly the implementation of government regulations based on strict interpretations of Islamic sharia law, similar to what might be found in Saudi Arabia.

        A gender-segregated “sharia beach” in the Banyuwangi regency of East Java recently became the focus of such accusations after a Facebook post titled “In the Hindu Land of Banyuwangi, Arabization is forced to grow” went viral.

      • Trump says if asylum seekers don’t like conditions in detention centers, ‘just tell them not to come’ [iophk: fails to address improving US policies which caused much of the bad conditions in source countries]

        In contrast, the 2020 presidential contender Kamala Harris questioned in a Wednesday Twitter post “how can anybody look at these photos and think this isn’t a human rights abuse?” while referring to photos highlighting extreme overcrowding and poor conditions in a Texas facility.

      • Manslaughter charges dropped against shot pregnant mum

        Charges against the alleged shooter had already been dismissed following a failed indictment.

      • Migrants can opt ‘not to come’ if they dislike squalid camps, says Trump [iophk: "a tweet in place of an official channel of communication :("]

        President Donald Trump brushed off reports of overcrowding and squalid conditions in migrant detention centres on Wednesday (July 3) by saying the migrants can opt “not to come” to the United States.

        “If Illegal Immigrants are unhappy with the conditions in the quickly built or refitted detentions centres, just tell them not to come. All problems solved!” Trump tweeted.

      • ‘Do Not Record’

        More than a year later, Orange County defense attorneys are still trying to piece together the scope and potential impact of the jailhouse recordings. Prisoners’ phone calls with their attorneys are understood to be protected by attorney-client privilege, and, in California, it is a felony to listen to or record an incarcerated person’s calls with an attorney. Just this month, assistant public defenders Scott Sanders and Sara Ross filed motions in separate cases with hopes of compelling the courts to help illuminate the breadth of the misconduct.

      • Kenya: Nairobi Police Executing Suspects

        Since August 2018, police have shot dead, apparently unlawfully, at least 21 men and boys whom they alleged were criminals in Nairobi’s Dandora and Mathare neighborhoods alone, Human Rights Watch found. Rights activists in those neighborhoods believe that, based on the cases they know about and those reported in the media, police have unlawfully killed many more in the past year. Under Kenyan and international law, the police should only intentionally use lethal force when it is strictly unavoidable to protect life.

      • Princess Haya: Dubai ruler’s wife in UK ‘in fear of her life’

        If her estranged husband demands her return then this poses a diplomatic headache for Britain, which has close ties to the UAE.

      • In Turkey, demography is a brake on Islamisation

        But curiously these policies do not seem to have had the desired result. Turks do not appear to be any more devout than they were a decade ago, scores of Islamic schools remain empty, and the brotherhoods seem increasingly out of step with a rapidly changing society.

        According to a study by KONDA, a local polling company, between 2008 and 2018 the share of Turks who define themselves as religious dipped from 55% to 51%. The number of women who wear the Islamic headscarf barely budged, from 52% a decade ago to 53%, and the share of those who fast regularly decreased from 77% to 65%. Meanwhile, the number of atheists has risen from 1% to 3%.

      • TikTok faces UK probe for allowing kids to throw money at influencers for little in return

        The company is already under investigation in the US for allegedly storing data from under-13s. It has no been confirmed that the UK Data Commissioner’s Office is launching its own probe of how TikTok conducts itself, and protects its users.

      • Axon Ethics Board Pulls Plug On Facial Recognition Tech Being Added To Its Body Cameras

        One of the major players in cop tech is bowing out of the facial recognition race. As Hayley Tsukayama reports for the EFF, Axon (formerly Taser) has decided there are far too many ethical and practical concerns to move forward with adding facial recognition tech to its popular bodycams.

        Axon actually has an ethics board — something that certainly would have been welcome back in its Taser sales days. Perhaps having a few ethical discussions would have prevented dead Americans from being awarded postmortem declarations of “excited delirium,” thus keeping law enforcement officers from being held accountable for killing people when they were only supposed to be arresting them.

    • Monopolies

      • Ruling Against Amazon May Prove Broader Blow to Its Business Model

        The Third Circuit Court of Appeals, in Philadelphia, overturned a judge’s decision that Amazon was shielded under the Communications Decency Act, which protects online businesses from lawsuits over the postings of their users.

        It’s the first federal appeals court to hold that Amazon is a product “seller” that can be held liable under state law for sales on its marketplace.

      • Patents and Software Patents

        • Athena Loses on Eligiblity – Although 12 Federal Circuit Judges Agree that Athena’s Claims Should be Eligible

          In a 7-5 decision, the Federal Circuit has denied Athena’s petition for en banc rehearing on the question of eligibility of diagnostic patents. As discussed below, the en banc denial includes eight (8) separate opinions — all of which call for Supreme Court or Congressional intervention.


          In its original decision, the Federal Circuit found the claim directed to an ineligible preexisting law of nature: “the correlation between the presence of naturally-occurring MuSK autoantibodies in bodily fluid and MuSK-related neurological diseases.” The court found the additional concrete steps in the claim were all “standard techniques in the art” and thus did not rise to a patentable inventive concept.


          Of some interest – the judges were almost uniformly all careful to focus their attention on medical diagnosis inventions — suggesting a targeted solution that would not extend to business methods and other information-based inventions.

        • Judge Koh (not unexpectedly) denies Qualcomm’s motion to stay enforcement of FTC antitrust remedies

          Like in that Bruce Springsteen song, “Just say goodbye it’s Independence Day.” Goodbye to the Northern District, I mean. Now there’s nothing left to do in San Jose, and on to the Ninth Circuit.

          The only thing that surprised me in this context was when someone told me on Twitter Qualcomm’s stock was down 3% after hours on this news. At least the investors who talk to me, individually or on group calls, perfectly knew that this was the most likely outcome, especially since Qualcomm for the most part would have required Judge Koh to contradict her own ruling (a true opus magnum), at least implicitly. It wasn’t 100% unthinkable that maybe some irreparable-harm argument might have gotten some traction, but I couldn’t really find a totally pressing reason for a stay, for the reasons I explained in previous posts.

          What’s going to be different now before the Ninth Circuit is that there will be a panel of new judges. Judge Koh is still sitting on the district court, but only because Donald Trump’s 2016 victory derailed her already fairly advanced nomination process. Frankly, it might even have been good for her in the short term because she then got this historic FTC case just a couple of months later. On the Ninth Circuit, she most likely wouldn’t have had a similar opportunity, and she doesn’t seem to care about titles or salaries as much as about doing high-quality meaningful work. But I really do wish her the best for being promoted as soon as possible at this stage. With so much partisan divide it may be difficult, and I totally agree with those Republicans who would like to bring more political balance to the Ninth Circuit (which has already happened under this President to some extent), but Judge Koh is so obviously a perfect choice for the next Ninth Circuit nomination and certainly not the kind of ideological judge because of whom Rush Limbaugh calls the Ninth Circuit the “Ninth Circus.” She would be a great consensus candidate, and that would be a politically smart move for Republicans (not with a view to California, which they obviously won’t carry anytime soon, but from a broader perspective). But that’s a separate story, though it is related to this process at this procedural juncture.

      • Trademarks

        • Supreme Court’s Brunetti Ruling: Scandalous And Immoral Marks Are Fair Game

          The U.S. Supreme Court’s June 24 decision in Iancu v. Brunetti provides a green light for immoral or scandalous marks to receive federal trademark protection.

          Marks such as FUCT, KO KANE, and BONG HITS 4 JESUS will now appear on the Trademark Register alongside esteemed household brand names.

          While this may be welcome news for some brand owners, freedom of speech may come at a cost. Justice Stephen G. Breyer warned that registration of “immoral and scandalous” marks may increase these marks’ use.

          In turn, this “may lead to the creation of public spaces that many will find repellent, perhaps on occasion creating the risk of verbal altercations or even physical confrontations.” Time will tell whether these potential ripple effects come to fruition.

        • Multinationals call on EUIPO to raise bar when ruling on use

          In-house lawyers at Reckitt Benckiser, pharma company Gedeon Richter and a multinational share tales of protecting their trademarks at the EUIPO and beyond, discussing surprising early-stage decisions, the threat of “trademark trolls” and whether proving use in oppositions is too easy

          In-house counsel in industries including consumer goods and pharma have suggested that a tweaking of the EUIPO rules regarding genuine use could help better protect their brands.

      • Copyrights

        • Kaspersky VPN Now Blocks ‘Pirate’ Sites in Russia

          Following orders from local authorities, Kaspersky’s VPN has begun blocking sites on Russia’s national blacklist, which includes many ‘pirate’ sites. The news follows reports that the country’s telecoms watchdog, Roscomnadzor, will not attempt to block VPNs for non-compliance, but will seek to fine them instead.

        • Encrypted DNS and SNI Make Pirate Site Blocking Much Harder

          Pirate site blocking is seen as an an effective enforcement tool for rightsholders. However, network experts and Internet providers warn that new threats are on the horizon. Encrypted DNS and SNI can potentially make it much more complicated to prevent people from visiting certain websites.

        • Taylor Swift Couldn’t Buy Masters Without Signing New Big Machine Deal

          Parsing the statements from both Swift and her attorney Donald Passman, it is clear that she was not offered the opportunity to acquire the rights to her music without signing a new deal with Big Machine, under terms she herself said were not acceptable. Her Tumblr post from Sunday begins: “For years I asked, pleaded for a chance to own my work. Instead I was given an opportunity to sign back up to Big Machine Records and ‘earn’ one album back at a time, one for every new one I turned in.” It is worth noting that nowhere in her statement does she say she was not offered any opportunity to buy her masters, as many have reported.

        • Democratic Candidates Are Ignoring One of the Year’s Biggest Labor Disputes

          In April, WGA members voted overwhelmingly to require agencies to sign a code of conduct. Agencies that declined were fired by the writers they represent (including me) on April 14. Recently the big three agencies—UTA, CAA, and WME—sued the Writer’s Guild, claiming that “The WGA has organized a group boycott and unlawful restraint of trade targeting CAA and other talent agencies.” Corporations suing a union would typically rile up Democratic candidates, especially when issues of gender and racial equality are at stake. The WGA also requested agencies provide access to writer contracts. Agencies balked, citing privacy; however, many women and minority writers believe that agencies, known for lacking diversity, may actually fear that sharing writer contracts would expose racial and gender disparities in negotiations. Yet somehow this labor dispute doesn’t appear to be on the Democrats’ radar.

Ethiopian Media Gamed by EPO Management, Just Like European Media

Posted in Africa, Deception, Europe, Patents at 9:57 am by Dr. Roy Schestowitz

The PR operations go unabated and stretch as far as Africa (and almost/partly a former colony of Portugal)

Portuguese Empire and Ethiopia

Summary: Independence of the press is nearly dead; moreover, the EPO’s longstanding habit of bribing and manipulating the media is no longer limited or confined because the sole goal is silencing their critics (by censorship, ‘googlebombing’, legal threats, and retaliatory tactics)

SO THEN… it’s Independence Day.

Independence cannot be overrated. But only if it’s real, not merely perceived (or some words in paper, maybe a press release from a lying department). Independence is a simple concept; without it, there’s a form of coercion or imperialism — two terms Ethiopians no doubt can grok (because of their history). Then there’s the EPO itself.

“Are the judges at the temporary location in Haar independent? Hell no!”Are the judges at the temporary location in Haar independent? Hell no! Some stuff may be “new”, but nothing about independence, which for over a year (under the ‘new’ management) the EPO failed to restore. Nevertheless, Kilburn & Strode LLP (large law firm that’s very close to the EPO) chose to write about “Boards of appeal new rules” (article just published by Gwilym Roberts and Jamie Atkins). It’s behind a paywall.

Let us keep you up to date.

But only if you pay for access. And even then it’s unlikely they’ll say anything about the loss of independence. Law firms almost never talk about it because when the boards are afraid of the Office they’re more likely to support patent maximalism. Obviously…

SUEPO has just belatedly cited “Lawyers urge EPO for quality as new plan branded propaganda” (some time yesterday in the afternoon). This article was mentioned in Techrights some days ago; we argued that judges, examiners, stakeholders (applicants, lawyers) and the public all accept that patent quality is declining. This, in turn, becomes a growing threat to Europe, but who’s going to stop it? The EPO is accountable to nobody. The Office is controlling the Council and the appeal boards — a complete reversal of what was intended by EPC authors. Moments ago the EPO wrote: “Our Boards of Appeal and key decisions conference is now fully booked…”

Some would argue that these decisions are null/void/invalid due to lack of independence. Caselaw ‘fixed’ by means of tacit intimidation?

“…judges, examiners, stakeholders (applicants, lawyers) and the public all accept that patent quality is declining. This, in turn, becomes a growing threat to Europe, but who’s going to stop it? The EPO is accountable to nobody.”Last night “The Convention watchdog” wrote this comment: “The provision of Art. 53a EPC is in no way special for the European patent System. It corresponds to Art. 4 quater of the Paris Convention and it is identical to Art. 27 (2) of the TRIPs Agreement. It is intended to cover situations in which inventions made in one country may be exploited only for export purposes.” (More context in the page/thread)

The EPC does not matter to the EPO; there’s a state of lawlessness which we last wrote about less than a day ago (EPC ‘hacked’). Based on this new press release, there are more genetic patents being granted at the European Patent Office (EPO), Can we already ask questions like, “when is breathing going to be patented“?

“The EPC does not matter to the EPO; there’s a state of lawlessness…”The media, which we still try to contact sometimes, still refuses to cover any of these issues. Its silence is a form of complicity. What does the media say about the EPO? It usually just copies what the EPO tells it to publish. It’s appalling. It’s not journalism and even weeks later we still see puff pieces about the media ‘festival’ of the EPO, naming António Campinos as though he’s a science expert (Battistelli was a judge there, awarding a Frenchman for European software patents).

Again we say, where on Earth are investigative journalists as opposed to PR puppets and think tanks? If they don’t actually analyse or fact-check anything, then they’re merely English writers who can rephrase press releases that are sent their way. They’re pawns of PR agencies if not PR agents themselves. It does more harm than good because they characterise themselves as “news”. That’s misleading.

“If they don’t actually analyse or fact-check anything, then they’re merely English writers who can rephrase press releases that are sent their way.”Addis Standard, which covered 'Teffgate' some months ago, has instead just become this megaphone of the EPO. Was it paid by the EPO’s PR firms? Is the EPO’s budget playing the media of Ethiopia (what’s left of it and in English) in order to bury a major patent scandal? Over the years we’ve shown several cases wherein the EPO passed money/gifts to large publishers. They don’t call it a bribe because they disguise the exchange of favours. It’s about this Ethiopian photo ops (published earlier this week) and it was further amplified by IPPro Magazine’s Rebecca Delaney, who wrote about/perpetuated EPO PR, not refuting any of it (the article’s titled is “EPO expands Australia PPH programme,” but much of it is about the other press release of the EPO). This is very much similar to what JUVE did earlier this week, with an article that’s about 80% just copy-pasting or parroting statements from Campinos and the EPO’s press office/press release. What happened to JUVE? And here’s some of the text from Delaney:

The European Patent Office (EPO) will extend its Patent Prosecution Highway (PPH) pilot programme with IP Australia to increase the speed and efficiency…


António Campinos, president of the EPO, commented: “I am very pleased to launch this wide-reaching cooperation programme with Ethiopia, one of Africa’s most dynamic economies.”

A borderline Portuguese colony with one patent in 10 years (at the EPO at least)! Calling it a “dynamic economies” is one of these jargons of management, like calling the EPO “agile” and poor nations “developing”. Campinos is just flattering them after ‘Teffgate’ — a scandal that caused the government of a very poor nation to spend a lot of money in court (to squash a fake European Patent on behalf of Ethiopian farmers).

What “EPO” is known to Ethiopians as would be the drug that’s sometimes abused by long-distance runners, especially there. That’s what “EPO” really means to most Ethiopians. Now when they look up things related to ‘Teffgate’ they’ll find wonderful ‘journalism’ such as this:

He [Campinos] added: “The purpose of ensuring efficient and high-quality patent examination is ultimately to foster innovation and economic development, and support bilateral trade and investment between Ethiopia and Europe.”

So European journalism about the EPO has become more or less just a Campinos ‘copypasta’. Wonderful.

How Outsourcing of Judgment to Computer Algorithms Poses a Threat to Software Freedom (and Freedom in General)

Posted in Free/Libre Software at 7:49 am by Dr. Roy Schestowitz

And this is the company that’s buying Red Hat…

IBM recently published a dataset for facial recognition AI made up of images...
IBM spent a fortune ‘googlebombing’ the Web/Internet (for weeks) to hide this article from view.

Summary: Freedom is under attack (or under a tank) and a contributor writes to explain the role played by the AI hype (outsourcing decisions to algorithms which lack tact, emotion, oversight, and are difficult to analyse/authenticate based on their resultant fuzzy classifiers)

July 4th is a day off for the USPTO (an "hey hi" (AI) booster for patenting purposes) and for much of the American media, but we’ll be posting as usual. We’ve just updated this database of threats to software freedom (explained in depth in a recent post). This is “for your consideration,” said the author, on “AI project disruption” (the author goes by the pseudonym Ted MacReilly and is a highly technical person, who uses this pseudonym to avert retaliation/reprisal against his GNU/Linux project).

“I try to keep most of these less speculative,” he said, “more immediate. I am still a futurist, I think this is worth serious consideration. I believe the tools either could, or even do exist. AI is not general purpose yet. It is very flexible, it can do a lot of interesting things. I believe it can do this today, but certainly in the near future.”

Here’s the explanation from Ted:

Every government and security researcher has a job to assess threats. It’s how they do it and how they respond that matters. Often security is treated as a blank check to do things that are unethical or dangerous– the “cure” is not always better than the disease.

Here, the cure being proposed above others is careful consideration– not hysteria, not some draconian measure, not paranoia. Just consideration.

Science fiction often talks about the future. It is typically based on problems that exist in the present. Some of the ideas are novel– before we had cell phones and iPads, Star Trek communicators and PADDs existed only in fiction. Real functioning jet packs, though still impractical, now exist and can be watched in brief flights on Youtube. And before Amazon ever sold Ebooks, Richard Stallman’s “The Right to Read” was just a story about a dystopian future.

Often we get the future wrong, and sometimes that’s a good thing. But that doesn’t stop us from thinking about it.

AI-based project planning is likely to increase. You don’t hear about it much on Techrights, because it is a term widely abused to write bogus patents, and Techrights reports on that with well-earned derision for corporate buzzwords and patent application trickery.

Still, AI is real and it’s here– it’s not everything you might think, but it’s far more than nothing. It has cultural, philosophical and practical (not to mention countless ethical) implications.

I believe we need to consider those. What I hope you will do today, is entertain the slightest possibility that AI can be used to undermine free software development. It is not as important whether or not that is already happening.

Could it? And importantly– how?

I have some thoughts about that, but I don’t believe that I thought of this first.

We know that corporations want to undermine free software. We have good reason to think that AI is used (or will soon be used) to assist corporate decision making. It is already moving into use for reviewing resumes. As a result, SEO tactics and techniques will be part of resume writing in the future.

Most people are not following the spread of AI very closely. A lot AI should be called “artificial stupidity” because it sometimes enhances “Garbage-in-Garbage-out” or biased, bad decision making, when we expect it to reduce those.

They say don’t attribute to malice what can be explained by stupidity, but every techie with a pointy-haired boss knows that the line between the two is often a fine one. Some of things being done with AI by corporations already, are best explained by malice and stupidity combined.

Would you entertain the possibility that AI may assist corporations in figuring out how to compete and undermine competition, or that AI is capable of doing so? If you wouldn’t, this entry will just be something to laugh at.

That’s alright. Sometimes parody and humor reach more people than serious philosophy.

Sometimes you have to wait, to be sure what the future really holds. I have no major complaints about that one. It’s nice to still have the option.

This could also be an “Aim for the moon” type of strategy. In trying to think of how AI could pose new threats to software freedom, you may come up with a more plausible or more obvious way that a corporation could pose new threats. There’s no request here to use your imagination for purely idle reasons. The point of threat assessment is to come up with solutions that bolster everyone’s freedom. Everyone can participate, it is not better to leave this entirely up to other people who may not care about your own needs or threat model.

Happy hacking,

Ted MacReilly

Links 4/7/2019: Material Shell, Mint Going 64-Bit, GameShell

Posted in News Roundup at 4:33 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Linux Mint 20 will ditch 32-bit architecture following Canonical’s recent announcement

      Clem Lefebvre, head of the Linux Mint project, has announced that Linux Mint 20 and beyond will drop support for 32-bit systems. The news comes on the heels of a decision made by Canonical to drop support for the 32-bit architecture in Ubuntu 19.10 and Ubuntu 20.04 LTS, the latter of which Linux Mint 20 will be based on.

      In the blog post, Lefebvre said he believes most people are happy with the decision to drop 32-bit versions and that it makes sense in 2020. Computers with a 64-bit processor have been on the market since 2003, and most of the computers that have shipped in this decade are 64-bit ready (except several infernal netbooks).

    • Linux Mint Confirms It’s Dropping 32-bit Releases

      The good news is that this isn’t happening yet. Users can continue to download Linux Mint 19.1 32-bit, install it, and use it as normal (the perks of being based on Ubuntu 18.04 LTS, which Canonical support until 2023).

      But by the time the Linux Mint 20 release arrives next year the distro will no longer produce 32-bit install media or on-going support for 32-bit systems.

      Sharing word of the pending retirement in his latest monthly mail-shot, Linux Mint lead Clement Lefebvre explains:-

      “Linux Mint 19.x is already available in 32-bit and it can be used until 2023. I think most people are happy with this and dropping 32-bit releases going forward makes sense in 2020.”

      Sounds, fair.

    • Linux Journal and Magazine

    • Server

  • Audiocasts/Shows

    • FLOSS Weekly 536: CX

      CX is an interpreted and compiled, garbage collected, general purpose programming language, which means that it can be used to create any type of program, such as web, desktop, and command-line applications.

  • Kernel Space

    • Linux 5.1.16

      I’m announcing the release of the 5.1.16 kernel.

      All users of the 5.1 kernel series must upgrade.

      The updated 5.1.y git tree can be found at:

      git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.1.y

      and can be browsed at the normal kernel.org git web browser:


    • Linux 4.19.57
    • Linux 4.14.132
    • DW5821e firmware update integration in ModemManager and fwupd

      The Dell Wireless 5821e module is a Qualcomm SDX20 based LTE Cat16 device. This modem can work in either MBIM mode or QMI mode, and provides different USB layouts for each of the modes. In Linux kernel based and Windows based systems, the MBIM mode is the default one, because it provides easy integration with the OS (e.g. no additional drivers or connection managers required in Windows) and also provides all the features that QMI provides through QMI over MBIM operations.

      The firmware update process of this DW5821e module is integrated in your GNU/Linux distribution, since ModemManager 1.10.0 and fwupd 1.2.6. There is no official firmware released in the LVFS (yet) but the setup is completely ready to be used, just waiting for Dell to publish an initial official firmware release.

      The firmware update integration between ModemManager and fwupd involves different steps, which I’ll try to describe here so that it’s clear how to add support for more devices in the future.

    • With An Out-Of-Tree Kernel Patch You Can Finally Read/Write To The SSDs On Newer Macs

      While Apple computers once ran well with Linux, that’s not been the case in recent years particularly for MacBook Pros but now really all newer Apple computers have become a mess on Linux. There’s been really messy issues in trying to run Macs on Linux. With MacBook Pros from recent revisions, it’s now only finally possible for Linux to read/write to the solid-state drive if using an out-of-tree patch.

      This Linux NVMe driver patch was pointed out to us by a Phoronix reader for allowing 2016 and newer MacBook Pros (and newer Macs) to be able to read/write the NVMe SSD from Linux.

    • Linux Plumbers Conference: RDMA Microconference Accepted into 2019 Linux Plumbers Conference

      We are pleased to announce that the RDMA Microconference has been accepted into the 2019 Linux Plumbers Conference! RDMA has been a microconference at Plumbers for the last three years and will be continuing its productive work for a fourth year. The RDMA meetings at the previous Plumbers have been critical in getting improvements to the RDMA subsystem merged into mainline. These include a new user API, container support, testability/syzkaller, system bootup, Soft iWarp, and more. There are still difficult open issues that need to be resolved, and this year’s Plumbers RDMA Microconfernence is sure to come up with answers to these tough problems.

    • Zack’s Kernel News

      When Linus Torvalds recently agreed to raise the GCC minimum supported version number to 4.8, it meant that any older system that still used older build tools, including older versions of GCC, wouldn’t be able to compile new kernels without upgrading that software. The justification for his decision was partly that the various kernel ports had come to depend on later GCC versions and partly that the various Linux distributions had started shipping with later GCC versions as well. To Linus, this meant that regular users would almost certainly not be inconvenienced by the change; while kernel developers – well, Linus didn’t mind inconveniencing them so much.

      But it wasn’t entirely an inconvenience to developers, as Steven Rostedt recently demonstrated. Now that GCC 4.8 was the new minimum, the kernel no longer had to support older versions of GCC that lacked some of the modern new features. The way this generally works is that the kernel build system checks which version of GCC is installed and then compiles certain kernel features that are specifically coded for that GCC version. This way, by hook or by crook, all kernel features get implemented, even if they have to work around deficiencies in an older compiler. When the older compilers aren’t supported anymore, all of that targeted kernel code can simply be torn out by the roots, without anyone making a fuss.

    • Linux Foundation

  • Applications

    • WireGuard Snapshot `0.0.20190702` Available
      A new snapshot, `0.0.20190702`, has been tagged in the git repository.
      Please note that this snapshot is, like the rest of the project at this point
      in time, experimental, and does not constitute a real release that would be
      considered secure and bug-free. WireGuard is generally thought to be fairly
      stable, and most likely will not crash your computer (though it may).
      However, as this is a pre-release snapshot, it comes with no guarantees, and
      its security is not yet to be depended on; it is not applicable for CVEs.
      With all that said, if you'd like to test this snapshot out, there are a
      few relevant changes.
      == Changes ==
        * curve25519: not all linkers support bmi2 and adx
        This should allow WireGuard to build on older toolchains.
        * qemu: show signal when failing
        This was useful in tracking down upstream armeb bugs such as:
        * wg-quick: darwin: support being called from launchd
        We now ship a sample launchd file, for folks who would like to run WireGuard
        on macOS servers with some form of automation. Most users are still advised to
        use the GUI app from the App Store.
        * compat: some kernels weirdly backport prandom_u32_max
        * compat: unify custom function prefix/suffix
        * compat: rhel backported list modifications
        Usual maintance of our compat layer for existing platforms and kernels.
        * compat: support RHEL8's skb_mark_not_on_list backport
        We now support RHEL8/CentOS8's kernel.
        * global: switch to coarse ktime
        Our prior use of fast ktime before meant that sometimes, depending on how
        broken the motherboard was, we'd wind up calling into the HPET slow path. Here
        we move to coarse ktime which is always super speedy. In the process we had to
        fix the resolution of the clock, as well as introduce a new interface for it,
        landing in 5.3. Older kernels fall back to a fast-enough mechanism based on
        * netlink: cast struct over cb->args for type safety
        This follow recent upstream changes such as:
        * peer: use LIST_HEAD macro
        Style nit.
        * receive: queue dead packets to napi queue instead of empty rx_queue
        This mitigates a WARN_ON being triggered by the workqueue code. It was quite
        hard to trigger, except sporadically, or reliably with a PC Engines ALIX, an
        extremely slow board with an AMD LX800 that Ryan Whelan of Axatrax was kind
        enough to mail me.
      This snapshot contains commits from: Jason A. Donenfeld.
      As always, the source is available at https://git.zx2c4.com/WireGuard/ and
      information about the project is available at https://www.wireguard.com/ .
      This snapshot is available in compressed tarball form here:
        SHA2-256: 1a1311bc71abd47a72c47d918be3bacc486b3de90734661858af75cc990dbaac
        BLAKE2b-256: 3b8668eed4c11c3d5995f23152c645ee40017ab84c8b15ce5f84015730290c9f
      A PGP signature of that file decompressed is available here:
        Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
      If you're a snapshot package maintainer, please bump your package version. If
      you're a user, the WireGuard team welcomes any and all feedback on this latest
      Finally, WireGuard development thrives on donations. By popular demand, we
      have a webpage for this: https://www.wireguard.com/donations/
      Thank you,
      Jason Donenfeld
    • WireGuard 0.0.20190702 Released For This Cross-Platform Open-Source VPN Tunnel

      WireGuard 0.0.20190702 has been released as the newest snapshot for this increasingly popular open-source network VPN tunnel that has showed much potential and has now been ported to all major platforms.

      WireGuard 0.0.20190702 is available for those interested. To much dismay, it doesn’t look like the kernel module will make it into the upcoming Linux 5.3 merge window. As of writing, the code still hasn’t been queued into net-next for merging into the Linux 5.3 merge window in early July. But for that to happen anyhow, WireGuard would likely still need to survive another round of code review on the Linux kernel mailing list along with its Zinc crypto API. We haven’t seen that happen yet so long story short the WireGuard Linux support will likely still need to rely upon the DKMS out-of-tree kernel module for another round.

    • Cloud music player Olivia

      Olivia looks like a standard three-panel music player, with links to albums, artists, and playlists on the left, the player queue on the right, and a context-shifting middle pane. But it’s not. Rather than helping you manage and maintain your own music collection, Olivia has been designed to simplify access to music that’s typically played and discovered online. It’s currently in an alpha testing state, and not all the features shown in the user interface (UI) are functional, but it’s functional enough to be very useful and shows great promise. Type the name of a track into the search field, for example, and a list of image thumbnails for discovered tracks start to load into the middle pane, complete with details about the performer, release date, duration, and album. It’s exactly as if the music is sourced from your local storage. A double-click adds the track to your queue from where it can then be played. The actual source for the music seems to be YouTube, from where the music is streamed stripped of its video content.

      The UI scales and animates smoothly as you navigate through different search and playback modes, and it can even dynamically theme itself according to your currently playing track’s artwork. There’s a very neat “widget” mode, which reduces the UI to nothing more than the current track thumbnail and playback controls. This is a great way of removing the distraction of choosing music from the infinite possibilities of online resources. As you play tracks, they’re added to your “collection,” so you can easily play them back or manage them much like you would local files. Local music is supported too, and there’s an excellent song recommendation system. Type in the name of a piece of music you like, and Olivia will come back with a recommendation for something it thinks (or the Internet thinks) is similar. It works surprisingly well.

  • Instructionals/Technical

  • Games

    • Alien invasions and disasters are in the latest update to the fun god-sim city-builder “The Universim”

      The Universim continues to get more interesting as a god-game/city-builder hybrid with the latest update giving the possibility of an alien invasion. See also: Some recent previous thoughts.

      Since the game will eventually let you reach for the stars and visit other planets, as you civilization evolves and becomes more modern you might find some unexpected visitors in the form of UFOs. Developer Crytivo said this is only “first contact” and more will come in future updates. For now, these pesky invaders might destroy buildings, kidnap Nuggets and animals.

    • The strategy RPG “Pathway” is to get a big free update later this Summer, now allows you to respec skills

      Not only are Robotality continuing to polish their strategy RPG “Pathway”, they’re also working towards a big free update. See Also: My original thoughts on Pathway.

      They haven’t said what’s coming in this big free update, only that it will be due “at the end of summer” but they do plan to make a blog post about what’s coming.

    • Valve are asking for help testing “ACO”, a new Mesa shader compiler for AMD graphics

      Valve developer Pierre-Loup Griffais mentioned on Twitter, about a new Mesa shader compiler for AMD graphics named “ACO” and they’re calling for testers.

      In the longer post on Steam, it goes over a brief history about Valve sponsoring work done by open-source graphics driver engineers, with it all being “very successful”. The team has grown and they decided to go in a different direction with their work.

    • Valve Has Been Developing A New Mesa Vulkan Shader Compiler For Radeon

      Valve has been funding work on “ACO”, a new shader compiler alternative to the de facto AMDGPU LLVM shader compiler currently used by both the RADV and RadeonSI Mesa graphics drivers for AMD Radeon hardware.

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • KaOS 2019.07 just dropped with exciting new features

        For those readers who are discovering KaOS right now, let?s have a quick introduction! This operating system has been developed from scratch and mainly focuses on KDE and Qt, which explains why it comes with LibreOffice and other KDE software. Also, the fact that it is being mentioned on FOSSLinux makes it self-explanatory that it is based on the Linux kernel.

        Earlier this week, there was an official announcement regarding the release of the July version of KaOS accompanying new features, updates, and security fixes. The major changes can be found in the operating system?s core, desktop environment, installation procedures, and office suite.

      • KIOFuse: June in Review

        The coding period has now extended over a month and quite a few improvements have been merged into KIOFuse. In my last post I mentioned the development of a KIO error to FUSE error mapping and 32 bit support.

        However, interestingly enough it took quite a long time for the 32-bit support branch to be merged. This was because of a test that didn’t fail nor pass – it froze. The test suite would never finish and the process would only respond to SIGKILL. After days of debugging it was determined that fuse_notify_inval_* functions don’t play well when writeback caching is enabled and hence there is now a patch to disable it. Of course this will incur a performance hit as writes will go straight to KIOFuse, and hence straight to disk (although the kernel may cache our write requests to our own cache). Whilst this is unfortunate, seeming as most KIO slaves are network based, switching from a writeback caching policy to a writethrough one is unlikely to hamper performance too much.

        In other news, KIOFuse can now handle SIGTERM, SIGINT and SIGHUP signals. Signal handlers can only call async-signal-safe functions. However in Qt there is a bit of hack one can perform, as inspired by this tutorial. Hence, in response to these signals, KIOFuse will flush all dirty nodes to disk, meaning no sudden data loss!

    • GNOME Desktop/GTK

      • ‘Material Shell’ is Probably The Most Impressive Thing You’ll See This Month

        The really good news about this particularly slick set-up is that you don’t just have to sit there drooling at it: you can download and try it out for yourself!

        Admittedly things aren’t yet one-click easy yet, but getting this up and running on your own desktop is not super difficult either, so long as you’re running GNOME 3.32.

        Just download the Material Shell extension from Github, move the bundle to the correct location, and then enable the extension via GNOME Tweaks.

      • Material Shell Is A New Tiling Shell For Gnome (Beta)

        Material Shell is a new tiling shell replacement for Gnome Shell that’s currently in beta. It’s tagline mentions that this extension proposes “a performant and simple opinionated mouse/keyboard workflow to increase daily productivity and comfort”, while also following the Material Design guidelines.

        The extension adds a new panel on the left-hand side of the screen, which has (from top to bottom) an Activities Overview button, application categories buttons (Internet, Development, Social, etc.), and a tray at the bottom.

        What’s more, Material Shell replaces the top bar with its own bar that lists each running application for a particular category, a + button that allows opening another application from that category, and a button to switch between tiling layouts (only 2 are available for now) for the applications in that particular category.

        Also, window titlebars for applications that don’t use client side decorations are removed, being replaced with the application name in the top panel added by Material Shell. A close button is also there, for easily quitting applications, though you can also use Super + Q to quit an app.

      • Initial Fun with the Open Desktop Ratings Service: Swearing!

        The ODRS is the service that produces ratings and reviews for gnome-software. I built the service a few years ago, and it’s been dutifully trucking on ever since. There are over 25,000 reviews, 50k votes, and over 4k different applications reviewed. Over half a million clients get application reviews every single day.

  • Distributions

    • SystemRescueCd – a live system that rescues data and systems

      The SystemRescueCd live system contains numerous tools that you can use to recover deleted files or a defective system.

      The SystemRescueCd live system above all offers programs with which you can reanimate defective data carriers and recover data. It includes the Firefox browser, which can also be used to search for solutions to a problem on the Internet if the permanently installed system fails to boot. Finally, SystemRescueCd provides useful tools for everyday work, such as creating or shrinking hard disk partitions. The live system relies on standard tools such as the well-known GParted for partitioning hard disks.

    • Reviews

      • Zorin OS vs Ubuntu: Can the Student Defeat the Master?

        The Linux landscape is dominated by a small handful of venerable distributions, most of which have been around for what seems like ages, each with its own dedicated following of users willing to draw blood in its defense. But if you zoom in, you’ll be able to notice that for each major Linux distribution, there are hundreds of smaller derivates.
        While most derivatives of major Linux distributions are utterly irrelevant, some manage to rise to prominence and sometimes even join the ranks of such prominent distributions like Debian, Fedora, Arch Linux, or Slackware.

        When Ubuntu was first released, it was dismissed by many as yet another Debian clone. However, the distribution proved its critics wrong, and it now has a seat in the Linux hall of fame. Now, a relatively unknown Ubuntu derivative is attempting to follow in Ubuntu’s footsteps, and the entire Linux community is starting to pay attention, which is why we think it’s the right time to compare the two distributions to see if the student can defeat the master.

    • Fedora Family

      • F30-20190628 updated isos released

        The Fedora Respins SIG is pleased to announce the latest release of Updated F30-20190605 Live ISOs, carrying the 5.1.15-200 kernel.

        This set of updated isos will save considerable amounts of updates after install. ((for new installs.)(New installs of Workstation have 1.2GB of updates)).

        A huge thank you goes out to irc nicks dowdle, Short-bike,Southern-Gentlem for testing these iso.

  • Devices/Embedded

  • Free, Libre, and Open Source Software

    • On Why OpenStack Foundation Joined the OSI

      Over the past year, the definition of open source has been challenged, as some companies wanted to change the licensing of their software while continuing to reap the benefits of calling it open source, or at least the benefits of being potentially confused with open source.

      That makes the work of the Open Source Initiative more important than ever. For more than 20 years, the OSI has been a steadfast guardian of the Open Source Definition. They’ve kept it focused on user freedoms, evaluating new proposed software licenses against that definition, while discouraging further license proliferation. They’ve also been instrumental to the success of open source through their tireless advocacy and education work.

      These objectives resonate with the work we do at the OpenStack Foundation (OSF). Today open source is necessary, but not sufficient: users of open-source licensed software are sometimes denied some of the original free and open source software benefits. We need to go beyond how the software is licensed and drive new standards on how open source should be built. Users should be able to tell easily the difference between a truly open collaboration guaranteeing all of open source benefits and single-vendor or open core projects.

    • Web Browsers

      • Mozilla

        • 8 Years of Reps Program, Celebrating Community Successes!

          The Reps program idea was started in 2010 by William Quiviger and Pierros Papadeas, until officially launched and welcoming volunteers onboard as Mozilla Reps in 2011. The Mozilla Reps program aims to empower and support volunteer Mozillians who want to be official representatives of Mozilla in their region/locale/country. The program provides a framework and a specific set of tools to help Mozillians to organize and/or attend events, recruit and mentor new contributors, document and share activities, and support their local communities better. The Reps program was created to help communities around the world. Community is the backbone of the Mozilla project. As the Mozilla project grows in scope and scale, community needs to be strengthened and empowered accordingly. This is the central aim of the Mozilla Reps program: to empower and to help push responsibility to the edges, in order to help the Mozilla contributor base grow. Nowadays, the Reps are taking a stronger point by becoming the Community Coordinators.

        • Will Kahn-Greene: Crash pings (Telemetry) and crash reports (Socorro/Crash Stats)

          I keep getting asked questions that stem from confusion about crash pings and crash reports, the details of where they come from, differences between the two data sets, what each is currently good for, and possible future directions for work on both. I figured I’d write it all down.

          This is a brain dump and sort of a blog post and possibly not a good version of either. I desperately wished it was more formal and mind-blowing like something written by Chutten or Alessio.

          It’s likely that this is 90% true today but as time goes on, things will change and it may be horribly wrong depending on how far in the future you’re reading this. As I find out things are wrong, I’ll keep notes. Any errors are my own.

    • Databases

      • CIS Benchmark for PostgreSQL 11 Enhances PostgreSQL Security for Enterprises
      • Crunchy Data releases an update to the CIS Benchmark for PostgreSQL 11

        Crunchy Data, the leading provider of trusted open source PostgreSQL technology and support, in collaboration with the Center for Internet Security, announces the publication of a PostgreSQL CIS Benchmark for PostgreSQL 11.

        Crunchy Data again collaborated with CIS by evaluating open source PostgreSQL 11 against CIS’s security requirements and developed the guide defining how open source PostgreSQL can be configured and deployed to meet security requirements for enterprise systems.

        The PostgreSQL CIS Benchmark offers security-conscious enterprises a comprehensive guide for open source PostgreSQL configuration and usage. Enterprises can refer to the CIS Benchmark as they consider open source PostgreSQL as an alternative to proprietary and other database systems.

    • Productivity Software/LibreOffice/Calligra

      • Annual Report 2018: LibreOffice events and activities around the world

        Zdeněk Crhonek and Stanislav Horáček attended the two biggest Czech FOSS events, LinuxDays in Prague and OpenAlt in Brno. There was generally positive feedback from users, interest in new features and what is going on. Also, there was discussion with someone from the National Technical Library in Prague (who enthusiastic about FOSS, migrated client computers to Linux and LibreOffice, and encouraging us to spread the word about it) and a representative of an organization trying to coordinate using FOSS in Czech municipalities (two towns running LibreOffice, with the intention to pay for some bug fixing).

        Other meetups took place at these events: a meeting with the Slovak community (Miloš Šrámek and Andrej Kapuš) in Brno, a meeting with the Czech localization community (Mozilla, Linux distributions), discussing mainly the possibility of a new Czech dictionary, and a discussion with a marketing specialist who suggested ways to simplify the LibreOffice web page.

        Apart from events, the Czech community worked continuous localization of LibreOffice’s user interface, website, help and marketing materials (press releases, video subtitles). There was also user support and moderation on the Czech “Ask LibreOffice” site.

      • LibreOffice QA Report: June 2019
    • Funding

      • NexDock 2 Hands-On Video

        The NexDock 2 crowdfunding swiftly met its goal earlier this year (no major shock as there’s little else like it out there to my knowledge).

        A 13.3-inch laptop shell that lets you use smartphones and single-board PCs as fully-fledged computers. The NexDock provides the screen, keyboard and trackpad, and your phone or Raspberry Pi provides the brain.

        Every time I see the dock in action I want one. And that want goes double since the launch of the Raspberry Pi 4 and its touted desktop-class performance…

        Anyway, if you want one you can have one.

    • Openness/Sharing/Collaboration

      • A worldwide, open source model for solar performance

        As solar’s share in the global energy mix continues to grow, managing the intermittencies inherent to the technology and ensuring its reliable integration into grids is an ever more important question.

        By collecting 38 years’ of irradiation, temperature and weather data and combining it with the historical output of European solar installations, scientists at Denmark’s Aarhus University have developed a model they say can predict the output of PV projects anywhere in the world.

        “We can look at not only a single installation but energy production in entire countries or continents from PV installations,” said Marta Victoria, an assistant professor at Aarhus University. “This is extremely important for the way in which the energy systems of the future can be combined to function optimally.”

    • Programming/Development

      • Python list comprehension with Examples

        This tutorial covers how list comprehension works in Python. It includes many examples which would help you to familiarize the concept and you should be able to implement it in your live project at the end of this lesson.

      • uarray update: API changes, overhead and comparison to __array_function__

        uarray is a generic override framework for objects and methods in Python. Since my last uarray blogpost, there have been plenty of developments, changes to the API and improvements to the overhead of the protocol. Let’s begin with a walk-through of the current feature set and API, and then move on to current developments and how it compares to __array_function__. For further details on the API and latest developments, please see the API page for uarray. The examples there are doctested, so they will always be current.

      • Find the working hour for a project with Python program

        In this article, we will write a python program to figure out how much time we will need to contribute to a project as a freelancer, but before that, let us go through the below problem first!

        You are the best freelancer in the city. Everybody knows you, but what they don’t know, is that you are actually offloading your work to other freelancers and you rarely need to do any work. You’re living the life!

        Giving the amount of time in minutes needed to complete the project and an array of pair values representing other freelancers’ time in [Hours, Minutes] format ie. [[2, 33], [3, 44]] calculate how much time you will need to contribute to the project (if at all) and return a string depending on the case.

      • EuroPython 2019: Late Bird Rates and Day Passes

        We will have the following categories of late bird ticket prices for the conference tickets:

      • EuroPython 2019: Find a new job at the conferenc
      • 5 common mistakes made by beginner python programmers

        During the initial days as python programmer, all of us face some or other type of weird bug in our code which, after spending multiple painful hours on StackOverflow, turns out to be not a bug but python feature. That’s how things work in python. So below are the 5 most common mistakes most of the beginner python programmers make. Let’s know a bit about them so that we can save a few hours of asking questions on Facebook pages and groups.

      • How to Use the Python or Operator

        There are three Boolean operators in Python: and, or, and not. With them, you can test conditions and decide which execution path your programs will take. In this tutorial, you’ll learn about the Python or operator and how to use it.

      • Introduction to GANs with Python and TensorFlow

        Generative models are a family of AI architectures whose aim is to create data samples from scratch. They achieve this by capturing the data distributions of the type of things we want to generate.

      • Humble Book Bundle: Open Source Bookshelf

        This book bundle is the perfect one for you if you’re interested in diving more deeply into the open-source developing space. If you’re a starving developer, this could help even more, as you will pay very little when you buy the Humble Book Bundle: Open Source Bookshelf by Bleeding Edge Press. You’ll pay as little as $1 for books that explain creating interfaces with Bulma, chatbots for eCommerce, practical gRPC, and more. You’ll get instruction and hands-on training in several areas. Buy the bundle and receive only the books you really need to dive deeper into open-source developing.

        When you purchase the instructional books you’re most interested in, the price you pay will include some of the money going toward charity. You can donate to Humble’s featured charity, Girls Who Code, or choose a different charity as well. Humble has raised $150,000,000 to date for its various charities.

      • Why We Removed the “Free” Channel in Conda 4.7

        One of the changes we made in Conda 4.7 was the removal of a software collection called “free” from the default channel configuration. The “free” channel is our collection of packages prior to the switch in recipes/compilers that we did for the Anaconda Distribution 5.0 release. The current primary channel, “main,” is also totally free of charge. This is not a switch to charging for packages, only a switch from two potential pools of packages to just one. We removed the “free” channel from defaults for a number of reasons – all oriented towards providing you with a faster Conda experience.


        The brokenness that can come from the free channel can be obvious (solves taking hours) or subtle (cryptic error messages about seemingly unrelated parts), but we hope this clarifies the situation and helps you get back on track if you’ve been affected by this change. Be sure to try to rectify the usage of free in your packages, rather than leaving this setting on.

      • Awakening from the lucid dream

        While I was happy to see her familiar face, her presence struck me as odd; what would Kat, a Collabora QA team lead, be doing managing community folks on-site at a Purism facility in California? I would have thought Heather (Purism’s phone project manager) would be around, but I didn’t see her or other recognizeable members of the team. Well, probably because I was just passing through a crowd of 20 people spread on tables around a lobby area—a transitional space—set up as an ad-hoc workshop. One of the walls had big windows that let me see into a shipping area and actual meeting rooms. I went to the meeting rooms.

      • Ngrx Entities and One to Many Relationships

        When I started with Ngrx the Entity module didn’t exist. My state consisted of arrays of objects. The reducers and selectors were array manipulations. It worked well but if the state had a large number of objects, the filter and maps were expensive and required lots of code.
        The Entity library made it much simpler. My reducers are much less code and dramatically simple in comparison. The selectors are about half the length. It all works quickly, is easy to set up.

        Essentially the data is stored as an entity object. { [id: string|number]: dataobj} There is a list of id’s, which can be sorted. You access a specific object using the id as a property. entity[id]. If you have a list of id’s, idlist.map(i => entity[i] will give you a list of objects. The Entity can sort the ids, extract whatever key you want from your data. But what if you have a relational data structure?

      • This Week in Rust 293

        Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.

      • Introduction to PyCharm Themes

        If you are an intensive coder, there will always be chances of you being more inclined towards the dark coding theme. According to research, over 70% of the software developers prefer to code on a dark themed IDE since it helps them concentrate longer and pay more attention to the screen. Does that happen with you too?
        While colors and attractive backgrounds bring a fresher vibe to the working environment, completely dark background, on the other hand, makes it easier to focus on the screen and helps your brain stay active while you code. Nonetheless, always choose a color scheme that is comfortable for you and increases your productivity on all levels!

      • Go programming on a Raspberry Pi
  • Leftovers

    • Security

      • Security updates for Wednesday

        Security updates have been issued by Debian (pdns), Fedora (kernel and kernel-headers), Mageia (cgit and firefox), Oracle (libssh2 and qemu-kvm), Red Hat (openstack-ironic-inspector, openstack-tripleo-common, and qemu-kvm-rhev), Scientific Linux (libssh2 and qemu-kvm), SUSE (bzip2, cronie, libtasn1, nmap, php7, php72, python-Twisted, and taglib), and Ubuntu (thunderbird and znc).

      • Google Releases July 2019′s Android Security Patch to Fix over 30 Security Flaws

        Google has released today the Android Security Patch for July 2019 for all supported Pixel devices to address the latest security issues, fix bugs, and add various improvements.


        Apart from all the security fixes, the Android Security Patch for July 2019 also fixes various bugs for supported Pixel devices. As such, it improves the “OK Google” hotword and music detection on Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL devices, and addresses an issue for some Pixel 3 and Pixel 3 XL devices getting stuck during boot.

        Moreover, Google fixed an issue on Pixel 3, Pixel 3, XL, Pixel 3a, and Pixel 3a XL devices getting stuck in EDL mode with a blank screen, improves Unicode Japanese language support for Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, and Pixel 3a XL devices, and improves the performance of the Titan M module on the Pixel 3, Pixel 3 XL, Pixel 3a, and Pixel 3a XL.

        The Android Security Patch for July 2019 is now rolling out to all supported Pixel devices, including the Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, and Pixel 3a XL, and it should also be available shortly for other Android devices from major manufacturers like Essential, Sony, and others. The rollout will take a few days to arrive to all users, so make sure you update as soon as possible.

      • Chinese Border Agents Now Installing Malware On Foreigners’ Cellphones

        It’s a pretty open intrusion. The malware makes no attempt to hide itself. It even places an icon on the device’s application screen. The app has been uploaded by Motherboard and analysis shows this may possibly be for the convenience of the person scanning the phone. The app is sideloaded by border agents, who run a scan and search for the targeted content. Once this is done, those files can be viewed/exfiltrated and the app uninstalled. Also, soon after the article was published, most of the major anti-malware providers started flagging this software.

        It’s all part of the surveillance regime the Chinese government has directed towards the Uighur population in Xinjiang. Only now it’s spread past the historically-oppressed population to visitors to the region. Pretty much anyone travelling into the region via certain checkpoints is subject to device seizures and malware installation.

      • VMware begins patching process for Linux SACK vulnerabilities

        The two flaws, SACK Panic (CVE-2019-11477) and SACK Excess Resource Usage (CVE-2019-11478), were originally found and disclosed by Netflix researchers, along with two Linux bugs.

        “These issues may allow a malicious entity to execute a denial of service attack against affected products, warns a July 2 company security advisory that collectively rates the vulnerabilities as important in severity. (SACK Panic has a CVSSv3 base score of 7.5, while SACK Excess Resource Usage has a score of 5.3.)

        As of July 3, 11:30 a.m. ET, patches were available for SD-WAN Edge by VeloCloud, SD-WAN Gateway by VeloCloud, SD-WAN Orchestrator by VeloCloud, Unified Access Gateway and vCenter Server Appliance, and workarounds were available for Unified Access Gateway and vCloud Director for Service Providers.

    • Environment

      • US Tops List Of Countries Fuelling The Mounting Waste Crisis

        America’s thirst for consumption is not matched by an appetite for recycling, reveals new data identifying the country is the world’s top producer of waste and one of the worst of any industrialised nation for managing its trash.

        In two new indices, we’ve measured the waste generation and recycling performance of 194 countries to uncover a global picture of how countries are dealing with the waste they produce at a time where the world is facing a mounting crisis, primarily driven by plastics.

        The research calculates that over 2.1 billion tonnes of municipal solid waste (MSW) are generated globally each year – enough to fill 822,000 Olympic-size swimming pools, which would stretch 41,000 kms if laid out end-to-end. However, only 16% (323 million tonnes) of this is recycled each year, while 46% (950 million tonnes) is disposed of unsustainably.

      • US revealed to be the biggest driver of the world’s waste crisis

        A new study has identified the United States—the nation where the idea of mass production was born—as the world’s top producer of waste while also being the worst among industrialised nations at managing it.

        The US generates 12 per cent of global municipal waste—three times the global average—but only accounts for 4 per cent of the world’s population, reads the report, which was produced by Verisk Maplecroft, a United Kingdom-based research firm and consultancy specialising in global risk data and country risk analysis.

        Worse still, of the staggering volumes of junk the country that created globalised consumer goods brand names such as Starbucks, McDonald’s and Coca-Cola as well as the Black Friday sales produces, only 35 per cent are adequately recycled, the study shows.

      • US top of the garbage pile in global waste crisis

        The world produces over two billion tonnes of municipal solid waste every year, enough to fill over 800,000 Olympic sized swimming pools.
        Per head of population the worst offenders are the US, as Americans produce three times the global average of waste, including plastic and food.
        When it comes to recycling, America again lags behind other countries, only re-using 35% of solid waste.
        Germany is the most efficient country, recycling 68% of material.

      • Waste Crisis: Americans Create 3x More Waste Than Global Average

        On average, each American produces three times as much trash as the global mean. That includes plastics and food waste. In fact, the firm estimates that each American produces over 1,700 pounds (773 kg) of solid waste per year, which includes 234 pounds of plastic. That means every American’s output is three times that of the average Chinese person and seven times more than people living in Ethiopia, according to the report, as the BBC reported.

        And the U.S. is not doing well at recycling all that plastic. The firm found that the U.S. only recycled 35 percent of its municipal waste, while Germany, the most efficient country recycles 68 percent of its global waste.

        “The US is the only developed nation whose waste generation outstrips its ability to recycle, underscoring a shortage of political will and investment in infrastructure,” the firm said, as The Guardian reported.

      • Park Service Directed To Shift $2.5 Million In Fees To Help Pay For July 4 Parade: Report

        The National Park Service will divert about $2.5 million in fees gathered from park-goers to help pay for the hefty costs of President Donald Trump’s Fourth of July celebration, The Washington Post reported Tuesday.

        The White House has been preparing for the president’s “Salute to America” on Thursday, a grand parade meant to showcase what Trump has called the “strongest and most advanced” military on the planet. Tanks have been shipped from Georgia, and a flyover by Air Force One is scheduled, as well as a promised “biggest ever” fireworks display, according to Trump.

      • Trump’s July 4 Charade Will Take $2.5 Million Away From National Parks Funds

        Previous Independence Day celebrations have had a total price tag of around $2 million, former National Park Service Deputy Director Denis P. Galvin told The Washington Post. But Trump’s festivities will include flyovers from military jets including the Blue Angels, a display of tanks on the National Mall, and what Time reported will be the largest fireworks display in Washington, DC’s history. The nearly $2.5 million diverted from the parks will only cover a fraction of the cost, The Washington Post said.

        That money will come from park entrance and recreation fees, which usually go towards maintenance and improvement. The National Park System currently has a $12 billion maintenance backlog, The Huffington Post reported. The park money directed towards Trump’s event would typically have gone to improving the visitor experience at the National Mall or funding projects at smaller parks such as road repairs and habitat restoration, according to The Washington Post. The total equals around five percent of what lower-earning parks paid for upgrades last year.

      • This Fourth of July, You’ll See 70% More Algae Outbreaks Than Last Year

        Recreating in or near water stricken by an algae bloom can lead to serious health consequences. Short-term exposure — whether through skin contact or ingestion — to the toxins sometimes produced by algae outbreaks has been linked to sore throat, nausea, vomiting, diarrhea and liver damage.

        These outbreaks don’t just affect peoples’ health, they also hurt their wallets. Algae keeps people away from businesses near affected lakes, such as marinas and restaurants.

        Lake Hopatcong, in New Jersey, is currently suffering the biggest bloom ever recorded in the state. Hopatcong Mayor Mike Francis says it could have devastating impacts on the health of residents and his town’s economy.

      • Energy

        • Philadelphia Explosion One in String of ‘Near Miss’ Accidents at Refineries Using Deadly Chemical

          Next Friday, July 12, the Philadelphia Energy Solutions (PES) refinery in south Philadelphia is slated to close its doors, marking the end of an era that began in 1866, one year after the Civil War ended, when 50,000 barrels of kerosene and chemicals were first stored on site.

          The plant — which continued to struggle financially after emerging from bankruptcy in August 2018 — experienced a major industrial accident on June 21. That morning, a massive fireball lit up the pre-dawn sky over Philadelphia after leaking hydrocarbon gas had ignited. Five workers were injured, all treated on site. Three explosions shook walls in Philadelphia and the blast was reportedly felt as far away as South Jersey.

      • Wildlife/Nature

        • Sixth North Atlantic Right Whale Found Dead Prompts Concern From Researchers

          Considered one of the most endangered species of whale in the world by the International Union for Conservation of Nature Red List of Threatened Species, the North Atlantic right whale population is decreasing with only about 400 animals left in the world and just 100 breeding females. As the slow-moving baleen whales follow food sources, researchers at Dalhousie University say their behavioral and feeding patterns must be tracked in order to save the species.

          “It could be that the whales are in different places or are choosing different routes into the Gulf and that made these measures somewhat ineffective. So, we have to go back and find out where the whales are, predict their distribution and take measures to protect them,” said university marine biologist Boris Worm.

          It appears the whales are shifting movements, making vessel speed and traffic restrictions in place to protect the whales less effective. Necropsies carried out this year suggest some of the whales died from collisions with ships — an increasingly common and fatal occurrence.

        • With six right whale deaths and counting, researchers seek solutions

          With six right whales found dead thus far this summer — including four in a single 48-hour span — Dal researchers discuss the urgency in identifying where the whales are migrating to help protect the endangered species.

        • Six endangered North Atlantic right whales died last month alone

          There’s more grim news for the North Atlantic right whale, one of the most endangered whale species in the world. In June this year, six individuals were spotted dead in Canadian waters. Among them was a breeding female named Punctuation who had given birth to eight known calves and had been a grandmother to at least two grand-calves during her lifetime.

          With only some 400 North Atlantic right whales (Eubalaena glacialis) estimated to survive today, researchers and conservation groups are worried.

        • Grandmother and Grandfather Among 4 Endangered Whales That Died This Month

          Four North Atlantic right whales were found dead in the Gulf of St. Lawrence in Canada in the last three weeks, representing about one percent of the remaining population that is closely watched.

          One, named Punctuation, was a breeding female who had mothered eight calves and then gone on to have several grandchildren, making her death a significant loss for a dwindling population. She had been sighted as long ago as 38 years.

        • North Atlantic Right Whales Are Dying in Horrific Ways

          She was called Punctuation, after the small scars on her head that looked like commas and dashes. She was a North Atlantic right whale, one of an estimated 411 left in the world. She was one of just 100 reproductively active females left. She was mother to at least eight calves, and a grandmother to at least two grand-calves. She was about 40 years old when her body was found floating in the Gulf of St. Lawrence on June 20, 2019. Preliminary results from a necropsy suggest that she likely died after being hit by a ship.

        • Statement by Minister Garneau regarding actions taken to address the recent deaths of North Atlantic right whales

          “Due to the unfortunate deaths of a number of North Atlantic right whales in Canadian waters, Transport Canada is implementing an interim precautionary speed restriction of 10 knots, for vessels of 20 metres or more in length travelling in the western the Gulf of St. Lawrence, in the two designated shipping lanes north and south of Anticosti Island. This measure is effective immediately.

        • 2017-2019 North Atlantic Right Whale Unusual Mortality Event

          Since June 7, 2017, elevated North Atlantic right whale (Eubalaena glacialis) mortalities have been documented, primarily in Canada and were declared an Unusual Mortality Event. In 2017, there was a total of 17 confirmed dead stranded whales (12 in Canada; 5 in the United States) and in 2018, three whales stranded in the United States. In 2019, six whales have stranded in Canada. The current total mortalities for the UME is 26 dead stranded whales (18 in Canada; 8 in the United States).

        • Arctic Fox’s Record-Breaking Journey Might Not Have Been Possible Without Sea Ice

          Scientists were left “speechless” by a female Arctic fox’s record-breaking journey from Norway’s Svalbard islands to northern Canada, BBC News reported Monday.

          The fox traveled 3,506 kilometers (approximately 2,176 miles) in 76 days, one of the longest journeys for the species ever recorded, according to a paper documenting her trek. At one point, she clocked 155 kilometers (approximately 96 miles) a day.

        • Arctic fox treks more than 2,700 miles in four months

          Norwegian researchers have said they were stunned to learn that a juvenile fox managed to cross thousands of miles across the Arctic in just a few months last year.

          A group of scientists at the Norwegian Polar Institute recently said the Arctic fox, a species that can be found all around the Arctic, trekked from Svalbard, a Norwegian archipelago in the Arctic Ocean, into northern Canada at a pace never previously documented by researchers.

    • Finance

    • AstroTurf/Lobbying/Politics

      • Sinclair Faces Expanded Probe For Shady Behavior During Tribune Merger

        And it’s more than this kind of homogenized, consolidation “news” being rather creepy and teetering toward disinformation. There’s data to suggest that when you obliterate nuanced local journalism and replace it with monolithic, partisan crap from the likes of Sinclair, you wind up with a more divided and less informed populace. That populace is far less likely to think independently, and far more likely to just double down on partisan viewpoints, which can actually swing elections.

        So while the idea of protecting the diversity of local media is often viewed as something that’s “partisan” in and of itself, the protection of quality, truly local journalism is something that benefits everybody. It’s not clear that’s a lesson that has truly gotten through to many Americans, whether this particular merger succeeded or not.

    • Censorship/Free Speech

      • EFF and OTI Respond to the UK Government’s Online Harms White Paper

        Earlier this year, the UK government produced the “Online Harms White Paper,” creating a plan for a “system of accountability and oversight for tech companies.” The draft scheme put forth by the government is flawed, and these flaws prompted EFF and OTI to respond to the questions asked by the government. Ultimately, EFF and OTI felt the need to draw a line under a few crucial problems, within the bounds allowed by comment system set up by the government.

        The white paper paints a very broad brush over the Internet, which is more nuanced than the paper accounts for. It has been validly criticized on a number of fronts. In our response to ten of the 18 questions posed by the government, the repeated themes were the dangers of one nation’s government asserting control over free expression across the world, the possibility that the system proposed would benefit tech giants the most, and the importance of protecting encrypted communications.

      • Senator Lindsey Graham To Host Special ‘But Think Of The Children Online!’ Moral Panic Hearing

        Senator Lindsey Graham is not exactly the most tech savvy of politicians — and he demonstrates this is the most predictable of ways: falling for bogus tropes about the internet, while always (always) kowtowing to the surveillance state. He’s not sure that bloggers should be protected by the 1st Amendment, and he thinks that the law requires internet platforms to be neutral (it does not). Of course, one thing he likes about the internet is the fact that it allows the intelligence community to sweep up all your data.

        But his latest is that next week he’ll be hosting a hearing with the most ridiculous of moral panic titles around: “Protecting Innocence in a Digital World.” There’s no more information about what the panel is officially about or who will be speaking, but from the name alone you can assume it’s going to be full on moral panics about the evils of the internet and how “something must be done” to “protect the children.” Of course, given his earlier comments on why Section 230 of the CDA is no good, there’s a decent likelihood that this, too, will be attacked during the hearing — even though CDA 230 was literally written to enable platforms to create “family friendly” spaces — and amending it would likely take away those incentives.

    • Privacy/Surveillance

      • Amazon stores Alexa transcripts indefinitely

        Amazon has confirmed that it keeps transcripts of users’ Alexa voice recordings indefinitely on its servers. The company also keeps Alexa voice recordings indefinitely. According to Amazon, customers customers do have an option to delete both the transcripts and voice recordings.

        This comes after US Senator Chris Coons sent a letter to Jeff Bezos, CEO and Founder of Amazon, raising some privacy concerns.

        “Devices like Amazon’s Echo can make consumers’ lives easier–they can play our favorite music, order dinner, and adjust the temperature in our homes, all with a simple verbal command. While this technology can be helpful, it’s important that the right privacy protections are in place. Recent reports have raised questions about how Amazon collects and stores voice data. Senator Jeff Flake and I sent a letter to Amazon CEO Jeff Bezos asking what steps are being taken to protect consumer privacy and ensure information is not shared without consent,” said Coons.

    • Freedom of Information/Freedom of the Press

      • Victory: Somerville, Massachusetts Stands Up to Stop Face Surveillance

        The city council of Somerville, Massachusetts voted unanimously last week to become the first city on the East Coast to ban government face surveillance. It is encouraging to see cities across the country take this proactive step in anticipating the surveillance problems on the horizon and head them off in advance. This is far easier than trying to put the proverbial genie back in the bottle after it causes harm.

        “In Somerville we take fairness, justice, and individual liberties seriously,” Somerville Mayor Joseph Curtatone tweeted after signing the ordinance, which was introduced by Somerville City Councilor Ben Ewen-Campen. “Facial recognition software automates civil rights abuses and extends (and somewhat corporatizes) a pervasive surveillance state.”

        Face recognition technology can be used for identifying or verifying the identity of an individual using photos or video. Government can even conduct dragnet, real-time face surveillance of entire neighborhoods. Face recognition technology is also prone to error, implicating people for crimes they haven’t committed.

        In addition to banning government face surveillance in its own city, the Somerville city council has also endorsed a pair of bills that would place a moratorium on face surveillance across Massachusetts.

    • Civil Rights/Policing

      • We Should Probably Stop Blaming Technology For The Failings Of Human Beings

        As she notes, we in the west can argue that US and western influence campaigns around the world were different from, say, Russian or Chinese influence campaigns these days, but it’s a distinction that doesn’t much matter to those pushing disinformation campaigns today. They see it all as the same thing.

        She ends her piece with some suggestions on what to do — and I recommend going there to read them — but I’m still thinking a lot about how the internet has really held up a mirror to society, and we don’t really like what we see. But rather than recognizing that we need to fix society — or some of our political corruptions — we find it easier to blame the messenger. We find it easier to blame the tool that held up this mirror to society.

        We can’t fix the underlying problems of society — including over-aggressive tribalism — by forcing tech companies to be arbiters of truth. We can’t fix underlying problems of society by saying “well, this dumb view should never be allowed to be shared” no matter how dumb. We fix the underlying problems in society by actually understanding what went wrong, and what is still going wrong. But fixing society is hard. Blaming the big new(ish) companies and their technology is easy. But it’s not going to fix anything at all if we keep denying the larger fundamental flaws and problems in society that created the conditions that resulted in the tech being used this way.

    • Internet Policy/Net Neutrality

      • NASA, NOAA, and the Navy Tell The FCC Its 5G Plan Will Harm Weather Forecasting

        More plainly, water vapor emits radiation at 23.8GHz. Both the NOAA and NASA say monitoring these vapors won’t be possible if the neighboring band is too noisy. Things like hurricane forecasts, they say, could take up to two to three days longer if adequate protections aren’t put in place. There’s far more detail in this recent article in Nature, where academics note that while far more scientific study is needed, the interference potential here is a very real threat.

        AT&T and other industry players recently gobbled up spectrum in the band at auction, and have an obvious vested interest in getting the spectrum in place quickly as they look to cash in on fifth generation wireless (5G).

    • Monopolies

      • Gibson Guitar Declares Shift In IP Enforcement After Most Recent Public Backlash

        Our past posts on Gibson Guitar, the famed guitar-maker, have revealed roughly a decade of strict IP enforcement and other busuiness challenges. Between waffling on its support for SOPA and its own failures to properly innovate in a direction that met its customers’ demand, never mind its odd legal trouble over “illegal” wood used in its guitars and the bankruptcy it underwent a few years back, we’re not left with a picture of a well-oiled business. Despite that, emerging from bankruptcy, Gibson has continued its IP maximilist ways, most notably in the past few weeks with a lawsuit against the owner of Dean and Luna Guitars for trademark infringement and counterfeiting over several guitar body designs that the defendants claim aren’t protectable.

        There are two important aspects of that specific dispute to note here. First, the public backlash against Gibson over the lawsuit was firm and swift. Second, this specific dispute originated with cease and desist notices sent out by Gibson’s legal team back in 2017. That is particularly notable as it was only in November of 2018 that Gibson brought on a new CEO, James Curleigh. In the wake of the backlash over the past few weeks, Curleigh has gone out of his way to promise the public that Gibson is going to quickly move on from its IP maximilist ways.

  • RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

    Home iconSite Wiki: You can improve this site by helping the extension of the site's content

    Home iconSite Home: Background about the site and some key features in the front page

    Chat iconIRC Channels: Come and chat with us in real time

    New to This Site? Here Are Some Introductory Resources




    Samba logo

    We support

    End software patents


    GNU project


    EFF bloggers

    Comcast is Blocktastic? SavetheInternet.com

    Recent Posts