Links 5/7/2019: New GRUB Release and New Debian Coming Tomorrow

Posted in News Roundup at 11:30 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop

      • 9 Best Linux Distros For Beginner Users — 2019 Edition

        Are you looking for a Linux distro that’s suitable for new users who are willing to start an exciting Linux journey? Well, you’re in the right place.

        The beauty of Linux lies in the plethora of options available to the users. While some call it Linux distro fragmentation, I love to call it Linux’s strength. It allows the users to choose a Linux distro suitable for their needs and learn new things. The same choice allows one to find a beginner-friendly Linux distro, gaming distro, gaming distro, etc. These days, Linux Mint is giving a tough competition to Ubuntu as it’s very beginner-friendly. But what about other options for new Linux users? Let’s find out!

      • Release of the Open Build Service, Version 2.10

        The Open Build Service (OBS) project has announced the release of version 2.10 of OBS, which is a system to build and distribute binary packages built from source code. The new version has revamped the web user interface and upgraded the container delivery mechanisms. Beyond that, it has fixed plenty of bugs (of course), added a bunch of smaller features, and now provides integration with other online tools: “Another trend in the professional software world is to plug various tools together into grand continuous integration/deployment cycles (CI/CD). You, of course, also want to throw the OBS into the mix and we traditionally supported you to do that on GitHub with webhooks. The 2.10 release now brings the same kind of support to other tools like Gitlab and Pagure. You can trigger all kinds of actions on OBS for every git commit or other events that happen on those tools.”

      • Pinebook Pro Sets Date for Pre-Orders, Adds ‘Killer’ New Feature

        Pine64, the US-based company behind a growing range of ARM-powered Linux devices, say PineBook preorders will go live July 25, 2019.

        But there’s more.

        Aside from the date at which you can throw money at your screen the (terrifically productive) company has revealed a swathe of other interesting details…

      • Debian 10 “Buster” Coming Tomorrow, GRUB 2.04 Released, PineBook Pro Laptop Available for Pre-Order Soon, Raspberry Pi Sticker Give-Away and IPFire 2.23 Core Update 134 to Fix Security Issue

        The PineBook Pro laptop will be available for pre-order July 25, 2019. OMG! Ubuntu! reports that the $199 PineBook Pro will now include privacy switches to disable the internal Bluetooth and WiFi module, the webcam and the microphone at the hardware level. Go to Pine64.org for specs and more details.

    • Server

      • Red Hat/NC

        • Calling all female junior developers: new ‘open source apprentice’ program launched

          When it comes to the tech industry, it’s no secret that women are underrepresented.

          However, a boutique development company based out of Cary and Silicon Valley is hoping to change that.

          Introducing This Dot, a woman-owned company founded by Tracy Lee in 2016, which has recently launched its Open Source Apprentice Program.

          Its aim: to train and mentor female junior developers in open source, creating a pipeline of talent and changing the ratio in tech.

        • DevOps for doubters: How to deal with 9 kinds of people who push back

          At first glance, the benefits of DevOps are hard to deny. Continuous delivery of new software and features makes customers happy and businesses more agile. Highly collaborative, transparent, cross-functional ways of working can rally teams around a shared mission and purpose.

          It’s no wonder that companies big and small are singing DevOps’s praises and expecting everyone to get on board and never look back. That’s why it can be surprising when leaders encounter team members who seem to intentionally dig in their heels or create obstacles that slow DevOps down, says Matt Poepsel, senior vice president at The Predictive Index.

    • Audiocasts/Shows

    • Kernel Space

      • Arm’s Komeda Driver Adding Variable Refresh Rate Support

        Arm’s Komeda Linux DRM/KMS display driver for supporting their latest display IP such as the Mali D71 is seeing VRR support ala Adaptive-Sync / HDMI VRR.

        A developer from Arm Technology China sent out the patch this week enabling VRR support — Variable Refresh Rate (VRR) for their display driver.

      • Intel Icelake Thunderbolt Support Not Coming Until Linux 5.4

        While the Linux support around Intel Icelake is largely settled, one area that has gone under the radar until now has been the Thunderbolt support, which now is available in patch form but won’t be mainlined until Linux 5.4.

        With Icelake, Intel moved the Thunderbolt controller onto the CPU itself (sans the Thunderbolt power delivery circuitry). Overnight the Linux support for this Icelake Thunderbolt support was published by Intel employee and Linux Thunderbolt code maintainer Mika Westerberg.

      • Linux’s Performance-Boosting FSGSBASE Support Dropped For Now Over Serious Bugs

        While we had been looking forward to Intel FSGSBASE support for yielding some performance benefits especially in areas impacted by Spectre / Meltdown / Foreshadow / Zombieload, after the support was queued for merging into Linux 5.3, the code has now been reverted over “serious bugs” with the implementation.

        Our testing of the code queued earlier for Linux 5.3 did show some performance improvements and thus were looking forward to the addition with this next kernel, now it’s not coming at least until being reworked. The FSGSBASE support has been present on Intel CPUs back to Ivy Bridge or on the AMD side with Zen version one and newer.

      • New Google “GVE” Driver Queued For Upcoming Linux 5.3

        Adding to the list of Linux 5.3 kernel features is a new “GVE” network driver from Google.

        The new GVE driver is nearly four thousand lines of kernel code and is an Ethernet driver for supporting a yet-to-be-released Virtual NIC used on Google Compute Engine.

    • Applications

      • 15 Best Linux Font Tools and How to Install Linux Fonts on Ubuntu

        If you’re like me and has been using Linux for a long time, you know font management can be an issue in most distributions – still! Although Linux has come a great way since its earlier attempt in font management which resulted in an amateurish looking desktop, it still has plenty to improve. It is still quite ambitious if you want your desktop fonts to look as sharp as on those Macs. However, today, Linux can render TrueType fonts much better than it used to. Additionally, a plethora of robust Linux font tools has made it very simple to manage your Linux fonts.

      • Copy and paste at the Linux command line with xclip

        How do you usually copy all or part of a text file when working on the Linux desktop? Chances are you open the file in a text editor, select all or just the text you want to copy, and paste it somewhere else.

        That works. But you can do the job a bit more efficiently at the command line using the xclip utility. xclip provides a conduit between commands you run in a terminal window and the clipboard in a Linux graphical desktop environment.

      • Vim vs Emacs: Detailed Comparison

        The Linux community is no stranger to heated debates. From discussing the pros and cons of proprietary versus open source software to defending their favorite distributions with the zeal of a knight defending the last redoubt, Linux users can be extremely opinionated, which doesn’t make it easy for newcomers to find useful, unbiased information.
        One debate that has been confusing newcomers for decades now revolves around Vim versus Emacs, which are two venerable text editors that many seasoned Linux users and programmers still prefer as alternatives to modern editors and IDEs such as Sublime Text, Visual Studio Code, or IntelliJ.

        In this article, we compare Vim and Emacs to explain why comparing these two text editors is like comparing apples to oranges. By the end of this article, you should be able to decide which of the two text editors fits your needs and preferences more and whether you shouldn’t stick with something more modern after all.

      • A few bits on tmux

        I don’t remember when I started using tmux, but, the move from screen to tmux was quick. I have it installed on all of my systems and VMs. Though I never bothered to have a proper configuration file, it also means that I never used any plugin or other particular configuration. I don’t prefer to use plugins for command line applications much (for example in Vim), as not all systems will have those plugins installed.


        Following IPPSec, I have also converted the prefix key to Ctrl+a. This change helps to use another tmux in a remote system, where the default Ctrl+b works as the prefix key. I have also moved the default search to vi mode. You can start selecting text by pressing the spacebar, and then press y to copy text to the primary system clipboard, and helps to copy text easily to any other GUI application. This feature requires xclip tool from the system packages.

      • KeePass open source password manager review

        KeePass is a free and open-source (FOSS) password manager. It is a Windows program, but versions of it are available for all platforms including macOS, iOS, Android, and Linux. KeePass is not hard to use, but it lacks the slick user interfaces offered by many of its commercial rivals.

        Syncing across devices also take a little more work than with most password manager apps, but there is a good reason for this. KeePass uses true end-to-end encryption. You create encrypted KeePass (.kdbx) files that, by default, never leave the device they are created on.

        They are not stored on a centralized database that can be hacked (as commercial password manger ones often are), and only you hold the encryption keys to them. The main downside of this, of course, is that there is no safety net – no third party that can bail you out if you forget your master password!

      • Proprietary

        • Xpotify is an open-source Spotify client with some nice extra features

          As much as I like Spotify, I’ve always felt that the desktop app was missing something. Maybe it was too distracting, or perhaps it was the pop-up ads which annoyed me occasionally.

          I do keep it installed, but always wished for a better app.

          I tried to use Nuclear and Lofi, but they weren’t to my liking. Then I came across Xpotify, an app which has been around for a while, but was recently made-open source. It is a UWP with a fluent design, and looks very similar to the official app. That’s because it is based on Spotify PWA (Progressive Web App). But somehow it felt fresher than the original.

    • Instructionals/Technical

    • Games

      • Dota Underlords now has scoreboards and more improvements plus a “Proto-Battle Pass” next week

        Valve continue to move at a rapid pace to improve their strategy game Dota Underlords, with the most recent patch adding in some new features that were needed.

        Since entering Early Access last month, Dota Underlords continues to pull in a good amount of players with a 24 hour peak of over 97K. Not quite as impressive as when it first arrived, but it’s only natural once the initial rush has subsided. I expect Underlords to have a good life though, Valve seem to have learned a lot of lessons from the failure of Artifact.

      • Total War: Three Kingdoms gets mod support, Reign of Blood DLC and 1.1 patch now out for Linux

        Two bits of news for those of you trying to conquer China. Total War: Three Kingdoms has gained modding capabilities with Steam Workshop support and the brutal Reign of Blood DLC is now out for Linux.

      • The Inanimate Mr Coatrack, a free comedy adventure worth taking a look at

        Made for the Adventure Jam 2019, The Inanimate Mr Coatrack from Powerhoof is a rather silly comedy adventure.

        The Adventure Jam 2019 ran back in June from the 8th to the 22nd, so considering they only had two weeks I’m astonished at the quality of it. Not only does it have some lovely artwork, the voice acting is amusingly good too, as is the story and gameplay. Not surprising then, that it actually won first place in the Game Jam.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Feren OS KDE Experimental with KDE Plasma 5.16.2

          Today we are looking at the June snapshot of Feren OS KDE, which is still a work in progress but it is all starting to fall in place and it is beautiful.

          As far as I can tell it is based on KDE Neon 18.04.2, KDE Plasma 5.16.2 and uses about 800mb -1GB of ram when idling. However, it is a highly customized edition of KDE, with a top panel showing of the time and calendar, the simple menu as the default menu and a brand new tiled menu, which remind me a lot of the Windows 10 menu, it is just personalized and ready to be customized.

          The themer is also working a lot better than before, it is not perfect yet but it is a lot better than before.

        • Feren OS KDE Experimental with KDE Plasma 5.16.2 Run Through
        • Calamares CVE

          Two CVE’s were files against Calamares this week, but I’ll only write about lax file permissions on initramfs images here. See the CVE database for more details.

          The issue comes down to this: when creating an initramfs (which is done as root), a sensitive file is read. The initramfs file (a cpio archive) is created with lax permissions, and so any user who can read the initramfs file can then extract the contents of the sensitive file.

          From the point of view of Calamares, the solution is to make sure that the initramfs is created with less lax file permissions. Simple, hey?

          In principle, the umask is responsible for masking out file permissions bits, so a umask of 077 (octal!) would prevent group and other users (i.e. all the non-privileged users) from reading the initramfs. So all Calamares needs to do is set up a good umask before calling the tools, right?

          If only it were that simple.

        • Implementing a derivated class of kis_brushes_pipe

          I am still working on the change of the brush index, so far I’ve been confused with the classes, because I am not sure why somethings are implemented and then overriden or why somethings are where they are, and I am not sure exactly when or why to do this.

          I’ve been working all week, instead of trying to deliver a feature I tried to write and organize the whole class, and then slowly write all the small functions, this is because I’ve had problem with classes and objects, but I understand functions, so I to tried work with my strengths.

          This is a little analysis of the things I’ve been trying implement based on kis_imagepipe_brush.h and kis_brushes_pipe.h.

        • A week in Valencia

          From 19th to 25th of June, all the Plasma team gathered in Valencia, graciously hosted by the Slimbook people in their office. This was a special sprint, as it was co-located with the Usability sprint together with some VDG members. While some of the time each team was occupied in their own discussions, there were a big margin of overlap, allowing us to have a lot of discussions about the design and usability of our beloved Plasma desktop shell.

          We now have plans in the coming months for several improvements across the board, including further improvements on the new shiny notification framework by Kai Uwe.

          Also, we talked (and worked on) plans for further improving our Wayland support, including middle mouse button clipboard, and screen rotation for phone, tablets and 2 in 1 laptops).

      • GNOME Desktop/GTK

        • Nuritzi’s Travel Sponsorship Guide for GUADEC 2019

          This week, I had the opportunity of helping some GNOME newcomers apply for travel sponsorship, and I wanted to blog about some of the questions that came up along the way. I hope this helps anyone else who is trying to better understand how to apply for sponsorship under the new travel policy.

    • Distributions

      • Screenshots/Screencasts

      • Debian Family

        • Upcoming Debian 10 “Buster”!

          The Debian Release Team in coordination with several other teams are preparing the last bits needed for releasing Debian 10 “Buster” on Saturday 6 July 2019. Please, be patient! Lots of steps are involved and some of them take some time, such as building the images, propagating the release through the mirror network, and rebuilding the Debian website so that “stable” points to Debian 10.

          If you are considering create some artwork on the occasion of Buster Release, feel free to send us links to your creations to the (publicly archived) debian-publicity mailing list, so that we can disseminate them throughout our community.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Contributor profile: Primož Klemen

        In this new series we are going to introduce the contributors behind Kiwi TCMS. This is our community and these are their stories.

      • Web Browsers

        • Mozilla

          • Mozilla GFX: moz://gfx newsletter #46

            Hi there! As previously announced WebRender has made it to the stable channel and a couple of million users are now using it without having opted into it manually. With this important milestone behind us, now is a good time to widen the scope of the newsletter and give credit to other projects being worked on by members of the graphics team.

            The WebRender newsletter therefore becomes the gfx newsletter. This is still far from an exhaustive list of the work done by the team, just a few highlights in WebRender and graphics in general. I am hoping to keep the pace around a post per month, we’ll see where things go from there.

          • Mozilla Is Offering Ad-Free Internet For $5 Per Month

            Advertisements rule the internet and now Mozilla is arguing that the online advertisement ecosystem is broken. The non-profit company says that the majority of the revenue generated from advertisements is landing in the pockets of a handful of companies while other publishers are not benefiting from it.

            On similar lines, Mozilla has today teased a new service under which it will offer advertisement-free internet at a monthly subscription service. The page says, “Sign up now! $4.99 per month” but clicking on it leads to a survey as Mozilla wants to analyze the user’s response before launching the service.

          • Mozilla Reps Community: Rep of the Month – June 2019

            Please join us in congratulating Pranshu Khanna, Rep of the Month for June 2019!

            Pranshu is from Surat, Gujarat, India. His journey started with a Connected Devices workshop in 2016, since then he’s been a super active contributor and a proud Mozillian. He joined the Reps Program in March 2019 and has been instrumental ever since.

      • Productivity Software/LibreOffice/Calligra

      • Pseudo-Open Source (Openwashing)

        • Japanese Open-Source Self-Driving Startup Tier IV Raises Over $100M In Massive Series A

          Tier IV has developed something called “Autoware,” or what it describes as “the world’s first ‘all-in-one’ open-source software for self-driving technology.” It is so far being used by more than 200 organizations, according to Tier IV, including the U.S. Department of Transportation (USDOT) Federal Highway Administration (FHWA), automotive manufacturers, and “many self-driving startups.”


        • GRUB 2.04 release
        • GRUB 2.04 Bootloader Released With RISC-V Support, Native UEFI Secure Boot, Btrfs RAID

          It’s been two years since the release of GRUB 2.02 while today it’s finally been replaced by the long-awaited GRUB 2.04 bootloader release.

        • GRUB 2.04 release
          Hi all,
          GRUB maintainers are proud to announce GRUB 2.04 that has been just released.
          You can find list of new features and major fixes since release 2.02 in the
          NEWS file.
          We would like to thank all the people who have contributed to the project.
          The tarball is available at https://ftp.gnu.org/gnu/grub/grub-2.04.tar.xz
          and its signature at https://ftp.gnu.org/gnu/grub/grub-2.04.tar.xz.sig
          Release is signed with the following fingerprint:
            BE5C 2320 9ACD DACE B20D  B0A2 8C81 89F1 988C 2166
          It's also available as a signed grub-2.04 tag in official git repository.
          If you do not have xz support alternatively you may consider file
          https://ftp.gnu.org/gnu/grub/grub-2.04.tar.gz and its signature at
          If you want a binary version for Windows (i386-pc, i386-efi and x86_64-efi
          flavors) it is available under 
          and its signature at https://ftp.gnu.org/gnu/grub/grub-2.04-for-windows.zip.sig
      • Programming/Development

        • Reproducible Builds in June 2019

          Welcome to the June 2019 report from the Reproducible Builds project! In our reports we outline the most important things that we have been up to over the past month.

          In order that everyone knows what this is about, whilst anyone can inspect the source code of free software for malicious flaws, almost all software is distributed to end users as pre-compiled binaries. The motivation behind the reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

        • Maintainance of GeoIP legacy databases

          Since 9 months now Maxmind is not providing the CSV sources for their legacy database format, but only for their new GeoLite2 database. That is legitimate in my opinion, because the API is quite old and software projects should move to the new format, but mostly all (IMHO) important software projects still only support the old API.. :-(

        • Learn object-oriented programming with Python

          In my previous article, I explained how to make Python modular by using functions, creating modules, or both. Functions are invaluable to avoid repeating code you intend to use several times, and modules ensure that you can use your code across different projects. But there’s another component to modularity: the class.

          If you’ve heard the term object-oriented programming, then you may have some notion of the purpose classes serve. Programmers tend to consider a class as a virtual object, sometimes with a direct correlation to something in the physical world, and other times as a manifestation of some programming concept. Either way, the idea is that you can create a class when you want to create “objects” within a program for you or other parts of the program to interact with.

        • Made With Mu: Alpha 2 Released with Web Mode

          We are delighted to announce the release of Mu 1.1 alpha 2. Visit Mu’s download page to get installable versions for Windows and OSX. If you’re on Linux, please run Mu from source by following these instructions.

          We’re especially proud that alpha 2 contains the largest number of updates, from the most culturally diverse group of contributors for any release of Mu so far. This is a healthy sign that Mu is flourishing all over the world.

          A particular highlight of such community participation is the contribution of Sean Tibor, a teacher from Fort Lauderdale, Florida. A teacher contributing code to the tools used to teach code is a wonderful sort of virtuous circle. Well done Sean (whose podcast, hosted with his colleague Kelly, is a thing of pedagogical wonder)!

          The full list of changes can be found in the change log for this release.

        • Best Plugins for PyCharm

          Plugins are software add-ons that allow you to customize computer programs, web browsers, and software apps to enhance their features and capabilities. For instance, if you want to live stream a soccer match on a website, you may need to install a plugin because your browser does not have the tools required to stream.
          You might want to think of plugin as an integral part of your computing and web browsing, making sure each activity you do is running smoothly even if it is just about viewing a document or surfing a blog.

        • PyCharm Git Integration

          Over time, Git has turned out to be one of the most popular Open Source Version Control Systems of today. Its speed, simplicity, and efficiency to manage projects and make revisions over distributed systems have made software development a whole lot of easier.

  • Leftovers

    • ‘Microsoft’s worst move in 30 years’ – MPN changes spark uproar

      Microsoft partners have been left “flabbergasted” at the vendor’s decision to withdraw what are seen in some quarters as two key benefits to Gold and Silver reseller partners.

      The vendor revealed in an online document that it intends to withdraw the internal use rights it grants to those who are part of its Microsoft Partner Network (MPN).

    • Science

      • What’s up with HCI: The divergence of convergence

        Savvy engineers like Ken Olsen at Digital Equipment and other companies got to work in the 1960s and created minicomputers. These smaller and much cheaper versions of mainframes used newer semiconductor technology, Ethernet, tape and then disk storage, and system software.

        IBM launched its first personal computer on August 12, 1981, following pioneering work in the 1970s by Altair, Apple, Commodore and Tandy. PCs used newer semiconductor technology, commodity disk drives and network connectivity and third-party system software such as CPM and DOS.

        In due course, the technology evolved into workstations and servers. These servers ran Windows or Unix and displaced minicomputers. The server market grew rampantly, pushing mainframes into a niche.

        Three-tier architecture came along from the mid-90s onwards, with presentation, application and data tiers of computing. The enterprise purchase of systems became complex, involving racks filled with separately bought servers, system software, storage arrays, and networking gear. It required the customer or, more likely, a services business to install and integrate this intricately connected set or blocks of components.

        Customers buying direct from suppliers certainly did not enjoy having support contracts with each supplier and no one throat to choke when things went wrong.

    • Health/Nutrition

      • Austria Poised to Become First EU Nation to Fully Ban Glyphosate

        Austria is on track to become the first country in the European Union (EU) to fully ban the world’s most commonly used herbicide after the nation’s lower house of parliament passed a bill Tuesday that would outlaw all uses of glyphosate, which researchers and global health experts have tied to cancer.

        “The scientific evidence of the plant poison’s carcinogenic effect is increasing,” the leader of Austria’s Social Democrats, Pamela Rendi-Wagner, said in a statement. “It is our responsibility to ban this poison from our environment.”

    • Security

      • Security updates for Friday

        Security updates have been issued by SUSE (firefox, mozilla-nss, mozilla-nspr, helm-mirror, libu2f-host, and libu2f-host, pam_u2f) and Ubuntu (bzip2 and irssi).

      • Man Gets Prison For DDoSing Steam, EA, Microsoft, Sony, Nintendo, DOTA2, Riot Games….

        In one of its kind acts, a Utah-based man named Austin Thompson (23) is going to prison for launching DDoS attacks on servers of various gaming companies.

        The hacker, who goes by the online moniker DerpTrolling, compromised the servers of Microsoft Xbox, Sony Play Station, Quake Live, DOTA2, League of Legends, and Steam between December 2013 and January 2014.

      • Hacker who launched DDoS attacks on Sony, EA, and Steam gets 27 months in prison

        At the time, Thompson used the @DerpTrolling Twitter account to announce attacks and take requests for services users wanted him to take down.

        While the hacker had been active since 2011, his most famous stretch of activity was between December 2013 and January 2014, when most of his high-profile DDoS attacks took place, before the account going inactive.

        The attacks caused many online gaming services to go offline, and after seeing DerpTrolling success and the media coverage the hacker got, many other hacking crews followed suit in subsequent years.

      • Ubuntu updates for TCP SACK Panic vulnerabilities

        Issues have been identified in the way the Linux kernel’s TCP implementation processes Selective Acknowledgement (SACK) options and handles low Maximum Segment Size (MSS) values. These TCP SACK Panic vulnerabilities could expose servers to a denial of service attack, so it is crucial to have systems patched.

        Updated versions of the Linux kernel packages are being published as part of the standard Ubuntu security maintenance of Ubuntu releases 16.04 LTS, 18.04 LTS, 18.10, 19.04 and as part of the extended security maintenance for Ubuntu 14.04 ESM users.

        It is recommended to update to the latest kernel packages and consult Ubuntu Security Notices for further updates.

    • Environment

      • Biggest Ever Seaweed Bloom Stretches From Gulf of Mexico to Africa

        A vast expanse of brown seaweed stretching across the Atlantic is a threat to tourism but a boon to marine life, U.S. researchers have said.

        A report by the University of South Florida, published on Thursday, showed satellite images of the biggest ever bloom of the sargassum seaweed, which last year extended from the U.S. and Mexico’s Atlantic coast to Africa.

        The report, published in Science magazine, estimated that the giant patch grew to 8,850 kilometers (5,500 miles) wide and weighed 20 million tons.

        Researchers found that sargassum, which was previously confined to the Gulf of Mexico and the Sargasso Sea, has spread to the central Atlantic Ocean over the past decade.

        They said that some beaches in Florida and Mexico now have had so much sargassum that at times, swimmers are prevented from entering the sea.

      • Anchorage, Alaska Hit 90 Degrees for First Time on July 4th

        Fourth of July fireworks were canceled in Anchorage, Alaska Thursday as America’s “coolest city” hit 90 degrees Fahrenheit for the first time in recorded history.

        Alaska has had an unusually warm spring and early summer, The New York Times reported. It experienced its warmest March on record, and this June is likely to be its second-warmest ever. National Weather Service (NWS) meteorologist Bob Clay told The New York Times that the city could break its 85 degree record and see temperatures into the 90s Friday, Saturday or Sunday.

      • Anchorage Had Never Reached 90 Degrees. That Changed This Week.

        In more than 100 years of Anchorage history, weather stations have never recorded a single 90-degree reading. If current forecasts hold, it could happen multiple times in the coming days.

        With the combined forces of climate change that has disrupted temperature trends around the state, a remarkable dearth of ice in the Bering Sea and weather patterns generating a general heat wave, Alaska is facing a Fourth of July unlike any before. Anchorage has canceled its fireworks display because of wildfire concerns, city officials are worrying about air quality and forecasters expect temperatures to rival those in Miami.

        “This is unprecedented,” Anchorage’s mayor, Ethan Berkowitz, said in an interview. “I tease people that Anchorage is the coolest city in the country — and climatically that is true — but right now we are seeing record heat.”

      • Anchorage breaks all-time record high temperature

        The official temperature record fell. Anchorage hit 89 degrees Thursday to break the all-time highest temperature ever recorded at the official recording station. The previous record was 85 degrees set on June 14, 1969.

        Several recording stations in the Anchorage area hit 90 degrees or higher. The Campbell Creek Science Center hit 91 degrees as of 5:00 p.m. Merrill Field also hit 90 degrees on Thursday.

      • Anchorage cancels Fourth of July fireworks due to extreme heat wave

        he city of Anchorage, Alaska, canceled its July 4 fireworks display this week over an extreme heat wave.

        The Anchorage Fire Department put out a burn ban and said that any use of fireworks could result in a fine.

        “Just a reminder per MOA Code 14.70.180 it is unlawful to knowingly sell, possess, or use any explosive fireworks or stench bombs to which fuses are attached or which are capable of ignition by matches or percussion, without permission of that municipal official charged with issuing permits for such activities,” the department said in a statement. “Violation of this section shall be punishable by a civil penalty of $300.”

      • Wildlife/Nature

        • The global tree restoration potential
        • The Best Way to Fight Climate Change? Plant a Trillion Trees

          And there’s enough room, Swiss scientists say.

        • Climate change: Trees ‘most effective solution’ for warming

          Researchers say an area the size of the US is available for planting trees around the world, and this could have a dramatic impact on climate change.
          The study shows that the space available for trees is far greater than previously thought, and would reduce CO2 in the atmosphere by 25%.
          The authors say that this is the most effective climate change solution available to the world right now.
          But other researchers say the new study is “too good to be true”.

        • How to erase 100 years of carbon emissions? Plant trees—lots of them.

          An area the size of the United States could be restored as forests with the potential of erasing nearly 100 years of carbon emissions, according to the first ever study to determine how many trees the Earth could support.

          Published today in Science, “The global tree restoration potential” report found that there is enough suitable land to increase the world’s forest cover by one-third without affecting existing cities or agriculture. However, the amount of suitable land area diminishes as global temperatures rise. Even if global warming is limited to 1.5 degrees Celsius, the area available for forest restoration could be reduced by a fifth by 2050 because it would be too warm for some tropical forests.

        • Planting Billions of Trees Is the ‘Best Climate Change Solution Available Today,’ Study Finds

          The study, published in Science Friday, set out to assess how much new forest the earth could support without encroaching on farmland or urban areas and came up with a figure of 0.9 billion hectares, an area roughly the size of the U.S., BBC News reported. That makes reforestation “the most effective solution” for mitigating the climate crisis, the researchers concluded.

          “Our study shows clearly that forest restoration is the best climate change solution available today and it provides hard evidence to justify investment,” senior study author and ETH-Zürich Professor Tom Crowther said, as BBC News reported. “If we act now, this could cut carbon dioxide in the atmosphere by up to 25 percent, to levels last seen almost a century ago.”

        • Planting more trees could cut carbon by 25%

          Swiss scientists have identified an area roughly the size of the United States that could be newly shaded by planting more trees. If the world’s nations then protected these 9 million square kilometres of canopy over unused land, the new global forest could in theory soak up enough carbon to reduce atmospheric greenhouse gas by an estimated 25%.

          That is, the extent of new tree canopy would be enough to take the main driver of global heating back to conditions on Earth a century ago.

          And a second study, released in the same week, identifies 100 million hectares of degraded or destroyed tropical forest in 15 countries where restoration could start right now – and 87% of these hectares are in biodiversity hotspots that hold high concentrations of species found nowhere else.

        • Critically Endangered Right Whales Are Dying in Record Numbers. High-tech Fishing Gear Could Help Save Them

          Many fish, marine mammals and seabirds that inhabit the world’s oceans are critically endangered, but few are as close to the brink as the North Atlantic right whale (Eubalaena glacialis). Only about 411 of these whales exist today, and at their current rate of decline, they could become extinct within our lifetimes.

          From 1980 through about 2010, conservation efforts focused mainly on protecting whales from being struck by ships. Federal regulations helped reduce vessel collisions and supported a slight rebound in right whale numbers.

          But at the same time, growing numbers of right whales died after becoming entangled in lobster and crab fishing gear, and the population has taken a significant downward turn. This may have happened because fishing ropes became stronger, and both whales and fishermen shifted their ranges so that areas of overlap increased. In research that is currently in press, we show that 72 percent of diagnosed mortalities between 2010-2018 occurred due to entanglements.

          This comes after a millennium of whaling that decimated the right whale population, reducing it from perhaps between 10,000 to 20,000 to a few hundred animals today. And entanglement deaths are much more inhumane than harpoons. A whaler’s explosive harpoon kills quickly, compared to months of drawn-out pain and debilitation caused by seemingly harmless fishing lines. We believe these deaths can be prevented by working with the trap fishing industries to adopt ropeless fishing gear – but North Atlantic right whales are running out of time.

    • Privacy/Surveillance

      • Donald Trump Now Wants to Ban End-to-End Encryption

        After banning and unbanning Huawei, United States President Donald Trump is now planning to go after end-to-end encryption, with a new report claiming that senior White House officials met this week to discuss the first step the administration could make in this regard.
        Politico notes, citing three people familiar with the matter, that number two officials from several key agencies discussed a potential offensive against end-to-end encryption.

        “The two paths were to either put out a statement or a general position on encryption, and [say] that they would continue to work on a solution, or to ask Congress for legislation,” one source was quoted as saying by the cited publication.

Links 5/7/2019: MX Linux Reviewed, PyCharm 2019.2 Beta

Posted in News Roundup at 2:36 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop

      • Ubuntu 18.10 (Cosmic Cuttlefish) Will Reach End of Life on July 18th, 2019

        Canonical announced today that the Ubuntu 18.10 (Cosmic Cuttlefish) operating system is approaching end of life later this month, urging users to upgrade to a newer release.
        Released last year on October 18th, Ubuntu 18.10 was dubbed as Cosmic Cuttlefish by Canonical’s CEO Mark Shuttleworth. It shipped with the GNOME 3.30 desktop environment and the Linux 4.18 kernel series, and featured a fresh new look based on the in-house developed Yaru theme, formerly Communitheme.

        Ubuntu 18.10 also brought support for unlocking your PC with your fingerprint, mobile phone integration, as well as support for managing Thunderbolt devices. However, being supported for only nine months, Ubuntu 18.10 will reach end of life on July 18th, 2019, which means it will no longer receive security or software updates.

      • Linux Mint-powered MintBox3 to be the most powerful MintBox ever made

        The Linux Mint Blog has announced in the June 2019 edition of their monthly news article that the MintBox3 will be the best MintBox yet.

        MintBox is a series of computers based on Linux Mint that is developed by CompuLab in collaboration with the Mint team. The development company mainly deals with fanless PCs, and they have implemented the same approach in the MintBox computers.

        It should be noted that the previous MintBox systems have not been that powerful. With that being said, the upcoming MintBox is expected to accompany pretty high-end specs and that too without a fan.

      • Linux Mint 32-bit edition axed starting from Linux Mint 20 onwards

        As per the expectations, the Mint team has confirmed that Linux Mint 20 and later versions won’t support 32-bit architecture.

        Recently, Canonical made a massive announcement that the new Ubuntu won’t be available for 32-bit architecture. Because of this, there were a lot of speculations in the air about the release of the latest version of Linux Mint, most of which said that Linux Mint would make the same move. Proving these speculations true was the most recent announcement by Clem Lefebvre, the Project Founder and Lead Developer of Linux Mint, himself.

    • Server

      • IBM

        • Red Hat Helps Pave Road to Open Hybrid Cloud for APAC Enterprises

          Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced the Red Hat Hybrid Cloud Series, an event for open hybrid cloud strategists and practitioners taking place across Asia Pacific. The event will travel to 11 countries covering major cities, including Beijing, Bangkok, Hong Kong, Jakarta, Kuala Lumpur, Mumbai, Manila, Seoul, Singapore, Taipei and Tokyo.

        • Red Hat’s hybrid cloud role expected to expand after acquisition by IBM

          When IBM Corp. went looking for an acquisition that would complement its longstanding presence in the data center, it clearly wanted to build a new strength in the hybrid cloud. With that kind of mission, it was no wonder it found Red Hat Inc. and paid an attention-grabbing $34 billion for it in the process.

          “The whole adoption around hybrid cloud really speaks to all of the things that we’re doing and initiatives that we’re leading at Red Hat,” said Michael St-Jean (pictured), principal product marketing manager of storage at Red Hat. “It’s a great validation of all of the things that we’ve been working on for the past 10 to 20 years.”

    • Kernel Space

      • Graphics Stack

        • AMD posts Linux kernel patches for Navi 14 GPUs, Navi 10 will see only OpenGL benchmarks on launch day

          While RDNA-based Navi 10 GPUs such as the Radeon RX 5700 and 5700 XT are all set for an official launch on July 7, we do know that more Navi GPUs are in the offing suited for different price tiers. We’ve been hearing about Navi 12, Navi 14, and Navi 21 along with their Lite variants for quite some time and now, AMD seems to have posted Linux kernel driver patches for Navi 14 and Mesa updates for Navi 10.

    • Applications

      • Release of the Open Build Service, Version 2.10 – Open Build Service
      • Petter Reinholdtsen: Jami/Ring, finally functioning peer to peer communication client

        Some years ago, in 2016, I wrote for the first time about the Ring peer to peer messaging system. It would provide messaging without any central server coordinating the system and without requiring all users to register a phone number or own a mobile phone. Back then, I could not get it to work, and put it aside until it had seen more development. A few days ago I decided to give it another try, and am happy to report that this time I am able to not only send and receive messages, but also place audio and video calls. But only if UDP is not blocked into your network.

        The Ring system changed name earlier this year to Jami. I tried doing web search for ‘ring’ when I discovered it for the first time, and can only applaud this change as it is impossible to find something called Ring among the noise of other uses of that word. Now you can search for ‘jami’ and this client and the Jami system is the first hit at least on duckduckgo.

        Jami will by default encrypt messages as well as audio and video calls, and try to send them directly between the communicating parties if possible. If this proves impossible (for example if both ends are behind NAT), it will use a central SIP TURN server maintained by the Jami project. Jami can also be a normal SIP client. If the SIP server is unencrypted, the audio and video calls will also be unencrypted. This is as far as I know the only case where Jami will do anything without encryption.

      • Notepads is an open-source text editor with a fluent design

        Do note (pun intended), that the app is still in beta, but it’s stable, and it just works. Sadly, since it is a UWP app, it offers very limited in terms of functionality. Despite that it supports a lot of document formats, I counted over 40 supported formats including TXT, HTML, XML, CSS, to name a few. There are a few features which impressed me.

    • Instructionals/Technical

    • Games

      • Ninslash – a great fun open source 2D platform game needs YOU!

        We’ve received tons of feedback asking for more exposure to Linux’s open source gaming scene. We’re always wanting to make Linux more glamorous, sexy, and attractive. Or it could be that we’re wanting to chill out and fancy playing a fast-paced multiplayer game. Whatever the motives, Ninslash caught our attention.

        Ninslash is a free multiplayer 2D survival shooter based on another game called Teeworlds, a highly revered retro multiplayer shooter. Ninslash saw its first release in August 2016.

        Like Teeworlds, Ninslash falls under the genre of a frenetic multiplayer survival game. You can either join a public server, or run your own LAN server. There’s a couple of public servers set up for ‘invasion mode’, although there’s other game modes available (more on that later).

      • 10 years ago GamingOnLinux was created, what a ride it’s been

        Today, GamingOnLinux (the website) officially turns 10 years old, this is madness and here’s some thoughts and history on it all.

        July is a bit of a special double-event for me, as not only does July 5th mark the birth of GamingOnLinux, July 30th is also my birthday!

        What started as a curiosity after my first proper computer came with Linux instead of Windows, has blossomed into a love of all things Linux. I still remember booting it up for the first time, having no idea what was about to happen. Good old Mandrake 9.2, you were my first taste of what was to come. In the years following, I remember trying out all sorts of different Linux distributions from Fedora Core (as it was called back then) to SUSE and eventually Ubuntu came along which really did help me stick with Linux.

      • A Short Hike, a very sweet looking casual adventure game will be coming to Linux

        Developed by adamgryu as a Humble Original for a Humble Monthly, A Short Hike is released outside of Humble later this Summer.

      • VR rhythm game “Groove Gunner” looks insane and it’s coming to Linux

        Think you have some sick moves? Own a VR system? You’re going to want to keep an eye on Groove Gunner as it looks absolutely insane (in a nice way) and it might make you sweat a bit.

        Groove Gunner won’t just test your own rhythm with the music, it will also test your reflexes. Not only will you be blasting targets to the beats, you will also be blocking bullets as they come flying at you, while playing through songs from a variety of musical artists and genres.

      • Valve may be working on a new version of the Steam Controller

        Speculation time: As someone who makes heavy use of their Steam Controller, I will admit that the possibility of a proper second generation has me quite excited.

        PCGamesN recently wrote about it, which included a video from the YouTube channel Critical Input. The video goes over a Patent published in December last year, which shows it has a slightly different design with batteries that possibly go into the middle (hooray!), along with the back paddles being split into two on each side. That’s pretty interesting but what’s more exciting, is that it seems Valve may have already been testing it, as references were found in the Steamworks SDK for it.

        Oh, on top of that it seems the Patent also mentions multiple “force sensitive resistors”, which has “an electrical resistance” so it can detect how much pressure you’re applying on it. Something similar is used the Valve Index Controllers (previously known as the Knuckles Controller).

    • Distributions

      • Reviews

        • MX Linux Review: A Popular, Simple and Stable Linux Distro

          If you’re a Linux newbie, you might be confused by the sheer number of distributions on offer. One relatively new entry to the market is MX Linux. It’s a Debian-based distro with a lot of support that has topped Distrowatch’s popularity list for the last six months.

          But why is MX Linux proving to be so popular? Let’s find out.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • OpenHMD 0.3.0-rc2 Released For This Open-Source API/Drivers For VR/AR Hardware

        Issued today was the second release candidate for OpenHMD 0.3.0, the open-source project providing a common API and different drivers for VR/AR hardware.

        OpenHMD 0.3.0-rc2 continues with supporting the 3Glasses D3, Oculus CV1, Windows Mixed Reality HMD, NOLO, HTC Vive, HTC Vive Pro, Deepoon E2, and GearVR Gen1. The PlayStation PSVR support did end up getting disabled in this release, however.

      • Web Browsers

        • Mozilla

          • Mozilla Localization (L10N): L10n report: July edition

            Since our last report, we’ve shipped the first release of Firefox Preview (Fenix) in 11 languages (including en-US). The next upcoming step will be to open up the project to more locales. If you are interested, make sure to follow closely the dev.l10n mailing list this week. And congratulations to the teams that helped make this a successful localized first release!

      • Databases

        • YottaDB r1.26 Released

          YottaDB r1.26 is a major release on our roadmap to world domination (we may never get to our destination, but we will have fun – and release great software – along the way!).

      • Productivity Software/LibreOffice/Calligra

        • LibreOffice 6.2.5 Open-Source Office Suite Released with More Than 115 Bug Fixes

          Coming one and a half months after the previous point release, LibreOffice 6.2.5 is now available as yet another maintenance update to the LibreOffice 6.2 office suite series, adding a total of 118 bug fixes across many of its core components, to ensure LibreOffice 6.2 becomes as stable and reliable as possible for enterprise deployments.

          The Document Foundation still recommends the LibreOffice 6.2 office suite series to tech-savvy users, including power users, technology enthusiasts, and early adopters, for evaluation. However, they are also inviting enterprise users to give LibreOffice 6.2.5 a try as it will become replace the LibreOffice 6.1.6 release in August 2019.

      • BSD

        • FreeBSD Enterprise 1 PB Storage

          From all the possible setups with 90 disks of 12 TB capacity I have chosen to go the RAID60 way – its ZFS equivalent of course. With 12 disks in each RAID6 (raidz2) group – there will be 7 such groups – we will have 84 used for the ZFS pool with 6 drives left as SPARE disks – that plays well for me. The disks distribution will look more or less like that.

      • Licensing/Legal

      • Programming/Development

        • 2019 Plasma and Usability & Productivity sprint

          It was a great opportunity to meet old and new friends, drink beer and sangria on the rooftop and of course do some hacking.

          First we discussed about the future development of Plasma, especially the Wayland experience. I was particularly interested in how we can solve the two missing pieces in KDE Connect on Wayland, Keyboard input and clipboard synchronization.

        • Dirk Eddelbuettel: digest 0.6.20

          This morning, digest version 0.6.20 went to CRAN, and I will send a package to Debian shortly as well.

          digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64, murmur32, and spookyhash algorithms) permitting easy comparison of R language objects.

        • Python Dictionary Comprehension with Examples

          In this tutorial, we will cover how dictionary comprehension works in Python. It includes various examples which would help you to learn the concept of dictionary comprehension and how it is used in real-world scenarios.

        • PyCharm 2019.2 goes Beta

          Today we’re happy to share with you PyCharm 2019.2 Beta, a feature-complete preview of the upcoming release. Be the first one to try all the new functionality – download your PyCharm 2019.2 Beta build from our website.

        • Python Anywhere: System update on 26 June

          Right now we’re working on making sure that our billing system supports the Strong Customer Authentication (SCA) regulations that will come into force for all payments from European credit/debit cards this September; hopefully we can make this as seamless as possible for you.

        • Python Insider: Python 3.8.0b2 is now available for testing

          This release is the second of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. The next pre-release of Python 3.8 will be 3.8.0b3, currently scheduled for 2019-07-29.

        • Return of the mojibake detective

          Last year in BASHing data I gave an example of mojibake detective work. A UTF-8 dataset I was auditing (“ver3″) had the name “Séchier” in it. Somehow the “e” with an acute accent had disappeared and become 4 other characters in my UTF-8 locale, namely Ã, the invisible control character “no break here”,

        • Python Lists And Tuples

          Python Lists and Tuples are collections of elements that are ordered and indexed. They are very similar to an array. However, there is one stark difference between the two. Lists can be modified, new elements can be added and existing elements can be removed.

          But in case of a tuple, modification is not possible. Tuples are permanents since their existence.

        • Evennia 0.9 released

          The main feature of Evennia 0.9 is that we have finally made the move to Python3. And we burn the bridges behind us; as announced in previous posts we completely drop Python2 support and move exclusively to only support the latest Python3.7.

          Overall the move to Python3 was not too bloody (and much work towards a never published py2+3 version was already done by Evennia contributors in a separate branch earlier). The main issues I ran into were mainly in the changes in how Python3 separates strings from bytes. This became crticial since Evennia implements several connection protocols; there were a lot of edge cases and weird errors appearing where data went to and from the wire.

          A regular user has it a lot easier though. So far people have not had too much trouble converting their games from 2.7 to 3.7. The biggest Linux distros don’t all have Py3.7 out of the box though, so that may be a concern for some, we’ll see.

          … but Py3 is nowhere all there is to find in this release though! There are a plethora of more features in the latest Evennia, all to make it easier to make the text-based multiplayer game of your dreams.

        • 404 Found

          It demonstrates the difficulties in making computer and human communication meaningful to both. A lot like programming, in fact. There’s code, which the computer sees, and a comment explaining the code, which the human sees. What happens when they disagree?

          We have introduced many layers of abstract friendliness, that even when something goes wrong, we fail to recognize it and treat it like a perfectly normal result. If browsers failed harder, 404 errors would be less friendly, but links like this would fail to propagate. The error would be noticed and corrected.

      • Standards/Consortia

        • Addressing Web Bloat for WebDevs

          3. Avoid JavaScript

          This has already been my most controversial prescription, but for the sake of privacy, security, and accessibility (discussed later) I stand by it.

          It seems clear that no new JavaScript engine can hope to catch up to the mainstream ones in terms of performance or API support, as such we should not expect them to. We should instead see how well recent web standards allow us to do without JavaScript, and failing that we should discuss how new web standards can help us move further away from JavaScript. Along that line I encourage you to check out Intercooler.js.

        • [Older] A JavaScript-Free Frontend

          The Website Obesity Problem is not getting any better for the web at large. I’m tired of slow-to-load webapps that are not very reliable. Has anyone tried modifying the description of a card in Asana lately? It’s freaking slow! The UI lags for no good reason as you type. First, I live in a rural area with only 2 Mbit/s down Internet connection. With a warm cache it takes 14 seconds for the Asana UI to become usable. Second, you can see below that the app is comprised of over 10MB of uncompressed JavaScript. That is a huge amount of code to execute. How is this acceptable?

  • Leftovers

    • Hardware

      • Apple is reportedly giving up on its controversial MacBook keyboard

        Despite tweaking the design of its butterfly keyboards with each subsequent MacBook, Apple has struggled to overcome the keyboard’s problems, which can see keys act erratically or completely stop working as dust and other particles find their way into the mechanism. The company apologized for the keyboard’s reliability issues earlier this year, when it admitted that a “small number” of users were experiencing issues with the keyboard, then in its third generation, and the company has also launched an extended repairs program for earlier versions of the keyboard.

    • Security

      • 9 Open Source Password Managers to Secure Yourself With

        People use password managers so that they don’t have to remember all the usernames/passwords of the websites they visit. Instead, they can just remember 1 password, and then access all the other passwords whenever they need. In addition to that, this allows you as a user to increase the length and the complexity of the passwords you use, because now, you no longer have to remember them, so you can make your Facebook’s password something like 21#^#Y3#^2h281+_0H^I@F!##YU&^ with no problem.

        Also, some password managers offer other features that you can use. E.g: Auto-fill (automatically fill the passwords when you open the URL in your browser), synchronization between devices, team storage (sharing passwords between multiple people), smartphone integration, various types & tools of encryption, emergency codes.. And so on.

        Traditionally, there are many closed-source proprietary password managers, and there are those which are open source. In today’s article, we’ll see 9 open source password managers that you can use to secure yourself.

      • IPFire Open-Source Linux Firewall Now Patched Against SACK Panic Vulnerabilities

        IPFire 2.23 Core Update 134 is here to address the recently discovered SACK Panic (CVE-2019-11477 and CVE-2019-11478) security vulnerabilities, affecting Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. These are serious flaws and could allow remote attackers to cause a so-called SACK Panic attack (denial of service).

        “The Linux kernel was vulnerable for two DoS attacks against its TCP stack. The first one made it possible for a remote attacker to panic the kernel and a second one could trick the system into transmitting very small packets so that a data transfer would have used the whole bandwidth but filled mainly with packet overhead,” said Michael Tremer in the release announcement.

      • Michał Górny: SKS poisoning, keys.openpgp.org / Hagrid and other non-solutions

        The recent key poisoning attack on SKS keyservers shook the world of OpenPGP. While this isn’t a new problem, it has not been exploited on this scale before. The attackers have proved how easy it is to poison commonly used keys on the keyservers and effectively render GnuPG unusably slow. A renewed discussion on improving keyservers has started as a result. It also forced Gentoo to employ countermeasures. You can read more on them in the ‘Impact of SKS keyserver poisoning on Gentoo’ news item.

        Coicidentally, the attack happened shortly after the launch of keys.openpgp.org, that advertises itself as both poisoning-resistant and GDPR-friendly keyserver. Naturally, many users see it as the ultimate solution to the issues with SKS. I’m afraid I have to disagree — in my opinion, this keyserver does not solve any problems, it merely cripples OpenPGP in order to avoid being affected by them, and harms its security in the process.

        In this article, I’d like to shortly explain what the problem is, and which of the different solutions proposed so far to it (e.g. on gnupg-users mailing list) make sense, and which make things even worse. Naturally, I will also cover the new Hagrid keyserver as one of the glorified non-solutions.

      • Daniel Kahn Gillmor: WKD for debian.org

        By default, this will show you any matching certificate that you already have in your GnuPG local keyring. But if you don’t have a matching certificate already, it will fall back to using WKD.

        These certificates are extracted from the debian keyring and published at https://openpgpkey.debian.org/.well-known/debian.org/, as defined in the WKD spec. We intend to keep them up-to-date when ever the keyring-maint team publishes a new batch of certificates. Our tooling uses some repeated invocations of gpg to extract and build the published tree of files.

        Debian is current not implementing the Web Key Directory Update Protocol (and we have no plans to do so). If you are a Debian developer and you want your OpenPGP certificate updated in WKD, please follow the normal procedures for Debian keyring maintenance like you always have.

      • Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem

        Last week, contributors to the PGP protocol GnuPG noticed that someone was “poisoning” or “flooding” their certificates. In this case, poisoning refers to an attack where someone spams a certificate with a large number of signatures or certifications. This makes it impossible for the the PGP software that people use to verify its authenticity, which can make the software unusable or break. In practice, according to one of the GnuPG developers targeted by this attack, the hackers could make it impossible for people using Linux to download updates, which are verified via PGP.

        It’s unclear who’s behind these attacks, but the targets are Robert J. Hansen and Daniel Kahn Gillmor, both OpenPGP protocol developers.

        “We’ve known for a decade this attack is possible. It’s now here and it’s devastating,” Hansen wrote in his attack post-mortem.

      • Certificates Issued to Huawei Subsidiary Found in Cisco Switches

        Researchers noticed that the firmware for some Cisco switches contains X.509 certificates and associated private keys issued to a US-based subsidiary of Huawei. An investigation by the networking giant revealed that it was an oversight related to the use of an open-source third-party component.


        In an informational advisory published on Wednesday, Cisco says its FindIT development team uses OpenDaylight for testing purposes and the certificates should not have been included in production firmware.

      • St John Ambulance becomes latest casualty of a ransomware attack [iophk: those signing off on Windows deployments need to see real jail time]

        Though it’s “confident” that data has not been shared outside St John Ambulance, it fessed that the data of everyone who has opened an account, booked or attended a training course until February 2019 was affected.

        This data includes names, courses, contact details, costs, invoicing details and, in some cases, driving licence data. No passwords or credit card details were taken, and no records have been doctored.

      • Magento Patches Flaws Leading to Site Takeover

        Because at one point in the sanitization process sanitized links are injected back into the string via vsprintf(), an additional double quote is injected into the tag, which allows for an attribute injection.

        “This allows an attacker to inject arbitrary HTML attributes into the resulting string. By injecting a malicious onmouseover event handler and a style attribute to make the link an invisible overlay over the entire page, the XSS payload triggers as soon as a victim visits a page that contains such an XSS payload and moves his mouse,” the security firm says.

        Because the method is used to sanitize order cancellation notes, an attacker could exploit the vulnerability to inject arbitrary JavaScript that is triggered when an employee reviews the cancelled order.

      • Server image mystery in Georgia election security case

        The FBI data could reveal whether [attackers] tampered with elections in Georgia because the server in question had a gaping security hole that went unpatched for more than six months before being publicly exposed. Data on the server included passwords used by county officials to access elections management files.

        Technicians at the Center for Elections Systems at Kennesaw State University, which then ran the state’s election system, erased the server’s data on July 7, 2017, less than a week after the voting integrity suit was filed. After the AP reported on it three months later, Kemp denied ordering the data destruction or knowing about it in advance and called it reckless, inexcusable and inept.

        But the FBI had a forensic backup, which it made in March 2017 when it investigated the security hole. The FBI has not responded to repeated requests by the AP to confirm that it continues to possess the data. FBI Atlanta spokeswoman Jenna Sellitto wouldn’t say whether the FBI has examined the data on that image to determine whether any tampering or other malicious activity occurred.

      • Georgia Failed to Subpoena Image of Wiped Elections Server

        Marilyn Marks of the Coalition for Good Governance, a plaintiff in the case, said that if the state failed to secure the data from the FBI — despite informing U.S. District Judge Amy Totenberg in October 2017 of its intent to do so with the subpoena — it clearly has something to hide.

        “If they have destroyed records then it can be presumed that those records would have shown our allegations to be true,” Marks said.

        Neither the Secretary of State’s office nor an attorney representing it in the case, Josh Belinfante, would say why the subpoena was never filed. Nor would they say whether they had obtained the data through other means for secure safekeeping. The FBI in Atlanta also wouldn’t say whether it has provided the state with a copy.

      • Antivirus firms start flagging spyware installed by Chinese border control

        It recently came to light that the border control authority in China’s Xinjiang region was installing surveillance software on the phones of tourists without their knowledge or consent. The software apparently kept an eye out for terms that related to Islamic extremism and literature by the Dalai Lama.

    • Defence/Aggression

      • The Command (Kursk): A dramatization of the 2000 Russian nuclear submarine disaster

        The Kursk’s sinking was bound up with both the decay of the Russian military and the catastrophic impact of Russian capitalism. One hundred eighteen sailors died—85 instantly and 23 slowly and painfully—due to the neglect and incompetence of the Putin administration.

        The Vinterberg movie is a humanized account of the episode, and clearly takes the side of the population against the military and governmental brass. As the movie gets underway, angry sailors, led by Navy captain-lieutenant Mikhail Averin (Matthias Schoenaerts) on the Vidyaevo Naval Base, are demanding back pay: “Sorry gentlemen, we have received nothing from Moscow,” is the answer. “So what are we supposed to live on?,” ask the seamen. “If I knew that, I would be living on it too. At least you have a deployment coming, you will get a sea bonus.” “Which will not be paid,” is the retort.

    • Environment

      • Young volunteers in Helsinki aim for 130 km of trash-free coastline

        Eeva Puustjärvi is the coordinator of an effort dubbed Satakolkyt (roughly “One hundred thirty”), which aims to rid the city shoreline of all trash, and encourages residents to join in to help.

      • CO2 emissions are on track to take us beyond 1.5 degrees of global warming

        The world’s existing power plants, industrial equipment, vehicles and other CO₂-emitters are on track to pump out enough carbon dioxide to blow past that target by midcentury, researchers report July 1 in Nature. Add in future power plants that are already planned, permitted or under construction, and we could emit enough by 2033 to raise average global atmospheric temperatures by 1.5 degrees, the researchers say.

        If we want to limit warming to 1.5 degrees, then “we cannot invest more in fossil fuel power or infrastructure,” says Thorsten Mauritsen, a physical climate scientist at Stockholm University who was not involved with the work. “Everything we do from now has to change direction and not use fossil fuels.”

      • Amid mounting opposition, former Michigan Governor Snyder withdraws from Harvard fellowship [iophk: "tweets in place of official statements :("]

        On Wednesday, just days after Harvard University announced that former Michigan Governor Rick Snyder had accepted its offer of a senior research fellowship at Harvard Kennedy School’s Taubman Center for State and Local Government, Snyder announced on Twitter that he was withdrawing from the position.

        The decision came in the face of widespread opposition on the Harvard campus in Cambridge, Massachusetts; in Flint, Michigan, where tens of thousands of residents suffered lead poisoning as a result of his administration’s decision to switch the city’s water supply; and nationally. In less than three days, more than 7,000 people signed an online petition that urged the rescinding of the fellowship. Thousands more expressed opposition to the appointment on social media.

      • Opposition to oil sponsorships in the arts spreads in London

        The action was the latest in growing pressure against oil sponsorship in the U.K. Activists want art and cultural institutions, like the Royal Opera House, to stop accepting sponsorship money from BP because of its environmental impact.

        BP, formerly known as British Petroleum, is one of the U.K.’s largest oil and gas companies. It made headlines around the world for the Deepwater Horizon disaster in 2010, when more than three million barrels of oil spilled into the Gulf of Mexico.

      • 16 Companies Rethinking Packaging

        The U.S. generates almost 80 million tons of packaging waste each year, according to the U.S. Environmental Protection Agency. When landfilled or incinerated, this waste pollutes the environment and poses health risks to humans and wildlife. Packaging is also the main source of the plastic pollution that is clogging the ocean and expected to exceed the weight of all fish by 2050 at current rates. The food industry is largely responsible for this growing packaging problem.

        About half of the packaging waste in the U.S. comes from food and beverage products. And studies suggest that large food corporations like Nestle and Uniliver generate the majority of the plastic waste

        Recognizing this issue, and under pressure from consumers, several of these very same corporations have recently pledged to reduce the environmental impact of their packaging. Many smaller companies in the food and beverage and industry are doing the same, and some of them have been on the forefront of packaging innovations for years. Food Tank highlights 16 food and beverage companies to exhibit the industry’s various approaches to sustainable packaging.

      • Energy

        • Russia and Saudi Arabia Hold ‘Catholic Marriage’ with Poem and Badges, Form Enormous Oil Cartel

          According to Bloomberg, the nations have been coordinating for more than two years, battling the falling price of oil and grappling with the U.S.’ recent ascension of the top of the oil-producing charts. OPEC+ nations will now account for almost half of all oil production globally.

          Though initially considered a temporary alliance, OPEC Secretary General Mohammad Barkindo declared Tuesday that the pact was now like a “Catholic marriage” and would last for “eternity.”

        • Saudi-Russian Oil Fling Becomes a Marriage to Last an ‘Eternity’

          For Saudi Arabia, turning what had been an ad hoc coalition into a formal group provides a hedge against future oil-market turbulence. The kingdom can now lean on a group representing almost half of global oil output for support.

    • Finance

      • While Trump Isolates the U.S., It’s ‘Let’s Make a Deal’ for the Rest of the World

        America’s sudden retreat into old-fashioned protectionism, and Washington’s frontal assault on the World Trade Organization and the decades-old rules that have upheld the world trading order, has fueled fears that globalization is dead. In reality, outside of the United States, most other countries are racing to tear down barriers and embrace free trade with an urgency not seen in decades.

      • Swedish ‘neobank’ P.F.C. picks up €5M backing from Nordic banking giant Nordea

        Described as a personal finance app and accompanying debit card, P.F.C. is regulated under a payments institution license rather than being a fully-licensed bank. It’s the same lighter touch model that Revolut and a plethora of other banking apps choose, before in some instances applying for a bank license so they can begin doing more risky regulated activities: namely lending out deposits in the form of overdrafts and loans.

        P.F.C.’s features include being able to instantly top up your account/card using Swish (a mobile payment technology provided by a group of Swedish banks), the ability to set a weekly budget, and automatic transaction categorisation.

      • West African countries choose new ‘ECO’ single trade currency

        Six member countries, including Nigeria, Liberia, and Ghana, could be swapping their currencies for a new one – the ECO.
        Eight ECOWAS countries (Benin, Burkina Faso, Guinea-Bissau, Ivory Coast, Mali, Niger, Senegal, and Togo) currently jointly use the CFA franc.
        Originally intended to be launched in 2000, the ECO has been postponed multiple times, and the newest target date is 2020.

    • AstroTurf/Lobbying/Politics

      • France is luring game devs who don’t fancy their post-Brexit chances

        Developers taking the France French Euro will be offered help to relocate, as well as subsidies, tax breaks, capital loans, and, in fact, everything you need to move your base from Future Little England to the continent.

        Games developed in French France will get 30 per cent tax breaks on production costs, worth up to £5.4m and funds for ‘technically ambitious’ projects of up to £1.8m repayable when the company is big enough to afford it.

      • Michigan Rep. Justin Amash quitting Republican Party

        Rep. Justin Amash of Michigan, the only Republican in Congress to call for impeachment proceedings against President Donald Trump…

    • Censorship/Free Speech

      • The APPG’s definition of ‘Islamophobia’ is a triumph for fundamentalists

        The All-Party Parliamentary Group (APPG) on British Muslims’ definition of Islamophobia has mainly been framed as a free speech issue. The definition adopted by some parties and councils will certainly limit criticism of Islam and Islamism even further than it already is currently. To say it will not is dishonest at best. This has already been the case for a long time now. For those of us who have fled Iran, it has been so since the expropriation of the Iranian revolution by the Islamists; in Britain, at least since the Rushdie affair.

        Examples abound. The Council of Ex-Muslims of Britain, of which I am a Spokesperson, was placed under investigation for eight months by Pride in London because of the accusation of Islamophobia levelled against us by the East London Mosque and Mend. I myself have been barred from Warwick University, harassed by Islamic Society students at Goldsmiths, and had my talk cancelled at Trinity College over the same accusations. I haven’t had issues for a while now – but that is only because I am hardly invited to speak at universities any more. It is just too much trouble. The accusations stick; uncomfortably so.

        Whilst this is a free speech issue (blasphemy is clearly not racism), what I find even more disturbing about this definition is the Parliamentary Group’s open promulgation of the idea that there is something that can be called ‘expressions of Muslimness.’ It is absurd to assume that this is the case, any more than one can speak of expressions of Christianness or Jewishness or Hinduness. This is no different from saying there are ‘expressions of Britishness’; something that the far-Right – and increasingly, mainstream politicians – imply in order to exclude migrants and minorities.

      • Never Mind the Body Fluids: Twitter’s New TOS Ramp Up All-Around Porn Censorship

        While the adult community on Twitter continues focusing on specific items in Twitter’s latest revision to their Terms of Service (TOS) concerning what the company calls “sensitive material,” a careful reading of the new policy unveiled in March 2019 reveals a deliberate ramping up of porn censorship across the platform.

        The section concerning sexual content is called “Sensitive Media Policy.” We have edited out with […] most of the sections concerning violent and hateful content, which Twitter for some reason consistently lumps with “adult content” (i.e. sexual content of any kind, policed entirely at their discretion).


        Update, 7/3/2019, 10:20 a.m.: Ralf Kappe and the Sharesome team have dug up the old Twitter TOS, before the new, explicitly anti-porn version was quietly unveiled in March. It confirms that a major change of policy regarding adult content took place at Twitter HQ. Read the pre-March TOS here.

      • Sheffield University student wins Facebook post appeal

        Felix Ngole, 39, was removed from a postgraduate social work course at the University of Sheffield in 2016 after posting the Facebook comment.


        Some months later, he was anonymously reported to the university and was disciplined in a fitness to practice (FtP) hearing.

    • Privacy/Surveillance

      • Everything you need to know about the invisible e-mail tool that tracks you [iophk: "that's not e-mail, that's an HTML document"]

        You know how every image on the internet is stored on a server, and your computer automatically downloads them as you browse? Years ago, some genius figured out that your computer’s image requests can let those same servers track your activity across the web — and when it comes to email, they can let the sender see when you’ve opened a given message just by sneaking in an image.

        It’s remarkably simple: when you open the email, you automatically download that image, and that image request immediately lets the server know that you’ve opened it.

      • The big Facebook outage offers a behind-the-scenes look at how the social network’s AI ‘sees’ your photos and interprets them for blind users

        Facebook automatically scans all photos on the social network with facial- and image-recognition software powered by AI to detect who or what is being pictured.

      • EU worries over the possibility of losing wiretapping powers

        5G telecoms networks could render obsolete the “lawful interception” techniques that police is traditionally using, unless the European Union and national governments take action. This was revealed in internal EU documents obtained by EDRi member Statewatch, that has published a new analysis explaining the issues and calling for a public debate.

      • Amazon responds to a US senator’s inquiry, confirms Alexa voice records are kept indefinitely

        Amazon has responded to a letter of inquiry it received from U.S. Senator Chris Coons (D-DE) that asks the company to detail what happens to customers’ Alexa voice records and data after they speak to their virtual assistant. The Senator’s letter was prompted by a CNET investigation in May, which found that Amazon keeps voice records unless users manually delete them — and that it may keep text transcripts of those voice recordings indefinitely.


        However, the original CNET report claimed text transcripts of the voice records were still maintained on Amazon’s servers even after users deleted their recordings, with “no option for you to delete them.” As CNET explained, Amazon would delete the text log from Alexa’s “main system,” but not remaining subsystems.

      • ‘Fingerprinting’ to Track Us Online Is on the Rise. Here’s What to Do.

        If there’s one lesson to learn about digital privacy, it’s that we can never grow complacent. Even if we secure our data so we are not tracked online, the ad tech industry will find ways to monitor our digital activities.

        And so it is with the rise of so-called fingerprinting, which security researchers are calling a next-generation tracking technology.

      • Petter Reinholdtsen: Teach kids to protect their privacy – the EDRi way

        Childs [sic] need to learn how to guard their privacy too. To help them, European Digital Rights (EDRi) created a colorful booklet providing information on several privacy related topics, and tips on how to protect ones privacy in the digital age.

        The 24 page booklet titled Digital Defenders is available in several languages. Thanks to the valuable contributions from members of the Electronic Foundation Norway (EFN) and others, it is also available in Norwegian Bokmål. If you would like to have it available in your language too, contribute via Weblate and get in touch.

    • Freedom of Information/Freedom of the Press

      • France wants to fine Facebook over hate speech

        The measure would force companies to remove content within 24 hours, and was approved by the lower house of the French Parliament Thursday

      • China is ramping up its media abroad – and not just in Chinese

        The campaign involves not just promoting pro-Beijing information, but discouraging negative reports. Censorship extends into social media, and is strengthened by Chinese platforms’ suppression of content that authorities deem negative. For example, some U.S. citizens have recently had messages or entire accounts censored on the popular Chinese messaging app WeChat, owned by the firm Tencent.

        “It’s quite shocking to me that China’s Great Firewall is coming to the U.S. in digital form,” says George Shen, a technology consultant from Newton, Mass., who had his WeChat accounts banned last month. “It’s a very stealthy, sophisticated censorship. … They are filtering out your messages without even telling you,” he says.

      • Cameroonian president’s bodyguards attack reporter outside Geneva hotel

        Adrien Krause, a reporter for Radio Télévision Suisse (RTS), was covering a protest by Biya opponents outside the Intercontinental Hotel on 26 June when several of the president’s bodyguards attacked him.

        Krause, who has filed a complaint, said he was “roughed up.” Some of his equipment and his mobile phone were also seized. They were returned several hours later after the Swiss federal foreign ministry intervened.

      • Video: Watch the Sydney Free Assange rally

        The demonstration was attended by around 200 workers, students and young people. It was addressed by leading members of the SEP, along with filmmaker James Ricketson and Emeritus Professor Stuart Rees. Details of the Brisbane and Melbourne rallies can be found here.

      • Cartoonist set to replace de Adder quits, says he ‘wouldn’t wish this on anyone’

        In a statement to CBC News, Greg Perry said the social media backlash after BNI parted ways with de Adder, then used his name in statements about the decision, has taken a toll.

        “I don’t use social media, but person/persons who do have used it to essentially destroy my character and my cartoon work.

        “All this over a job that pays the same per month as a job at a grocery chain. I wouldn’t wish this on anyone.”

        The Halifax-based de Adder was let go last week, just days after his cartoon depicting U.S. President Donald Trump playing golf next to the bodies of two dead migrants went viral.

    • Civil Rights/Policing

      • Arrests of Algeria protesters show desire to ‘strangle’ popular movement

        Thirty-four protesters have been arrested in Algeria since June 21 for carrying the Berber flag during demonstrations – a crackdown which has further inflamed the popular movement’s antagonism towards the government.

      • Must take an unequivocal stand against all forms of hate

        “No religion promotes an inclusive society. Religion is an exclusive club that sees its set of beliefs as superior to other sets of beliefs,” she said. “Inequality is a pillar of Sharia courts but this is not just the case for Sharia courts,” she added.

        In this interview I have communicated with her on life in Iran, consequences of Sharia and religious courts, Easter Sunday’s bombings in Sri Lanka, and her readings on terrorism and radicalisation.

        Following are excerpts from the interview: [...]

      • Much Ado About Iboga

        Two professors at Miami University are suddenly at risk of losing their jobs over a plant that has been in their collection for over a decade.

        A third, nontenured Miami employee says he was forced to resign over the iboga shrub, which can be used to make the psychoactive drug ibogaine.

        Advocates for the faculty members say that the university’s response to an apparent oversight by their colleagues is heavy-handed and chilling to research of all kinds.

      • Islamic Imperialism and Christian Genocide

        When Muhammad was born, in 570, ‘a large area in northern Arabia was fully Christianised, and there were also a number of Christian towns in the south (modern Yemen)’.[5] Thus, following his conversion, Paul devolved his initial missionary efforts to Arabia, and not Europe (Gal. 1:17). As for North Africa, by the year 300 that region was the most Christianised of the Western Roman Empire, and home to such great early leaders as Tertulian, Cyprian, and St Augustine.[6] By 325, more than half of all Christians lived in the East and North Africa. In those days, Christianity existed primarily in Syria, Persia, Armenia, North Africa, and considerable parts of Arabia.

        As can be seen, Christianity did not start as a Western movement. Prior to the advent of Islam, it was predominantly a Middle Eastern religion. Christianity became a predominantly European faith only when it was destroyed by the Muslims in the Middle East and North Africa. Christianity became a “Western faith” simply because Europe was the only continent where it was not destroyed. [...]

      • Islam’s War on Christianity – Part II

        The severe persecution of Christians in the Islamic world is an urgent human rights issue that rarely gets much attention in the Western Media. Even a considerable number of church leaders in the West have miserably betrayed their fellow believers in the Islamic world by turning a blind eye to the gross violation of human rights. As Britain’s former chief rabbi, Jonathan Sacks, told the British House of Lords recently: ‘The persecution of Christians throughout much of the Middle East, sub-Saharan Africa and Asia, and elsewhere is one of the crimes against humanity of our time and I’m appalled at the lack of protest it has evoked’.[6]

        Let’s take a few examples.

      • Did Zaira Wasim quit Bollywood due to pressure on her parents? Latest tape suggests so

        According to Times Now, a short tape has come out in which one cleric shamed Zaira and an eight or nine year old Kick-boxing champion Tajamul from Kashmir, saying that the two youngsters are a shame for Kashmiri people for allegedly going beyond the lines of Islam.

        The report stated that the cleric in the video said that young Kashmiri people should not go into Bollywood or such entertainment industries. The cleric even criticised Zaira and Tajamul’s family members for allowing them to do what they are doing.

      • The widening health gap between America’s rich and poor is the result of worse health for the poor, not better health for the rich

        Well, in health, the argument is settled. For years, statisticians and public health experts have noticed a widening health gap that tracked to the widening wealth gap. In the right’s framing, this gap would be the result of everyone being healthier, with rich people being healthier poor people. The rising tide would be lifting all boats, but the people responsible for those tides — the wealthy — were rising higher than the rest of us.

        But that’s not what’s happening. According to a study in JAMA Network Open published last month that analyzed longitudinal survey data collected by the CDC since 1993, the health of wealthy people is stagnant, while the health of poor people is declining, and this trend is now a quarter-century old.

      • The Gap Between Rich And Poor Americans’ Health Is Widening

        What they found: Across all groups, Americans’ self-reported health has declined since 1993. And race, gender and income play a bigger role in predicting health outcomes now than they did in 1993. Overall, white men in the highest income bracket were the healthiest group.

      • The feds can’t find some of its own investigative records about the hateful neo-Nazi haven.

        According to MuckRock, which broke the news, Best asked for all investigative records on the infamous forum that the FBI had in its possession. Instead, the bureau provided her with 104-pages of pre-processed records and admitted, “there were additional records potentially responsive for your Freedom of Information/Privacy Acts (FOIPA) request.”

        The FBI then explained it lost those records.

    • Monopolies

      • Patents and Software Patents

        • Food Marketing Institute v. Argus Leader Media (2019)

          Despite the clarity of the dictionary definitions, the majority felt the need to address the National Parks test. It found no basis for the requirement that a disclosure result in “substantial competitive harm” in the statutory language, early case law, or any “other usual source.” The D.C. Circuit had cited legislative history for FOIA in support of the test, but Justice Gorsuch referred to that as a “selective tour through the legislative history.” But the plain language of the statute itself had been sufficient to allow interpretation of Exemption 4. And there was no good reason for applying the National Parks test when the information was required to be provided to the government, but not when the information was provided voluntarily (as the D.C. Circuit had subsequently found in Critical Mass Energy Project v. NRC, 975 F.2d 871 (D.C. Cir. 1992)). Thus, the majority rejected the D.C. Circuit’s National Parks decision in favor of the plain language of Exemption 4.

          Justice Breyer, joined by Justices Ginsburg and Sotomayor, dissented from the decision based primarily on both the uniformity of decisions below and policy issues. While the courts below had adopted different tests for Exemption 4, they had all required some showing of competitive harm for the exemption to apply. Thus, the majority’s decision allowed Exemption 4 to shield far more than any circuit would have otherwise. And that was a substantial concern for the dissenting Justices: that Exemption 4 might swallow FOIA whole. That is, the goal of FOIA has always been disclosure of information to increase the transparency of government (at least as balanced against certain specific, narrow policy exceptions). But if the questions are just whether the parties providing information and the government agency working with those parties — which is often subject to “capture” by the parties — want to keep the information secret, they may be able to shield it from disclosure under FOIA. Thus, the dissenting Justices fear that the decision will substantially narrow the effect of FOIA.

          The Food Marketing Institute case reflects a sea change in the application of FOIA to confidential information. Previously, even trade secrets (as defined by the traditional definition under the Uniform Trade Secrets Act or Defend Trade Secrets Act) could be subject to disclosure under FOIA if the trade secret owner cannot prove that the disclosure would cause it substantial competitive harm. Now, Exemption 4 covers not only traditional trade secrets, but also merely confidential business information that has been shared with the government under an expectation of secrecy. Thus, in many cases, information that would have been disclosed under FOIA can now be withheld under Exemption 4.

        • Should We Abolish Billionaires?

          [...] Consumers have few alternatives.

          Nor do many suppliers who sell through Amazon; for the first 25 years of its existence, Amazon wouldn’t let them sell at a lower price anywhere else. And Amazon’s business is protected by patents granted Amazon by the U.S. government and enforced by government.

          If we had tough anti-monopoly laws, and if the government didn’t grant Amazon so many patents and trademarks, Bezos would be worth far less.

      • Trademarks

        • USPTO releases new rules for non-US domiciled TM applicants

          The new rules were announced on July 2 and will come into force on August 3.

          According to the USPTO, the rules will help safeguard the “accuracy and integrity” of its trademark register.

          It also pointed out that other trademark offices require foreign-domiciled applicants to use local representation for filing.

          “Many other countries worldwide have had this requirement for decades,” said USPTO commissioner for trademarks, Mary Boney Denison, in a press release.

          The office has published guidance notes on who will be classed as ‘foreign-domiciled’, the information a US attorney/lawyer must provide to satisfy the new rules, and the position of Canadian patent and trademark attorneys/agents. The guidance notes and likely questions concerning the rules can be found here.

      • Copyrights

        • Pirate Party MEP Elected Vice-President of EU Parliament

          The Pirate Party political movement owes its early success to sticking up for The Pirate Bay, following a raid in Sweden. Since then, it has come a long way. In recent years Pirates have delivered many excellent politicians and Marcel Kolaja, one of the new MEPs, has just been elected as a Vice-President of the EU Parliament.

Only After Millions Were Spent on Lawyers Microsoft’s Patent Troll in Europe Loses European Patent Used to Shake Down Android (Linux) Vendors

Posted in Asia, Europe, GNU/Linux, Patents at 1:58 am by Dr. Roy Schestowitz

Conversant (formerly MOSAID) loses a tooth, but it doesn’t mean it’s toothless

Missing old tooth

Summary: More cautionary tales about European Patents being wrongly granted, potentially causing billions to be wasted and millions to be spent in legal fees; Microsoft’s attack dogs are still active and their targets demonstrate who the EPO really serves these days

THE patent trolls’ business has seen ‘healthy’ growth in Europe, based on surveys conducted by people who add up the number of court cases and their origin (plaintiff type/s). The Campinos/Battistelli attack on patent quality at the European Patent Office (EPO) is unprecedented. Sure, Brimelow permitted software patents [not] “as such”, but things went totally out of control under Battistelli. Contrariwise, the U.S. Patent and Trademark Office saw a decline in the number of patents granted last year (some would attribute this to 35 U.S.C. § 101). Only a lawyer or a liar would assert that this means decrease in American innovation.

“Contrariwise, the U.S. Patent and Trademark Office saw a decline in the number of patents granted last year (some would attribute this to 35 U.S.C. § 101).”The pile-up of low-quality patents in Europe will harm the most those least able to afford a court battle. The economics of patent trolling rely on these, e.g. SMEs. The last thing a troll wants or needs is lengthy court battle which may result not only in the loss of patents but also having to compensate the wrongly-accused defendant (this increasingly happens in the US). Thankfully, the UPC is more or less dead already, so at least we can still rely on courts (to some degree, assuming one can afford the battle).

Here’s some news: citing this older post predating the latest twist of events, Sidney Martin (Quebec Daily Examiner) wrote (emphasis ours): “The European Patent Office (EPO) opposition division has narrowed Afilias Technologies Plc’s device detection patent EP2245836B1 in Europe, as a result of an opposition brought by rival firm 51Degrees. The EPO concluded that the patent as initially granted was not valid.

“Thankfully, the UPC is more or less dead already, so at least we can still rely on courts (to some degree, assuming one can afford the battle).”Had it not been for this opposition, it would be granted and quality is only sliding further and further. It’s hard to keep up and file oppositions (the time windows for oppositions were also narrowed in recent years). Kilburn & Strode LLC’s Julia Venner and Kristina Cornish have also just published this article about Actavis v ICOS (covered here), demonstrating the narrowing of patent craze in courts, which unlike offices don’t just rubberstamp everything and more often than not toss out European Patents.

During Independence Day not many people paid attention to English language news (let alone to court battles). Writing about patents-in-standards (so-called ‘SEP’, or “standard-essential patents”, part of the cynical “FRAND” agenda that includes evergreening ploys in 5G), Rose Hughes takes notes about EP1797659, which is now tackled by Huawei, a Chinese giant (hence Huawei v Conversant), affecting also other Chinese giants such as ZTE.

It’s about a patent troll, MOSAID/Conversant, that Microsoft was arming — using Nokia‘s ‘core’ patents — to attack Microsoft’s competition, even in Europe. Guess what… the Supreme Court found that the European Patent is not valid. Quoting Hughes:

The FRAND/SEP saga continues today with a UK High Court decision on the validity of Conversant’s patent for 3G mobile phone technology. Mr Justice Arnold found that Conversant’s patent is essential and infringed by Huawei and ZTE, but invalid for added matter: Conversant v Huawei [2019] EWHC 1687 (Pat).

For a background summary of the dispute see IPKat here. In short, the case relates to standard essential patents (SEP) patents and Fair Reasonable and Non-Discriminatory (FRAND) licences. SEPs are patents protecting a technology which its owner has declared to be essential to the implementation of one or more of the telecommunications standards. To prevent anti-competitive behavior, standard setting organisations require SEP holders to licence the technology on Fair Reasonable and Non-Discriminatory (FRAND) terms.

In Huawei v Conversant [2019] EWCA Civ 38 (IPKat post here), Conversant sued both Huawei and ZTE in the UK courts for infringement of, what it claimed, were its essential patents. Conversant sought an injunction, damages and a declaration that it had made FRAND offers to the defendants. Huawei and ZTE responded that the English courts did not have the jurisdiction in determining the terms of a global FRAND licence. The Court of Appeal found that the English courts did have jurisdiction to decide on the global licence terms, but could not force Huawei to enter into a global licence (but that they may face and injunction on the basis of the UK designation). The UK courts could, however, decide on the validity of the patent and whether Huawei infringed. Huawei and ZTE have been given permission to appeal this jurisdictional aspect of the dispute to the Supreme Court (the hearing is expected in October this year, see IPKat post here).

In the latest decision Mr Justice Arnold considered whether Conversant’s European Patent (UK) (EP1797659) was essential, valid and infringed by Huawei and ZTE. Conversant argued the UK patent was essential to an aspect of the 3G Universal Mobile Telecommunications Standard (“UMTS”), Uplink DRX. Conversant also argued that Huawei and ZTE marketed mobile phones complying with the UMTS, and were therefore infringing the patent. Mr Justice Arnold accepted Conversant’s arguments. The Judge agreed that Huawei was not infringing under a literal interpretation of the claims. Particularly, the claims did not cover Uplink DRX under a literal interpretation, but could be found to be essential and infringed under the doctrine of equivalents (Actavis) (para. 201).

Here we have a good example of the harms done by European Patents wrongly granted; no doubt a bunch of law firms made lots of money from it, but at whose expense? It’s not too hard to answer that question…

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts