Bonum Certa Men Certa

Links 10/7/2019: Septor 2019.4, Tails 3.15, FreeBSD 11.3 and Microsoft 'Morality Police' (Censorship of FOSS) in GitHub



  • GNU/Linux

    • A look at Chromebooks

      In this article, we will look at Chromebooks and why it is becoming so popular in the world today and if it is worth considering as your next computer or a second computer.

      The first Chromebooks arrived in June 2011. They were basic computers that were simply a Chrome Browser on a cheap computer. The price was also quite low. Soon the market grew as many people started to experience the joy which, we Linux users, always enjoyed; fast updates, free and no viruses and let's face it many people are merely using a computer to browse the internet, and they don't need the rest and Google released that a Chromebook meet that need.

      After Chromebooks grew in popularity, especially in schools, but businesses and for home use also, Google realized that people are missing some apps. As people are familiar to Windows and apps galore, so they brought the Google Play Store to Chromebooks, which has been one of their best moves yet, as people are already familiar with it due to Android phones and as Chrome OS and the Play Store is part of Google, it was an obvious move.

      However, this move brought in a new stage for Chromebooks as well because no users can run many more apps, but it also means that Chromebooks needs more system resources, so different price ranges for Chromebooks appears. Cheap ones and pricey ones with powerful hardware.

      As Chromebooks become more powerful and more popular Google continues to improve it by bringing more software to it, and the next thing is Linux apps so that we can run native Linux apps like LibreOffice, Blender, etc. on a Chromebook. It is still a work in progress, and they are continuing to improve it so that it can run nearly all the Linux apps in the future flawlessly.

      Crossover also released a package to run Windows apps on Chromebooks and Wine also have a package for Android, and I will be surprised if it doesn't work on Chromebooks as well.

    • Desktop

      • System76's Linux-Powered Thelio Desktops Now Available with AMD Ryzen Gen 3 CPUs

        System76, the US-based maker of powerful Linux computers, announced on Twitter that its Thelio desktop line-up can now be configured with 3rd-generation AMD Ryzen processors. System76's Thelio line-up offers customers out-of-this-world handcrafted desktop systems powered by the company's in-house developed Pop!_OS Linux operating system or Canonical's Ubuntu Linux, and ships with state-of-the-art hardware components that make your Linux computing experience more enjoyable.

        Available in three models, only two of the Thelio desktops can now be configured with AMD Ryzen CPUs, including the 2nd Gen AMD Ryzen 5 with 5 core and 8 threads, 3rd Gen AMD Ryzen 5 3600X with 6 cores and 12 threads, 3rd Gen AMD Ryzen 7 3800X with 8 core and 16 threads, 3rd Gen AMD Ryzen 9 3900X with 12 Cores and 24 threads, AMD Ryzen Threadripper CPUs.

    • Server

      • IBM

        • IBM officially acquires Red Hat for $34 billion -- Linux distros are unaffected

          IBM has closed its acquisition of Red Hat following the statement of intent back in October. Following the $34 billion deal, Red Hat will operate as a distinct unit within IBM -- and will be reported as part of IBM's Cloud and Cognitive Software segment.

          For IBM, the deal means fully embracing open source as it looks to accelerate its business model within the enterprise. For Red Hat, it means expanding its client base and working with a big player in the enterprise cloud business.

        • Where do IBM and Red Hat go from here?

          IBM acquired Red Hat for a cool $34 billion. It's IBM hope that Red Hat will help IBM's annual revenue growth within the next five years. That growth will come from the continued rise of the hybrid cloud. How will they do that? The same way Red Hat has always grown: By embracing the open-source software approach.

          Specifically, as Paul Cormier, Red Hat's president of products and technologies, said in a conference call, it will continue moving forward with the hybrid cloud: "Today what we start on is that journey on steroids."

        • IBM Bets $34 Billion That Red Hat Can Help It Catch Amazon and Microsoft

          IBM has tried multiple ways to stay relevant in the technology world. But it has often been outgunned by rivals like Amazon and Microsoft.

          On Tuesday, IBM outlined its latest strategy: using its $34 billion purchase of Red Hat, the largest ever acquisition of a business software company, to get a big piece of the lucrative cloud computing market.

          The deal is a high-stakes bet for IBM and its leader, Ginni Rometty. Amazon and Microsoft dominate the cloud computing industry, with Google a distant third. (In China, Alibaba is the clear leader.) They have the internet skills and the deep pockets to spend many billions a year building the vast data centers that power the cloud, helping to protect their lead. But their grasp has raised concerns from customers about being dependent on a single provider.

        • IBM Completes The $34 Billion Red Hat Acquisition

          International Business Machines Corporation (IBM) has completed its acquisition of Red Hat for $34 billion, thus making it the world’s second-biggest technology acquisition ever. IBM has been struggling to adopt cloud-related technologies. With this deal, IBM will try to go after the market leaders like Amazon, Microsoft, and Google.

    • Audiocasts/Shows

      • The Future is Open | LINUX Unplugged 309

        Open Source has taken over the world, as IBM’s purchase of Red Hat closes. We reflect on this historic moment.

        Plus Mozilla’s been labeled an Internet Villian, we deep dive into the tech behind all the controversy and how you can self-host secure DNS.

    • Kernel Space

      • Linux Foundation

        • Microsoft To Join The Private Linux Mailing List

          Microsoft recently applied to join a private Linux kernel mailing list that's meant for reporting and discussing security issues privately before they are made public. After a week-long discussion, it’s all but certain that Microsoft will be subscribed to the list.

        • Open Source Networking Accelerates with ONAP Dubli

          The ONAP Dublin release adds new stability and features to the platform including enhanced capabilities for 5G deployment. It also marks a major milestone for adoption and deployment of ONAP which is now being used by multiple global operations including Deutsche Telekom, KDDI, Swisscom, Telstra, TIM, AT&T and Orange. ONAP now also benefits from the consolidation of multiple open source networking projects under the LF Networking umbrella, of which it is a part.

        • LF Networking Releases ONAP Dublin

          LF Networking (LFN) has announced the availability of ONAP Dublin, the latest release of the open-source platform for real-time, policy-driven orchestration and automation of physical and virtual network functions.

      • Graphics Stack

        • NVIDIA releases the GeForce RTX 2060 and 2070 "SUPER" GPUs, along with a new Linux driver

          Today, NVIDIA's brand new "SUPER" series has been officially released, along with a new Linux driver.

          Available now are both the GeForce RTX 2060 SUPER and GeForce RTX 2070 SUPER, with the GeForce RTX 2080 SUPER due to release later on July 23rd.

        • Radeon ROCm 2.6 Released - Without Navi Support But Adds BFloat16 & Other Features

          ROCm 2.6 was released overnight and when initially seeing this new Radeon Open Compute support come right after the Radeon RX 5700/5700XT launch, I was hopeful it would bring Navi support but sadly there are no signs of it in this release. But at least ROCm 2.6 is bringing other features.

          Radeon ROCm 2.6 brings various information reporting improvements, the first official release of rocThrust and hipCUB, MIGraphX 0.3 for reading models frozen from Tensorflow, MIOpen 2.0 with Bfloat16 support and other features, BFloat 16 for rocBLAS/Tensible, AMD Infinity Fabric Link support, RCCL2 support, rocFFT improvements, ROCm SMI fixes, and other enhancements.

    • Hardware

      • The state of open source GPU drivers on Arm in 2019

        I first blogged about the state of open source drivers for Arm GPUs 7 years ago, in January 2012, and then again in September 2017. I’ve had a few requests since then to provide an update but I’ve not bothered because there’s really been no real change in the last few years, that is until now!

        So the big positive change is that there’s two new open drivers om the scene with the panfrost and lima drivers. Panfrost is a reverse engineered driver for the newer Midguard and Bitfrost series of Mali GPUs designed/licensed by Arm, whereas Lima is aimed at the older Utguard series Mali 4xx series of devices. Panfrost, started by Alyssa Rosenzweig, and now has quite a large contributor base, has over the last few months has been coming along leaps and bounds and by the time Mesa 19.2 is out I suspect it should be able to run gnome-shell on an initial set of devices. I’m less certain the state of Lima. The drivers landed in the kernel in the 5.2 development cycle, which Linus just released. On the userspace side they landed in the mesa 19.1 development cycle, but they’ve greatly improving in mesa 19.2 cycle. Of course they’re all enabled in Fedora rawhide, although I don’t expect them to be really testable until later in the 19.2 cycle, but it makes it easy for early adopters who know they’re doing to be able to start to play.

      • AMD Ryzen 9 3900X Linux Memory Scaling Performance

        For those wondering if upgrading your RAM to higher frequency DIMMs is worthwhile when moving to AMD X570 and a new Zen 2 processor like the Ryzen 9 3900X, here are some reference benchmarks at different frequencies while maintaining the same timings.

        In case you missed it, the new AMD processors offer native DDR4-3200 memory support while back during AMD's press briefings they recommended DDR4-3733 as a "sweet spot" for those wanting optimal latency at a reasonable speed. But if you are after pushing high-end DDR4 to their limits, they say DDR4-5100 can be achieved on air cooling with mild overclocking.

    • Applications

      • Olivia – Elegant, Powerful Cloud Music Player For Linux

        I spend an inordinate amount of time listening to music. My favorite pastime is to see my favorite bands, solo artists, and orchestras live. It’s such a life-changing and exhilarating experience. It’s one thing to be sitting at home listening to a CD or watching music videos on TV or on YouTube, but being in the audience, packed out in a stadium or music hall, takes it to another level. But it’s an expensive pastime. And there are only so many opportunities to attend music performances live. For the rest of the time, I’m listening to music from my CD collection or over the cloud.

        I dabble with a wide range of music. Linux is blessed with a mouthwatering array of excellent open source music players. But I’m always on the lookout for fresh, eclectic, and innovative music players.

        Olivia is an online/offline cloud-based music player like iTunes, Spotify, and YouTube Music. Olivia allows you to search any music online stream it, You can set the player to save your streams while playback. Olivia lets you create and manage your music library.

        Olivia has been in development for a mere 5 months. There’s no official release yet, with the software in a beta stage of development. Olivia is written in C++ and uses Qt, a free and open-source widget toolkit for creating graphical user interfaces.

      • MAAS 2.6 – ESXi storage, multiple gateways, HTTP boot and more

        Canonical is happy to announce the availability of MAAS 2.6. This new release introduces a range of very exciting features and several improvements that enhances MAAS across various areas.

      • Cloaker: Easy File Encryption With Windows, macOS And Linux Support

        Cloaker is one of the easiest tools to encrypt and decrypt single files with cross-platform support (runs on Linux, Windows and macOS).

        The free and open source tool has a very basic Qt5 user interface on top of which you drag and drop a file you want to encrypt or decrypt, enter the password (with a minimum length of 10 characters), choose the location where to save the file, and you're done. What's more, Cloaker is portable / requires no installation.

      • Best Download Managers For Ubuntu Operating System

        Whenever we hear the word “download manager” or “downloader”, we remember the software Internet Download Manager & Free Download Manager. Good news is that various alternative to IDM and FDM are available for Linux based operating systems.

        In this post, we have collected the list of few amazing downloader for Ubuntu operating systems. Downloader for Ubuntu can help you to manage your downloads in a proper way.

      • Proprietary

    • Instructionals/Technical

    • Games

      • Seems that the Linux version of Supraland will not be heading to GOG

        Supraland released for Linux on Steam on July 2nd and it just released on GOG today but it seems the Linux version will not be heading to GOG.

        What is Supraland? It's a very highly rated first-person action and puzzle game, inspired by the likes of Zelda, Metroid and Portal. It's popular, with an "Overwhelmingly Positive" rating on Steam from over two thousands user reviews and from my time spent in the demo, I can see why as it was pretty sweet.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Beware of some of the Qt 5.13 deprecation porting hints

          QComboBox::currentIndexChanged(QString) used to have (i.e. in Qt 5.13.0) a deprecation warning that said "Use currentTextChanged() instead".

          That has recently been reverted since both are not totally equivalent, sure, you can probably "port" from one to the other, but the "use" wording to me seems like a "this is the same" and they are not.

      • GNOME Desktop/GTK

        • Sprint 3: Calendar management dialog, cleanups and bugfixes

          The calendar is a fresh new take on the previous one; the individual online accounts rows were removed in favor of delegating it all to GNOME Settings’ Online Accounts panel, navigation is easier and simpler, adding new calendars is a more intuitive operation, and it’s possible to toggle calendars right from the first page.

          I’m pretty happy with the rework itself, and splitting it in pages and a controller was definitely the right choice. It allowed implementing the same functionality in a much more well organized way.

    • Distributions

      • New Releases

        • Kali Linux for Raspberry Pi 4 now available

          Following on from the launch of the new Raspberry Pi 4 mini PC, Offensive Security has released Kali Linux for Raspberry Pi 4 specifically created to take advantage of everything the pie has to offer. At the moment, Kali Linux for Raspberry Pi 4 is only available in a 32-bit variant, but a 64-bit version is currently under development and will be available sometime “in the near future” says Offensive Security.

          “We have a fascination with ARM hardware, and often find Kali very useful on small and portable devices. Over time, we have Built Kali Linux for a wide selection of ARM hardware and offered these images for public download. The scripts used to generate these images can be found on GitLab. These images have a default password of “toor” and may have pre-generated SSH host keys. These images are built using the “kali-rolling” repositories, and contain their respective kernel sources in case you need to compile extra drivers, or other kernel dependent code. We generate fresh Kali Linux image files every few months, which we make available for download. This page provides the links to download Kali Linux in its latest official release. For a release history, check our Kali Linux Releases page.”

        • Kali Linux ARM Images



          Kali ARM image downloads for various devices. We have Built Kali Linux for a wide selection of ARM hardware and offer these images for public download.

        • Septor 2019.4

          Tor Browser is fully installed (8.5.4) System upgrade from Debian Buster repos as of July 9, 2019 Update Linux kernel to 4.19.0-5 Update apt to 1.8.2 Update dpkg to 1.19.7 Update Thunderbird to 60.7.2-1 Update Hexchat to 2.13.2-4 Update youtube-dl to 2019.07.02 ISO Image Writer replaces Rosa Image Writer

        • Tails 3.15 is out

          This release fixes many security vulnerabilities. You should upgrade as soon as possible.

        • Refreshed BL Helium ISOs with installation-time bugfix available

          After a non-security-critical installation-time bug was found due to expired repository signing keys in the old BL Helium installation ISOs, we just published a new set of Helium install ISOs that have been fixed. The ISO image files are available for direct download or via BitTorrent at the usual place.

          This issue only affected brand-new installations. If you already worked around the issue as suggested in our previous announcement, you don't have to do anything. Existing users of BL also do not need to do anything.

          Thanks to all users who reported the issue.

      • Screenshots/Screencasts

      • PCLinuxOS/Mageia/Mandriva Family

      • Fedora Family

        • EPEL-8 Production Layout

          TL; DR: EPEL-8 will have a multi-phase roll-out into production. EPEL-8.0 will build using existing grobisplitter in order to use a ‘flattened’ build system without modules. EPEL-8.1 will start in staging without grobisplitter and using default modules via mock. The staging work will allow for continual development changes in koji, ‘ursa-prime’, and MBS functionality to work without breaking Fedora 31 or initial EPEL-8.0 builds. EPEL-8.1 will look to be ready by November 2019 after Fedora 31 around the time that RHEL-8.1 may release (if it uses a 6 month cadence.)

      • Debian Family

        • Debian Buster Arrives

          The Debian community has announced the release of Debian 10 "Buster." Debian is one of the most popular GNU/Linux-based distributions. Buster will be supported for the next five years.

          Buster ships with several desktop environments including, Cinnamon 3.8, GNOME 3.30, KDE Plasma 5.14, LXDE 0.99.2, LXQt 0.14, MATE 1.20, and Xfce 4.12. In this release, GNOME will default to using the Wayland display server instead of Xorg. “The Xorg display server is still installed by default and the default display manager allows users to choose Xorg as the display server for their next session,” said Debian community in a blog post.

          The Reproducible Builds project enabled Debian developers to build bit-for-bit identical binary packages of the open-source packages available in Debian 10. "This is an important verification feature, which protects users against malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive,” said the blog post.

        • Upload to Debian with just 'git tag' and 'git push'

          At a sprint over the weekend, Ian Jackson and I designed and implemented a system to make it possible for Debian Developers to upload new versions of packages by simply pushing a specially formatted git tag to salsa (Debian’s GitLab instance). That’s right: the only thing you will have to do to cause new source and binary packages to flow out to the mirror network is sign and push a git tag.

      • Canonical/Ubuntu Family

        • Machine Learning: serving models with Kubeflow on Ubuntu, Part 1

          This article is the first in a series of machine learning articles focusing on model serving. I assume you’re reading this article because you’re excited about machine learning and quite possibly Kubeflow as well. You might have done some model training and are now trying to understand how to serve those models in production. There are many ways to serve a trained model in both Kubeflow and outside of Kubeflow. This post should help the reader explore some of the alternatives and what to consider.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Write a Novel with Open Source Tools

        If you are looking for an open source tool to help you write your next novel, bibisco, ManusKript, and Plume Creator can help you get started.

        Aspiring writers have no shortage of software that is supposed to help them along the road to a finished manuscript. Whether they are writing a short story or a multi-volume series, this software promises to organize them by providing software and revisable outlines, as well as a supposedly distraction-free full-screen mode and databases for characters, settings, objects, and drafts. On Windows and Mac, the leading software is Scrivener. However, since a Linux version of Scrivener has yet to reach general release, open source alternatives have sprung up like bibisco, Manuskript, and Plume Creator, each with its own approach to writing and outlining.

      • Events

        • Android Microconference Accepted into 2019 Linux Plumbers Conference

          We are pleased to announce that the Android Microconference has been accepted into the 2019 Linux Plumbers Conference! Android has a long history at Linux Plumbers and has continually made progress as a direct result of these meetings. This year’s focus will be a fairly ambitious goal to create a Generic Kernel Image (GKI) (or one kernel to rule them all!). Having a GKI will allow silicon vendors to be independent of the Linux kernel running on the device. As such, kernels could be easily upgraded without requiring any rework of the initial hardware porting efforts. This microconference will also address areas that have been discussed in the past.

        • GNR 85 – Twenty Minutes Boat Ride on a Paddle Steamer

          Dave kicks things off with a report from FOSS Talk Live 2019. Fab couldn’t make it but says he’s planning to go to this year’s OggCamp. We than discuss the news that Larian is doing Baldur’s Gate III.

          Naturally, we must also talk about Magic The Gathering, because it is the best game ever made. The new Core Set comes out this week!

      • Web Browsers

        • Mozilla

          • Version 68.0, first offered to Release channel users on July 9, 2019

            Today, we release two versions of Firefox 68 — a rapid release as well as an Extended Support Release (ESR).

            We'd like to extend a special thank you to all of the new Mozillians who contributed to this release of Firefox!

          • Firefox 68.0 released
          • Media stack Mid-Year review

            We recently closed the first half of 2019 and with that it is time to look back and do a quick summary of what the media team has achieved during this 6 months period.

            Looking at some stats, we merged 87 Pull Requests, we opened 56 issues, we closed 42 issues and we welcomed 13 new amazing contributors to the media stack.

          • Firefox Quantum Gets New Update For ‘Full Dark Mode’ And More

            Mozilla has released a new update to its Firefox Quantum browser, following an update that was released back in May this year.

            The latest update has brought in new features to the browser that include the ability to have the dark mode for all the sections of the website. This will be applicable to texts, sidebars, and even toolbars.

      • Productivity Software/LibreOffice/Calligra

        • LibreOffice 6.3 RC1 is ready for testing!

          The LibreOffice Quality Assurance ( QA ) Team is happy to announce LibreOffice 6.3 RC1 is ready for testing!

          LibreOffice 6.3 will be released as final in mid August, 2019, being LibreOffice 6.3 RC1 the forth pre-release since the development of version 6.3 started in mid November, 2018 ( See the release plan ). Since LibreOffice 6.3 Beta2 ( the previous pre-release ), 123 commits have been submitted to the code repository and 66 bugs have been fixed. Check the release notes to find the new features included in this version of LibreOffice.

          LibreOffice 6.3 RC1 can be downloaded from here, it’s available for Linux, MacOS and Windows. ( Note tha it will replace your actual installation )

          In case you find any problem in this pre-release, please report it in Bugzilla ( You just need a legit email address in order to create a new account ) so it can get fixed before LibreOffice 6.3 final is released.

      • BSD

        • OPNsense 19.7 RC1 released

          For four and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

          We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.

          Download links, an installation guide[1] and the checksums for the images can be found below as well.

        • FreeBSD 11.3-RELEASE Announcement

          The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.

        • FreeBSD 11.3-RELEASE Available

          FreeBSD 11.3-RELEASE is now available. Please be sure to check the Release Notes and Release Errata before installation for any late-breaking news and/or issues with 11.3. More information about FreeBSD releases can be found on the Release Information page.

        • FreeBSD 11.3-RELEASE Release Notes

          This document contains the release notes for FreeBSD 11.3-RELEASE. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

          This distribution of FreeBSD 11.3-RELEASE is a release distribution. It can be found at https://www.FreeBSD.org/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the “Obtaining FreeBSD” appendix to the FreeBSD Handbook.

          All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 11.3-RELEASE can be found on the FreeBSD Web site.

          This document describes the most user-visible new or changed features in FreeBSD since 11.2-RELEASE. In general, changes described here are unique to the 11.3-STABLE branch unless specifically marked as MERGED features.

          Typical release note items document recent security advisories issued after 11.2-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.

        • FreeBSD 11.3 Officially Released With Random Improvements, Updated Components

          FreeBSD 11.3 brings a number of updated user-space applications, libxo support has been enabled for various applications, XZ 5.2.4 has been updated, a Lua loader has been merged, LLVM Clang 8.0 is now available along with other LLVM 8.0.0 components, various networking driver updates, a ZFS file-system fix, and other changes. And, yes, there is a random driver update for improving the performance during the expensive task of reseeding the pool.

      • FSF/FSFE/GNU/SFLC

        • GnuPG 2.2.17 released
          Hello!
          
          

          We are pleased to announce the availability of a new GnuPG release: version 2.2.17. This is maintenance release to mitigate the effects of the denial-of-service attacks on the keyserver network. See below for a list changes.

          About GnuPG ===========

          The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation of the OpenPGP and S/MIME standards.

          GnuPG allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. The separate library GPGME provides a uniform API to use the GnuPG engine by software written in common programming languages. A wealth of frontend applications and libraries making use of GnuPG are available. As an universal crypto engine GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP.

          GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License.

          Noteworthy changes in version 2.2.17 ====================================

          * gpg: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures. The old behaviour can be achieved by adding keyserver-options no-self-sigs-only,no-import-clean to your gpg.conf. [#4607]

          * gpg: If an imported keyblocks is too large to be stored in the keybox (pubring.kbx) do not error out but fallback to an import using the options "self-sigs-only,import-clean". [#4591]

          * gpg: New command --locate-external-key which can be used to refresh keys from the Web Key Directory or via other methods configured with --auto-key-locate.

          * gpg: New import option "self-sigs-only".

          * gpg: In --auto-key-retrieve prefer WKD over keyservers. [#4595]

          * dirmngr: Support the "openpgpkey" subdomain feature from draft-koch-openpgp-webkey-service-07. [#4590].

          * dirmngr: Add an exception for the "openpgpkey" subdomain to the CSRF protection. [#4603]

          * dirmngr: Fix endless loop due to http errors 503 and 504. [#4600]

          * dirmngr: Fix TLS bug during redirection of HKP requests. [#4566]

          * gpgconf: Fix a race condition when killing components. [#4577]

          Release-info: https://dev.gnupg.org/T4606

          Getting the Software ====================

          Please follow the instructions found at https://gnupg.org/download/ or read on:

          GnuPG 2.2.17 may be downloaded from one of the GnuPG mirror sites or direct from its primary FTP server. The list of mirrors can be found at https://gnupg.org/download/mirrors.html. Note that GnuPG is not available at ftp.gnu.org.

          The GnuPG source code compressed using BZIP2 and its OpenPGP signature are available here:

          https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2 (6560k) https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2.sig

          An installer for Windows without any graphical frontend except for a very minimal Pinentry tool is available here:

          https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.17_2019... (4185k) https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.17_2019...

          The source used to build the Windows installer can be found in the same directory with a ".tar.xz" suffix.

          A new version of Gpg4win incluing this version of GnuPG will be released in a few days.

        • Thank you for advancing free software: Read FSF spring news in the latest Bulletin

          Thirty-five volunteers joined FSF staff over the course of three days to get all the Bulletins stuffed in envelopes and mailed out. This was a great opportunity to catch up on free software issues with some of our most dedicated free software enthusiasts here in Boston. We are grateful to have such a strong core of supporters that keep the movement growing, and thanks to your generous contribution, we will be even stronger.

          Please be vocal about your support for free software. Read and share the Bulletin articles online using the #ISupportFreeSoftware hashtag, use our fundraiser support images, and talk to your community about why you support the FSF. It makes a difference.

          Throughout our spring fundraiser, we have been enjoying both the public posts from supporters using the hashtag on social media, as well as answers to the "What inspired you to join today?" question we ask new members. Here are some of our favorites.

        • June 2019: Photos from Brno

          Free Software Foundation president Richard Stallman (RMS) was in Brno, Czech Republic on June 6, 2019, to give two speeches.

          In the morning, he took part in the URBIS Smart City Fair, at the Brno Fair Grounds, giving his speech "Computing, freedom, and privacy."1

      • Openness/Sharing/Collaboration

        • Open Hardware/Modding

          • You can tinker with this conference badge

            The SMD Challenge was born from an insight into the human condition, as its creators explain:

            "Making LEDs blink is what people think make Makers happy, but they are wrong. Makers want to be miserable. They like to make mistakes and to have to try things over and over again. That which does not kill us, makes us stronger. This project will make you strong!"

            The SMD challenge is a badge you make yourself. This project starts with a relatively easy to solder resistor and LED. It then moves into increasingly tiny resistors and LEDs. Coming in both "Regular Edition" and "Misery Edition," the SMD challenge is designed to challenge—and break—all but the most determined solderers.

            If you do manage to make it all the way to the end (and can document your success), you can enter the prestigious 0201 Club. If you prefer to experience the misery (and success) secondhand, the club also features links showing many of the successful attempts.

      • Programming/Development

        • Top 10 Programming Languages for Engineers

          Programming languages are commands used to create a software program. These programming languages are used to code and create software that will improve work for many systems in all industries, including the engineering-dependent sectors.

          There are two types of programming languages. The first one is called the “high-level languages” and the second one is called the “low-level languages.”

          [...]

          It is a high-level programming language used for general purposes. Python focuses on the readability of codes. That’s why it is fond of whitespaces.

          Python was designed to help programmers in writing readable, logical, and straightforward codes for both small and big projects.

        • Reading and Writing Files in Python

          In this course, you’ll learn about reading and writing files in Python. You’ll cover everything from what a file is made up of to which libraries can help you along that way. You’ll also take a look at some basic scenarios of file usage as well as some advanced techniques.

          One of the most common tasks that you can do with Python is reading and writing files. Whether it’s writing to a simple text file, reading a complicated server log, or even analyzing raw byte data, all of these situations require reading or writing a file.

        • The week that has been @ 2048
        • Weekly Check-in #6
        • Blog #3
        • Weekly Check-in #5
        • GSoC weekly blog
        • GSoC Weekly Check in
        • PyCoder’s Weekly: Issue #376 (July 9, 2019)
        • Writing tests for Rust HTTP source | GSoC 2019

          My GSoC mentor, Sebastian Dröge coded the skeleton of the test with a basic unit test case for HTTP source plugin (aka reqwesthttpsrc). Here is the link to the merge request. The test was to check whether we receive the data correctly which is sent by the server. Here we make a hyper HTTP server which respond with "Hello World". Then we use our plugin to receive the data and we compare both. Also the interesting thing here is the Custom test harness which can be used to initialize a HTTP server with required behavior and our HTTP element with required properties set. We can use this to create the desired Harness for the any test case.

        • Wing Tips: Extending Wing with Python (Part 4 of 4)

          In this issue of Wing Tips we continue to look at how to extend Wing's functionality, by taking a closer look at at the scripting API and writing up a more complex script.

          If you haven't read the previous installments of this series, you may want to take a look at Part 1 where we introduced Wing's scripting framework and set up auto-completion for the scripting API, Part 2 where we used Wing to debug itself for easier extension script development, and Part 3 where we looked at how to collect arguments from the user.

        • Rust: How do we teach "Implementing traits in no_std for generics using lifetimes" without sutdents going mad?
        • A Brief Introduction To Markov Chains | Markov Chains In Python
        • How I learned Python Programming RAPIDLY!
        • Stop using indices!

          A very common things I see among my newer Python students is that often try to access values by index within loops. Part of this is down to experience in other programming languages, where this kind of pattern is common, but there are also situations where they just don't realise there's a better way. In this post, I want to show off some of those better ways so you can write more Pythonic loops, and ditch indices in favour of descriptive variable names.

        • This Week in Rust 294
        • PSF GSoC students blogs: Week 6
        • How Tara AI Is Helping Developers Build Better Software Faster
        • 32-bit life support: Cross-compiling with GCC

          If you're a developer creating binary packages, like an RPM, DEB, Flatpak, or Snap, you have to compile code for a variety of different target platforms. Typical targets include 32-bit and 64-bit x86 and ARM. You could do your builds on different physical or virtual machines, but that means maintaining several systems. Instead, you can use the GNU Compiler Collection (GCC) to cross-compile, producing binaries for several different architectures from a single build machine.

          Assume you have a simple dice-rolling game that you want to cross-compile. Something written in C is relatively easy on most systems, so to add complexity for the sake of realism, I wrote this example in C++, so the program depends on something not present in C (iostream, specifically).

  • Leftovers

    • Science

      • How to teach software engineering students about the enterprise

        In this opinion article, you will find a set of suggestions for the inclusion of enterprise technology into software engineering courses. This piece goes through the difficulties that students face and proposes simplifications successfully used in the past. The continual advancement of enterprise technologies leads to a simplifying of the inclusion process in education.

        In the coming years, one can expect that industry demand for experts who know the technology used in enterprise development processes and production systems will increase. Academic institutions are here to prepare experts and leaders for industry, and thus they should know the technologies being used.

        It has been ten years since I taught my first software engineering course. Since then, I have taught this course every year. Many software engineering courses put emphasis on analysis and design from the abstract perspective, involving UML models and notations, and letting students develop software projects on their own.

    • Security

      • Zoom.us flaw forces users onto video and audio calls

        The macOS client application for the popular audio and video conferencing service Zoom can be made to forcibly join users to calls, activating Mac microphones video cameras without users being asked for permission, a researcher has found.

      • Samba 4.11-RC1 Released With Scalability Improvements, Disables SMB1 By Default

        The first release candidate of Samba 4.11 is now available while Samba 4.12 begins development on Git master.

        With Samba 4.11 there is the notable work around making it scalable to 100,000+ users with hundreds of thousands of objects. This is making Samba of more relevance for use in very large organizations. Samba 4.11 also brings other performance optimizations, lower memory usage, search performance enhancements, and other scalability work.

      • Years late to the SMB1-killing party, Samba finally dumps the unsafe file-sharing protocol version by default

        Samba says its next release will switch off previously on-by-default support for the aging and easily subverted SMB1 protocol. It can be reenabled for those truly desperate to use the godforsaken deprecated protocol version.

        The open-source SMB toolkit's developers say the Samba 4.11 build, currently in preview, will by default set SMB2_02 as the earliest supported version of the Windows file-sharing protocol.

        "This means clients without support for SMB2 or SMB3 are no longer able to connect to smbd (by default)," the 4.11 release notes read.

        "It also means client tools like smbclient and others, as well as applications making use of libsmbclient are no longer able to connect to servers without SMB2 or SMB3 support (by default)."

        Admins will still have the option to allow SMB1 on their servers if they so choose, but support will be turned off by default.

      • The GitHub account of Canonical who developed popular Ubuntu Linux was hacked[Ed: GitHub is Microsoft's responsibility, so speak to Microsoft. Ubuntu needs to delete GitHub.]
      • GitHub account belonging to Ubuntu Linux maker Canonical hacked [Ed: The account belongs to Microsoft actually. The site is entirely owned by it.]

        “Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent of the breach, but there is no indication at this point that any source code or PII was affected,” the team said.

      • Microsoft to Join Linux Mailing List That Privately Discusses Unpatched Security Issues [Ed: It is pretty revealing that it is mostly Microsoft propaganda sites which push the "Microsoft loves Linux" lie.]

        Microsoft will become a member of the sought after Linux-distros mailing list, which privately discusses non-public security issues. To qualify for the membership, a member must have been submitting fixes for at least a year, with the tech giant’s anniversary and join date on August 5.

      • Microsoft set to join private Linux security mailing list [Ed: Microsoft entryism is progressing inside Linux and Windows promotion sites are pleased.]

        As it stands right now, there are representatives from ALT Linux, Amazon Linux AMI, Arch Linux, Chrome OS, CloudLinux, CoreOS, Debian, Gentoo, Openwall, Oracle, Red Hat, Slackware, SUSE, Ubuntu, and Wind River on the list. According to the list’s information page, issues disclosed here are subject to a maximum embargo period of 14 days but seven days are preferable.

      • Matthew Garrett: Bug bounties and NDAs are an option, not the standard

        Zoom had a vulnerability that allowed users on MacOS to be connected to a video conference with their webcam active simply by visiting an appropriately crafted page. Zoom's response has largely been to argue that:

        a) There's a setting you can toggle to disable the webcam being on by default, so this isn't a big deal, b) When Safari added a security feature requiring that users explicitly agree to launch Zoom, this created a poor user experience and so they were justified in working around this (and so introducing the vulnerability), and, c) The submitter asked whether Zoom would pay them for disclosing the bug, and when Zoom said they'd only do so if the submitter signed an NDA, they declined.

        (a) and (b) are clearly ludicrous arguments, but (c) is the interesting one. Zoom go on to mention that they disagreed with the severity of the issue, and in the end decided not to change how their software worked. If the submitter had agreed to the terms of the NDA, then Zoom's decision that this was a low severity issue would have led to them being given a small amount of money and never being allowed to talk about the vulnerability. Since Zoom apparently have no intention of fixing it, we'd presumably never have heard about it. Users would have been less informed, and the world would have been a less secure place.

        [...]

        If your bug bounty requires people sign an NDA, you should think about why. If it's so you can control disclosure and delay things beyond 90 days (and potentially never disclose at all), look at whether the amount of money you're offering for that is anywhere near commensurate with the value the submitter could otherwise gain from the information and compare that to the reputational damage you'll take from people deciding that it's not worth it and just disclosing unilaterally. And, seriously, never ask for an NDA before you're committing to a specific $ amount - it's never reasonable to ask that someone sign away their rights without knowing exactly what they're getting in return.

      • Microsoft July 2019 Patch Tuesday fixes zero-day exploited by Russian hackers [Ed: Let's blame Russia instead of NSA back doors put there by Microsoft. More trash from CBS tabloid ZDNet.]

        Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobe and SAP have also published their respective security updates earlier today.

      • William Brown: I no longer recommend FreeIPA

        The FreeIPA project focused on Kerberos and SSSD, with enough other parts glued on to look like a complete IDM project. Now that’s fine, but it means that concerns in other parts of the project are largely ignored. It creates design decisions that are not scalable or robust.

        Due to these decisions IPA has stability issues and scaling issues that other products do not.

        To be clear: security systems like IDM or LDAP can never go down. That’s not acceptable.

      • Ubuntu Source code is Safe in the Canonical GitHub account hacking!

        The canonical Security is once again under questionable notice. The forum has been hacked thrice on different occasions. In July 2013, details of 1.82 Million users were stolen by hackers followed by the second hacking where 2 million users data were stolen in July 2016 and in July 2019, the Github account of Canonical limited has been hacked.

        This company works behind the distribution of Ubuntu Linux and was hacked on July 6th, 2019. The Security team accepted that the Canonical owned account on Github was compromised on credentials and was used to create disturbance and issues among other activities. Though the company has removed the account from the organization in Github, it is still working on checking out the breach. The company believes that the source code or PII was affected in any way.

      • Azure Sphere OS Built on a Compact, Secured Linux
    • Environment

      • Nearly a month’s worth of rain in 1 hour triggers travel nightmare in DC area

        Commuters in the Washington, D.C., and Baltimore area faced an extremely difficult and dangerous drive back to work on Monday morning following the long holiday weekend as heavy downpours flooded local roadways. Videos have surfaced on social media in which the raging floodwaters turned roads into rivers. One social media user captured a video while driving through high floodwaters in the Virginia Avenue Tunnel on Monday morning and said, "You’re going to need a boat to pass underneath the Virginia Ave. underpass on I-66 in NW D.C."

      • Flash flood warning issued for Washington metro area

        A flash flood warning has been issued for the Washington, D.C., metro area until 1:45 p.m. Monday by the National Weather Service.

        In one hour, some spots just west of the nation's capital saw over 3 inches of rain, especially along the Potomac River. Areas of concern include the Great Falls, Virginia, area and southeastern Montgomery County, Maryland.

      • AOC, Bernie Sanders to Introduce Resolution Calling 'Existential Threat' of the Climate Crisis an 'Emergency'

        A cohort of progressive Democrats plan to introduce a resolution declaring a climate emergency Tuesday in Congress, a move that could open the door to decisive action on the crisis.

        The Guardian's Emily Holden reported Monday afternoon that Reps. Alexandria Ocasio-Cortez (D-N.Y.) and Earl Blumenauer (D-Ore.) are expected to introduce a resolution calling for naming the climate crisis an "emergency" on Tuesday. Sen. Bernie Sanders (I-Vt.), a frontrunner for the 2020 Democratic presidential nomination, also plans to introduce the resolution in the upper chamber, according to the reporting.

        In comment to The Guardian, Blumenauer's office said that the congressman "decided to draft the resolution after Donald Trump declared an emergency at the U.S. border with Mexico so he could pursue building a wall between the two countries."

      • David Attenborough Calls on Voters in US and Australia to Respond to Climate Science Denial Among Leaders

        Veteran broadcaster David Attenborough has expressed his disappointment at the rise of climate science denial in the US and Australia and called on voters to respond.

        Referencing the rise of climate science denial in some countries while giving evidence to a committee of MPs in the UK, Attenborough said he was “sorry that there are people in power and internationally, notably the United States, but also in Australia” where “those voices are clearly heard”. He said he hoped the “electorate will actually respond” to public figures that promote climate science denial.

      • 24 Governors Call on Trump to Halt Rollback on Rules for Clean Cars

        The opposition to one of President Trump’s most consequential regulatory rollbacks — a plan to weaken pollution standards for automobiles nationwide — widened on Tuesday when 24 governors, including three Republicans, urged the president to abandon his plan.

        The governors’ plea adds to a chorus of criticism from an unlikely mix of voices, including not only environmentalists and labor unions but also some of the biggest automakers in the world. The two dozen governors include the leaders of four states — North Carolina, Pennsylvania, Wisconsin and Montana — that voted for Trump in 2016, helping propel him into the White House.

      • Governors Join California Push for Auto Mileage Pact With Trump

        Governors from more than 20 states -- including some won by Donald Trump in the 2016 election -- joined California officials to urge his administration to implement automobile emissions rules that are consistent nationwide and require efficiency improvements each year.

      • 23 Governors Join Calif. in Opposing Trump Mileage Standards

        Citing climate-damaging tailpipe emissions, 23 governors signed a pledge Tuesday backing California leaders in their showdown with the Trump administration over its plans to relax vehicle mileage standards .

        The pledge by leaders of states and Puerto Rico, most of them Democrats, comes as the administration seeks to ease tougher mileage standards laid out by former President Barack Obama as part of his efforts against climate change. Legal challenges to Trump's policy proposal threaten to disrupt the auto industry for years, and an influential auto industry trade group is renewing its appeal for the compromise.

        The administration says American consumers increasingly want bigger, less-efficient SUVs and pickup trucks . It argues that demanding ever-more fuel-efficient vehicles will drive up automobile costs and keep less-safe, older vehicles on the road longer; opponents challenge that claim.

      • Enormous Antarctic glacier on brink of collapse could raise sea levels by half a metre alone, scientists warn

        An enormous glacier the size of Florida may be on the brink of melting so quickly it could cause catastrophic global sea level rises, scientists have warned.

        While the climate crisis has seen temperatures soar and rapidly reduce ice levels in the Arctic, down in the Antarctic, far larger ice sheets containing much more water are now believed to be at significant risk of collapse, despite previously being considered stable.

        The Thwaites Glacier is one of five recently identified unstable Antarctic glaciers which have doubled their rate of ice loss in just six years.

        Covering 70,000 square miles, it is likely to accelerate its flow into the ocean, a new study into Antarctic ice sheet stability has suggested.

      • Marine ice sheet instability amplifies and skews uncertainty in projections of future sea-level rise

        Sea-level rise may accelerate significantly if marine ice sheets become unstable. If such instability occurs, there would be considerable uncertainty in future sea-level rise projections due to imperfectly modeled ice sheet processes and unpredictable climate variability. In this study, we use mathematical and computational approaches to identify the ice sheet processes that drive uncertainty in sea-level projections. Using stochastic perturbation theory from statistical physics as a tool, we show mathematically that the marine ice sheet instability greatly amplifies and skews uncertainty in sea-level projections with worst-case scenarios of rapid sea-level rise being more likely than best-case scenarios of slower sea-level rise. We also perform large ensemble simulations with a state-of-the-art ice sheet model of Thwaites Glacier, a marine-terminating glacier in West Antarctica that is thought to be unstable. These ensemble simulations indicate that the uncertainty solely related to internal climate variability can be a large fraction of the total ice loss expected from Thwaites Glacier. We conclude that internal climate variability alone can be responsible for significant uncertainty in projections of sea-level rise and that large ensembles are a necessary tool for quantifying the upper bounds of this uncertainty.

      • Antarctic Glacial Melt May Be Irreversible Causing Sea Rise, Research Says

        The mathematical models the researchers created make the most catastrophic scenarios of rapid melting and fast rises in sea water levels seems much more likely than the best-case scenarios of a slow sea level rise. Just how much ice the glaciers will shed in the next 50 to 800 years is impossible to predict since the climate is constantly changing and more data is needed. And yet, the researchers at the Georgia Institute of Technology, NASA Jet Propulsion Laboratory, and the University of Washington factored the instability into 500 ice flow simulations for Thwaites with refined calculations, according to Phys.org.

        While the scenarios showed a wide-range of possibilities, they consistently pointed to an irreversible instability in the glacier that would keep pushing the ice out to sea at an enormously accelerated rate over the coming centuries.

      • Energy

        • Bipartisan Group of Governors Pushes Back on Big Oil, Tells Trump Admin to Halt Clean Car Rollbacks

          As the Trump administration scrambles to formalize its rollback of clean car standards, 24 governors are telling the President to pump the brakes on the proposed rule. The governors have signed a letter, as reported this morning in The New York Times, Associated Press, and Bloomberg, requesting that the administration reconsider the rollback of fuel efficiency and emissions standards, and to honor California’s authority under the Clean Air Act to write its own standards, which other states are allowed under the law to sign onto.

    • AstroTurf/Lobbying/Politics

      • Once Again, Russian Internet Propaganda Efforts Shown To Be Much Bigger Than Originally Believed

        Early on, as the scope of Russia's disinformation and hacking efforts were being revealed, there was a tendency on many fronts to downplay the width and breadth of the problem. For example, early whistleblower revelations of Russia's troll factories--which pump bile and misinformation into the internet bloodstream 24/7--were downplayed as just a few harmless sods posting lame memes in broken English. In time, it became clear that the efforts were larger and far more sophisticated than previously believed.

        The hack of the DNC was similarly downplayed for years. Posing as a Romanian hacker, Russian intelligence sowed all manner of chaos with a carefully timed and leaked reveal of DNC data. Yet even many US journalists downplayed that possibility. Others, thanks largely to flimsy, troll-backed conspiracy theories, routinely claimed the DNC had hacked itself. And still others implied the hack was some kind of mass delusion. We now know the hack was part of a documented attack by Russian intelligence, only exposed due to some sloppy opsec by Russian intelligence agents.

        Here on planet Earth, one thing keeps being made abundantly clear: the scope of Russia's disinformation and hacking efforts are continually being revealed as much bigger than both "conventional wisdom" and crackpot wingnut theory dictated. The latest case in point: the Seth Rich conspiracy, which proclaimed that the DNC staffer had been covertly murdered instead of being robbed, has infected brains across the internet for years now. While the theory was never true, it gained traction thanks to a wide variety of voices ranging from Wikileaks to Fox News.

    • Censorship/Free Speech

      • 'Deep Fake' Legislation Is On The Way, Threatening Free Speech Protections

        The proliferation of deep fake videos is going to start having an effect on First Amendment protections. Hint: it's not going to make these protections any stronger.

        "Deep fake" may be easier to define than "fake news," but that doesn't mean there won't be collateral damage. The issue isn't a new one. Faking reality has been around nearly as long as reality itself. Cheap tools that make this anyone's game is the only thing new. Before we had deep fakes, we had Photoshop and its imitators.

        Video used to be the last bulwark of truth. It couldn't be faked easily. But this too has been abused for years. Editing video to make it show what the editor wants it to show is a tactic that has been used for years. Now, however, tools make it possible to put new words in peoples' mouths, as was demonstrated to devastating satirical effect when a video of Facebook founder Mark Zuckerberg was tricked out to make it appear as though Zuckerberg was promising to swallow every user's data and privacy.

      • Court: It's Cool If The (Federal) Government Searches A Phone The (Local) Government Seized Illegally

        The Fifth Circuit Court of Appeals has decided it's OK if a government agency searches a phone that should never have been seized in the first place… so long as it's not the same government agency that illegally seized it. The illegality of the original seizure -- which should have provoked some discussions of poisonous trees and their harmful fruit -- is pretty much discarded in favor of the good faith exception.

        The backstory is this: Charles Fulton Jr. was targeted by the Galveston (TX) Police Department -- working in tandem with the FBI -- for sex trafficking and prostitution of teens. He was ultimately found guilty on four sex trafficking charges, prompting this appeal of the district court's refusal to toss out the evidence pulled from his seized phone.

      • [Microsoft] GitHub Bans Open Source DeepNude App And Other Projects Based On It

        GitHub has removed code that is based on DeepNude — an app that uses AI to digitally undress pictures of women and create fake nudes.

        While the maker of DeepNude has already shut down the project and made it illegal to use or possess copies of the app, multiple repositories based on the DeepNude algorithm have cropped up on GitHub and also on other platforms.

    • Privacy/Surveillance

      • UK ISPs Vilify Mozilla For Trying To Secure The Internet

        Over the years, UK ISPs have been forced by the government to censor an increasing array of "controversial" content, including copyrighted material and "terrorist content." In fits and spurts, the UK has also increasingly tried to censor pornography, despite that being a decidedly impossible affair. Like most global censorship efforts, these information blockades often rely on Domain Name Server (DNS) level blacklists by UK ISPs.

        Historically, like much of the internet, DNS hasn't been all that secure. That's why Mozilla recently announced it would begin testing something called "DNS over HTTPS," a significant security upgrade to DNS that encrypts and obscures your domain requests, making it difficult to see which websites a user is visiting. Obviously, this puts a bit of a wrinkle in the government, ISP, or other organizational efforts to use DNS records to block and filter content or track user activity.

    • Freedom of Information/Freedom of the Press

      • The International Code Council goes to court over free access to building codes

        Potential productivity benefits for architecture, engineering, and construction may depend on the outcome of copyright litigation by the International Code Council (ICC) against San Francisco-based startup UpCodes. The firm, which aims to reduce perceived bottlenecks in the implementation of the nation’s 93,000 building codes, faces charges that its public posting of codes undermines the public-private partnership that develops them.

        The nonprofit ICC, which prepares the International Building Code and other model codes adopted by multiple jurisdictions, contends that UpCodes has appropriated its property and “does not need to violate ICC’s copyrights to further its claim to innovate,” an anonymous ICC spokesperson commented for this article through its public relations firm. UpCodes regards its practice as fair use, citing precedents establishing that information “incorporated by reference” into law (the applicable legal term) enters the public domain. Other appeals courts, ICC counters, have protected copyrights in cases it considers comparable.

    • Civil Rights/Policing

    • Monopolies

      • Copyrights

        • Indie Publishers Tell Gamers To Pirate Instead Of Buying Keys Through Reseller G2A

          This recommendation was followed up by Rose and other game developers on Twitter, suggesting that anyone thinking about buying a resold game key via G2A just pirate their games instead. This isn't he first time we've seen this sort of thing specifically about G2A, which is one of the more popular Steam key resellers out there. A couple of years ago, another indie game studio went so far as to put its game up on The Pirate Bay itself just to keep money from reaching the hands of G2A.

          The big problem here is that game developers regularly give away free or cheap Steam keys to influencers and others in the hopes of promoting the game on the internet. Some of those influencers then turn around and resell those keys on the G2A market. For its part, G2A insists that it will take down fraudulent sellers and even issue refunds to devs that can prove the keys sold were obtained by nefarious means, but that's generally a lot of window dressing, given that G2A also buys Google ads to place its own links at the top of search results for these same indie games. Meanwhile, these resold keys generate no revenue for the developer, but do increase their costs in customer service, server requirements for online games, etc.

        • Big Fair Use Win Concerning Andy Warhol's Paintings Of Prince

          A decade ago, you may recall, there was a big copyright fight concerning the iconic "Hope" poster that artist Shepard Fairey had created for the Obama campaign. The Associated Press realized that Fairey had used one of its photos as the "model" for making the poster, and started demanding money (there was also a side issue where the actual photographer kept changing his story, first claiming he was thrilled that Fairey had used it, then arguing that the copyright on the photo was his and not the AP's, and then getting angry at Fairey). Eventually Fairey filed for declaratory judgment of non-infringement, against the AP, arguing that his use was covered by fair use. We argued at the time that he had a very strong case. However, Fairey poisoned his own position in the lawsuit by stupidly first (falsely) claiming he had used a different photograph as the basis for his poster and then destroying evidence about which photo he had used. That's bad. Really bad. So, it wasn't a huge surprise to see Fairey eventually agree to just settle the lawsuit, rather than fight for the fair use ruling, since the case was so muddied by his own early actions.

Recent Techrights' Posts

Microsoft Openwashing Stunts Initiative (OSI) is A Vulture in "Open" Clothing
it's quite telling that the OSI isn't protecting the Open Source Definition
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
2025 Will be Fought and Fraught With LLM Slop or Fake 'Articles' (Former Media/News Sites Turning to Marketing Spam)
The elephant in the room?
 
Links 27/12/2024: Perfect Desk, Banning Cellphones, Many Cables Cut Near Finland
Links for the day
Gemini Links 27/12/2024: Slop and Self-hosting
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 26, 2024
IRC logs for Thursday, December 26, 2024
Links 26/12/2024: Japan-China Mitigations and Mozambique Prison Escape (1,500 Prisoners)
Links for the day
Links 26/12/2024: Ukraine's Energy Supplies Bombed on Christmas Day, Energy Lines Cut/Disrupted in the Baltic Sea Again
Links for the day
Gemini Links 26/12/2024: Rot Economy, Self-hosted Tinylogs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 25, 2024
IRC logs for Wednesday, December 25, 2024
[Meme] Time to Also Investigate Bill Gaetz
Investigation overdue
IBM Has Almost Obliterated or Killed the Entire Fedora Community (Not IBM Staff)
Remaining Fedora insiders are well aware of this, but bringing this up (an "accusation" against IBM) might be a CoC violation
Links 25/12/2024: Fentanylware (TikTok) Scams and "Zelle Scams Lead to $870M Loss"
Links for the day
Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day