Bonum Certa Men Certa

Links 15/7/2019: Vulkan 1.1.115 and Facebook Openwashing



  • GNU/Linux

    • Audiocasts/Shows

      • A Modern Open Source Project Management Platform

        Project management is a discipline that has been through many incarnations, spawning an entire industry of businesses and tools. The challenge is to build a platform that is sufficiently powerful and adaptable to fit the workflow of your teams, while remaining opinionated enough to be useful. It also helps to have an open and extensible platform that can be customized as needed. In this episode Pablo Ruiz Múzquiz explains the motivation for creating the open source tool Taiga, how it compares to the other options in the market, and how you can use it for your own projects. He also discusses the challenges inherent to project management tools, his philosophies on what makes a project successful, and how to manage your team workflows to be most effective. It was helpful learning from Pablo's long experience in the software industry and managing teams of various sizes.

      • GNU World Order 13x29
    • Kernel Space

      • Linux 5.1.18
      • Linux 4.19.59
      • Linux 5.2 rolls out with Sound Open Firmware and Comet Lake support

        Kernel Kitten here, defender of the Linux kernel, commander of the Kitten Army, sworn to protect Commander Torvalds' intellectual property, and look dead cute while we do it.

        We cats aren't designed for summer. All we want to do is try and hide from the sun as much as possible. It starts with leaving the back door open to give us options, but will they? Oh no. Typical.

        Anyway, I've stepped away from the battalion in order to give you details of the latest updates, so hopefully, in line with my new calm, empathetic, zen persona, I'll be able to keep my temper and get on with telling you what you need to know for once.

      • Linux 5.2 releases with inclusion of Sound Open Firmware project, new mount API, improved pressure stall information and more

        Two days ago, Linus Torvalds, the principal developer of the Linux kernel announced the release of Linux 5.2 in his usual humorous way, describing it as a ‘Bobtail Squid’. The release has new additions like the inclusion of the Sound Open Firmware (SOF) project, improved pressure stall information, new mount API, significant performance improvements in the BFQ I/O scheduler, new GPU drivers, optional support for case-insensitive names in ext4 and more. The earlier version, Linux 5.1 was released exactly two months ago.

        Torvalds says, “there really doesn’t seem to be any reason for another rc, since it’s been very quiet. Yes, I had a few pull requests since rc7, but they were all small, and I had many more that are for the upcoming merge window. So despite a fairly late core revert, I don’t see any real reason for another week of rc, and so we have a v5.2 with the normal release timing.”

        Linux 5.2 also kicks off the Linux 5.3 merge window.

      • Linux's UBIFS File-System Picks Up Support For Zstd Compression

        The UBIFS file-system for usage on un-managed flash memory devices now has support for Zstd compression.

        Zstd file-system compression was added to UBIFS as providing a means of being faster than the existing LZO compression, including for embedded Arm hardware, while still offering a good compression rate. This new UBIFS Zstd compression can be enabled via the UBIFS_FS_ZSTD Kconfig switch for building the UBIFS module with this Zstd support.

      • Linux Foundation

        • EdgeX Foundry’s Edinburgh release provides framework for IoT

          The internet of things gets a lot of flak for its fragmentation, but attempts are being made to rectify the situation. Case in point: The EdgeX Foundry on Thursday announced the availability of its Edinburgh release, created for IoT use cases across vertical markets.

          It’s not going to completely eliminate fragmentation—that would be an impractical challenge to mount. But whereas a few years ago everybody was trying to do edge and IoT implementations in a proprietary manner, “I would say open source is ready for prime time from an edge perspective,” said Arpit Joshipura, general manager, Networking, Edge and IoT with the Linux Foundation, in an interview.

      • Graphics Stack

    • Applications

      • Top 10 Best Typing Tutor Software for Linux to Increase Your Typing Skill

        Most of us know how to type using a keyboard still, don’t have satisfied typing skill. Actually, it is not that much easier to control the movement of all the 10 fingers at the same time even without looking at the keyboard. Only practice can help you in this case. And you must have the idea about how much fast and accurate typing is essential in this technology-based era. However, I am here to help you increase your typing skill by recommending some useful typing tutor software for the Linux platform. Hopefully, these applications will help you to be a pro typist.

      • Proprietary

    • Instructionals/Technical

    • Games

      • RetroArch Emulation Platform Is Coming To Steam On July 30

        There will be no difference in the functionality of the RetroArch when it launches on Steam in two weeks from now. The Steam version will not have Steamworks SDK functionality or additional Steam features at the time of the launch.

        After the launch, the company will explore options to incorporate Steam’s functionality into the emulator platform.

        Moreover, the open source company has said that it will initially launch the Windows version. macOS and Linux versions will be released later.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Kate LSP Client Continued

          The new LSP client by Mark Nauwelaerts made nice progress since the LSP client restart post last week.

          [...]

          Both are aimed to improve the support of the Rust LSP server. As you can see, they got already reviewed and merged.

      • GNOME Desktop/GTK

        • Pitivi Video Editor Gets Better Thanks to Google Summer of Code

          The Pitivi video editor is getting some (arguably overdue) love and attention as part of this year’s Google Summer of Code (GSoC).

          New features, interface adjustments, and improved clip editing are among the changes the open-source non-linear video editing app is in line to pick up.

          Two recent updates from GSoC 2019 students reveal a bit more about the enhancements that are underway.

          Millan Castro reports on his ‘first month working in Pitivi‘. His goal: ‘implement an interval time system”.

    • Distributions

      • New Releases

        • Linux Weekly Roundup #34

          Hello and welcome to this week's Linux Roundup. Thank you so much for your time.

          We had another good week of Linux Releases.

          Sparky Linux 4.11, Linux Mint 19.2 Beta (well kind of, please read below how their release process works), Feren OS 19.07 and Feren OS Next Beta has been released.

          Other distros I have been looking at this week is Clear Linux with Gnome 3.32 and Artix Linux 20190609.

          About the Linux Mint release method, when all the development is done, the ISO is being tested by a Linux Mint team and Clem, the main guy of Linux Mint will approve all the ISOs when he feels they are ready, when all of the ISOs are approved, the ISOs are being pushed into all the Linux Mint Download Mirrors, after all the mirrors are being updated, Linux Mint writes their release notes. We are currently at the point where all the ISOs has been approved and already being pushed into the Download Mirrors.

      • Fedora Family

        • Porfirio A. Páiz - porfiriopaiz: repos

          Rawhide is the name given to the current development version of Fedora. It consists of a package repository called "rawhide" and contains the latest build of all Fedora packages updated on a daily basis. Each day, an attempt is made to create a full set of 'deliverables' (installation images and so on), and all that compose successfully are included in the Rawhide tree for that day.

          It is possible to install its repository files and just temporarily enable it for just a single transaction, let us say, to simple install or upgrade a single package and its dependencies, maybe, to give a try to its new version that is not currently available on any of the stable and maintained versions of Fedora.

          This is useful when a bug was fixed on Rawhide but it has not landed yet on the stable branch of Fedora and the urge for it cannot wait.

      • Debian Family

        • Review: Debian 10 "Buster"

          Debian is one of the world's oldest Linux distributions and, in terms of the number of developers involved, also one of the largest. Around 1,300 contributors worked on Debian 10, which was released on July 6th.

          Debian 10 offers package upgrades across the entire operating system, but the main changes for this release include enabling AppArmor by default and running GNOME Shell on Wayland. (GNOME running on X.Org is available as an alternative desktop session.) The project's release announcement also mentions nftables can be used to manage the operating system's firewall and Secure Boot is enabled for some architectures. This version of Debian will receive a total of five years of support, thanks to the project's long-term support team.

          The new version of Debian, codenamed "Buster", runs on over half a dozen CPU architectures and is available in net-install, full DVD install, and seven live desktop editions. This gives users many install options and avenues for trying the distribution. Though not mentioned in the distribution's release announcement Debian's media does not include non-free firmware which is often required to connect with wireless networks. People who need wireless networking have the option of downloading unofficial live images with non-free firmware.

          Some more experimental users may be interested in knowing that Debian not only has a Linux flavour, but also offers builds with alternative kernels. The Debian GNU/Hurd team published new install media alongside the main Linux editions.

          I ended up downloading the DVD install media, which is 3.6GB in size. I also downloaded the official live GNOME edition which is 2.3GB. My observations in this review come from installing and running Debian based on the install DVD media, unless otherwise specified.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • CBA discloses NetBank's open source components

        One update explained that NetBank had started to make use of Google Safetynet, a service billed as “a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users.”

        “The Google Safetynet feature does not involve CommBank sharing data with Google, but rather, the Android device shares some data with Google in order to provide an assessment of the device security, which we then use to detect certain types of fraud and cybercrime," a CBA spokesperson told iTnews.

        The second update to NetBank added open source licences, which the bank's spokesperson said was “a decision to acknowledge the use of third party components within our apps, where appropriate”.

        The spokesperson added that “this transparency, if anything, benefits security.”

        “We take security seriously,” the spokesperson added.

        “Every version of the CommBank app, including the open source components, is rigorously scrutinised and scanned by our engineering and cyber security teams for any potential vulnerabilities, and to ensure it is safe to use."

      • InAccel releases open-source Logistic Regression IP core for FPGAs

        Machine learning algorithms are extremely computationally intensive and time consuming when they must be trained on large amounts of data. Typical processors are not optimized for machine learning applications and therefore offer limited performance. Therefore, both academia an industry is focused on the development of specialized architectures for the efficient acceleration of machine learning applications.

      • Eradani Bridges The Gap Between Legacy And Open Source

        In this publication, legacy is not a dirty word or even remotely pejorative. Rather, “legacy” is just a shorthand way of delineating between applications that encapsulate decades of the evolution of a business and the transactions it processes, and all of the other new stuff that this business is also doing and perhaps coding with newer tools and programming languages.

        A new company, called Eradani, has been founded by some experts in both the IBM i world and the open source world with the express purpose of building a technical bridge so these two different cultures can see a unified, hybrid system without knowing all of the details of both sides of that system. This is a lot easier than having heated arguments about how things should be done or whose software stack is better or worse.

        Eradani, which is named after the sun around which the planet Vulcan orbits in the Star Trek science fiction series and which is actually a constellation in the southern hemisphere with several stars bearing that name (but spelled Eridani), was founded by Dan Magid, who was most recently in charge of the modernization labs and sales specialists teams at Rocket Software. Magid came to Rocket Software back in 2011, when that software conglomerate acquired software change management tool maker Aldon Software, where Magid was its long-time chief executive officer. Aldon was co-founded by Albert Magid, his father, and Don Parr back in 1979 in the wake of the System/38 launch, so the Magid family has deep, deep roots in the IBM i world. (Aldon had previously sold itself to private equity firm in 2007.)

      • Open source plays leading role in getting driverless cars on the road

        pen source is playing an increasingly important role in the race to develop fully-functional, totally driverless cars capable of handling all traffic conditions – and investors are lining up to support these efforts.

        Last week, Japan-based open source company Tier IV announced it had raised a further $100 million to facilitate commercialisation of self-driving technology for what it called `private, depopulated and urban’ areas. This brings the amount of money investors have pumped into the company to around $230million.

        However, Tier IV, which was spun out of Japan’s Nagoya University by Shinpei Kato and which counts Yamaha Motor Corporation among its backers, is not the only open source company in the self-driving vehicle starting line-up.

      • AV Mapping Startup Carmera Joins Baidu's Open-Source Apollo Platform

        The company also maintains Baidu Apollo, an open-source software platform launched in 2017 that allows software developers, researchers, and the company’s 130 enterprise partners, including Nvidia (NASDAQ: NVDA), Ford (NYSE: F), Velodyne Lidar, and Toyota (NYSE: TM), to build their own AV systems. The Apollo technology stack has more than 12,000 GitHub developers, and earlier this month, Baidu released Apollo 5.0, the latest version. Other mobility players maintain open-source development platforms—Nvidia, for example—but they aren’t as comprehensive as Apollo.

      • NEC Embraces Open Source Frameworks for SX-Aurora Vector Computing

        In this video from ISC 2019, Dr. Erich Focht from NEC Deutschland GmbH describes how the company is embracing open source frameworks for the SX-Aurora TSUBASA Vector Supercomputer.

        NEC recently opened the Vector Engine Data Acceleration Center (VEDAC) at its Silicon Valley facility. VEDAC is focused on fostering big data innovations using NEC’s emerging technologies while tapping into Silicon Valley’s rich ecosystem.

      • Four misconceptions about open source technology - Acquia

        Despite widespread adoption around the globe, open source technology continues to generate questions about its security and performance.

        Detractors question whether it’s a suitable basis for enterprise projects and platforms; their scepticism due, in no small part, to a series of myths and misconceptions which surround the technology.

        In an era in which cyber-crime and hacking attacks are so frequent, they’ve ceased to be newsworthy, some of these concerns spring from a genuine fear that open source means open to all comers.

        Others have their roots in inertia and the deep comfort of the familiar. Many IT managers would prefer to stick with the tried and true – proprietary technologies whose performance is known and for which they’re happy to be accountable, rather than the unknown quantity which is open source.

      • Google Releases Open Source Cryptographic Tool

        Google has made available an open-source cryptographic tool called Private Join and Compute. The tool uses secure multi-party computation (MPC) to augment the core PSI protocol.

        The product combines two cryptographic techniques - private set intersection and homomorphic encryption. Private set intersection is a technique that finds common identifiers in two sets of data without either data owner needing to show the other owner the underlying data. Google uses an oblivious variant which only marks encrypted identifiers without learning any of the identifiers.

      • Haiku monthly activity report - 06/2019

        We are now in beta phase, and besides the usual bugfixes, it's time to start investigating performance bottlenecks in Haiku. Waddlesplash has been hard at work in that area this month, starting with tuning of the newly integrated rpmalloc allocator.

        He also started benchmarking the uses of the allocator and found various opportunities to save memory, and use dedicated object caches instead of the generic malloc allocator, helping reduce memory fragmentation. The first patches have just started to land (in packagefs), there will likely be more. Ideally beta2 will be able to boot and install with 256MB of RAM or maybe even less thanks to this work.

        Meanwhile, waddlesplash is also auditing the code and starting to work towards making APIs more restricted (allowing some things only for the root user, for example), in order to provide some more privilege separation. Haiku has so far been largely a single user system, and did not worry too much about the usual attack vectors for an UNIX system. But modern computers are often online and we should try to keep our user's data reasonably safe. We have a long way to go, but we have to start with something.

      • Maintaining Independent Infrastructure

        One thing I end up embarassing myself about sometimes in the Ubuntu Podcast telegram chatter is that I end up buying and selling tiny amounts of shares on the US stock markets. All I can say is that I got spooked by the 35 day "government shutdown" at the start of the calendar year when I was stuck working without pay as a federal civil servant. Granted I did get back pay but the Human Capital Office at work is still fiddling with things even now in terms of getting payroll records and other matters fixed. I generally buy shares in companies that pay dividends and then I take the dividends as cash. At work we refer to that as "unearned income" especially as it is taxed at a rate different from the one applied to my wages.

        My portfolio is somewhat weird. I am rather heavily invested in shipping whether it happens to be oil tankers or dry bulk cargo ships. In contrast I have almost nothing invested in technology companies. There aren't many "open source" companies available on the open stock market and the ones out there either I can't afford to buy a single share of or they violate my portfolio rule that stocks held must pay a divided of some sort. Too many companies in the computer tech world appear to make money but don't send any profits back to shareholders as their dividends are stuck at USD$0.00.

      • Web Browsers

        • Mozilla

          • Best free email program for Windows, Mac and Linux

            You’ve got mail! Who doesn’t these days? With the number of business and consumer emails sent and received every day expected to exceed 293 billion this year, according to the Radicati Group, it seems everyone’s got mail.

            One downside to such a volume of email is that most inboxes are cluttered and unmanageable. While many email users opt for utilizing multiple services such as Gmail, Outlook, or Yahoo to tame the mess and keep personal emails from getting mixed up with work emails, it is still a challenge.

            One method for reigning in emails and keeping your accounts separate without the hassles many email clients come with is using a free email program that Kim recommends, Mozilla Thunderbird. This handy tool works across all platforms, including Windows, Mac, Linux systems, and Android and Apple devices.

          • Mozilla figures out how users can avoid online ads and sites can still make money

            I've written for websites that depended on every single impression and click generated by viewers. Some viewers complained about ads and some stayed silent. However, the owner of the site knew that without those advertisements the site would go dark.

            And so, I go about my daily life without the help of ad blockers—assuming that, at some point in time, someone would come up with a way to make both sides of the coin happy.

            That time has finally come. And it should be of no surprise that those behind the solution are from within the open source community—specifically, Mozilla (which may or may not be in conjunction with a new venture, namely Scroll).

            How are they solving this little conundrum (that has perplexed the masses for years)? With a new service they're calling Ad-free Internet. Just what is this new service? It's as equally brilliant as it is simple (and surprising that no one else has realized this solution already).

      • Productivity Software/LibreOffice/Calligra

        • LibreOffice Appliances project (GSoC 2019)

          What happened lately: the lid hinges of my laptop broke for the second time, so I decided to buy a new (used) laptop. As always I didn’t back up my files properly (installed new OS on same disk), so had some transition issues.

          Apparently I hadn’t saved my username+password for the Wekan board, so I’ve created a new one...

      • Pseudo-Open Source (Openwashing)

      • Blockchain

        • Open-Source Platform Lets Users Build Their Own Blockchain in Under 10 Min

          An out-of-the-box solution says it enables anyone, even with no experience, to build their own blockchain in under 10 minutes. According to Nuls, businesses are going through a similar evolution as they did with the early internet, when every company wanted their own website: They now want their own blockchain. And although these firms may not fully understand how to deploy blockchain technology, they are aware of how their business may benefit from it. Nuls aims is to “dismantle some of the biggest barriers” that are stopping individuals and companies of all sizes from creating their own blockchains. Hurdles for adoption include the need to ensure that networks are fully secure and the sheer cost of bringing them to fruition. On top of this, it can be an incredibly time-consuming process — not least because there aren’t enough skilled developers to keep on top of demand.

        • Open-Source Tool Lets Anyone Experiment With Cryptocurrency Blockchains

          Blockchain technology records information to a ledger shared between thousands of nodes. In the technology’s purest form, those nodes are not controlled by any central authority, and information cannot be changed once written to the ledger. Because of the security and autonomy this technology offers (in theory at least), blockchains now underpin many popular cryptocurrencies such as Bitcoin.

          But as Kazuyuki Shudo, an associate professor at the Tokyo Institute of Technology, points out, "It has been nearly impossible to test improvements on real-world blockchain networks, because that would mean having to update the software of all the thousands of nodes on a network."

        • Blockchain founders raised $822m by Q2 – with enterprises focused on open source

          According to the latest State of Blockchains report from Outlier Ventures, blockchain startups raised $822 million by Q2 – but the ecosystem continues to lag behind the 2017 and early 2018 peak.

          $822m was raised across 279 deals over the second quarter of 2019, with more than half of them being seed stage deals indicating continued fresh talent into the space.

          Yet while the numbers may be lower, the scope is much more advanced – particularly with how enterprises are associating with the technology.

          The report explores case studies which will be familiar to readers of this publication. Last month The Block reported that retailer Target had posted a job advert for a blockchain engineer, with the right candidate being able to contribute to ConsenSource, a certificate registry blockchain application based on Hyperledger Sawtooth. The company’s interest in blockchain has been noted, working with agribusiness provider Cargill on a Hyperledger-built project around the supply chain.

          [...]

          The Block spoke with Burke at the Blockchain Expo Global event in London around the data and platform monopolies which exist today.

      • Openness/Sharing/Collaboration

        • Open Data

          • Online Data Science Learning with Tech’s Biggest Names Through edX

            The main advantage of attending a prestigious name-brand data science certification program is the reputation of that esteemed organization that it carries with it. Other than providing tech students and rookies with better opportunities to find an entry-level job at that company (such as Microsoft), it’s a great badge for the more experienced professionals as well.

            However, there are several high-level courses available, such as the ones through edX at IBM, Microsoft, MIT, UC San Diego and Harvard. Each one is different, and tailored to fit the needs of a variety of different professionals at many levels. In this article, we will take a look at these different programs, summarize their most important characteristics, the skills you’re going to acquire (as well as those you need before taking the course), and why you should choose one of them over another.

        • Open Hardware/Modding

          • CHIPS Alliance Brings Powerful Players into Open Source Hardware Collaboration

            Will open source hardware become as ubiquitous as open-source software, such as Linux and Android? Linux changed the world with its open approach to operating systems. The Linux Foundation has now partnered with a new initiative, CHIPS Alliance, to bring the same open source ethos to hardware design.

            All About Circuits had a chance to speak to Ted Marena, Interim Director of CHIPS Alliance, about CHIPS Alliance, its mission, and its inaugural event this June, which was hosted by Linux, itself.

      • Programming/Development

        • Introducing Photon Micro GUI: An open-source, lightweight UI framework with reusable declarative C++ code

          Photon Micro is an open-source, lightweight and modular GUI, which comprises of fine-grained and flyweight ‘elements’. It uses a declarative C++ code with a heavy emphasis on reuse, to form deep element hierarchies.

          Photon has its own HTML5 inspired canvas drawing engine and uses Cairo as a 2D graphics library. Cairo supports the X Window System, Quartz, Win32, image buffers, PostScript, PDF, and SVG file output.

          Joel de Guzman, the creator of Photon Micro GUI, and the main author of the Boost.Spirit Parser library, the Boost.Fusion library and the Boost.Phoenix library says, “One of the main projects I got involved with when I was working in Japan in the 90s, was a lightweight GUI library named Pica. So I went ahead, dusted off the old code and rewrote it from the ground up using modern C++.”

        • Initializing all local variables with Clang-Tidy

          A common source of all kinds of bugs is using variables without properly initializing them. Out of all security problems this one is the simplest to fix, just convert all declarations of type int x; to int x=0;. The main reason for not doing that is laziness, manually going through existing code bases and adding initialization statements is boring and nobody wants to do that.

          Fortunately nowadays we don't have to. Clang-tidy provides a nice toolkit for writing source code refactoring tools for C and C++. As an exercise I wrote a checker to do this. It is submitted upstream and is undergoing code review. Implementing it was fairly straightforward. There were only two major problems. The first one was that existing documentation consists mostly of reference manuals. There is no easy to follow tutorials, only Doxygen pages. But if you dig around on the net and work on it a bit, you can get it working.

          The second, and bigger, obstacle is that doing anything in the LLVM code base is sloooow. Everything in LLVM and Clang is linked to single, huge, monolithic libraries which take forever to link. Because of reasons I started doing this work on my secondary machine, which is a 4 core i5 with 16 gigs of RAM. I had to limit simultaneous linker jobs to 2 because otherwise it would just crash spectacularly to an out of memory error. Presumably it is impossible to compile the code base on a machine that has only 8 gigs of RAM. It seems that if you want to do any real development on LLVM you need a spare data center to run the compilations, which is unfortunate.

        • Weekly Check-In #6
        • Weekly Check In
        • PSF GSoC students blogs: weeklyCheckIn[7]
        • Weekly check-in #6 (week 7): 08/07 to 14/07
        • Coding Period: Week 7
        • A quarter in review - Halfway to 2020

          My work with Rustup continues, though in the past month or so I've been pretty lax because I've had to travel a lot for work. I continue to be as heavily involved in Rust as I can be -- I've stepped up to the plate to lead the Rustup team, and that puts me into the Rust developer tools team proper. I attended a conference, in part to represent the Rust developer community, and I have some followup work on that which I still need to complete.

          I still hang around on the #wg-rustup Discord channel and other channels on that server, helping where I can, and I've been trying to teach my colleagues about Rust so that they might also contribute to the community.

          Previously I gave myself an 'A' but thought I could manage an 'A+' if I tried harder. Since I've been a little lax recently I'm dropping myself to an 'A-'.

        • DocKnot 3.01

          The last release of DocKnot failed a whole bunch of CPAN tests that didn't fail locally or on Travis-CI, so this release cleans that up and adds a few minor things to the dist command (following my conventions to run cppcheck and Valgrind tests). The test failures are moderately interesting corners of Perl module development that I hadn't thought about, so seem worth blogging about.

          First, the more prosaic one: as part of the tests of docknot dist, the test suite creates a new Git repository because the release process involves git archive and needs a repository to work from. I forgot to use git config to set user.email and user.name, so that broke on systems without Git global configuration. (This would have been caught by the Debian package testing, but sadly I forgot to add git to the build dependencies, so that test was being skipped.) I always get bitten by this each time I write a test suite that uses Git; someday I'll remember the first time.

  • Leftovers

    • Security

      • EAP-pwd security issues – SAE (Simultaneous Authentication of Equals) WPA3-Personal – potential full password recovery with weak passwords – CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499

        it might sound strange… and even if it sucks, but if you are concerned about security, call me paranoid but:

        your company’s critical infrastructure SHALL NOT BE REACHABLE BY WIFI! (especially not if you are running a nuclear power plant, just saying… nobody wants meltdown vulnerability of CPUs to actually be able to cause a meltdown)

      • RIP Fernando “Corby” Corbató, inventor of the password (1926-2019)

        Last Friday, legendary MIT computer scientist Fernando “Corby” Corbató passed away at his home in Newton, Massachusetts. He was 93.

        The Oakland-born researcher was responsible for several pivotal advances in the computer science space, most notably the password, which he invented during his pioneering work in computer time sharing.

      • GE Aviation Passwords, Source Code Exposed in Open Jenkins Server [Ed: 'Windows shop' GE needs to hire actual FOSS and GNU/Linux people who know how to properly set up and maintain things. This one is a shot in one's foot.]

        A DNS misconfiguration resulted in an open Jenkins server being available to all.

        A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure.

        GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine suppliers, and offers various airplane components. The server also contained a ReadMe file, outlining all the files it contained and their sensitivity.

      • Open Source Genomic Analysis Software Flaw Patched

        A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions. But the vulnerability was patched before hackers took advantage of it, researchers believe.

    • Transparency/Investigative Reporting

      • The slow-motion crucifixion of Julian Assange

        What is happening to Julian Assange is nothing short of torture and a denial of his human rights, says Dr John Jiggens.

        FOR THE PAST five years I’ve been reporting on what Catholic Worker and Assange supporter Ciaron O’Reilly refers to as the ‘slow-motion crucifixion of Julian Assange’.

        My first interview in 2014 was with Assange’s father, John Shipton, on the second anniversary of his flight to the Ecuadorian Embassy. Julian’s birthday was approaching and Shipton was organising a care package for his son. The package included a cat, to give Julian companionship in the isolation of his closely-guarded diplomatic sanctuary.

      • WATCH THE REPLAY: Nils Melzer, Aaron Mate’, Mike Gravel on CN Live! Premiere

        On the premiere episode of CN Live!, Nils Melzer, the United Nations special rapporteur on torture and other cruel, inhuman or degrading treatment or punishment, joined us from Geneva to discuss his work on the condition of imprisoned WikiLeaks publisher Julian Assange. Journalist Aaron Maté spoke to us from New York about his latest article, “CrowdStrikeOut: Mueller’s Own Report Undercuts Its Core Russia-Meddling Claims“. Former U.S. Senator and Democratic primary contender Mike Gravel, and Marjorie Cohn, professor emerita at Thomas Jefferson School of Law and former president of the National Lawyers Guild, joined the program from California to discuss the race to the White House.

        Francis Boyle, international law professor at the University of Illinois, picked apart the intelligence and political machinations behind the arrest of financier Jeffery Epstein on sex trafficking charges; and author and scholar George Szamuely joined hosts Joe Lauria and Elizabeth Vos from Budapest to dissect the latest news on Assange and WikiLeaks.

      • The Media Is Complicit in Julian Assange's Torture

        A United Nations expert finds the WikiLeaks founder has been subjected to psychological torture, and media around the globe played a part.

    • Censorship/Free Speech

      • India's first dynamic injunction issued to block access to 'rogue websites'

        Online piracy continues to be a menace which a very difficult for the courts to tackle. There are several reasons for this, the most important being the difficulty in removing pirated content available online. Court orders are difficult and time consuming to obtain. Further, blocking websites often becomes useless as new websites with the same content pop up instantly. Due to all this, online piracy continues to be an ever-evasive problem with few practical solutions. However, the Delhi High Court, in UTV Software Communication Ltd v 1337X.TO and Ors recently made a significant advancement in protecting such rights, particularly in the case of blocking entire websites or mirror websites.

        UTV Software Communications Ltd., the plaintiffs in the present case, filed eight suits primarily seeking an injunction restraining infringing activities of the defendants. The plaintiffs are engaged in the business of creating content, producing and distributing cinematographic films around the world, including in India. The defendants were classified into four broad categories – certain identifiable websites, John Doe defendants, ISPs, and government departments (Department of Telecommunication and Ministry of Electronics and Information Technology). The defendant websites did not respond to any of the summons, presumably because they were based outside India. However, the Court deemed the issue of general public importance and issued the relevant injunction even in such absence.

    • Privacy/Surveillance

      • The Toxic Potential of YouTube’s Feedback Loop

        Unfortunately, this wasn't the first scandal to strike YouTube in recent years. The platform has promoted terrorist content, foreign state-sponsored propaganda, extreme hatred, softcore zoophilia, inappropriate kids content, and innumerable conspiracy theories.

        Having worked on recommendation engines, I could have predicted that the AI would deliberately promote the harmful videos behind each of these scandals. How? By looking at the engagement metrics.

        Using recommendation algorithms, YouTube’s AI is designed to increase the time that people spend online. Those algorithms track and measure the previous viewing habits of the user—and users like them—to find and recommend other videos that they will engage with.

    • Civil Rights/Policing

      • Use of Glasgow Airport in CIA rendition of man to Egypt revealed

        The use of Glasgow Airport in the rendition of a man whose torture in Egypt led to the false information which provided part of the case for the Iraq War has been revealed in a new report on the CIA’s network of black sites around the world.

        A new report presents, for the first time, a comprehensive overview of the CIA’s black site network, drawing on new data derived from an analysis of the Senate Intelligence Committee’s 2014 study of CIA detention.

      • Expansion of Secrecy Law for Intelligence Operatives Alarms Free Press Advocates

        The C.I.A. is quietly pushing Congress to significantly expand the scope of a law that makes it a crime to disclose the identities of undercover intelligence agents, raising alarms among advocates of press freedoms.

        The agency has proposed extending a 1982 law, the Intelligence Identities Protection Act, which makes it a crime to identify covert officers who have served abroad in the past five years. Under the C.I.A.’s plan, the law would instead apply perpetually to people whose relationships with the intelligence community are classified — even if they live and operate exclusively on domestic soil.

        Lawmakers have attached the C.I.A.’s proposed language to defense and intelligence bills moving through Congress. The provisions have sparked objections among press freedom and government transparency advocates. Potential amendments to the House intelligence bill must be submitted by Thursday to be considered when it comes to the House floor.

      • Not in My Name: Academics Publicly Attack Torture Rapporteur [Ed: Weaponising "women's rights" to justify torture of journalists]

        I am a survivor of rape, gang rape and the abusive police process I was subjected to when I reported it and I am fed up with watching sexual violence being used as a cover for political attacks on Julian Assange, his colleagues and his supporters.

        I am not alone. Numerous other survivors have reached out to me tonight expressing the same sentiment and we deserve to be heard.

        Today, members of what is supposedly a women’s advocacy group published an open letter addressed to UN top brass, from the Secretary-General on down, complaining about an article written by UN Special Rapporteur on Torture Nils Melzer and attempting to call into question his suitability for his role.

      • Human-Rights Lawyers React to a UN Official’s Definition of Rape [{Ed: What you get for defending journalists who expose war crimes and other high crimes of people in high positions (in military, politics, corporations)]

        A group of several hundred international human-rights lawyers reacted to a first-person opinion piece published by the United Nations expert on torture that “had a problematic definition of rape,” according to the lawyers’ open letter, published on July 1, expressing their legal views.

        The exchange between the human-rights experts and proponents and the UN specialist, Nils Melzer, played out on the blogging site Medium and on Twitter most of last week, where PassBlue discovered the exchange.

      • UN Rapporteur on Torture Nils Melzer replies to feminist legal critics on Assange

        UN Rapporteur on Torture Nils Melzer has issued an open letter, refuting accusations that his defence of Julian Assange against state-orchestrated rape allegations has cast “serious doubt as to his ability and willingness to deal with gender-based crimes.”

        A group of feminist academics and human rights experts published an open letter against Melzer on July 1. Framed as a response to his June 26 opinion piece, “Demasking the Torture of Julian Assange,” the open letter was a barely concealed threat made against Melzer’s job as UN Special Rapporteur on torture and other cruel, inhuman or degrading treatment or punishment. It was addressed to the UN high commissioner for human rights, its deputy high commissioner and the Coordination Committee of UN Special Procedures.

        The open letter’s signatories described themselves as “practitioners and scholars in international law and human rights” who are “deeply disturbed by the way [Melzer] approaches the allegations of sexual assault” in the Swedish case against Assange.

      • WikiLeaks Chief Editor Says Assange Might Eventually Turn To European Human Rights Court

        WikiLeaks founder Julian Assange, imprisoned in Belmarsh in London, may turn to the European Court of Human Rights over the psychological torture that he has been exposed to, after having exhausted all legal ways in the United Kingdom, WikiLeaks Editor-in-Chief Kristinn Hrafnsson told Sputnik.

        In late May, UN Special Rapporteur on Torture Nils Melzer stated after visiting Assange in prison together with two medical experts that the WikiLeaks founder had been exposed to a long-time psychological torture.

        "I don't know if it is possible to do that on that basis. You have to exhaust the legal remedies in the courts in your country before you actually do it, but I could expect to see that happen in the end, after the United Kingdom takes it through all courts. But I am not too optimistic that he will be allowed free. So that means incarceration for years and years," Hrafnsson said in an interview, asked if Assange should apply to the European Court on Human Rights over the matter.

      • UN Rapporteur on Torture Nils Melzer exposes propaganda and censorship in Assange reporting

        When Nils Melzer, the UN special rapporteur on torture, issued a May 31 statement demanding an immediate end to the “collective persecution” of Julian Assange it made headlines all over the world.

        Assange, Melzer wrote, “has been deliberately exposed, for a period of several years, to progressively severe forms of cruel, inhuman or degrading treatment or punishment, the cumulative effects of which can only be described as psychological torture.”

        “In 20 years of work with victims of war, violence and political persecution, I have never seen a group of democratic states ganging up to deliberately isolate, demonise and abuse a single individual for such a long time and with so little regard for human dignity and the rule of law,” he added.

      • UN Expert Says Western Media Hush Up Assange Case While Russian Outlets Stand for Golunov

        UN Special Rapporteur on Torture Nils Melzer voiced his concern over the fact that while some of the Russian media outlets joined their efforts to draw public attention to the controversial arrest of investigative journalist Ivan Golunov, Western media failed to report impartially on the case of WikiLeaks founder Julian Assange.

      • Citizens to the UN: Investigate Our “Torture Chambers in the Sky”

        Our submission calls their attention to unaddressed human rights violations – abduction and enforced disappearance in particular — committed by North Carolina, its political subdivisions, and a private company called Aero Contractors in the CIA’s extraordinary rendition and torture program.

        Our communication reached U.N. experts on the eve of June 26, the U.N’.s International Day in Support of Victims of Torture, proclaimed in 1997 when the Convention Against Torture went into effect. The U.N. calls June 26 an opportunity for member states, civil society and individuals to “unite in support of the hundreds of thousands of people around the world who have been victims of torture and those who are still tortured today.”

      • Guantánamo Case to Test Whether Torture Can Be Put on the Docket

    • Monopolies

      • Should you boycott Amazon Prime Day?

        Amazon is now powerful enough to push its own holiday onto the calendar. Starting Monday, Prime Day will kick off with an avalanche of deep discounts — and Amazon is doing everything it can to make sure it feels festive. In fact, the company is doing so much, it might make you uncomfortable.

        [...]

        Crucially (and perhaps surprisingly), none of the striking workers have called on shoppers to boycott Prime Day sales. There’s no official guidance on how shoppers should support the strike, and many of the striking workers who talked to The Verge were ambivalent on the question. In some sense, it’s beside the point. The strike is meant to show that the success of Prime Day depends on warehouse workers — but that message is more about fulfillment queues than sales numbers. Solidarity is always welcome in a strike, but it’s hard to draw a clear, straight line from the workers’ demands to the Buy button.

      • Patents and Software Patents

        • Athena Diagnostics v. Mayo Collaborative Services -- The Concurrences

          In Part II of his opinion, Judge Dyk defends the need for Alice/Mayo framework, contending that "[d]espite assertions to the contrary, the doctrines of novelty under ۤ 102, obviousness under ۤ 103, and enablement and written description under ۤ 112 cannot adequately guard against the dangers of overclaiming." Judge Dyk also notes that these provisions do not "typically allow early stage resolution of the 'threshold' issue of patent eligibility . . . necessary to avoid the costs of lengthy litigation," and therefore concludes that the patent eligibility analysis of "ۤ 101 serves an important purpose not served by these other provisions in the Patent Act." Offering an example of the alleged inadequacy of the other provisions to guard against overclaiming, Judge Dyk suggests that "[i]f the first person to identify the relationship between a genetic abnormality and a disease had sought a broad patent on a method of searching for genetic abnormalities and determining their relationship to disease, the claims would have been neither anticipated nor obvious."

          For Judge Dyk, "[t]he problem with ۤ 101 arises not in implementing the abstract idea approach of Alice, but rather in implementing the natural law approach of Mayo," explaining in Part III of his opinion that "[a]lthough Mayo's framework is sound overall, I share the concerns expressed by my dissenting colleagues that the Mayo test for patent eligibility should leave room for sufficiently specific diagnostic patents." However, as Judge Hughes indicated in his concurrence, Judge Dyk states that "it is the Supreme Court, not this court, that must reconsider the breadth of Mayo."

          [...]

          Judge Chen begins his concurrence by noting that the Supreme Court in Diehr "adopted a relatively narrow and more administrable version of the judicial exceptions to the statutory text of 35 U.S.C. ۤ 101 compared to what the Court articulated three years earlier in Parker v. Flook, 437 U.S. 584 (1978)." He also suggests that "[u]nder Diehr's 'claim as a whole' principle, which does not divide the claim into new versus old elements, Athena's claims, particularly claims 7 and 9, likely would have been found to be directed to a patent-eligible process." However, he acknowledges that in Mayo, the Supreme Court "set forth an inventive concept/point of novelty framework, which is a more far-reaching, aggressive version of the judicial exceptions to the statute and is largely incompatible with Diehr's core rationale," even though "nothing in Mayo suggests that it sought to repudiate Diehr's analysis."

          Judge Chen provides a detailed analysis of Diehr, Flook, Mayo, and Alice, before turning to Athena's claims. With respect to Diehr and Flook, Judge Chen contends that "[g]iven Diehr's evident disagreement with Flook's analysis, Diehr, as the later opinion, was widely understood to be the guiding, settled precedent on ۤ 101 for three decades," with Diehr "reject[ing] the point of novelty/inventive concept approach to patent eligibility." According to Judge Chen, "Mayo provided a framework for the judicial exceptions that strongly tracked the reasoning of Flook and the Diehr dissent." Thus, Judge Chen argues that "Mayo is in considerable tension with Diehr's instruction to consider claims 'as a whole' and Diehr's disapproval of dissecting claims into elements and ignoring non-novel elements in the ۤ 101 analysis."

          [...]

          In the last part of his opinion, Judge Chen examines the claims at issue in Athena. While conceding that "the Supreme Court has made clear that detecting a law of nature (without more than conventional steps for accessing the law of nature) does not qualify as a patent-eligible application of a law of nature," Judge Chen notes that "given that the dual 'invention or discovery' structure consistently has been part of every Patent Act since 1790, this statutory provision suggests that at least some discoveries, including Athena's 'discovery' of how to diagnose myasthenia gravis, have always been contemplated as patentable subject matter." Thus, while Judge Chen "do[es] not think the claims here can withstand Mayo's scrutiny," he argues that "perhaps when read 'as a whole' under Diehr, claims such as claims 7 and 9 in this case could be viewed as methods of testing for a specific medical condition, employing a sequence of steps that physically transform materials," adding that "this sounds like a contribution to the 'useful arts' stated in Article I, Section 8, Clause 8 of the U.S. Constitution."

      • Copyrights

        • Fake MPAA Asks Google to Remove Thousands of URLs, Including MPAA.org

          This week we spotted an odd takedown request. None other than Hollywood's MPAA asked Google to remove MPAA.org from its search results. This wasn't the real MPAA though, but an imposter that has sent tens of thousands of takedown demands, mostly targeted at pirate streaming sites.

        • Crowdfunding campaign launched to stop EU’s new copyright regulations

          Anyone in the open source community who thought they had won the war on censorship when the European Union backed down on a key aspect of its Copyright Directive earlier this year, is `making a mistake of the highest order’.

          That’s the view of open source and Internet advocate, activist and author Glyn Moody – whose 2001 book `Rebel Code: Linux and the Open Source Revolution’ provides an early, authoritative history of the open source movement.

          The global open source community was able to breathe a small sigh of relief when last-minute amendments were made to the European Union's (EU's) Copyright Directive, resulting in open source software development being left relatively, but not wholly, unscathed.

Recent Techrights' Posts

Microsoft Openwashing Stunts Initiative (OSI) is A Vulture in "Open" Clothing
it's quite telling that the OSI isn't protecting the Open Source Definition
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
2025 Will be Fought and Fraught With LLM Slop or Fake 'Articles' (Former Media/News Sites Turning to Marketing Spam)
The elephant in the room?
 
Links 27/12/2024: Perfect Desk, Banning Cellphones, Many Cables Cut Near Finland
Links for the day
Gemini Links 27/12/2024: Slop and Self-hosting
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 26, 2024
IRC logs for Thursday, December 26, 2024
Links 26/12/2024: Japan-China Mitigations and Mozambique Prison Escape (1,500 Prisoners)
Links for the day
Links 26/12/2024: Ukraine's Energy Supplies Bombed on Christmas Day, Energy Lines Cut/Disrupted in the Baltic Sea Again
Links for the day
Gemini Links 26/12/2024: Rot Economy, Self-hosted Tinylogs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 25, 2024
IRC logs for Wednesday, December 25, 2024
[Meme] Time to Also Investigate Bill Gaetz
Investigation overdue
IBM Has Almost Obliterated or Killed the Entire Fedora Community (Not IBM Staff)
Remaining Fedora insiders are well aware of this, but bringing this up (an "accusation" against IBM) might be a CoC violation
Links 25/12/2024: Fentanylware (TikTok) Scams and "Zelle Scams Lead to $870M Loss"
Links for the day
Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day