Version 19.1 is already available in Ubuntu Eoan. A stable release updates (SRU) to Ubuntu 18.04 LTS (Bionic) and Ubuntu 16.04 LTS (Xenial) will start in the next week.
Organizations should consider complementing their object storage initiatives with an abstraction layer that combines storage from multiple clouds into a single virtual storage unit. Enterprises shouldn’t migrate data unless absolutely necessary. An abstraction layer can make it easier to manage data wherever it resides.
The end result of all of this is an IT strategy that eliminates or reduces discontinuity between different cloud platforms. Enterprises can choose to use the public cloud based on their unique business needs, not their technical bandwidth. Or, they can opt to use a combination of public and private clouds. Either way, with the appropriate storage infrastructure, they can get rid of the remorse and rest assured that their data will always be available.
Overall, Kuryr provides a significant boost in pod-to-pod network performance. As an example we went from getting 0.5Gbps pod-to-pod to 5 Gbps on a 25 Gigabit link for the common case of 1024B TCP packets when worker nodes nodes were spread across separate OpenStack hypervisors. With Kuryr, we are able to achieve a higher throughput, satisfying application needs for better bandwidth while at the same time achieving better utilization on our high bandwidth NICs.
Released earlier this month, the Linux 5.2 kernel series is now ready for mass deployments as the first point releases are out, marking the branch as stable on the kernel.org website. Linux kernel 5.2 is a major release adding several exciting new features and improvements, including an open-source firmware to support DSP audio devices, new open-source GPU drivers for ARM Mali devices, a new file system mount API, support for case-insensitive names in the EXT4 file system, as well as better resource monitoring for Android.
It also brings performance improvements to the BFQ I/O scheduler, a new device mapper "dust" target designed to simulate devices with failing sectors and read failures, a freezer controller for cgroups v2 for freeing up resources, and a CLONE_PIDFD flag to clone(2) for fetching PIDs when creating processes usable by pidfd_send_signal(2).
Linus Torvalds has kicked off the development of the Linux 5.3 kernel series, which will be the next major Linux kernel branch to be released this fall in early September.
The two-week merge window from the Linux 5.2 kernel series, which is now ready for mass deployments, is now closed, so the development cycle of Linux kernel 5.3 has kicked off over the weekend with the first RC (Release Candidate) ready for download and testing. According to Linus Torvalds, Linux kernel 5.3 RC1 is a pretty big release, but not the biggest ever.
The open-source MoltenVK continues advancing for supporting a healthy subset of the Vulkan API on Apple's macOS and iOS platforms. MoltenVK 1.0.36 was released today with support for more Vulkan extensions, many bug fixes, and a variety of other improvements.
Among the new extensions supported by MoltenVK 1.0.36 are KHR_device_group_creation, EXT_metal_surface, EXT_post_depth_coverage, EXT_scalar_block_layout, EXT_swapchain_colorspace, KHR_uniform_buffer_standard_layout, and various other extensions.
Oracle released VirtualBox 6.0.10 as the fifth maintenance release in the latest VirtualBox 6.0 series, fixing various issues and adding some exciting enhancements for Linux users.
VirtualBox 6.0.10 comes more than two months after the previous maintenance release with some notable changes for Linux-based operating systems, especially Ubuntu and Debian GNU/Linux hosts, which received support for UEFI Secure Boot driver signing. Additionally, Linux hosts got better support for various kernels on Debian GNU/Linux and Fedora systems.
It also fixes focus grabbing issues reported by users when building VirtualBox from sources using recent versions of the Qt application framework. The Linux guests support was improved as well in this release with fixes for udev rules for guest kernel modules, which now take effect in time, and the ability to remember the guest screen size after a guest reboot.
There is a new version of at daemon, 3.2.0. It was implemented some new features, so the bump on the minor version.
Today, Dropbox notified users that it has brought back support for ZFS and XFS on 64-bit Linux systems, and Btrfs and eCryptFS on all Linux systems in its Beta Build 77.3.127.
The support note in the Dropbox forum reads “Add support for zfs (on 64-bit systems only), eCryptFS, xfs (on 64-bit systems only), and btrfs filesystems in Linux.”
Dropbox has walked back its November 2018 decision to stop working with filesystems popular among Linux users.
Valve emailed a press release today, to mention that the full bundle of the Valve Index kit is back in stock for those in the US looking to pick it up.
M2H and Blackmill Games continue pushing out big free updates to both Tannenberg and Verdun, with Tannenberg today seeing a free expansion focused on Latvia.
It's a large update which includes the Latvian Riflemen, a new support squad. A new map named "The Baltic", which features plenty of sand dunes, marshes, and swamps which you can see in action in my shot below, right before I met an unfortunate end:
Feral Interactive today announced that Company of Heroes 2, the ever-popular WWII strategy game, has been updated with five new Commanders.
Heard of the Jade desktop environment? I’ll admit that, until this week, I hadn’t — but I like what I see!
The Jade desktop (the ‘Jade’ standing for ‘Just Another Desktop Environment’) is a Linux desktop shell based (primarily) on web technologies (eek!).
Currently the shell is only readily available on Manjaro Linux. But since its built using a mix of Webkit2, GTK, HTML, CSS, Javascript, and Python, it is (theoretically at least) easily transferable to other Linux distros, including Ubuntu.
The KDE Onboarding Sprint happened in Nuremberg, 22 and 23 July. The goal of the sprint was to come closer to making getting started working on existing projects in the KDE community easier: more specifically, this sprint was held to work on the technical side of the developer story. Of course, onboarding in the wider sense also means having excellent documentation (that is easy to find), a place for newcomers to ask questions (that is easy to find).
Ideally, an interested newcomer would be able to start work without having to bother building (many) dependencies, without needing the terminal at first, would be able to start improving libraries like KDE frameworks as a next step, and be able to create a working and installable release of his work, to use or to share.
This past week I joined several other members of the GNOME docs team (as well as the Engagement and GTK teams) to work as part of the West Coast Hackfest in Portland, Oregon. From the GNOME Docs side, our efforts were split between resolving documentation issue reports, improving our CI, and making some initial steps towards better help on the web.
On the issues side, we resolved over 20 doc issues, many of which involved multiple components and discussions to arrive at the best way to fix the problem. For myself, I revamped the instructions on how to search from within the GNOME Files / Nautilus application, which mainly involved updating the current help and adding information on how you can customize which directories are included (or not included) in the search results. As part of this, I also filed a bug to improve a UI component of the search customization. I was able to give a bit of love to gedit docs, as well, though there is still more to do to bring those docs fully up-to-date.
Fans of the Arc Menu extension for GNOME Shell desktops have plenty of reason to upgrade to the latest release.
Version 30 of Arc Menu features “many changes and updates to the ArcMenu code base” that, developers say, “substantially” improve the app launcher’s look, form, and function.
Arc Menu’s ‘search’ functionality has been retooled to better match the main GNOME Shell Applications screen.
Accordingly, the applet now pays attention to the “search” sources that are enabled in GNOME Control Centre > Search. This means you’ll see matching files, system settings, new software (in GNOME Software) returned in the panel, all cleanly delineated by header labels.
The Mageia project has released an emergency update to the latest Mageia 7 Linux operating system to address installation issues reported by users with computers powered by AMD Ryzen 3000-series CPUs.
Mageia 7.1 is now available for download featuring all the necessary patches needed to allow the installation on computers using AMD Ryzen 3000-series processors. The Mageia 7 release, which arrived earlier this month, did not worked well on the new AMD Ryzen 3000-series systems, which failed to start up and blocked the installation of Mageia Linux.
Fedora has officially announced on June 22, 2019 that they are dropping of the i686 kernel Support and i386/i686 Repositories starting from Fedora 31.
It was announced by Kevin Fenzi, he is working in Red Hat as the Fedora Infrastructure Lead.
So, it’s no longer possible to install Fedora 31 or later on i686 hardware, which will be released on October.
However, you can able to upgrade older releases as long as they are supporting a 32-bit repository. But the kernel version is still remain old possibly vulnerable kernel installed.
The same principle holds whether it is for source code or other contributions, like investigating a bug, mentoring or doing administrative work.
Many people have been puzzled by the email from former Debian Project Leader (DPL) Chris Lamb where he fails to acknowledge the work I contributed as admin and mentor in GSoC over many years. Furthermore, reading emails like that, you might come to the conclusion that other people, including Molly de Blanc, who it is alleged Lamb was secretly dating, did the work in GSoC 2018. Yet people who participated in the program didn't feel that is accurate. Why has Lamb failed to recognize or thank me for my own contributions?
At first, the problems in Debian's GSoC team were puzzling for many of us. The allegation that Molly de Blanc was Lamb's girlfriend shines a new light on Lamb's email. Neither of them declared their relationship to other members of the GSoC team, it was a complete shock for me when I heard about it.
BT announced it has selected Canonical's Charmed OpenStack on Ubuntu as a key component of its next generation 5G Core.
BT has selected Canonical’s Charmed OpenStack on Ubuntu to sit at the heart of its next-generation, cloud-native 5G core network. This will help it to increase capacity to keep ahead of user demands as EE’s 5G network rolls out, and bring new services to the network quickly and cheaply.
Canonical will provide an open source virtual infrastructure manager (VIM) as part of BT’s ongoing network functions virtualisation (NFV) programme and to aid its transition to a cloud-based core.
Specifically, BT announces it would use Canonical's Charmed OpenStack on Ubuntu as a key component of its next-generation 5G Core. In addition, Canonical will provide the open-source virtual infrastructure manager (VIM) as part of BT's Network Function Virtualisation (NFV) program. With this open-source cloud approach, BT can delivery the capacity it needs to meet 5G's demand for fast, ever-changing network connections.
VIM is being deployed using Canonical's Juju, and Charms DevOps tools Metal-as-a-Service (MaaS) will be used as the cloud provisioning tool. BT's 5G Core will be backed by Ubuntu Advantage for Infrastructure for the ongoing management and support of operations. The full 5G Core will first be used for 5G, but eventually, it will be used to transform all of BT's networking offerings --fixed, mobile and Wi-Fi--into a single, seamless customer experience.
British Telecom has chosen Ubuntu OpenStack, developed by open-source specialist Canonical, as the cloud platform that will help support the introduction of 5G and fibre-to-the-premises connectivity in the UK.
As part of the deal, Canonical will provide the open-source virtual infrastructure manager (VIM) that will enable BT – and by extension, its mobile network EE - to run network functions as code, reducing the need for specialized telco hardware.
Major telecommunications providers are currently busy transitioning from proprietary, hardware-based networks – which are expensive to build and run – to virtualized cloud-based networks, backed by commodity servers. They are not doing this because it’s fun, but because it’s the only way to cost-effectively deliver the amounts of data that their customers will require in the next few years.
The company behind popular open source operating system, Ubuntu, Canonical will provide the open source virtual infrastructure manager (also known as a VIM) to BT in a bid to provide faster and more reliable services. It's all part of BT's Network Function Virtualisation (NFV) program as the firm transitions to a cloud-based Core network.
Such changes mean that BT can quickly deploy new services, as well as increase capacity effectively while it stays ahead of customer demand that's being driven by 5G and FTTP.
BT selected Charmed OpenStack cloud-based software on the Ubuntu open-source operating system as a key component for its core 5G network. Under the agreement, Canonical, the commercial arm of Ubuntu, will provide the virtual infrastructure manager as part of BT’s Network Function Virtualisation program and the operator's transition to a cloud-based core network.
BT said the open-source, cloud-based approach will allow it to deploy new services quickly as well as increasing capacity to meet anticipated customer demand driven by 5G and FTTP.
Canonical released new Linux kernel security updates for Ubuntu 19.04 (Disco Dingo) and Ubuntu 18.04 LTS (Bionic Beaver) operating system series to address various security vulnerabilities. The new security updates are here to address a race condition (CVE-2019-11599) in Linux kernel when performing core dumps, and an integer overflow (CVE-2019-11487) when referencing counting pages. Both issues affect only Ubuntu 19.04 systems and could allow a local attacker to crash the system by causing a denial of service (DoS attack) or possibly execute arbitrary code.
We’re back for another glorious round of looking at software running on the upcoming Librem 5 Smartphone!
If you’ve missed any of the previous videos, check out parts One, Two, and Three to get all caught up — then enjoy the 8 videos below (ranging from a music player to running the Apache Web Server right on the Librem 5). And you better believe we’ve got more on the way. A lot more.
WiBase’s extended temperature “WB-N211 Stingray AI Inference Accelerator” AI edge computer runs Linux on an Nvidia Jetson TX2. The Stingray, which is also available as a “WB-N211-B” baseboard, joins several other TX2-based WiBase AI systems.
WiBase, a Taiwanese AI and vision analytics subsidiary of Wistron, announced that its WB-N211 Stingray AI Inference Accelerator will support Nx Witness VMS software from Networkoptix for vision analytics and surveillance. The WB-N211 Stingray, which is based on a separately available WB-N211-B baseboard that runs Linux on an Nvidia Jetson TX2, appears to be fairly new.
Raspberry Pi Trading engineer James Hughes recently pointed out a project to us that he’d found on the Raspberry Pi forum. Using a Raspberry Pi, forum member Rene Richarz has written a Tektronix 4010, 4013, 4014, 4015, and ARDS terminal emulator. The project sounded cool, but Helen and I didn’t 100% get it, so we asked James to write an introduction for us. You can find that below, followed by the project itself. James’s intro is amazing, because, despite this heat messing with my concentration, I understand the project now! That James – what a treasure. And here he is:
One of the LimeSDRs runs a GNU radio flowgraph with a specially designed block for detecting the rogue drone’s frequency modulation signature with what seems to be a machine learning classification script. The other LimeSDR runs another *secret* flowgraph and a custom script running on the SBC combines the two flowgraphs together.
Even though the One Mix 1S Yoga mini laptop comes preloaded with Microsoft’s latest Windows 10 operating system it also supports a number of different Linux distributions some of which Brad Linder has put through their paces over on the Liliputing website.
Earlier this month, Mozilla announced the release of Firefox 68, which includes a curated "list of recommended extensions that have been thoroughly reviewed for security, usability and usefulness." We are pleased to announce that both of our popular browser extensions, HTTPS Everywhere and Privacy Badger, have been included as part of the program. Now, when you navigate to the built-in Firefox add-ons page (URL: about:addons), you'll see a new tab: "Recommendations," which includes HTTPS Everywhere and Privacy Badger among a list of other recommended extensions. In addition, they will be highlighted in Add-ons for Firefox and in add-on searches.
What does this mean for users who already have our extensions installed? If you initially installed them from addons.mozilla.org or the recommendation list, it means that there will be a slight delay after we update the extensions while Mozilla reviews the new versions for security, utility, and user experience. If you installed the self-hosted extensions directly from eff.org without going through Mozilla, you'll get the updates right away after a routine automated check. Either way, you can rest assured that EFF has audited every piece of software we release for security and performance problems.
The Conference opened to public on Friday 19 in a ceremony that gathered the Minister of the Secretariat of Linguistic Policies (SPL), Ladislaa Alcaraz de Silvero, Prof. Limpia Ferreira Ortiz, FP-UNA Vice-Dean, members of the Guaraní Culture Atheneum, Prof. Mag. Alcides Torres Gutt, Coordinator of the Translation Team together with Italo Vignoli and Gustavo Pacheco representing The Document Foundation and the LibreOffice Community.
“The LibreOffice Latin American Conference is an event not only of technology, it is also a space for the study of new forms of productive organization. It will deal with technical topics such as development and quality control, but also with successful cases of migration and, with special attention, the translation into Guaraní, native of the American continent and official in Paraguay,” said the Vice-dean in her inaugural speech.
The conference initiative was declared of “Scientific and Technological Interest” by the Honorable Chamber of Deputies of Paraguay.
For years, libraries across America have paid to subscribe to lynda.com for online learning content; four years ago, lynda.com became a division of Linkedin, and this year, the company has informed libraries that they're migrating all lynda.com users to Linkedin Learning, which would be fine, except Linkedin only allows you to access Linkedin Learning if you create and connect a Linkedin profile to the system.
If libraries accept this change, it will mean that any patron who uses this publicly funded service will also have to have a publicly searchable Linkedin profile. Linkedin's explanation of why this is OK is purest tech-bro PR bullshit, condescending and dismissive.
Under LinkedIn Learning’s new terms of service, a library cardholder will need to create a LinkedIn profile in order to access LinkedIn Learning. In addition to providing their library card number and PIN, users will have to disclose their full name and email address to create a new LinkedIn profile or connect to their existing profile. New users will have their LinkedIn profile set to public by default, allowing their full name to be searched on Google and LinkedIn.
ALA has long affirmed that the protection of library users’ privacy and confidentiality rights are necessary for intellectual freedom and are fundamental to the ethical practice of librarianship. ALA’s Library Bill of Rights and its interpretations maintain that all library users have the right to access library resources without disclosing their personally identifiable information (PII) to third parties, and to be free from unreasonable intrusion into, or surveillance of, their lawful library use.
“The requirement for users of LinkedIn Learning to disclose personally identifiable information is completely contrary to ALA policies addressing library users’ privacy, and it may violate some states’ library confidentiality laws,” said ALA President Wanda Kay Brown. “It also violates the librarian’s ethical obligation to keep a person’s use of library resources confidential. We are deeply concerned about these changes to the terms of service and urge LinkedIn and its owner, Microsoft, to reconsider their position on this.”
Roughly five months following the debut of Ludwig, Uber’s open source and no-code deep learning toolkit, the ride-hailing company today detailed improvements with the latest version: Ludwig 0.2. Among them are new tools and over 50 bug fixes, plus Comet.ml integration, the addition of Google’s BERT natural language model, and support for new feature types including audio, speech, geospatial, time, and date.
“The simplicity and the declarative nature of Ludwig’s model definition files allows machine learning beginners to be productive very quickly, while its flexibility and extensibility enables even machine learning experts to use it for new tasks with custom models,” wrote Uber engineers Piero Molino, Yaroslav Dudin, and Sai Sumanth Miryala. “Members of the broader open source community contributed many of new features to enhance Ludwig’s capabilities.”
After much consideration, I've decided to step down as the maintainer of gNewSense. It was the distro I fell in love with and it would hurt me to see it disappear. Yet I must be honest with myself and the community and face the facts. I feel like I can't give it the attention it needs to keep it in a state worthy of a distro recommended by the FSF. I'm sorry to disappoint current users and those anticipating a new release.
I would like to thank everyone who I've worked with and who contributed to gNewSense since it sparked from Paul O'Malley's brain over a decade ago. It's been fun and educational.
If someone wants to take over I will be quite happy to get that person going. I then might still help out, but I'm not going to take the lead anymore. Please get in touch or forward to anyone who might be interested.
I will keep the repositories and other infrastructure running for now.
Regards, samgee
The gNewSense that is based on Debian GNU/Linux but comprised entirely of free software without any non-free software support is now without a maintainer.
The gNewSense operating system is one of the few Linux distributions approved by the Free Software Foundation due to its exclusion of proprietary software. The gNewSense project has been running since 2006 and at times has struggled to be maintained while now it's lost current maintainer Sam Geeraerts.
Software performance depends more and more on exploiting multiple processor cores. The free lunch from Moore’s Law is still over. Well, we here in the Julia developer community have something of a reputation for caring about performance. In pursuit of it, we have already built a lot of functionality for multi-process, distributed programming and GPUs, but we’ve known for years that we would also need a good story for composable multi-threading. Today we are happy to announce a major new chapter in that story. We are releasing a preview of an entirely new threading interface for Julia programs: general task parallelism, inspired by parallel programming systems like Cilk, Intel Threading Building Blocks (TBB) and Go. Task parallelism is now available in the v1.3.0-alpha release, an early preview of Julia version 1.3.0 likely to be released in a couple months. You can find binaries with this feature on the downloads page, or build the master branch from source.
Yesterday, Julia team announced the alpha release of v1.3.0, which is an early preview of Julia version 1.3.0, expected to be out in a couple of months. The alpha release includes a preview of a new threading interface for Julia programs called multi-threaded task parallelism.
The task parallelism model allows many programs to be marked in parallel for execution, where a ‘task’ will run all the codes simultaneously on the available thread. This functionality works similar to a GC model (garbage collection) as users can freely release millions of tasks and not worry about how the libraries are implemented. This portable model has been included over all the Julia packages.
Cross-site scripting (XSS) is a security exploit which allows an attacker to inject into a website malicious client-side code. The attacker can do some undesirable things like adding false content or spy on visitors to steal their personal information.
In the previous article in this series, you learned about the purpose of Django migrations. You have become familiar with fundamental usage patterns like creating and applying migrations. Now it’s time to dig deeper into the migration system and take a peek at some of its underlying mechanics.
PyCharm 2019.2 is out now: improved Jupyter Notebook experience, syntax highlighting for many more languages out of the box, initial Python 3.8 support, and much more. Download now
As a developer, more than often I have to deal with sequential data. That could mean processing every item in the sequence either to prepare it for the next process or storing into some sort of database.
One of the most common data structure in python is list. And I use it a lot in my code. But it's not a good choice if number of items in sequence is unpredictable. For example, the length of list could be 5, 100, 10,000 or 5,00,0000 or even more.
This article, Perils of Constructors, explains all of these problems very well. It is not centered on GObject, but rather on constructors in object-oriented languages in general.
Despite the high regard in which the authors of the Charney Report were held by their scientific peers at the time, the report certainly didn't lead to immediate changes in behaviour, by the public or politicians.
But over time, as the world has continued to warm as they predicted, the report has become accepted as a major milestone in our understanding of the consequences our actions have for the climate. The current crop of climate scientists revere Charney and his co-authors for their insight and clarity.
In his letter to Félix Tshisekedi, he criticised the decision to remove him as head of the Ebola response team, and replace him by a committee "under your direct supervision".
He said members of that committee had interfered with his work in recent months.
He also condemned "strong pressure exercised in recent months" to use a new Ebola vaccine advocated by some aid agencies and donors.
He said the current vaccine was the only one with clinically proven effectiveness.
The second vaccine has yet to be used in the Congolese outbreak because of Dr. Ilunga’s objections. It is designed to complement a Merck treatment that has been given to 170,000 people and proved effective.
Dr. Ilunga has said the Johnson & Johnson vaccine has not been proved effective and that deploying a second one would confuse people in the afflicted region of eastern Congo, where health workers are struggling to overcome widespread misinformation about the Ebola as well as sporadic hostility.
Credit monitoring firm Equifax has agreed to pay up to $700 US million in fines and penalties to settle with various U.S. regulatory bodies over the massive data breach that saw the personal information of almost 150 million people stolen in 2017.
Canadian victims aren't covered by that figure.
But Jean Baptiste Kempf, President of VideoLAN and lead VLC developer brushed aside that as not a big deal in three separate comments.
Popular open-source software, VLC Media Player has been diagnosed with a critical vulnerability. The vulnerability CVE-2019-13615 was identified by German security agency CERT-Bund.
The vulnerability would allow hackers to gain access to the host computer and install/run programs or even modify files without knowledge of the user. CERT-Bund has given it a score of 9.8 out of 10. The vulnerability affects Windows, Linux and Unix platforms. macOS, on the other hand, is unaffected by the vulnerability. The VideoLAN team, on the other hand, has denied the existence of the vulnerability.
Reportedly, the bug doesn't affect macOS users so they can continue using the software without any problems. Those on either Windows, Linux or Unix are advised to practice caution as things proceed because it's rather tricky to pick a side between the German Computer Emergency Response Team (CERT-Bund) who first brought the issue to light or VideoLAN, the non-profit organization behind the open-source media player.
Germany's national Computer Emergency Response Team issued a security alert for a critical vulnerability in VLC Media Player
The flaw in VLC was discovered by German security agency CERT which they classified as “critical” with a vulnerability score of 9.8. The bug lets attackers remotely execute code (RCE) which potentially allows them to install, modify and run software without authorization or approval, and could even be used to access files on your system. Basically, VLC’s bug could allow hackers to hijack your system.
VLC is a very popular multi-platform media player.
News broke today that the VLC Media Player—immensely popular and Lifehacker-recommended—allegedly has a pretty severe bug that could allow allow a “booby-trapped” video, as The Register put it, to either crash the player or execute remote code. The former? An annoyance. The latter? A huge security issue, one that’d we recommend uninstalling VLC to address until its creator, VideoLAN, comes out with a patch.
Because of its free and open-source nature, VLC is one of, if not the most popular cross-platform media player in the world. Unfortunately, a newfound and potentially very serious security flaw discovered in VLC means you might want to uninstall it until the folks at the VideoLAN Project can patch the flaw.
Reports have emerged of a security bug in the Windows and Linux versions of VLC, making it vulnerable to remote-code execution via malicious videos.
Update: VideoLAN confirmed that the issue was not a security issue in VLC Media Player. The engineers detected that the issue was caused by an older version of the third-party library called libebml that was included in older versions of Ubuntu. The researcher used that older version of Ubuntu apparently. End
Gizmodo's Sam Rutherford suggested that users uninstall VLC immediately and the tenor of other tech magazines and sites was identical for the most part. Sensationalist headlines and stories generate lots of pageviews and clicks, and that is likely the main reason why sites like to make use of those instead of focusing on headlines and articles that are not as sensationalist.
First released in February 2001 and developed under the Lesser GPL V2.1+ licence, VideoLAN Player - most commonly referred to as VLC - is one of the most popular cross-platform media playback and streaming utilities around. Sadly, that very popularity makes it a ripe target for ne'er-do-wells - making a serious flaw discovered in the latest release all the more critical.
According to the bug's entry on the Common Vulnerabilities and Exposures (CVE) project, the flaw allows malicious or otherwise badly-written code to over-read past the end of a heap-based buffer in the software's MKV demuxing function. The US National Vulnerability Database, meanwhile, rates it as a CVSS 3.0 severity of 9.8 - giving it a top Critical mark, given that it can be used to crash the system, read private data, or even access private files.
A recent security alert caused a panic where people thought the VLC Media Player was affected by a critical vulnerability that had no patch. The problem is that the vulnerability was not in VLC, but rather a module that was replaced over 16 months ago.
According to a series of tweets posted by VLC developer Jean-Baptiste Kempf, it all started when Mitre created a CVE for a reported bug in VLC Media Player without first contacting VideoLan.
The 128-page report, “Basra is Thirsty: Iraq’s Failure to Manage the Water Crisis,” found that the crisis is a result of complex factors that if left unaddressed will most likely result in future water-borne disease outbreaks and continued economic hardship. The authorities at the local and federal level have done little to address the underlying conditions causing the situation.
Forty years ago, a group of climate scientists sat down at in Massachusetts for the first meeting of the "Ad Hoc Group on Carbon Dioxide and Climate." It led to the preparation of what became known as the Charney Report—the first comprehensive assessment of global climate change due to carbon dioxide.
A report published by the Environmental Data & Governance Initiative (EDGI) on Monday found that language related to climate change has disappeared at an alarming pace since Trump took office in 2016. Across 5,301 pages—ranging from websites belonging to the Environmental Protection Agency (EPA) to the US Geological Survey (USGS)—the use of the terms “climate change,” “clean energy,” and “adaptation” plummeted by 26 percent between 2016 and 2018. Of the pages where “climate change” was stricken, more than half belong to the EPA.
The EPA homepage was the 1,750th most-visited website in the US in early 2019, according to the report, giving it more reach than Whitehouse.gov. But “unlike the much-discussed White House effort to question climate change findings, website changes go unannounced and are often beyond immediate public recognition,” the report argues. “They insidiously undermine publicly-funded infrastructure for knowledge dissemination.”
According to the report, clear scientific terminology on government websites was often replaced with politicized language such as “energy independence,” a buzzword ripped directly from Trump’s “America First Energy Plan” which demands an increase in fossil fuel production.
The arguments just won’t go away. And while they persist, a nuclear Baltic looks likely to continue in Europe.
Its backers say nuclear power is vital in order to meet the world’s growing energy requirements; they also say it’s a clean fuel, able to meet the challenge of climate change and an ideal substitute for fossil fuels.
Others disagree; critics say that despite various technological improvements over the years, nuclear power is still unsafe. The issue of disposing of mountains of nuclear waste – which can remain active and dangerous for thousands of years – has not been resolved.
The 2.8 million people of the small Baltic republic of Lithuania are keenly aware of these different points of view. In former times, when Lithuania was part of the Soviet Union, what was one of the most powerful nuclear plants in the world was built at Ignalina, in the east of the country.
As part of a 2004 agreement to join the European Union (EU), Lithuania agreed to close Ignalina. Brussels said the facility was unsafe: its construction and design is similar to that of the ill-fated nuclear plant at Chernobyl in Ukraine, with no proper containment shell to capture any escape of radioactivity.
On Wednesday (25 October), the French government tabled an action plan on CETA’s health and environmental issues. But the French proposal can only be applied with the agreement of the EU and Canada. EURACTIV France reports.
The Comprehensive Economic and Trade Agreement (CETA) is the first major trade deal the European Union has signed up to since it began implementing its South Korea agreement in 2011.
Seven years in the making, CETA will abolish some 98% of customs duties, open up public tenders to companies and allow the EU to export more cheese and wine and Canada more pork and beef in quotas that expand over the next six years.
A new lawsuit seeks to kill a recent Trump administration rule that critics say deals a blow to transparency by giving the Environmental Protection Agency broad authority to shoot down public information requests.
The new rule—put in place without public input—was published on the Federal Register June 26 and goes into effect July 26.
"This rule is a shameful attempt to keep Americans in the dark about the Trump administration's sickening failures to protect our air, water, and wildlife," said Meg Townsend, open government attorney with the Center for Biological Diversity. "We have a right to know what EPA is trying to hide and which Trump appointee is trying to hide it."
In their suit filed Wednesday in the U.S. District Court for the District Columbia, the Center for Biological Diversity and the Environmental Integrity Project argue that the new regulation violates the Freedom of Information Act by allowing for information requests to be denied on the basis of "responsiveness," and violates the Administrative Procedure Act (APA) by allowing for responses to be delayed. The administration also violated the APA by not allowing for public comment on the rule change, the suit says.
For the moment, though, scientists have little idea how these adaptations may be playing out. A new paper in Nature Communications, coauthored by more than 60 researchers, aims to bring a measure of clarity. By sifting through 10,000 previous studies, the researchers found that the climatic chaos we’ve sowed may just be too intense. Some species seem to be adapting, yes, but they aren’t doing so fast enough. That spells, in a word, doom.
Risch put forward a bill, backed by Republican Sen. Marco Rubio and Democratic Sens. Jeanne Shaheen and Chris Coons, that would force the secretary of state to conduct a review of the U.S.-Saudi relationship and deny or revoke visas to some members of the Saudi royal family as reprisal for the kingdom’s human rights violations. Republican Senate aides told Foreign Policy that Risch consulted with the White House and State Department on the bill.
Aalto University announced earlier this month that bots made up 5.5 per cent of accounts tweeting Finnish-language content on topics related to the parliamentary elections and 2.8 per cent of accounts tweeting content related to the elections to the European Parliament.
The bots accounted for 2.5 per cent and 1.8 per cent, respectively, of all Finnish-language tweets related to the two elections.
The automatised activity, however, was neither significant nor particularly effective, according to the research team.
Well, based on data from a CBS poll of “battleground states,” there are “three roughly equal groups”: Democrats who call themselves “very liberal,” Democrats who call themselves “somewhat liberal,” and Democrats who call themselves “moderate” or “conservative.”
That’s it—those are the “three parties” that the Democratic Party actually is. Such are the striking insights that come with your New York Times subscription. (I would link to the polling data that Edsall is citing, but 12 hours after it was posted, the piece was still pointing to a broken url.)
Now, self-identification as “liberal” or “conservative” doesn’t mean a whole lot. When the Pew Research Center (7/28/15) compared the labels that people picked for themselves with the answers to policy questions with clear right/left options, it found that 56 percent of self-identified “moderates” picked mostly liberal policies, as did 30 percent of “conservatives” and 21 percent of those who said they were “very conservative.”
Notably, Pew found that self-identification is particularly unhelpful in gauging the policy preferences of African Americans; for example, 32 percent of black “liberals” say that “government is almost always wasteful and inefficient,” as do 40 percent of black “moderates” and 37 percent of black “conservatives.” (The corresponding numbers for whites are 37, 57 and 79 percent.) Thirty-two percent of African Americans say that they are “conservative” or “very conservative”; by policy preferences, 3 percent of them are.
As we hurtle into coverage of a presidential election that is still over a year away, media have returned to their timeworn tradition of going to rural, white communities to take the pulse of the nation (FAIR.org, 5/20/19).
Under the web headline “These Michigan Voters Show How Trump’s ‘Go Back’ Attack May Help Him,” the New York Times (7/22/19) ventured to a Trump stronghold in Michigan to bring readers the front-page news that people who supported Trump in 2016 despite his racist attacks still support him despite his racist attacks.
This reminds me of Daniel Dennett's four rules for how to argue a point effectively: [...]
While cryptocurrency scams are a dime a dozen on various parts of the web, Facebook's seeming lack of foresight to get ahead of early Libra scams isn't great when it's trying to present Libra as something various regulators and government officials shouldn't be worried about.
The bill, believed to be the first of its kind, would require wireless carriers and apps to get explicit permission before giving third parties geolocation data collected within the city. Under the plan, the city’s Department of Information Technology and Telecommunications would be tasked with enforcing the bill, and could levy steep penalties on offenders. A violator could be fined $1,000 for each violation, or $10,000 for each person’s data shared, if multiple violations happened on the same day.
Facebook claims to have 2.3 billion users, but it also has made a series of contradictory and confusing disclosures about that number that make it hard to credit: they told the SEC that 5% of their accounts were fake and 11% were duplicates (up from 1% and 6% in mid 2017), but no one knows what that number means because in 2018 the company stopped releasing quarterly numbers and switched to annual reporting. And in any event, Facebook won't reveal its methodology for determining fake and dupe accounts, saying that they use a "limited sample of accounts" and then apply "significant judgment" when interpreting their findings.
Wehner didn’t mention the fine print on page 18 of the slide deck, which highlights the Philippines, Indonesia and Vietnam as countries where there are “meaningfully higher” percentages of, and “episodic spikes” in, fake accounts. In other words, Facebook is growing the fastest in the locations worldwide where one finds the most fraud. In other other words, Facebook isn’t growing anymore at all—it’s shrinking. Even India, Indonesia and the Philippines don’t register as many searches for Facebook as they used to. Many of the “new” users on Instagram are actually old users from the core platform looking to escape the deluge of fakery.
EFF is disappointed by the terms of the settlement agreement announced today between the Federal Trade Commission (FTC) and Facebook. It is grossly inadequate to the task of protecting the privacy of technology users from Facebook’s surveillance-based system of social networking and targeted advertising.
This settlement arises from the FTC’s 2012 settlement order against Facebook, concerning the company’s deceptive statements about user privacy. Facebook violated the 2012 FTC order through its role in the Cambridge Analytica scandal, which violated the privacy rights of millions of Facebook users.
Today’s FTC-Facebook settlement does not sufficiently protect user privacy.
The Federal Trade Commission announced today the first fine against Facebook since EPIC and a coalition of privacy organizations filed a complaint with the Commission about the company’s businesses practices back in 2009. In a 2011 consent order the FTC said it would bar Facebook "from making any further deceptive privacy claims.” But in the years that followed, the FTC failed to act even as complaints emerged about marketing to children, privacy settings, tracking users, gathering health data, and facial recognition.
With a bunch of reports detailing the ills of facial recognition systems that have dominated the conversation around the unregulated technology, a breath of fresh air comes after a fugitive has been caught by a facial recognition system in China earlier this week.
Chinese police officers arrested an unnamed fugitive at a Cantopop star’s concert in Zhanjiang city at the southwestern end of Guangdong province. The arrest was highly attributed to the facial recognition system used by Chinese law enforcement in concerts and crowded gatherings to spot fugitives and wanted criminals. The said system has already been in used since late 2017.
So if you've been around these parts for a while, you might remember a big stink back in 2006 or so when Google's Street View vehicles were found to have been hoovering up data collected via WiFi. The collection came while the company was collecting Street View data via its army of specially-configured vehicles, and included pretty much any and all unencrypted data traveling over those networks, including telephone numbers, URLs, passwords, e-mail, or video streams. The goal was purportedly to ensure better geographical positioning data, but the data collected went well beyond what was needed for that goal.
Galan said she met with CBP officers last week and presented them with Galicia’s birth certificate and some other documents but was unsuccessful in getting him released. She plans on presenting the same documents to ICE officers later this week.
But of course, NYPD officers also use more covert methods to supplement their policing. The NYPD has used Palantir, a powerful, secretive data aggregation tool that enables law enforcement to learn nearly everything about a person from a simple search query. The NYPD has also tested controversial predictive policing technology, which claims to be able to “forecast” crime by sending police to places where crime has already occurred. It has abused facial recognition technology by submitting celebrity look-alikes of subjects on camera in order to search for positive matches. It has fleets of drones, which have been deployed at events like the NYC Pride Parade, despite the fact that LGBTQ activists have resisted heavy police presence at Pride events.
In Iran, the law requires women to wear modest "Islamic" clothing. In practice, this means women must wear a chador, a full-body cloak, or a headscarf and a manteau (overcoat) that covers their arms.
In 2018, there were posters in cities and towns comparing unveiled women to unwrapped candy and lollipops attracting unwanted attention from flies.
However, since today any hint of Nazism in Europe is harshly criticized by governments and civil societies, and it is also highly costly with regard to both credit and finance, Nazi views tend to emerge in other ways that are seemingly unrelated to Nazism and, consequently, are less dangerous for their holders. In my opinion, today “Islamism” is the true descendant of Nazism in Europe. Both the Shi’ite Islamism of the Ruhollah Khomeini-dominated Iran and the Islam of Abu Bakr Baghdadi’s Islamic State are “religious supremacist” ideologies, and both would commit any crime to prove their supremacy.
An investigation called the "Plain View Project" has uncovered a truly disturbing amount of bigoted, violent social media posts by police officers located all over the United States. The entire database of posts is located here. Anyone wanting to see what their public servants truly think about the people they serve can click through and be horrified.
It would be horrifying enough if officers just kept their thoughts to themselves and let those thoughts guide their actions. But these are public posts able to be viewed by anyone and these officers apparently had no qualms about displaying the content of their character.
Back in May, the San Francisco Police Department raided the home of a local "stringer," hoping to discover who had leaked a sensitive police report to the journalists. This raid violated the state's journalist shield law and the First Amendment. Since it was obvious the source of leaked document was an SFPD officer or employee, the raid was also incredibly stupid… unless the real point of the show of force was to discourage journalists from publishing leaked documents.
It took a few days before the SFPD police chief was willing to condemn the raid. According to the chief, the still-unseen affidavit glossed over the target's occupation -- an omission that likely would have seen the warrant application tossed if it had been included.
The Eleventh Circuit Court of Appeals has reached a conclusion that defies easy summation. But here's an attempt: it is not well-established that cops shouldn't shoot children they've ordered to lie prone on the ground while trying to shoot a dog that posed no threat to officers.
In reversing the lower court's denial of qualified immunity to Officer Michael Vickers, the Appeals Court has opened the door to preventing the stupidest, most-inept cops from being held responsible for their careless blunders.
In this case, Vickers and other officers were pursuing a suspect through a neighborhood. This pursuit inserted them into the backyard of Amy Corbitt, where Corbitt's 10-year-old child (known only as SDC in the opinion) and five other children (two of them under the age of three) were playing. The officers entered the yard and demanded everyone present to get down on the ground, including the children. They handcuffed the only adult in the backyard (Damion Stewart) and kept the children on the ground. The officers had the scene secured as they outnumbered the prone children who were still laying on the ground with guns pointing at them.
A little more than 12 years ago, Verizon was forced to strike an agreement with the New York State Attorney General for marketing data plans as "unlimited" when the plans had very clear limits. Carriers have received numerous subsequent wrist slaps for the practice in the decade since, but none of these lessons appear to have gotten through.
Case in point: Verizon recently launched its first ever 5G hotspot for use on the company's barely available 5G network. To use it, you'll need to pony up $650, which is three to four times higher than the cost most pay for a comparable 4G hotspot. From there, you'll need to pay Verizon $85 per month for an "unlimited" 5G data plan, which is roughly $10 more per month than a comparable 4G plan.
Microsoft Corp on Monday agreed to pay a $25.3 million fine to settle charges that it bribed officials in countries like Hungary and Saudi Arabia, among others.
The Department of Justice announced that Microsoft Hungary, a subsidiary of Microsoft, "admits, accepts and acknowledges" wrongdoing and will pay $8.75 million in criminal fines.
In Sept. 2018, STC.UNM filed an amicus brief asking the Federal Circuit to maintain its special protection from inter partes review, stating that in order to “achieve its goals, STC.UNM seeks patent protection for the technologies developed at The University.” (emphasis added.)
Six months after filing that brief, STC filed its first lawsuit using ITRI patents.
University technology transfer offices often cite the research work their universities perform when they discuss the patent system. And that university research work is often valuable, leading to serious technological advances. The Association of University Technology Managers, the trade association for tech transfer officers, cites a number of non-financial benefits, including promoting a culture of innovation at the university, providing a research experience for students, increasing university prestige and faculty retention, and helping obtain additional opportunities for federal grant funding.
But much of that argument is predicated on one underlying fact—the university is commercializing the research performed by its professors and students. When the research is acquired from outside of the university, none of those benefits accrue. And when a university acquires patents from someone else and then asserts them without any tie to the university or attempt to transfer technology via startup creation, how can you tell the difference between a university and a patent troll?
Not only is Mr. Delrahim at loggerheads with the case law but most industry players disagree with him. ACT says in its filing that "[t]he companies and associations that have joined [ACT | The App Association] in efforts to curtail SEP abuses represent over $100B annually in R&D spending across a range of industries, own hundreds of thousands of patents (including SEPs), employ 50 million+ Americans, and contribute trillions of dollars to annual U.S. GDP." (emphasis in original)
As to Mr. Delrahim allegedly "expressly desir[ing] to change Supreme Court precedent," I've looked up the speech ACT is referring to. What he said is a bit more nuanced. He argued that the Supreme Court "has not yet commented on [a particular] issue," though he did concede that "[i]n a handful of cases, the U.S. Supreme Court has recognized that there can be antitrust liability for collusive activity that manipulates the standard-setting process to gain an advantage over rivals," and "recognizes that concerted action among implementers or innovators at the same level of the supply chain could constitute an antitrust violation." But, in general, ACT is right that Mr. Delrahim's approach to SEP-related legal questions is that he'd rather make new law than just live with the existing one.
Not only in this context but generally speaking, the ACT's filing complement and reinforces the FTC's opposition brief to Qualcomm's motion, lodged with the Ninth Circuit after an endeavor to the same end failed in Judge Koh's court, for an enforcement stay. Where the FTC stays true to its low-key tone, the ACT is far more combative and directly points the appeals courts to some striking contradiction and inconsistencies between what Qualcomm and its amicis are saying now and what Qualcomm has said and done before, including that "[Qualcomm] even sued a rival chipmaker for breach of FRAND based on the rival's refusal to license [Qualcomm]." (emphasis in original) The ACT brief also notes that Qualcomm's current president, Cristiano Amon, said the following more than a decade ago (he was a Qualcomm vice president at the time): "Saying [Qualcomm] refuse[s] to license competitors is like saying McDonald's refuses to sell hamburgers [...] It's nuts. It's crazy."
The defense raised a written description issue – arguing that the original patent filings did not support the “therapeutically effective” limitation. The district court sided with the patentee, but the Federal Circuit reversed on appeal and held the claims invalid. In particular, the Federal Circuit found that PHOSITA could not tell from the patent document that the compound was “therapeutically effective” as claimed.
Obviousness – Written Description Interplay: The amount of written description needed varies from patent to patent depending upon a number of factors — including the level of skill in the art. An invention that far-exceeds the state-of-the-art will need more description in order to show possession of the invention.
In this case, the patentee won its obviousness argument by showing PHOSITA would not have reasonably expected the combination to work. As such, that means that the claim elements must be fully described in the specification.
The Court also explained that the written description requirement does not always require proof that a claimed drug treatment is effective. The difficulty for the patentee here, is that the treatment’s effectiveness is particularly claimed.
This case implicates fundamental questions about the proper roles of the jury and the court. After a six-day trial, a jury found that Respondent Samsung willfully infringed Petitioner Imperium’s patent rights. In reaching that verdict, the jury found that Samsung had failed to carry its burden of proving by clear and convincing evidence that the relevant patent claims were invalid. Following post-trial proceedings, including an award of treble damages plus attorney’s fees in light of Samsung’s willful infringement and litigation misconduct, the district court entered judgment for over $22 million on the patent claims at issue.
The Federal Circuit reversed, however, holding that Samsung was entitled to judgment as a matter of law on invalidity because the jury was required to accept the purportedly credible, “unrebutted,” and “uncontradicted” testimony of Samsung’s paid expert. The court of appeals reached that holding only after performing its own assessment of Samsung’s expert’s credibility and ignoring numerous other facts that could have led a reasonable jury to discount the value of this witness’s testimony.
The case at hand concerned an application by Pfizer for Arrow-declarations in relation to its proposed launch of its bevacizumab product (it will be branded “Zirabev”) for the treatment of various cancers in combination with other drugs.
[...]
Pfizer had no problem waiting for launch until expiry of the basic patent SPC in June 2020. However, Pfizer was concerned about Roche’s “thicket of second-line patents and patent applications” relating to combinations of bevacizumab with other known drugs essentially hindering its intended product launch due to the alleged uncertainty caused. For this reason, Pfizer requested declaratory relief that its intended product lacked novelty and/or inventive step at the earliest priority date of Roche’s patents and applications.
However, at the time of trial, Roche had no relevant UK patent and it was undisputed that Roche had “abandoned any prospect of obtaining such a UK patent in future”. Nevertheless, it is important to note that Pfizer planned to supply the UK market from Belgium. In this regard, Pfizer argued that the supply of the patent-free UK market could be hindered by Roche through legal actions in Belgium. Hence, it was Pfizer’s goal to use the UK judgment to influence potentially arising Belgian court actions.
[...]
Even though the case was dismissed, the threshold for granting Arrow-declarations seems to be rather low. If Roche’s conduct was lawful and it was “entitled to try (…) to get a valid patent”, it is not comprehensible as to why there should be room for Arrow-declarations in such circumstances at all. It seems at least questionable whether a mere assumption by the court (even if based only on evidence by the claimant) that the defendant is trying to shield its patent from scrutiny by English courts can be sufficient. There are certainly various reasons for de-designating the UK from one’s patents or applications.
Nevertheless, clear and unambiguous de-designations of the UK from all relevant EP applications very likely impede claims for Arrow-declarations even though Birss J concluded that other factors might also justify such declarations, e.g. as assistance in settlement talks. However, these other factors are rather difficult to substantiate.
You may not recall the name Katharina Weischede, but we wrote about this Filipina teenager from New Zealand back in 2018, when Viacom decided to oppose the 13 year old on trademark grounds because she dared to make and sell "slime" as a business. More specifically, Katharina has earned the nickname in New Zealand of "Slime Princess", which is what she applied for in her trademark application. Viacom opposed the application, citing that its Nickelodeon division has trademark rights for "slime" in the country already.
S 22(1)(a) and (b) are the relevant provisions as follows:
(a) Under S 22(1)(a), a trade mark registration may be revoked if, “within the period of 5 years following the date of completion of the registration procedure, it has not been put to genuine use in the course of trade in Singapore, by the proprietor or with his consent, in relation to the goods or services for which it is registered, and there are no proper reasons for non-use”;
(b) Under S 22(1)(b), a trade mark registration may be revoked if “such use [as stated in S22(1)(a) TMA] has been suspended for an uninterrupted period of 5 years, and there are no proper reasons for non-use”.
S 22(2) further states that the use of a registered mark (for defending against revocation) includes use “in a form differing in elements which do not alter the distinctive character of the mark in the form in which it was registered”.
Accordingly, the registered proprietor may successfully defend a revocation action even if he had not used the mark in the exact form in which it was registered, so long as his use of the registered mark was accordance with the requirements of S22 (2).
Cybercrime police in Italy say they have dismantled a high-level provider of 'pirate' IPTV channels. The raid, which netted 57 Sky decoders, 186,900 euros in cash, cryptocurrency, and gold bars, was actioned in the far south of the country. A 35-year-old man was detained as part of the investigation.