Bonum Certa Men Certa

Links 25/7/2019: PHP 7.4.0 Beta, Security FUD Debunked



  • GNU/Linux

    • Desktop

      • Razer's Linux Laptop Plans Appear To Have Been Mothballed

        Remember back in 2017 when Razer CEO Min-Liang Tan talked about plans for better Linux support for their high-end gaming laptops on Linux? More than two years later, they have yet to ship a Linux laptop nor make any other measurable improvements to their Linux support.

      • It's about time.....

        The percentage of Reglue kids going on to graduate school is, per capita; 8% higher than the national average. That's possible in no small part to your participation in Reglue over the years. We couldn't have done anything near close to this without the support of The Linux and Open Source Community.

        I have prostate cancer. At first, my Uro-guy wasn't too worried about it because it was in the early stages of growth and he told me that my type of prostate cancer was known as the 25 year killer. Meaning that it would take that cancer 25 years to begin to threaten me. Unfortunately, within the past 6 months, that cancer has accelerated and I must begin a radiation and chemo regimen. Now don't panic...I'm not. I have sufficient insurance and a great Urologist. This isn't really a big deal. I simply mention it so that those who have supported our efforts are kept in the loop. I've beat this crap once and I'll beat it again.

    • Server

      • 24 sysadmin job interview questions you should know

        As a geek who always played with computers, a career after my masters in IT was a natural choice. So, I decided the sysadmin path was the right one. In the process of my career, I have grown quite familiar with the job interview process. Here is a look at what to expect, the general career path, and a set of common questions and my answers to them.

      • How to transition into a career as a DevOps engineer

        DevOps engineering is a hot career with many rewards. Whether you're looking for your first job after graduating or seeking an opportunity to reskill while leveraging your prior industry experience, this guide should help you take the right steps to become a DevOps engineer.

        [...]

        If you have prior experience working in technology, such as a software developer, systems engineer, systems administrator, network operations engineer, or database administrator, you already have broad insights and useful experience for your future role as a DevOps engineer. If you're just starting your career after finishing your degree in computer science or any other STEM field, you have some of the basic stepping-stones you'll need in this transition.

      • Getting Started with Knative on Ubuntu

        Serverless computing is a style of computing that simplifies software development by separating code development from code packaging and deployment. You can think of serverless computing as synonymous with function as a service (FaaS).

        Serverless has at least three parts, and consequently can mean something different depending on your persona and which part you look at – the infrastructure used to run your code, the framework and tools (middleware) that hide the infrastructure, and your code which might be coupled with the middleware. In practice, serverless computing can provide a quicker, easier path to building microservices. It will handle the complex scaling, monitoring, and availability aspects of cloud native computing.

      • The 10 new rules of open source infrastructure

        Recently, I gave a keynote at the Cloud Native / OpenStack Days in Tokyo titled “the ten new rules of open source infrastructure”. It was well received and folks pointed out on Twitter that they would like to see more detail around those ten rules. Others seemed to benefit from clarifying commentary. I’ve attempted to summarize the points I’ve made during the talk here, and happy to have a conversation or add more rules based on your observations in this space over the last ten years. I strongly believe there are some lasting concepts and axioms that are true in infrastructure IT, and documenting some of them is important to guide decisions that go into the next generation thinking as we evolve in this space.

      • Cockpit Project: Cockpit 199

        Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 199.

      • IBM

        • Controlling Red Hat OpenShift from an OpenShift pod

          This article explains how to configure a Python application running within an OpenShift pod to communicate with the Red Hat OpenShift cluster via openshift-restclient-python, the OpenShift Python client.

        • Controlling Red Hat OpenShift from an OpenShift pod

          This article explains how to configure a Python application running within an OpenShift pod to communicate with the Red Hat OpenShift cluster via openshift-restclient-python, the OpenShift Python client.

    • Audiocasts/Shows

      • Ubuntu Podcast: S12E16 – Glider Rider

        This week we’ve been learning about the crazy world of flat earthers. In a change to our scheduled programming we discuss Alan’s new lean podcasting experiment, bring you some command line love and go over all your feedback.

        It’s Season 12 Episode 16 of the Ubuntu Podcast! Alan Pope, Mark Johnson, Martin Wimpress and Stuart Langridge are connected and speaking to your brain.

      • Mumbling with OpenBSD | BSD Now 308

        Replacing a (silently) failing disk in a ZFS pool, OPNsense 19.7 RC1 released, implementing DRM ioctl support for NetBSD, High quality/low latency VOIP server with umurmur/Mumble on OpenBSD, the PDP-7 where Unix began, LLDB watchpoints, and more.

      • Endeavour OS + Pisi Linux | Choose Linux 14

        We take a look at the continuation of Antergos called Endeavour OS and are pretty impressed, and Distrohoppers delivers an interesting distro that's obsessed with cats.

        Plus the only way to watch YouTube videos on Android.

      • The Linux Link Tech Show Episode 818
    • Kernel Space

      • Bcachefs gets closer

        When it comes to new filesystems for Linux, patience is certainly a virtue. Btrfs took years to mature and, according to some, still isn't ready yet. Tux3 has kept users waiting since at least 2008; as of 2018 its developer still said that it was progressing. By these measures, bcachefs is a relative youngster, having been first announced a mere four years ago. Development of this next-generation filesystem continues, and bcachefs developer Kent Overstreet recently proclaimed his desire to "get this sucker merged", but there are some obstacles to overcome still. Bcachefs has its origins in the bcache caching layer, though it is a separate project at this point. Like most of the newer filesystems out there, it uses a copy-on-write approach — data is copied to a new location when changed rather than overwritten. That enables the implementation of a number of interesting features; those intended for bcachefs include data checksumming, compression, multiple-device and RAID support, hierarchical storage management, snapshots, and, naturally, good performance. Work on bcachefs has apparently been slowed by the fact that there is relatively little interest in supporting this work; Over

      • 5.3 Merge window, part 1

        As of this writing, exactly 6,666 non-merge changesets have been pulled into the mainline repository for the 5.3 development cycle. The merge window has thus just begun, there is still quite a bit in the way of interesting changes to look at. Read on for a list of what has been merged so far.

      • Reworking CFS load balancing

        The Linux scheduler is made of the main types of scheduling which are the Completely Fair Scheduler (CFS), the realtime (RT), and the more recent deadline scheduler. The CFS class is the default and most commonly used one, which aims at sharing the running time of CPUs between tasks according to their priority. It was introduced in 2007 and has seen several major changes since. One of these major changes was the introduction of per-entity load tracking (PELT), which gives more details about the utilization of CPUs by tasks.

        The load-balancing algorithm of the scheduler has the key responsibility of placing tasks on CPUs to optimize the overall throughput of the system. It periodically monitors the system and decides when tasks have to migrate to ensure a fair distribution of compute capacity and an optimal use of resources. But that hasn't really changed to take full advantage of these new metrics and it is still only using the load as the unit to migrate tasks, even when the root cause of an imbalance is not linked to load but to the available compute capacity of CPUs, for example.

      • Frequency scale-invariance on x86_64

        The utilization and load signals computed with the PELT algorithm are affected by the processor's clock frequency: loosely speaking, a task looks bigger if the machine is running slower. The remedy to this problem is called "frequency scale-invariance" and consists in normalizing all interesting quantities via the scaling factor current_frequency / max_frequency. At the time of this writing only the Arm architecture implements it; a session at the third OSPM summit in Pisa discussed a possible way forward for x86_64 systems.

        The reader may recall that, in PELT, time is partitioned in segments and, for each of those, the on-CPU time of a task is recorded (in the case of utilization; for load, the quantity of interest is on-run-queue time). This implies that a given task would score a higher utilization and load if the CPU is running at a lower frequency: generally speaking, a slower running CPU makes tasks run for longer; a longer running time produces larger values of the PELT signals. This effect of the PELT formula is undesired, because utilization and load of tasks and run queues cannot be compared across CPUs or across time, since the operating frequency might be different.

        The PELT framework offers a mechanism to rescale quantities and make them invariant to changes of frequency: some architecture-specific code has to implement the function arch_scale_freq_capacity() to return an appropriate scaling factor which, ideally, is going to be the ratio current_frequency / max_frequency — PELT will then use this factor where appropriate. As of today, only the Arm architecture implements arch_scale_freq_capacity(), thus it's the only architecture that can claim to have frequency scale-invariant load and utilization.

      • How can we make schedutil even more effective?

        Mobile platforms can feature some operating power points (OPPs) that are more energy-efficient than others at lower frequencies. The inefficient low-frequency OPPs can therefore be avoided in normal conditions, leading to better latency at no cost. The power cost of OPPs does not increase linearly with frequency, which gives some opportunities for smarter decisions: if the frequency can be increased when it would be beneficial for a low power bill, why not do it?

      • Scheduler soft affinity

        As systems are getting bigger with more and more CPU cores, multiple instances of workloads are being consolidated on a single system. For example, multiple virtual machines (VMs) or containers on the same host is a common use case. Currently the Linux scheduler provides a few ways to partition multiple workload instances: hard partitioning using the sched_setaffinity() system call or the cpuset.cpus control group interface that binds the thread to a specific set of CPUs, or by using control group CPU shares (cpu.shares) that divide the CPU cycles of the system among multiple instances using fair sharing.

        But there is a need to have a way of dynamically partitioning workload instances so that one instance can use the available CPUs of another instance if they are idle, but only use the CPUs of its own partition when other partitions are busy. For example, the Oracle database has a multi-tenancy feature that can enable the root-level database instance to house multiple lightweight Pluggable Database (PDB) instances, each of which can be partitioned to use a NUMA node in a multi-socket system. Hard partitioning is not an option here, as one PDB instance needs to be able to burst out of its partition and use other available idle CPUs when other PDBs are idle. Hence CPU shares are used in this case. But this has the disadvantage of cache-coherence overhead (i.e. each instance running on all sockets will incur the cross-socket cache-coherence penalty due to data sharing).

      • SCHED_DEADLINE on heterogeneous multicores

        As already mentioned in other talks, the SCHED_DEADLINE policy currently does not consider the capacities or the running frequencies of the various CPU cores. This mainly impacts two different aspects: admission control and task placement.

        The SCHED_DEADLINE admission control is designed with two goals: avoiding overload (that is, avoid starving non-deadline tasks) and providing performance guarantees to deadline tasks. Unfortunately, the current code assumes that all of the CPU cores have the same maximum capacity (which is assumed to be equal to the maximum capacity of the fastest core), and this assumption breaks the admission-control mechanism. A simple experiment (creating SCHED_DEADLINE tasks until the admission control fails) shows that on a big.LITTLE CPU, it is currently possible to starve non-deadline tasks. A first patch that has been submitted to the Linux kernel mailing list fixes this issue by considering the maximum capacity of each CPU core when performing the admission control. Repeating the experiment shows that the patch is effective (until thermal throttling slows down the CPU, but this is a different issue).

      • TurboSched

        Parth Shah discussed the problem of sustaining "turbo" frequencies on SMP systems. Modern multicore systems have support for turbo frequencies, which are frequencies above the range of the rated frequencies that can be sustained by a small number of CPUs in the chip under certain power and thermal constraints. However, due to these very power and thermal constraints, it is harder to sustain these turbo frequencies for longer durations. Shah said that IBM POWER9 systems have a margin of around 18% for turbo range and sustaining these frequencies can provide better single-threaded performance.

      • New approaches to thermal management

        Volker Eckert presented results from his experiments to use the CFS bandwidth controller for thermal management. The fundamental idea is to use less CPU bandwidth while running low-priority (background) tasks and thus keep the power budget available for more important tasks. This led to two interesting discussions: how to solve the per-entity load tracking (PELT) utilization issues for throttled tasks, and the idea, pushed by Morten Rasmussen, that thermal management should be applied to tasks rather than CPUs. Following this overall design approach, which was also backed by Paul Turner, the CFS bandwidth controller could play an essential role in a thermal-management architecture for future mobile systems.

      • Proxy execution

        At the risk of playing defense, Juri Lelli started his talk by saying that he was going to be quick, as he didn't actually have any updates from what he presented last year at the Linux Plumbers Conference and from the first RFC posted on the Linux kernel mailing list. The main goal of his session was to understand if there is still interest in this line of work.

        Proxy execution can be simply thought of as a "better" priority-inheritance mechanism, which a mutex owner can potentially run using (inheriting) the scheduling context (properties) of other tasks blocked on the same mutex (avoiding priority inversions). For the SCHED_DEADLINE scheduling policy, this translates to the possibility for a mutex owner to run "inside" donors' (mutex waiters) bandwidth, fixing a longstanding issue of policy: priority-boosted tasks are currently allowed to run outside of runtime enforcement, as they only inherit donors' deadline.

    • Applications

      • Handy productivity software for your home and office

        Discovery is an integral part of any store experience. Sometimes, you know what you want and need, and the experience can be short and transactional. On other occasions, you want to explore, and search for new things. This applies equally to shopping malls as it does to software.

        In this article, we would like to give you an overview of several rather interesting entries from the Productivity section in the Snap Store, to help you get started on your discovery journey. While Linux users are familiar with the tried-and-tested set of a small number of popular, long-time players, there are many colorful, unique applications out there, waiting to be found and used. Let’s browse around.

      • Ren'Py, One of the Best Visual Novel Engines!

        For almost 2 weeks I didn't update the article on this blog, it's because I'm also making a visual novel with a short story. If you like writing novels, maybe you can make it Visual Novel so that it is more interactive. Visual novel games have their own fans. We can also make a visual novel using the Game Engine. One software that you can use to create visual novels is Ren’Py.

    • Instructionals/Technical

    • Games

      • Blood Opera Crescendo, a 2D investigative adventure game will support Linux

        Another new indie game in need of funding on Kickstarter, the 2D investigative adventure game Blood Opera Crescendo and it's planning Linux support.

        Inspired by the Ace Attorney and Persona series, Blood Opera Crescendo from Italian developer Kibou Entertainment has been in development since the start of last year in RPG Maker MV. They said the project has reached an advanced enough stage now to really take it further.

      • Space-colony sim "Oxygen Not Included" to leave Early Access on July 30th

        Oxygen Not Included, the space-colony simulation game from Klei Entertainment now has a release date set, with it leaving Early Access on July 30th.

        It was originally due to release quite a bit sooner, but back in May Klei decided to delay it to ensure it had as much testing and polish as possible. With the full release, there will be an update coming with some new toys to play with including new asteroids, three new biomes with plants and critters, new buildings, colony goals and the usual balance and polish you can expect from a release.

      • Take control of the Adeptus Mechanicus again, Warhammer 40,000: Mechanicus - Heretek is out

        Warhammer 40,000: Mechanicus - Heretek, the first DLC for the turn-based strategy game is now available.

        If you're a Warhammer fan, Mechanicus is a game not to be missed. Focusing on the Adeptus Mechanicus, which doesn't usually get a lot of screen-time in games. No messing around with Space Marines, no hiding behind cover. A pretty streamlined game, but very atmospheric and fun to play through. Even if you don't usually appreciate Warhammer, it's still a good strategy game.

      • The excellent shoot 'em up "Risk System" updated, now with better Linux support

        Risk System doesn't seem to have gained much attention, a shame really since as far as shoot 'em ups go it's fantastic and at least tries to be a little different. A shooter where instead of dodging enemy bullets, you need to get up close and personal to charge your ship up. Honestly, it's good.

        At release, the Linux version did suffer from one major issue. Due to a bug in GameMaker, unless you used an external tool to cap the FPS, everything was too fast. They've now solved this, with an update released this week.

      • Warfork, a fast-paced arena FPS based on Warsow is heading to Steam

        Love fast-paced arena shooting? Warfork, a game based on Warsow is heading to Steam with an Early Access release due soon.

        Why did they fork it and go their own way? Well, according to the Warfork team, the owner of Warsow is opposed to a Steam release, which they feel is "hurtful to the growth of the community".

      • Blending 2D and 3D gameplay, Anodyne 2: Return to Dust is launching next month

        With graphics and gameplay inspired by classics across the PS1, PS2 and N64 for the 3D design as well as the 2D art of the GBA and SNES, Anodyne 2: Return to Dust certainly looks and sounds good.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Welcome to KDE: Nuremberg Megasprint Part 1

          Now that it has been over half a year since I started this blog, it is time to address one of the topics that I promised to address at the beginning: How I got started with KDE. I will do this in the context of the “Nuremberg Megasprint” which combined a KDE Connect sprint, a KDE Welcome / Onboarding sprint, and a KWin sprint.

          At the Onboarding sprint, we were talking mostly about ways to make it easier for developers new to KDE to work on our software. Currently the path to getting that working is quite convoluted and pretty much requires that a developer read the documentation (which often doesn’t happen). We agreed that we would like the new developer experience to be easier. I don’t have a lot to say about that, but keep an eye on the Planet for an idea of what was actually worked on! Instead, since I am a relatively new KDE contributor, I will tell the story of how I got started.

          I started using Plasma as a desktop environment around 2012, shortly after Ubuntu switched from Gnome 2, which I liked, to Unity, which I disliked. I tried playing with Mate and Cinnamon for Ubuntu, but I didn’t find either one was what I wanted. I had heard that KDE existed, but I didn’t know anything about it, so I gave it a try as well.

      • GNOME Desktop/GTK

        • Gnome Shell Dash To Panel v20 Brings Major Window Previews Improvements

          The Gnome Shell Dash to Panel (not to be confused with Dash to Dock, from which the Ubuntu Dock is forked) extension combines the Dash with the top Gnome panel. The result is a single panel that provides an icon taskbar, the tray, system menu, and date / time indicator. This is similar to the KDE Plasma and Windows 7 (and newer) taskbar. The extension supports Gnome Shell 3.18 and newer.

          The latest Dash to Panel v20 includes major improvements to its window previews. With this version, the window previews have been re-written using custom components so they no longer steal input.

          Along with this, there are also quite a few new window preview features, like new styling options such as size, padding, close button location, header visibility and font style. And that's not all - the live window previews size is now dynamic for each thumbnail, which makes a lot of sense since windows have different geometries, so previously you'd get huge borders around the previews.

    • Distributions

      • Zorin OS Is The Linux Distro We Wanted 10 Years Ago [Giveaway Inside]

        Zorin OS is a different offering in a large pool of competition. Zorin isn’t groundbreaking but does manage to provide some features that are fairly unique. Zorin is intended to be a friendlier distribution and aims to please newcomers to Linux. While it has much to offer, it does stray from the typical Linux modus operandi.

        Zorin OS is very much the same as other distributions, in particular, it is based on Ubuntu, so there’s a very cookie-cutter start. But beyond that, it becomes much different.

      • The New Version Of Deepin Linux Has A Killer Feature That Every Distribution Needs

        Basically, Deepin Cloud Sync lets you sync all kinds of system settings to the cloud automatically. This covers network settings (such as VPN and WiFi), sound settings, mouse settings, update settings, power settings, corner settings, theme, wallpaper, launcher, and dock. You know, that stuff you're always investing time into tweaking and configuring with pretty much any new installation.

        There are other solutions of course. You can throw all your config and relevant files onto a Git repository, sync them up with NextCloud or back them up onto another drive. There's no shortage of alternate approaches.

        But this is one of those features that's appealing to both newcomers and more casual users. An elegant solution that just makes using Linux easier, and that's something I'm always eager to highlight.

      • New Releases

        • GNOME Packages, More Updated in Tumbleweed This Week

          Two openSUSE Tumbleweed snapshots have been released since our last Tumbleweed update on Saturday.

          The most recent snapshot, 20190723, updated Mozilla Firefox to version 68.0.1. The browser fixed the missing Full-Screen button when watching videos in full screen mode on HBO GO. The new 68 version enhanced the Dark Mode reader view to include darkening the controls, sidebars and toolbars. It also addressed several Common Vulnerabilities and Exposures (CVE). The snapshot provided an update to GNOME 3.32.4, which fixed an issue that led to some packages with multiple appdata files not correctly showing up on the updates page. The Guile programming language package update to 2.2.6 fixed regression introduced in the previous version that broke HTTP servers locale encoding. Hardware library hwinfo 21.67 fixed Direct Access Storage Devices (DASD) detection. A major 7.0 version of hylafax+ arrived in the snapshot. The Linux Kernel brought several new features with the 5.2.1 kernel and enhanced security for a hardware vulnerability affecting Intel processors. The open-source painting program Krita 4.2.3 version offered a variety of fixes including a copy and paste fix of the animation frames. A few libraries like libgphoto2, libuv and libva received update. There were also several Perl and Rubygem packages that were updated in the snapshot. The file manager for the Xfce Desktop Environment, thunar 1.8.8, fixed XML declaration in uca.xml and the 2.15 transactional-update package enable network during updates and allow updates of the bootloader on EFI systems. The snapshot is currently trending at a 93 rating, according to the Tumbleweed snapshot reviewer.

      • Canonical/Ubuntu Family

        • BT bets on Ubuntu OpenStack to deliver 5G pledge - Cloud Pro

          BT has announced a partnership with Canonical to develop and deploy its next-generation 5G core network.

          The deal will see Canonical offer up its open-source virtual infrastructure manager (VIM) platform so that BT can run network applications as code and transition away from a hardware-based network to one that's virtualised.

          This open-sourced cloud-based approach will help BT to quickly deploy new services and allow it to stay ahead of the demand for 5G and Fibre to the Premises (FTTP), the company said.

        • BT chooses Linux operating system Ubuntu for 5G cloud core

          Ubuntu is a Linux operating system, which has with both community and professional support. Canonical, the company behind Ubuntu, will provide the open source virtual infrastructure manager (VIM) as part of BT’s network functions virtualisation (NFV) programme and its transition to a cloud-based core network.

          This intention is that the open source, cloud-based approach will allow BT to quickly deploy new services, and increase capacity to meet customers’ demand, driven by 5G and fibre to the premises (FTTP).

    • Devices/Embedded

  • Free, Libre, and Open Source Software

    • Web Browsers

      • Mozilla

        • Empowering voters to combat election manipulation

          For the last year, Mozilla has been looking for ways to empower voters in light of the shifts in election dynamics caused by the internet and online advertising. This work included our participation in the EU’s Code of Practice on Disinformation to push for change in the industry which led to the launch of the Firefox EU Elections toolkit that provided people information on the voting process, how tracking and opaque online advertising influence their voting behavior and how they can easily protect themselves.

          We also had hoped to lend our technical expertise to create an analysis dashboard that would help researchers and journalists monitor the elections. The dashboard would gather data on the political ads running on various platforms and provide a concise “behind the scenes” look at how these ads were shared and targeted.

          But to achieve this we needed the platforms to follow through on their own commitment to make the data available through their Ad Archive APIs.

          Here’s what happened.

    • BSD

      • Need a Secure Operating System? Take a Look at OpenBSD

        The Unix-like OS offers support for a wide range of hardware platforms, third-party tools and an active, supportive community.

      • DragonFlyBSD Replacing Their 48-Core Opteron Infrastructure With Ryzen 9 3900X CPUs

        DragonFlyBSD is replacing their 48-core Opteron server named "Monster" with two of the new AMD Ryzen 9 3900X "Zen 2" processors as well as a spare Xeon server. DragonFlyBSD lead developer Matthew Dillon continues to be mighty impressed by AMD's latest processor offerings.

        Last year Matthew Dillon professed his love for the performance of AMD Ryzen Threadripper CPUs while in recent weeks he's been quick to get Ryzen 3000 CPUs working on DragonFlyBSD and has been impressed by their performance.

    • FSF/FSFE/GNU/SFLC

      • Introduction to GNU Autotools

        Have you ever downloaded the source code for a popular software project that required you to type the almost ritualistic ./configure; make && make install command sequence to build and install it? If so, you’ve used GNU Autotools. If you’ve ever looked into some of the files accompanying such a project, you’ve likely also been terrified at the apparent complexity of such a build system.

        Good news! GNU Autotools is a lot simpler to set up than you think, and it’s GNU Autotools itself that generates those 1,000-line configuration files for you. Yes, you can write 20 or 30 lines of installation code and get the other 4,000 for free.

    • Programming/Development

      • PHP 7.4.0beta1 released!

        The PHP team is glad to announce the first beta release of PHP 7.4: PHP 7.4.0beta1. This continues the PHP 7.4 release cycle, the rough outline of which is specified in the PHP Wiki.

      • PHP 7.4 Reaches Feature Freeze, Beta 1 Released

        After already having gone through three alpha releases, PHP 7.4 has reached its feature freeze and branching. As a result, the first PHP 7.4 beta is now available that will follow by multiple betas and release candidates while hopefully being released by the end of November.

        PHP 7.4 brings SQLite3 Online Backup API support, support for TGA files within the GD library, the PHP FFI extension is now present for accessing C functions/variables/structures from PHP, preload functionality, performance improvements, hardening to the systemd PHP FPM service, PHP Hash is now integrated into PHP core, TLS 1.3 support for OpenSSL streams, and many fixes.

      • PHP 7.4.0beta1 Released, HypriotOS 1.11.0 Now Available, ALA Asks LinkedIn Learning to Change Terms of Service that Jeopardize Privacy Rights, Red Hat Announces RHEL 8.1 Beta and The Forbidden Arts Coming to Linux

        PHP 7.4.0beta1 has been released, marking the first beta of PHP 7.4. Go here to see the list of changes, and go here to download. Note that this is an early test version and not intended for use in production. The next release, Beta 2, is scheduled for August 8th.

      • What's coming in Python 3.8

        The Python 3.8 beta cycle is already underway, with Python 3.8.0b1 released on June 4, followed by the second beta on July 4. That means that Python 3.8 is feature complete at this point, which makes it a good time to see what will be part of it when the final release is made. That is currently scheduled for October, so users don't have that long to wait to start using those new features.

        The walrus operator

        The headline feature for Python 3.8 is also its most contentious. The process for deciding on PEP 572 ("Assignment Expressions") was a rather bumpy ride that eventually resulted in a new governance model for the language. That model meant that a new steering council would replace longtime benevolent dictator for life (BDFL) Guido van Rossum for decision-making, after Van Rossum stepped down in part due to the "PEP 572 mess".

      • Who's afraid of a big bad optimizing compiler?

        This article was contributed by Jade Alglave, Will Deacon, Boqun Feng, David Howells, Daniel Lustig, Luc Maranget, Paul E. McKenney, Andrea Parri, Nicholas Piggin, Alan Stern, Akira Yokosawa, and Peter Zijlstra. When compiling Linux-kernel code that does a plain C-language load or store, as in "a=b", the C standard grants the compiler the right to assume that the affected variables are neither accessed nor modified by any other thread at the time of that load or store. The compiler is therefore permitted to carry out a large number of transformations, a couple of which were discussed in this ACCESS_ONCE() LWN article, and another of which is described in Dmitry Vyukov's KTSAN wiki page. However, our increasingly aggressive modern compilers produce increasingly surprising code optimizations. Some of these optimizations might be especially surprising to developers who assume that each plain C-language load or store will always result in an assembly-language load or store. Although this article is written for Linux kernel developers, many of these scenarios also apply to other concurrent code bases, keeping in mind that "concurrent code bases" also includes single-threaded code bases that use interrupts or signals.

      • Excellent Free Books to Learn C

        C is a general-purpose, procedural, portable, high-level programming language that is one of the most popular and influential languages. It was designed to be compiled using a straightforward compiler, to provide low-level access to memory, to provide language constructs that map efficiently to machine instructions, and to require minimal run-time support. Many programming languages owe a considerable debt to C. It has become something of the lingua franca in the programming world.

        C is fairly simple to understand. It allows the programmer to organize programs in a clear, easy, logical way. It is a very flexible, practical and compact language combined with an easy to read syntax. Code written in C runs quickly, with easy access to the low level facilities in the computer. Compiler directives make it possible to produce a single version of a program compiled for different architectures.

        C is about freedom. It therefore makes sense to learn C with books that also embody freedom. Take a look at my open source picks and see if any of them grab your fancy.

      • Get the market data of cryptocurrency-currency pair

        Hello and welcome back, in this chapter we will continue to develop our cryptocurrency project with the above new features.

        Before we start we will create a new loader class which will load the currency’s market data as well as the cryptocurrency data into the combo box at the beginning of the main program to further tidy up the main program file.

  • Leftovers

    • Science

      • ‘It smells like gunpowder’: Astronauts tell of their time on the moon (audio)

        Monitor science reporter Eva Botkin-Kowacki had a chance to ask two of those national heroes directly about what that experience has meant to them. Charlie Duke was in mission control when Apollo 11 landed on July 20, 1969. He got the chance to go himself three years later. Harrison “Jack” Schmitt was one of the last two men to walk on the surface of the moon.

    • Security (Confidentiality/Integrity/Availability)

      • VLC Developer Debunks Reports of 'Critical Security Issue' In Open Source Media Player

        Widespread reports of a "critical security issue" that supposedly impacted users of VLC media player have been debunked as "completely bogus" by developers. Earlier this week, German computer emergency response team CERT-Bund -- part of the Federal Office for Information Security (BSI) -- pushed out an advisory warning network administrators and other users of a high-impact vulnerability in VLC. It seems that this advisory can be traced back to a ticket that was opened on VLC owner VideoLAN's public bug tracker more than four weeks ago. The alleged heap-based buffer overflow flaw was disclosed by a user named "topsec(zhangwy)," who stated that a malicious .mp4 file could be leveraged by an attacker to take control of VLC media player users' devices. The issue was flagged as high-risk on the CERT-Bund site, and the vulnerability was assigned a CVE entry (CVE-2019-13615).

      • VLC developer debunks reports of ‘critical security issue’ in open source media player

        In fact, the earliest version of VLC that is potentially vulnerable to this exploit is 3.0.2, which was superseded in April 2018, leading to suspicions that the bug reporter was working on a computer running an outdated version of Ubuntu.

        ?If you report a security issue, at least update your Linux distribution,? Kempf said.

        Moreover, says Kempf, it would be very difficult to develop a reliable exploit that worked on older systems, and out of the question to develop a hack against an up-to-date version of the software.

        ?The issue was there two years ago, but it?s absolutely not possible to take control [of someone?s device now],? he said.

        ?You need to send a file. The person needs to open it on a vulnerable version of VLC and then you need to disable the security of your machine [in particular, address space layout randomization] to exploit the heap buffer overflow.

        ?That was patched more than a year ago, in April 2018.?

      • After Blackouts, Johannesburg’s Power Company Hit by Ransomware

        The attack didn’t affect the grid but denied access to City Power’s website and online power purchases Thursday.

      • IRS missing basic IT security measures

        Eight of the 14 security shortfalls identified by the GAO relate to access management, while an additional four weaknesses pertain to configuration management. The final two shortfalls pertained to segregation of duties and a contingency plan deficiency.

      • VPN flaw enables [attackers] to easily infiltrate corporate network

        Researchers at Devcore claim to have discovered security flaws in three popular corporate VPNs that could enable attackers to steal confidential information from a company's network.

        The vulns affect three corporate virtual private networks (VPN) providers, namely, Palo Alto Networks, Fortinet, and Pulse Secure.

      • 1 Million+ ProFTPD Servers Vulnerable To Remote Code Execution Attacks [Ed: Nope. FOSSBytes now manages to make more misleading and dramatic headlines than even Bleeping Computer (which initially spread this misleading headline and then deleted it.)]
      • VideoLAN says VLC security flaw is fixed

        Update 7/24: VideoLAN took to Twitter earlier this morning to clarify that the security issue discovered by CERT-Bund is not as severe as reported.

      • You need to uninstall VLC player ASAP! (Updated) [Ed: They posted an update, but the headline has not been corrected. Deliberate FUD.]

        We’re not recommending uninstalling action just yet, because there’s a bit more to the story. The bug report for the issue has been open for four weeks, but VideoLAN president and lead VLC developer Jean-Baptiste Kempf left a series of comments today indicating that the alleged bug isn’t as big a deal as everyone is making it out to be. In three separate comments, he wrote: VideoLAN also took to Twitter to talk about the bug—or rather, the non-bug.

      • Alleged critical VLC flaw is nothing to worry about -- and is nothing to do with VLC [Ed: Some people did correct their articles or issued a standalone correction.]

        There has been a degree of confusion over the last few days after news spread of a supposed vulnerability in the media player VLC. Despite being labelled by security experts as "critical", VLC's developers, VideoLAN, denied there was a problem at all.

    • Defence/Aggression

      • Why thousands of drivers in Sweden might have to hand over their cars to the army

        It's primarily trucks and cars that would be needed, but the rules would also apply to motorcycles and snowmobiles, Sveriges Radio reported. If this took place, the vehicle owners would receive compensation from the state.

        As for specific models, the army is most keen to have vehicles manufactured by Swedish companies including Volvo and Scania.

    • Transparency/Investigative Reporting

      • Bi-Partisan FOIA Reform Bill Would Correct Recent Supreme Court Decision

        Senators Chuck Grassley (R-IA), Patrick Leahy (D-VT), John Cornyn (R-TX), and Dianne Feinstein (D-CA) have introduced the Open and Responsive Government Act (S. 2220) to reverse the recent Supreme Court decision in Food Marketing Institute v. Argus Leader Media which overturned over 40 years of Freedom of Information Act precedent. The bill codifies the National Parks test, requiring that information may only be withheld from the public if disclosure would cause "substantial competitive harm" to the oompany that provided that information to the government. The bill also makes clear that agencies may only redact information under the FOIA's nine exemptions and cannot redact information as "non-responsive."

    • Environment

      • 9 Teen Climate Activists Fighting for the Future of the Planet

        As politicians begin to discuss life-changing legislation like the Green New Deal, another group of environmental activists have begun the fight for immediate change. Taking cues from their predecessors, Generation Z has taken on the enormous task of saving the planet from future destruction — and ensuring they have a future to look forward to.

      • Recent warming over the past 100 years is not part of a natural process, studies find

        In one of three new studies published in the journals Nature and Nature Geoscience, researchers found that previous periods of climate change such as the Little Ice Age and the Medieval Warming Period were regional and not a global phenomenon.

        In contrast, the warming that has occurred over the past century has been far-reaching and global in nature.

      • No Climate Event in 2,000 Years Compares to What’s Happening Now

        Tambora was the largest volcanic eruption since the end of the last Ice Age, one of a series of eruptions that pumped huge amounts of sunlight-reflecting gas into the atmosphere. This gas darkened and chilled summers in Europe. It weakened the monsoons in India and West Africa. It allowed glaciers to advance in the Alps.

        In other words, these eruptions brought about a kind of natural climate change. But it was felt differently in different places. And new research confirms that it pales in comparison to the climate change we now face.

      • Doc who exposed water crisis in Flint came to N.J. because she’s worried about kids’ safety

        Dr. Hanna-Attisha spoke at a community forum organized by the Newark Water Coalition and the Natural Resources Defense Council about the effects of lead and what to do about it. About 100 people -- including children -- gathered inside St. Stephan’s Church in the Ironbound as she explained that lead poisoning is asymptomatic and its effects sometimes don’t show up for years.

        “Once it’s in your blood stream it’s an irreversible neurotoxin,” she said. Though not everyone exposed to lead will have problems, toxic stressors like poverty, poor nutrition and split families can influence lead’s impact on cognition and behavior.

      • Watergen partners with Flint, Michigan where water quality is 'third-world'

        Israeli company Watergen just launched a new partnership with the community of Flint, Michigan, providing what could be the first large scale solution for drinking water by placing a 350 unit in the community church. If successful, it could be a model for similar towns.

        As opposed to bringing in plastics that are associated with trucking in water bottles, Watergen uses a dehumidification apparatus to create water out of thin air.

      • At least 2% of US public water systems are like Flint’s – Americans just don’t hear about them

        No amount of lead in water is safe, but the lower level in Flint represents a substantial improvement over the 27 ppb reported by the Virgina Tech Water Study at the peak of the crisis in April 2015.

        However, even Flint’s highest levels were not atypical for water systems that have problems. Most reports of elevated lead levels cluster in the range between 15 and 20 ppb.

      • Flint’s Problems Didn’t Start with Water

        As part of the 2019 WDET Book Club, WDET is exploring the Flint Water Crisis through Dr. Mona Hanna Attisha’s book on the subject, “What The Eyes Don’t See.” To look a bit deeper into the various factors that played into Flint’s current state, Detroit Today host Stephen Henderson is joined by Thomas Sugrue, Professor of Social and Cultural Analysis and History at NYU. Sugrue is a specialist in twentieth-century American politics, urban history, civil rights, and race.

      • The views we’ll lose with climate change

        Staff at a British company became so frustrated by the many adults still denying the scientific evidence of global warming that they are using graphic images of the effects on several famous tourist sites to show people the views we’ll lose.

        The prediction from scientists that the city of Venice and London’s world-famous Big Ben are among the treasures that will be overwhelmed by flooding from heavy rains and sea level rise has led those who work at The Solar Centre to produce current and future pictures of these tourist magnets to ram home their point.

        They have also created similar before-and-after images of the English Lake District, which will begin to dry up because of climate change, and the Great Barrier Reef in Australia, where corals are already being wiped out and will vanish entirely under the worst-case scenario.

        In the past tabloid newspapers have got into trouble for mocking up photographs of what will happen under rising temperatures, but the campaigners at The Solar Centre insist that their images recreate the scientific evidence.

      • A Climate-resilient Los Angeles Must First Address Its Polluted Past

        Can a big city be truly sustainable in the age of climate change? Los Angeles is trying to find out.

        The United States’ second-largest city has big green plans. In April Mayor Eric Garcetti announced a goal to get 80 percent of the city’s electricity from renewable sources by 2036 and make sure 80 percent of the vehicles on the road then are carbon-emissions free.

        This is part of L.A.’s version of a Green New Deal, the grand plan for decarbonization being kicked around Washington, D.C. and other localities.

        But the city’s aspirations don’t stop at clean energy. For L.A. to truly boost its climate resilience it also needs to address its water — 86 percent of which comes from three sources located hundreds of miles away. Climate change, earthquakes and other environmental pressures threaten to disrupt that supply and increase prices. With those threats in mind, the city plans to source 70 percent of its water locally by 2035 to reduce greenhouse gas emissions and build its water resilience.

      • Energy

        • Freedom to Drive Coalition Brings the Koch Disinformation Playbook to Colorado

          In recent years, the majority of Coloradans have been struggling to breathe clean air, and tailpipe emissions carry much of the blame. Lawmakers have started to take on this threat with a number of clean car standards and incentives coming out of the Governor's office and the state legislature. However, a newly formed coalition of car dealers, the oil and gas industry, and free market advocates are working to put the brakes on clean air policies in Colorado, and they're using a disinformation playbook often used by organizations in the Koch network.

          Launched in March, the Freedom to Drive Coalition has fought against Colorado’s adoption of low emission vehicle standards (which the state’s Air Quality Control Commission approved in a unanimous 9-0 vote) and is now battling a complementary effort to adopt zero emission vehicle (ZEV, or electric car) standards that would greatly reduce tailpipe emissions.

      • Wildlife/Nature

        • Paris eyes vegetation to beat the urban heat

          Paris authorities have been implementing a strategy to use increased vegetation to beat the urban heat effect caused by overcrowding and land surfaces covered by asphalt.

        • NOAA Responds to Ongoing Outbreak of Coral Disease in Florida

          The ongoing outbreak of stony coral tissue loss disease in the Florida Reef Tract began in 2014 and continues to spread. It is highly active off Key West, Florida and appears to be expanding to the Caribbean region. The Lower Florida Keys are in the epidemic zone with the highest concentration of active disease.

          While disease outbreaks are not uncommon, this event is unique due to its large geographic range, extended duration, rapid progression, high rates of mortality, and the number of species affected. Stony coral tissue loss disease affects at least 22 species of reef-building corals. Once infected, coral colonies typically die within weeks to months.

          The disease is thought to be caused by bacteria and can be transmitted to other corals through direct contact and water circulation. Researchers are working to identify potential pathogens and relationships with environmental factors, developing strategies to treat diseased colonies, and identifying genotypes of corals that are resistant to the disease.

    • Finance

      • DOJ Prepares To Sign Off On An Elaborate T-Mobile Merger Plan That Isn't Likely To Work

        While the Pai FCC is chomping at the bit to approve T-Mobile and Sprint's competition and job killing mega-union, rumors have long been that many DOJ staffers remain highly skeptical about the purported benefits of the deal. After all, history routinely shows that when you reduce the number of overall competitors in the telecom space from four to three, the reduction in competition results in higher prices and worse service (go ask the Canadians or the Irish). Such mergers also pretty routinely are massive job killers, given there's a laundry list of support and middle management personnel who wind up being redundant.

    • AstroTurf/Lobbying/Politics

      • Mueller Has Provided Congress With Everything It Needs to Impeach Trump

        For the purposes of a congressional inquiry that might lead to the impeachment of the president, the questioning with regard to attempts by Trump and his associates to obstruct an inquiry into allegations of political wrongdoing was vital. It got to the heart of the matter of whether the president must be held to account for abuses of power that have historically been understood as impeachable. And, in this regard, Mueller’s testimony was powerful and important. The question is whether the Judiciary Committee and the Congress will treat it as such.

        So far, it has not. And that frustrates accountability activists.

        “Robert Mueller did his job—and it’s far past time for lawmakers in Congress to do theirs [...] ”

      • Attorney General William Barr on Encryption Policy

        I think this is a major change in government position. Previously, the FBI, the Justice Department and so on had claimed that backdoors for law enforcement could be added without any loss of security. They maintained that technologists just need to figure out how—an approach we have derisively named "nerd harder."

        With this change, we can finally have a sensible policy conversation. Yes, adding a backdoor increases our collective security because it allows law enforcement to eavesdrop on the bad guys. But adding that backdoor also decreases our collective security because the bad guys can eavesdrop on everyone. This is exactly the policy debate we should be having—not the fake one about whether or not we can have both security and surveillance.

      • An army of China’s [Internet] [Astroturfers] has a message for Hong Kong protesters

        Di Ba, an online Chinese patriotic group, is venturing outside the country’s walled [Internet] garden to aid China’s efforts to shape the narrative around Hong Kong’s unflagging protests.

      • United Nations refuses to accept West Papua independence petition, says it will not ‘do anything against Indonesia’

        International body’s decolonisation committee said it will only deal with 17 states identified non-self-governing territories

      • Johnson’s Westminster Cabinet is Far to the Right of Thatcher

        I can only imagine that the media people who are saying this is the most right wing cabinet since the 1980’s were not sentient in the 80’s. Thatcher never had a Home Secretary remotely as illiberal as Pritti Patel, never had a Foreign Secretary remotely as xenophobic as Dominic Raab, never even had a Chancellor as anti-State intervention as Savid Javid (though came closer there) and never had a Defence Secretary as bellicose as Ben Wallace.

        Even Thatcher’s final and most right wing Cabinet contained figures like Ken Clarke, Chris Patten, John Major, Virginia Bottomley, Douglas Hurd and William Waldegarve. All Tories with whom I have fundamental disagreements, but every single one of them is far, far to the left of virtually all of Johnson’s appalling cronies.

        Thatcher deliberately and cruelly wrecked the social democratic society in which I grew up, with the aim of destroying any ability for working people to be protected against the whims of the wealthy. But Thatcher never introduced privatisation into the NHS or state schools – that was her acolyte Blair. She maintained free university education in England and Wales. That was destroyed by Blair too. We should be more rigorous than to accept Thatcher as the definitive most right wing government possible. It is not only lazy, it obscures the fact we now have the most right wing British government since 1832.

    • Censorship/Free Speech

      • Philippines: Drop Sedition Cases Against Duterte Critics

        The Duterte administration has previously targeted political opposition figures and critics of the “drug war,” Human Rights Watch said. In February 2017, it accused Senator de Lima of involvement in the drug trade. The accusation was based entirely on the testimony of convicted drug dealers that Human Rights Watch believes are baseless but later served as the grounds for her arrest and continued police detention. The government has likewise filed sedition charges against a former senator and Duterte critic, Antonio Trillanes IV, one of those named in the recent complaint.

      • Lebanese KTV presenter acquitted of ‘blasphemy’

        The Court of Appeals presided over by Judge Nasr Al-Hayad overruled the verdict issued by the Criminal Court which sentenced a Lebanese presenter working for Kuwait TV to one-year imprisonment with hard labor on charges of committing blasphemy during a TV program.

      • Why Was a Saudi Attacked by Palestinians?

        The unfortunate Saudi's crime -- in the eyes of the Palestinians -- was that he was part of a delegation of Arab journalists invited to visit Israel. Such visits are often condemned by Palestinians as actions that lead to promoting normalization between Arabs and Israel. The Palestinians are strongly opposed to any form of normalization with Israel and consider it tantamount to treason. They are afraid that if the Arabs normalize their relations with Israel, they will stop caring about the Palestinians. The Palestinian position is that there can be no normalization between Israel and the Arabs before the Israeli-Palestinian conflict is resolved.

    • Court Tosses Lawsuit Claiming Muting A Runescape Character Violates The First Amendment

      Here's a bit of a weird one: a First Amendment lawsuit over the "muting" of a player's character. (h/t Volokh Conspiracy)

      Amro Elansari -- in a handwritten complaint [PDF] -- contends Jagex Inc., the company behind Runescape, violated loads of rights and other things when it apparently muted his character back in March of this year. The allegations include discrimination, violations of his free speech rights along with his due process rights, and other "adverse action."

      He claims he was muted for no reason and without notification -- this despite being a "streamer + 2000 hours + invested." He also claims this happened while he was streaming and that viewers witnessed this egregious violation of multiple rights as it happened. Elansari's lawsuit asks for the court to order the "mute" removed and whatever else a jury might find proper to award him.

      Obviously, there's nothing the judicial system can do for him.

  • Privacy/Surveillance

    • Facebook will have to monitor its own privacy rules — and that’s likely not enough

      Notably, the FTC was split on the issue and only passed the order with a 3–2 decision. While the three Republican commissioners at the agency approved the move, the two Democrats on the commission dissented, saying that the order will do little to change the company’s behavior.

      Rohit Chopra, one of the Democrats, said in a statement that Facebook’s business model relies on “surveillance and manipulation” and that the order will fail to prevent privacy lapses in the future, saying the privacy provisions “are less than meets the eye.”

    • Lawmakers deride FTC settlement as weak on Facebook

      Almost as soon as the FTC announced its $5 billion settlement with Facebook on Wednesday morning, lawmakers in both chambers emerged with scathing criticism, calling the agreement a slap on the wrist for a company that recorded almost $56 billion in revenue last year.

    • Facebook Investors Shrug Off $5 Billion Fine, New Investigations as Q2 Earnings Beat Expectations

      Facebook still generates the vast majority of its revenue with advertising, with mobile advertising making 94% of all of the company’s ad revenue. However, the company is also growing its non-ad revenue to $262 million for the quarter, up from $193 million in Q2 of 2018.

    • Estimating the success of re-identifications in incomplete datasets using generative models

      Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.

    • Barr Says Police Need Encryption Backdoors, Doesn’t Mention [Cracking] Tools They Use All the Time

      Somehow in his 4,172 word speech, Barr failed to mention that law enforcement has another option, one which they don't have to wait around for, but use all the time: [cracking].

    • When Will We Get the Full Truth About How and Why the Government Is Using Face Recognition?

      Earlier this month, the House Committee on Homeland Security held a hearing to discuss the role of face recognition and other invasive biometric technologies in use by the Department of Homeland Security (DHS). Despite some pushback from some lawmakers on the committee, John Wagner of the U.S. Customs and Border Protection (CBP), Austin Gould of the Transportation Security Administration (TSA), Joseph DiPietro of the Secret Service, and Charles Romine from the National Institute of Standards and Technology (NIST) argued that face recognition and biometric surveillance is safe, regulated, and essential for the purposes of keeping airports and U.S. borders secure. This hearing made clear: this technology is not well-regulated, it does impact the privacy of travelers, and its effectiveness has yet to be proven.

    • Thank Q, Next

      The newest release of Android, dubbed “Q,” is currently in late-stage beta testing and slated for a full release this summer. After a year defined by new privacy protections around the world and major privacy failures by Big Tech, this year, Google is trying to convince users that it is serious about “protecting their information.” The word “privacy” was mentioned 22 times during the 2019 Google I/O keynote. Keeping up that trend, Google has made—and marketed—a number of privacy-positive changes to Android for version Q.

      Many of the changes in Q are significant improvements for user privacy, from giving users more granular control over location data to randomizing MAC addresses when connecting to WiFi networks by default. However, in at least one area, Q’s improvements are undermined by Android’s continued support of a feature that allows third-party advertisers, including Google itself, to track users across apps. Furthermore, Android still doesn’t let users control their apps’ access to the Internet, a basic permission that would address a wide range of privacy concerns.

      [...]

      You can view your advertising ID on Android by heading to Settings > Google > Ads, and you can reset it by tapping Reset advertising ID. This will cause your phone to generate a new, unique ad ID that is unrelated to the old one. While it’s nice that Google gives you some control over your ad ID, neither a preference flag nor a simple “reset” will actually prevent anyone from tracking you. Apps on your device can access more than enough information to allow them to link your old ID to your new one if they so choose. Once again, Google politely instructs trackers “respect the user's intention in resetting the advertising ID,” but does not indicate how this is enforced.

      Apple’s iOS has a nearly identical “Identifier for Advertisers (IDFA),” which is also available to developers without any special permissions. Like Google, Apple’s decision to make allow this kind of tracking by default conflicts with its privacy-focused marketing campaign. Unlike Google, Apple does give users the ability to turn off tracking completely by setting the IDFA to a string of zeros.

      On Android, there is no way for the user to control which apps can access the ID, and no way to turn it off. While we support Google taking steps to protect other hardware identifiers from unnecessary access, its continued support of the advertising ID—a “feature” designed solely to support tracking—undercuts the company’s public commitment to privacy.

    • FTC's Privacy Settlement With Facebook Gets Pretty Much Everything Backwards; Probably Helps Facebook

      Frankly, all of those are much more serious breaches than what happened with Cambridge Analytica. Separately, as I discussed two weeks ago, if you're mad at the size of the fine, you're missing the point. This is, by far, the largest fine the FTC has ever issued, and goes way beyond anything that it's done before. The real problem is that this is basically all that the FTC can do. That's the only weapon it has and it's never going to be enough because the FTC isn't really set up to handle modern privacy questions like this -- and that would require a new mandate from Congress. This is in Congress's court.

      That said, my bigger concern, as always, is that everyone's obsession over "protecting privacy" is going to mean significantly less competition. I raised this issue last year, soon after everyone freaked out about Cambridge Analytica, noting that I feared what would happen is that Facebook would be driven to lock down everyone's data rather than making it more accessible to third party and competing services.

      There are significant and important trade-offs here. For years now I've been talking about the real way to create more competition on the internet, and much of it involves pressuring the big internet companies into opening up. Have them create APIs that allow others to build services on top of their data so that we're not so locked into the giant platforms. Enable more competition at the service level, rather than the data collection level.

  • Freedom of Information/Freedom of the Press

    • Freedom of the press in Indonesian-occupied West Papua

      UN officials have found themselves barred from accessing West Papua. Former UN high commissioner for human rights, Zeid Ra’ad Al Hussein, issued a statement of concern over Indonesia’s persistent foot-dragging in response to his desire to visit the territory. The current high commissioner, Michelle Bachelet, has similarly found her outstanding request for access unfulfilled. West Papuan journalists working locally face even more severe threats. This decade, several have been killed, arrested, beaten or tortured, allegedly for their reporting on Indonesian security service activities.

    • Espionage trial to begin for former Radio Free Asia reporters in Cambodia

      "Cambodia should immediately drop the spurious charges against former Radio Free Asia reporters Uon Chhin and Yeang Sothearin," said Shawn Crispin, CPJ's senior Southeast Asia representative. "As long as Cambodia treats journalists like criminals, its reputation as a failed democracy will remain."

  • Civil Rights/Policing

    • White cops are no likelier to shoot dead African-Americans than black ones are

      New research suggests that increasing racial diversity in police departments will not cut the number of non-white Americans shot dead by police

    • Egypt: New NGO Law Renews Draconian Restrictions

      The government seems to have finalized the draft law in early April but did not make the draft public, even after sending it to the parliament on June 26, a few days ahead of a scheduled parliamentary recess. Ali Abdel Aal, the Parliament speaker, extended the parliament’s session several times, saying he was personally “under pressure.” He said the law had to be in effect before Egypt’s upcoming Universal Periodic Review at the UN Human Rights Council, scheduled for November.

      The new law prohibits a wide range of activities, such as to “conduct opinion polls and publish or make their results available or conduct field researches or disclose their results” without government approval. The law states that the government must “ensure the integrity and neutrality of the polls and their relevance to the activity of the Association.” The law completely prohibits other activities under vaguely worded terms such as any “political” work or any work that undermines “national security.”

    • Class nine student beaten by senior students for protesting ‘Allah Hu Akbar’ during National Anthem singing in school

      Arup vehemently protested the vilification of National Anthem by the Muslim students, and tried to inform the teaches about the same. But the unruly students got infuriated at this, and they thrashed him badly. Due to the serious nature of the injuries, he was admitted at the Canning Hospital by the teachers of the school.

    • Aligarh: Man beaten up for ‘reciting Bhagavad Gita’ at home, two held

      The Aligarh police arrested two persons Friday for allegedly beating up a 42-year-old man, their neighbour, for “reciting Bhagavad Gita” at his residence in Delhi Gate police station area.

      Police said Dilsher Khan was reciting from the holy book Thursday morning when Mohammad Sameer (20) and Zakir (21) entered his house and assaulted him.

    • At least 139 dead in Papuan displacement camps - aid group

      But a report by the aid group, Solidarity Team for Nduga, puts the number of displaced people at 5,000.

      The figure is in line with estimates from other rights groups.

      Thursday's report also said 139 people from Nduga had died in a displacement camp in Wamena town, mostly from disease and malnutrition.

    • District Attorneys Have Figured Out How To Turn Criminal Justice Reform Efforts Into Revenue Streams

      Reform efforts targeting cash bail, plea deals, and life-altering criminal charges have occasionally hit on the idea of pre-trial diversion. In exchange for payment and possible an educational class or two, people now have the possibility of satisfying their obligation to the government while keeping their criminal record clean.

      It sounds like a good idea. But there's a huge gap between the theory and the practice. In some cases, corporations like Walmart have inserted themselves into the criminal justice system, freeing shoplifters of criminal charges provided suspects pay the store a few hundred dollars and attend mandatory "don't be a criminal" classes. Unlike the government version, there's no chance you'll be found innocent by a jury of your peers. If Walmart accuses you, you pay the fines, do the classroom time, or get hit with criminal charges anyway.

      Elsewhere, government agencies are moving forward with pre-trial diversion programs. It makes a limited amount of sense. People don't want to go to jail. And prosecutors don't necessarily want to put in the prosecution work for every rinky-dink case cops toss their way. Yes, there's not a lot of due process in it, but there really isn't much in the system anyway, not when most criminal accusations result in plea deals, rather than jury trials.

      These programs could result in positive outcomes for accused citizens, who are able to keep their criminal/driving records spotless despite being cited or arrested for violations. Unfortunately, the programs are being warped to serve prosecutors, rather than the public, as Jessica Pishko reports for Politico.

  • Internet Policy/Net Neutrality

    • Trump keeps losing tech policy fights

      We’re two and a half years into Donald Trump’s presidency, and one thing is clear: his administration keeps getting absolutely railroaded in tech policy fights.

      Unlike Barack Obama, whose administration’s oversight of the tech industry was marked by general coziness and a revolving door of industry players, Trump has been far more aggressive with the tech industry, weighing in on everything from Twitter’s algorithm to cryptocurrency regulation. But almost every time, his efforts have resulted in weak enforcement changes, whipsaw policy confusion among free-market conservatives, and / or outright losses. Take the three biggest policy fights so far: [...]

  • Monopolies

    • Copyrights

      • Court Determines That This Duck Doesn't Look Enough Like Another Duck To Be Infringing

        It's that whole idea/expression dichotomy. In the form of an inflatable duck.

        And thus, the copyright claim fails even though the trial produced significant evidence that Kangaroo was deliberately "copying" the idea of the floating duck. As the court notes at one point: "the fact that Kangaroo copied the Derby Duck does not establish liability."

        [...]

        Finally, the court rejects the unfair competition claim, in large part because literally no one seems to have the necessary evidence. At issue: Kangaroo posted its duck to Amazon, but quickly took it down after Great American Duck Races complained, and no one seems to still have a copy of what the Amazon product page looked like -- which is necessary for the unfair competition claim.

        It does seem notable that even after Amazon agreed to pull the product, Great American Duck Races still sued Kangaroo. And it seems like that may have backfired, since now Kangaroo may be able to go back to Amazon and point to this ruling as evidence that it can sell its product there. The case has been dismissed without prejudice, so it is still possible that Great American could file an amended complaint, but it's difficult to see what will change this ruling.

      • Stream-Ripping Sites And YouTube Now Engaged In Whac-A-Mole

        As we've been talking about for a bit now, there is a new favorite target of the music industry when it comes to anti-piracy efforts: stream-ripping websites. It's important to continue to point out that, despite the plain fact that these sites are quite often used to generate audio-rips of copyrighted music video material, that is most certainly not their only use. Other uses for these sites are non-infringing. But this is the music industry we're talking about, with it's storied history of carpet-bombing technology tools rather than precision bombing actual infringement.

        [...]

        Stupid, perhaps, but not in the way that last quote suggests, I don't think. Instead, it would be better for YouTube, which obviously isn't taking this too seriously, to refuse the music industry's requests to inhibit technology tools that aren't in themselves infringing. YouTube can enforce its own ToS or not, but it shouldn't bother even pretending to want to do battle with site operators on behalf of the music industry.

      • Demonoid Staffers Launch New Site to Keep the Legacy Alive

        A group of former Demonoid staffers have launched a new torrent site to keep the legacy of founder Deimos alive. While the original Demonoid is not coming back, the new site has the same look and feel and aims to offer a new home to those who miss the defunct torrent tracker.

Recent Techrights' Posts

Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024