Bonum Certa Men Certa

Links 6/8/2019: First HTTP/3 With Curl, DXVK 1.3.2, Freedombone 4.0



  • GNU/Linux

    • Best Linux training providers and online courses 2019

      Linux is becoming an increasingly important operating system to be familiar with in business, not least because the majority of web servers run on various Linux platforms. Whether it's RedHat, FreeBSD, Ubuntu, Debian or CentOS, it can help to be familiar with at least some of the basic operations, whether for accessing them directly, for understanding IT reports, or even to better understand security concerns.

      While Linux has a reputation for being more difficult for users than Windows or iOS, this is simply because those operating systems run all operations in a graphical format (or, Graphical User Interface, aka GUI). With Linux platforms, some operations require a typed in command, though most Linux systems have since moved to more user-friendly GUI's in order to help make the more accessible and easier to use.

      Even where text commands are required, these usually follow a pattern and syntax which isn't too difficult to learn for most users. The real learning curve comes from understanding what these patterns and syntax area mean, firstly in terms of general Linux operations, and secondly in terms of specific requirements for any Linux computers or servers your business is running.

      Of course, you don't even have to be a business user to want to learn Linux. After all, while Linux operating systems require regular security updates, they are rarely targeted by computer viruses simply because Linux computers are such a small market share. This may change, since vendors such as Dell began to offer some of the PC and laptop lines with Ubuntu pre-installed instead of Windows.

      And while you can opt to buy a PC or laptop running Linux, it's also often possible to run many distros of Linux on an old and unused machine. Even better perhaps would be to use virtualization on your own machine, using something like the free Workstation Player from VMware, which can then be used to set up and install any and as many different flavors of Linux as you like.

    • Desktop

      • System76 announces Adder WS Linux workstation with 4K OLED display

        System76 is one of the leading manufacturers of Linux laptops in the world right now. The company offers a myriad of devices aimed at a variety of use cases from casual office work to intense scientific research. It looks like one more machine will be joining System76’s ranks on August 8th, and with it come powerful RTX graphics and a 4K OLED display.

        The Adder WS is a workstation aimed at “content creators, researchers, and gamers,” according to the product’s splash page. Without a doubt, the headlining feature is the 15.6-inch 4K OLED display, a first for System76 (and all other Linux-centric retailers, to our knowledge). The Adder WS is also equipped with an Nvidia GeForce RTX 2070 GPU, either an Intel Core i7-9750H or Core i9-9980HK, up to 64 GB DDR4 RAM, up to two PCIe NVMe drives, an optional 2.5” drive, and plenty of ports.

        The Adder WS is essentially a Clevo PB50RC or PB51RC with an RTX 2070 instead of the less-powerful GTX 1660 Ti that Clevo uses in their SKU. The Adder WS will also run System76’s Pop!_OS, which is based on Ubuntu 18.04 LTS. Pop!_OS has recently been praised for its performance in gaming, particularly via Steam’s Proton software, so the Adder WS should be a decent gaming machine.

    • Server

      • Charmed Kubernetes update for upstream API server vulnerability

        n upstream Kubernetes vulnerability (CVE-2019-11247) has been identified where the API server mistakenly allows access to a cluster-scoped custom resource, if the request is made as if the resource were namespaced. Authorisations for the resource accessed in this manner are enforced using roles and role bindings within the namespace. This means that a user with access only to a resource in one namespace could create, view updates or delete the cluster-scoped resource (according to their namespace role privileges).

        Charmed Kubernetes has already been patched to mitigate against this vulnerability. Patched builds of the 1.13.8, 1.14.4 and 1.15.1 kube-apiserver snap have also been published.

        The vulnerability, of medium severity, has also been patched in the following upstream version of Kubernetes – 1.13.9, 1.14.5 and 1.15.2. Users are encouraged to update to one of these versions now.

      • Why you might want to build your own custom buildpack (And how to!)

        A PaaS can be viewed at as a method that takes different streams of data and combines them into a working application. For SUSE Cloud Application Platform, we take the application code, buildpack, environment variables, service descriptions and output a configured and running container. Each of these pieces can come from a different person or team with a different focus to create a quickly iterable but still secure process.

        In this list, the buildpack is likely the least understood. Simply put, It is the part of the build system that takes the code provided by the developers and builds it into a full application ready to run.

        There are several buildpacks that come standard as part of the default installation of SUSE Cloud Application Platform. That said, one of my favorite “features” is the ability to customize the platform to fit your needs while still coming with sane defaults. It’s opinionated in a way that you can change it’s mind!

      • Mesosphere changes name to D2IQ, shifts focus to Kubernetes, cloud native

        Mesosphere was born as the commercial face of the open-source Mesos project. It was surely a clever solution to make virtual machines run much more efficiently, but times change and companies change. Today the company announced it was changing its name to Day2IQ, or D2IQ for short, and fixing its sights on Kubernetes and cloud native, which have grown quickly in the years since Mesos appeared on the scene.

        D2IQ CEO Mike Fey says that the name reflects the company’s new approach. Instead of focusing entirely on the Mesos project, it wants to concentrate on helping more mature organizations adopt cloud native technologies.

      • Survey Identifies Myriad Kubernetes Adoption Drivers

        One of the assumptions made about key drivers Kubernetes adoption is that organizations are trying to accelerate the rate at which software is built by embracing microservices based on containers. However, a survey of 130 attendees of three recent container conferences published by Replex, a provider of governance and cost management tools for Kubernetes, finds the top two drivers of Kubernetes adoption are improving scalability (61%) and resource utilization (46%), followed by a desire to adopt a cloud-native stack (37%) and shortening development and deployment times (42%).

        Only 24% identified avoiding lock-in as a reason for adopting Kubernetes, which suggests portability is not yet a major factor in driving Kubernetes adoption.

        The surveys were conducted at the KubeCon Europe conference in Barcelona; a VelocityConf even in San Jose, California; and ContainerDays Hamburg in the second quarter of 2019. The survey finds 65% of respondents indicated that they are using Kubernetes in production. Nearly 40% of respondents not yet in production indicated they are planning on going to production within a year, the survey finds.

      • What is Kubernetes-as-a-Service?

        According to wikis, hacker forum discussions and the team itself, Kubernetes is so-named because it translates from (κυβερνήτης in Greek) to governor, helmsman or captain — and further, ‘gubernare’ translates from Latin to government.

        Which all makes perfect sense.

        Because Kubernetes is an open source orchestration technology used to manage Linux containers across private, public and hybrid cloud environments.

        Or… in the words of the people behind the technology: Kubernetes is a portable, extensible, open source platform for managing containerised workloads and services, that facilitates both declarative configuration and automation.

      • IBM

        • What's Next for Red Hat Users Following Close of IBM Acquisition?

          IBM closed last month on one of the cloud industry’s largest acquisitions to date: its $34 billion grab of open-source cloud technology provider Red Hat.

          The deal raises some questions: Will Red Hat help IBM catch up to cloud leaders Microsoft Azure and Amazon Web Services? How will Red Hat users be impacted by the deal? Those impacted by the acquisition agree it's still too early to tell, but they're bracing for potential integration challenges and progress in the hybrid cloud arena.

          [...]

          Red Hat will operate as a distinct unit within IBM and will be reported as part of IBM's Cloud and Cognitive Software segment, officials made clear in a press release on the official acquisition closing, a sentiment IBM CEO Ginni Rometty shared at the Red Hat Summit in May, saying that, "Jim [Red Hat CEO Jim Whitehurst] and I have both agreed — Red Hat should stay an independent unit."

          Red Hat's open hybrid cloud technologies, such as Linux and Kubernetes, will allow businesses under the IBM brand to manage data and applications on-premises and on private and multiple public clouds. The acquisition will also help customers shift “mission-critical workloads to the cloud and optimizing everything from supply chains to core banking systems.” Officials also promised businesses will be able to effectively manage their IT infrastructure, on and off-premises and across different clouds, private and public.

        • Fedora 32 System-Wide Change: glusterfs dropping 32-bit arches

          There is a proposal[1] in upstream GlusterFS to drop 32-bit arches. The original proposal was to drop 32-bit with GlusterFS-7. GlusterFS-7 will land in Fedora 31/rawhide soon. More than likely though it will not be official until GlusterFS-8, which will probably land, accordingly, after Fedora 31 GA in Fedora 32/rawhide.

        • GlusterFS Planning To Drop 32-Bit Support

          The GlusterFS network attached storage file-system developed by Red Hat with a focus on cloud computing is the latest open-source project eyeing the removal of 32-bit (i686) software support.

          GlusterFS joins the growing list of Linux distributions and other upstream software projects working to deprecate or outright discontinue their 32-bit software support. There was a recent proposal to drop 32-bit platform support for GlusterFS. While initially proposed for the upcoming GlusterFS 7 release, it's looking like the removal will happen with the GlusterFS 8 release either at the very end of 2019 or early 2020.

          Downstreams like Fedora are already working to incorporate the change with their plan now to see GlusterFS 32-bit support removed for Fedora 32 under a new change proposal.

    • Audiocasts/Shows

      • Old Man Embraces Cloud | Coder Radio 369

        Chris finally gets excited about Docker just as Wes tells him it’s time to learn something new.

        Plus the state of browser extension development, the value of non-technical advice, and your feedback.

      • [Talk Python to Me] Episode #224: 12 lessons from 100 days of web

        Back in May of 2018, Bob Belderbos, Julian Sequeira, and I started on what would be a 9-month project. We wanted to create a dedicated, 100 days of code course specifically for Python web developers. Much of what we created for that course, we had prior experience with. But much of it was also new to us.

      • [Python Podcast] Build Your Own Knowledge Graph With Zincbase

        Computers are excellent at following detailed instructions, but they have no capacity for understanding the information that they work with. Knowledge graphs are a way to approximate that capability by building connections between elements of data that allow us to discover new connections among disparate information sources that were previously uknown. In our day-to-day work we encounter many instances of knowledge graphs, but building them has long been a difficult endeavor. In order to make this technology more accessible Tom Grek built Zincbase. In this episode he explains his motivations for starting the project, how he uses it in his daily work, and how you can use it to create your own knowledge engine and begin discovering new insights of your own.

      • Storage Heartbreak | The Friday Stream 12

        We share stories from a time when computer storage was very precious, and the types of storage were still battling it out for the standard.

        Plus our proposals to do away with time zones, and a special guest helps give away some games.

    • Kernel Space

      • Kernel prepatch 5.3-rc3

        The 5.3-rc3 kernel prepatch is out. "Interesting. Last Sunday, rc2 was fairly large to match the biggish merge window, but this last week has actually been quite calm, and rc3 is actually smaller than usual, and smaller than rc2 was"

    • Benchmarks

      • Another Look At The Maturing AMD Radeon RX 5700 Series Linux Performance

        With the AMD Radeon RX 5700 / RX 5700 XT Linux driver support maturing and the early optimizations/fixes and lingering feature work now calming down for the Linux 5.3 kernel and within RadeonSI/RADV for the imminent branching of Mesa 19.2, here is another look at how the Navi performance stands today compared to AMD Vega graphics cards and the high-end NVIDIA Pascal and Turing graphics cards.

        This newest round of AMD Navi benchmarking was done with the latest Mesa 19.2-devel Git code at the end of last week along with the newest Linux 5.3 Git kernel state and the LLVM 9.0 AMDGPU compiler back-end. These various open-source Linux software components roughly correlate to how the AMD Radeon RX 5700 series Linux support is looking for reaching stable around September and what will be found in the likes of Ubuntu 19.10, Fedora Workstation 31, and other autumn Linux distribution releases.

    • Applications

      • Daniel Stenberg: First HTTP/3 with curl

        In the afternoon of August 5 2019, I successfully made curl request a document over HTTP/3, retrieve it and then exit cleanly again.

        (It got a 404 response code, two HTTP headers and 10 bytes of content so the actual response was certainly less thrilling to me than the fact that it actually delivered that response over HTTP version 3 over QUIC.)

        The components necessary for this to work, if you want to play along at home, are reasonably up-to-date git clones of curl itself and the HTTP/3 library called quiche (and of course quiche’s dependencies too, like boringssl), then apply pull-request 4193 (build everything accordingly) and run a command line like:

        curl --http3-direct https://quic.tech:8443

        The host name used here (“quic.tech”) is a server run by friends at Cloudflare and it is there for testing and interop purposes and at the time of this test it ran QUIC draft-22 and HTTP/3.

      • NordVPN offers NordLynx for Linux, built around WireGuard

        Virtual Private Network (VPN) company NordVPN has introduced NordLynx technology built around the WireGuard protocol.

        WireGuard is thought to be shaking up the VPN space as a new type of protocol because of its approach to cryptography and speed — other protocols in this space include OpenVPN and IPSec out of the water.

        According to the WireGuard team, this technology is designed as a general purpose VPN for running on [anything from] embedded interfaces [up to] super computers alike, fit for many different circumstances.

    • Instructionals/Technical

    • Wine or Emulation

      • DXVK 1.3.2 Released With Fixes/Improvements For The Division, World of Warcraft & More

        While a new Proton 4.11 release came out last week as a big Valve update that included pulling in DXVK 1.3, Philip Rebohle who leads work on this Direct3D-over-Vulkan layer today released DXVK 1.3.2 as the latest update for improving the Windows/Direct3D on Linux gaming experience.

        DXVK 1.3.2 is primarily a bug fix release but does have some CPU overhead reductions to help Direct3D 11.1 games like World of Warcraft. There is also support now for the DXVK configuration file to be able to turn on the heads-up display rather than just using the DXVK HUD environment variable.

      • DXVK 1.3.2 is out as a small and focused stability update to this Vulkan layer

        Developer Philip Rebohle has put out a new point release of the Vulkan-based D3D11 and D3D10 implementation for Wine, with DXVK 1.3.2 now up.

        No major new features this time around, as it's mainly cleaning up some issues in games.

    • Games

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • qutebrowser development blog: Happy birthday, qutebrowser!

          5 years ago today, this happened...

        • About deprecation of QFontMetrics::width()

          With any new version of the Qt toolkit comes some clean-up of its APIs to keep it clean, consistent, and future-proof. Part of this clean-up is to rename API functions to make it more clear what they actually do.

          Starting with Qt 5.11, the QFontMetrics::width() function was deprecated. You could still compile code that uses this function, but since it is marked obsolete, you were encouraged to port away from it.

          So what is unclear or not consistent about it? The function name and signature suggest that you can retrieve the width of a text string (or single character) taking into account the metrics of a specific font. Such metrics are needed to create widget layouts that automatically adapt to user specified fonts or different system display DPIs.

    • Distributions

      • New Releases

        • OSMC's July update is here

          OSMC's July update is now here and we continue to improve the OSMC experience for all of our users over the Summer. We have also been working on adding support for 3D Frame Packed (MVC) output for Vero 4K / 4K + and will make test builds available during the week on the forums. We are still preparing Raspberry Pi 4 images and will make these available soon.

      • Slackware Family

        • Patreon account for Patrick Volkerding’s Slackware

          Everybody who wanted to support Slackware after it became clear that the Slackware Store had not been paying Patrick and family for a long time, but was not prepared to create a PayPal account in order to donate money: there is now an alternative. Patreon is a community site where “Patrons support the creators they love in exchange for exclusive membership benefits“. I don’t know whether Pat will do stuff like “exclusive benefits” considering the fact that he already gives away Slackware Linux for free since 26 years… anyway, he created a page there where you can setup a monthly recurring payment of one dollar or more – whatever you can spare. Payment methods are either PayPal or credit cards.

      • Debian Family

        • Freedombone version 4.0

          The Freedombone project is pleased to announce the launch of version 4.0, based upon Debian 10. At the end of the second decade of the 21st century the shattered remains of the open web are a site of ongoing struggle. The freedom to communicate with others securely and in a manner of your own choosing, and to own your data, is increasingly threatened.

          Superficially, decentralized systems appear to be gaining ground, but the harsh reality is that the internet has become highly concentrated around a few companies with unprecedented political influence.

          There is no freedom without freedom of association. That is, having the ability to define who you are and what kind of community you want to live in. This release includes Community Networks as an initial step towards networks run by and for the people who use them.

        • Freedomebone 4.0 released

          Freedombone 4.0 is available. Freedombone is a distribution (based on Debian 10) focused on the hosting network services under one's own control on home servers.

        • Free software activities in May, June and July 2019

          Here is an update covering what I have been doing in my free software activities during May, June and July 2019.

      • Canonical/Ubuntu Family

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Seven Concerns Open Source Should Worry About, Part 3: Distributed Ownership

        The vast majority of free and open source (FOSS) projects today operate on a license in/license out basis. In other words, each contributor to a code base continues to own her code while committing to provide a license to anyone that wants to download that code. Of course, no developer ever actually signs a downstream license. Instead, all contributors to a given project agree on the OSI (Open Source Initiative) approved license they want to use, and those terms stand as an open promise to all downstream users.

        But is that really the best way to operate? What about the minority of projects that require contributors to assign ownership of their code to the project? They clearly think assignment is a better way to go. Are they right?

        Sometimes, the answer to that question is easy. If a project isn’t controlled by a legal entity, there’s no one to assign code to. Numerically speaking, that’s the case for more than ninety-nine percent of the tens of millions of libraries hosted by GitHub and other forges. Forges are happy to host code, but not take ownership of it.

        But the percentage flips when you look at the most important FOSS products in use today. The vast majority of those programs are supported by either umbrella organizations, like the Apache, Eclipse and Linux Foundations, or by foundations formed just to host a single project. Most of those organizations do not require code assignment. Why not?

        Before we turn to that question, let’s review the benefits and disadvantages of each approach. The main benefit of licensing, as compared to assignment, is that the developer retains unrestricted rights to their code.

        The disadvantages are that no one can speak for the entire code base. If, for example, a new version of a project license came along, it could be difficult for the project to upgrade to that license, particularly if it was no longer able to get in contact with contributors that were no longer active. There would also be no single owner that could bring an action against those violating the terms of the outbound license (largely a concern where a “copyleft” license is involved). That’s because under the laws of countries like the United States, only the owner or the exclusive licensee of a copyrighted work can bring an action against an infringer – like a commercial company that’s using copyleft software in its products without contributing its own innovations back.

        At the same time, the market can be abused by contributors that want to exploit their position as contributors in order to extort damages from inadvertent infringers. While, happily, this has been extremely rare, there is at least one developer, Patrick McHardy, who has been making a business out of suing Linux users, despite the fact that his own contributions to the Linux kernel were estimated two years ago to be less than .25% of the total (that percentage is even lower today). If ownership was in one place, the community of developers could decide among themselves what they deemed, collectively, to be most appropriate.

      • A $1 Billion Open Source Company With No Headquarter: Sid Sijbrandij Of GitLab

        GitLab is one of the most promising open source companies that is valued at $1 billion. What sets GitLab parts from other tech companies is its unique culture. First and foremost, it’s an all remote company that doesn’t have any headquarter. Its work culture focusses more on results than on how many hours you worked. One of the byproduct of this culture is tackling Climate Change in a way most of us didn’t even think of. We sat down with the founder of GitLab to better understand his ideas behind GitLab.

      • Q&A With Ben Kochie, Staff Backend Engineer At GitLab

        In this episode of Let’s Talk, Ben Kochie Staff Backend Engineer, GitLab talks about Kubernetes, Prometheus and the unique remote working culture at GitLab.

      • Haiku Activity Report: Performance Edition

        Welcome to the monthly report for July 2019! Most of the more interesting changes this month have been from myself in the way of performance optimizations, so I’m writing the progress report this month so I can talk about those in some detail.

      • Haiku Developers Begin Optimizing Their BeOS-Inspired OS For Performance

        With the long-awaited Haiku R1 beta having happened at the end of last year and other modern features/support getting squared away, the developers behind this open-source BeOS-inspired operating system have begun investigating their OS performance and making necessary performance optimizations.

        Now that general instabilities and other kernel crashes have been addressed, developers have begun working on addressing the speed of various internal components and making optimizations where relevant. Some of their recent work has been on better memory allocation speed, disk write performance, more granular locking, and avoiding kernel interaction where possible.

      • Marek’s Take: Dish’s 5G plans may be hindered by its lack of open source expertise

        Dish Network is now poised to become the United States’ fourth wireless carrier once T-Mobile’s $26.5 billion acquisition of Sprint is finalized. Although the merger still faces opposition from several state attorneys general, Dish is already putting the wheels in motion to build its nationwide 5G standalone network by issuing a request for proposal (RFP) to potential vendors.

        Dish told the Federal Communications Commission that it will deploy a core network, and offer 5G services to at least 20% of the U.S. population by 2022. And by June 2023, the company’s network will cover 70% of the U.S. population with download speeds of at least 35 Mbps.

      • Alibaba Architecture Frees Open-Source Genie from Trade War Bottle

        Unveiled at an Alibaba Cloud Summit event in the company's home city of Shanghai last week, the XuanTie 910 chip from Alibaba’s subsidiary, Ping Tou Ge Semiconductor, is a rebuke to the Commerce Department’s Entities List of at least five Chinese tech companies.

        In May, the Commerce Department added the Chinese telecom equipment maker Huawei to the list which effectively prevents American technology companies from doing business with it. After talks with Chinese leaders in June, Trump temporarily removed Huawei from the list, but a bipartisan group of Congress members introduced legislation in July that would prevent Trump from revoking the ban unless Congress approved.

      • Dragonchain Open Sources Its Blockchain Platform

        Dragonchain, a blockchain technology company, released their core blockchain platform under an open source license. With this release, Dragonchain will be able to drive adoption among enterprises and developers looking to build their own blockchain based applications. The open source code gives both enterprises and developers access to blockchain innovations, along with the resources to continue innovating with Dragonchain by contributing code. Dragonchain believes this is a necessary step to further drive adoption and understanding of blockchain technology around the world.

        [...]

        The blockchain platform was originally created from scratch by Joe Roets, founder and CEO of Dragonchain. It all began inside The Walt Disney Company in 2014, where the project was internally known as the “Disney Private Blockchain Platform.” The Walt Disney Company approved the release of the original code in 2016, demonstrating that it actively contributes robust code to the world, enabling developers to explore more use cases. This still fits perfectly with the philosophy and values of Dragonchain.

      • Gravitational Updates Its Open Source Management To Deliver IoT-Centric Security

        Gravitational is delivering IoT capability in the latest update to its popular open source access management solution, Teleport. Teleport 4.0 delivers IoT-centric security using modern privileged access management by letting developers leverage existing SSH-based toolchains.



    • Web Browsers

      • Mozilla

        • Web Authentication in Firefox for Android

          Firefox for Android (Fennec) now supports the Web Authentication API as of version 68. WebAuthn blends public-key cryptography into web application logins, and is our best technical response to credential phishing. Applications leveraging WebAuthn gain new second factor and “passwordless” biometric authentication capabilities. Now, Firefox for Android matches our support for Passwordless Logins using Windows Hello. As a result, even while mobile you can still obtain the highest level of anti-phishing account security.

    • Productivity Software/LibreOffice/Calligra

      • Community Member Monday: DaeHyun Sung

        So, my surname is Sung, first name is DaeHyun (Korean Hangul notation: 성대현, Korean Hanja notation: 成大鉉). I’m from the Korean peninsular’s south-east area, Gyeongsang Province (경상도/慶尙道) region, Korea. Now, I live in the south-east side of Seoul (서울).

        I’m Korean. My mother tongue is Gyeongsang dialect of Korean. But I can speaks Both Standard Korean [표준말 or 표준한국어/標準韓國語] and Gyeongsang dialect of Korean [경상도사투리 or 경상방언/慶尙方言].

        My Twitter ID is @studioego, and I’m also on Github: https://github.com/studioego

        I contribute to improvements to Korean language support in free/libre open source software (FLOSS), mostly in my spare time. Also, I’m learning East Asian Languages (such as Mandarin Chinese, and Japanese).

        This is because, three languages (Chinese, Japanese, Korean) use Chinese characters 漢字 (also called “ideographs”) and share a similar culture. I am curious as I study the commonalities and differences in the East Asian languages. I also like to visit some historic sites and take pictures in Korea.

    • Pseudo-Open Source (Openwashing)

    • Openness/Sharing/Collaboration

      • Open Hardware/Modding

        • Open Source desktop 3D print smoother

          If you would like to smooth out the 3D printed filament lines on your 3D prints and designs you may be interested in a new open source smoothing machine which has been created by independent engineer and mechanical designer Ismael. What demonstration video below to learn more about the post treatment machine that allows you to improve the finish of your 3D printed objects. The image below is not from the open source 3D print smoothing machine created by Ismael but shows what can be accomplished using similar methods.

        • Three Companies Bringing Innovation to Open Keyboards

          If innovation is stalled on the desktop, it’s thriving in open hardware. Computers with free firmware, cheap prosthetics, the open source RISC-V architecture — name any innovation that has been confined to speculation in the last decade, and chances are someone is trying to realize it with the help of crowdfunding. One of the strongest examples of this trend is the open keyboard community, which is at the fore of the latest developments.

          Although many of us spend hours each day at a keyboard, most users rarely think of keyboards. They use a full size keyboard with a standard QWERTY layout. Unless they happen to be gamers, they use a membrane keyboard, in which characters are typed by bring two pressure points in contact with one another, a cheap technology that wears out quickly. Meanwhile, unknown to most of us, an open source keyboard community has been working for close to a decade to bring more advanced technology into wide use.

          The world of keyboards is a field with jargon all its own. For instance, preload is the pressure needed to activate a key, and bounce how quickly a key is read to use again. Similarly, tactile (quiet) and clicky (loud) keys refer to how much sound keys make to give users feedback. Even more importantly, top of the line keyboards — usually inspired by the demands of gamers — include programmable keys and layers, which allow the same keyboard to support both QWERTY and Dvorak layouts, or one layout for programming in Vim and another for painting in Krita. Among the initiated, there is also a strong preference for mechanical keys, each with its own mechanism or keyswitch, and all of them longer-lasting than membranes and replaceable if damaged. As well, keycaps — the parts that fingers strike — are also usually removable. Keys are backlit. All these terms and technologies are endlessly debated, but most advanced keyboards have all of them.

    • Programming/Development

      • Huawei releases the ARK Compiler source code

        Only four days to go before the Huawei Developer Conference opens, during which Hongmeng OS could be presented and the Chinese producer opened the ball by releasing the source code of ARK Compiler.

        It was announced last April and was introduced on Huawei smartphones together with EMUI 9.1, the new interface of the Asian giant. Thanks to the new compiler, the fluidity of the operating system has improved by 24%, responsiveness by 44% and third-party applications are 60% faster.

      • Huawei’s Ark Compiler is now open source – paves the way for new possibilities

        Earlier this year, Huawei unveiled its Android compiler known as Ark compiler to speed up the code execution. It aims to improve the overall Android system efficiency by making App compilation more fluent. As announced earlier, the Huawei has finally opened the Ark Compiler for public. Huawei’s idea behind making it open-source is to nourish the development ecosystem, which can play a significant role in the growth of Huawei’s upcoming OS. However, the Chinese electronics maker has not revealed any exact information, but if we believe the industry analysts, then the company is establishing a base for its own OS.

      • How to Make a Scatter Plot in Python using Seaborn

        Data visualization is a big part of the process of data analysis. In this post, we will learn how make a scatter plot using Python and the package Seaborn. In detail, we will learn how to use the Seaborn methods scatterplot, regplot, lmplot, and pairplot to create scatter plots in Python.

        More specifically, we will learn how to make scatter plots, change the size of the dots, change the markers, the colors, and change the number of ticks. Furthermore, we will learn how to plot a regression line, add text, plot a distribution on a scatter plot, among other things. Finally, we will also learn how to save Seaborn plots in high resolution. That is, we learn how to make print-ready plots.

        Scatter plots are powerful data visualization tools that can reveal a lot of information. Thus, this Python scatter plot tutorial will start explain what they are and when to use them. After we done that, we will learn how to make scatter plots.

      • PyDev of the Week: Eric Matthes

        This week we welcome Eric Matthes (@ehmatthes) as our PyDev of the Week! Eric is the author of the popular book, Python Crash Course. He also created a neat set of Python Flash Cards that I reviewed earlier this year.

      • Cogito, Ergo Sumana: Kickoff for Python 2 Sunsetting Communications Work

        Python's 2.x line will reach End of Life on January 1, 2020, meaning that the maintainers of Python 2 will stop supporting it, even for security patches. Many institutions and codebases have not yet ported their code from Python 2 to Python 3. And many of them haven't even heard yet about the upcoming EOL. Volunteers have made many resources to help publicize and educate, but there's still more work to be done.

        So the Python Software Foundation has contracted with my firm, Changeset Consulting, to help communicate about the sunsetting of Python 2. The high-level goal for Changeset's involvement is to help users through the end of the transition, help with communication so volunteers are not overwhelmed, and help update public-facing assets so core developers are not overwhelmed.

      • What You Need to Know to Manage Users in Django Admin

        User management in Django admin is a tricky subject. If you enforce too many permissions, then you might interfere with day-to-day operations. If you allow for permissions to be granted freely without supervision, then you put your system at risk.

        Django provides a good authentication framework with tight integration to Django admin. Out of the box, Django admin does not enforce special restrictions on the user admin. This can lead to dangerous scenarios that might compromise your system.

        Did you know staff users that manage other users in the admin can edit their own permissions? Did you know they can also make themselves superusers? There is nothing in Django admin that prevents that, so it’s up to you!

      • The Future Of Work Is Remote: Carol Teskey

        Carol Teskey is the Director of Global People Operations at GitLab. She joined GitLab from a traditional company and she could see huge differences between the culture of a modern all-remote company and legacy companies.

      • How to sort generative art patterns by beauty (Simple clustering example with python and sklearn)

        Some time ago I created this small script to convert numbers into patterns. I'm not going to explain how the script works in detail but it's inspired on Stephen Wolfram's Elementary Cellular Automatas which converts numbers like 30 into binary (00011110) and then interprets the digits as turning ON or OFF of 8 different basic rules (In that case there are 4 rules activated, rule 4, 5, 6 and 7) that define when to turn ON and OFF a pixel in the image.

        Using this I can generate an infinite number of different patterns, the problem is that most of them are not really interesting and I have no time to check them one by one. That's why in this post I explain how I tried to automate the process of finding out the most interesting/beautiful cellular automatas.

      • Debugging with Docker and Rocker – A Concrete Example helping on macOS

        Roger Koenker posted a question: how to best debug an issue arising only with gfortran-9 which is difficult to get hold off on his macOS development platform. Some people followed up, and I mentioned that I had good success using Docker, and particularly our Rocker containers—and outlined a quick mini-tutorial (which had one mini-typo lacking the imporant slash in -w /work). Roger and I followed up over a few more off-list emails, and by and large this worked for him.

        So what follows below is a jointly written / edited ‘mini HOWTO’ of how to deploy Docker on macOS for debugging under particular toolchains more easily available on Linux. Windows and Linux use should be very similar, albeit differ in the initial install. In fact, I frequently debug or test in Docker sessions when I do not want to install on my Linux host system. Roger sent one version (I had also edited) back to the list. What follows is my final version.

  • Leftovers

    • Security (Confidentiality/Integrity/Availability)

      • Hackers exploit SMS gateways to text millions of US numbers

        Receive any strange SMS text messages recently?

      • How to make a VPN in under 30 minutes

        VPNs, or Virtual Private Networks, are a popular way to stay safe online.

      • Reproducible Builds in July 2019

        In these reports we outline the most important things that we have been up over the past month. As a quick recap, whilst anyone can inspect the source code of free software for malicious flaws, almost all software is distributed to end users as pre-compiled binaries.

        The motivation behind the reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

      • Zero Trust Security Explained

        In this ‘Takeaway’, Mark Loveless explains what is ‘zero trust security. Mark Loveless is Senior Security Engineer at GitLab.

      • You Can’t Trust Anything In The Cloud: Zero Trust Security Explained

        Mark Loveless is Senior Security Engineer at GitLab. In this interview, he talks about zero trust security in the cloud-native world and how cloud has totally changed the security landscape.

    • Finance

    • AstroTurf/Lobbying/Politics

      • Using Restorative Justice To Deal With Internet Trolls And Jackasses

        One of the things that I've tried to highlight over the years, when it comes to questions of content moderation on internet platforms, is that there is a much wider spectrum of options than just "take it down" or "leave it up." Many people seem to think that those are the only two options -- and this is especially true when it comes to policymakers looking to create new laws to moderate types of content online. So much of it is focused on getting sites to remove content. But there are other options -- and sometimes those other options can be more effective.

        The latest episode of the radio program On The Media is an interesting (and admittedly unscientific) experiment in using techniques of "restorative justice" in response to internet trolling and harassment. On The Media has been doing an interesting series of episodes on the concepts of "restorative justice," highlighting that focusing just on punishing those who engage in bad behavior often leads to more of their bad behavior, rather than an improvement going forward. There are a variety of programs these days, that seek to come up with more proactive approaches to dealing with criminal behavior that is driven by circumstances, and it's likely there will be many more as well.

    • Censorship/Free Speech

      • UK Lobbyist's Long-Running Astroturf Efforts Shows Facebook Will Never Be Able To Stop Fake News, Ban All Conservatives

        For all the talk about social media platforms and their supposed anti-conservative bias, it seems like plenty of conservatives are doing just fine. Once you eliminate a short list of fringe grifters and Nazi fans, you're left with plenty of big name conservatives who still enjoy the use of multiple platforms. Even Dennis Prager of PragerU is struggling to make a federal case of YouTube's moderation of a small percentage of his videos; asking the court to ignore the forest of views for a few pruned trees.

        Moderation at scale is hard and every new wrinkle demanded by politicians and activists results in another string of failures. Jim Waterson of The Guardian digs in deep into the details of another Facebook moderation failure -- one that allowed newly-minted Prime Minister Boris Johnson's lobbying buddy to skirt rules meant to inform users about paid political campaigning efforts.

      • Why Is Our First Reaction To Mass Shootings To Talk About Censorship?

        There were more mass shootings this weekend in the US. The Onion has been busy running more copies of its infamous ‘No Way To Prevent This,’ Says Only Nation Where This Regularly Happens articles which run after every such shooting. And yet, it seems that many people want to talk about censorship. And this is true on both sides of the mainstream political aisle. Rep. Kevin McCarthy got the nonsense kicked off with the usual fallback for Republicans who don't want to talk about guns, by blaming video games. This happens all the time -- often from people who claim that they're "Constitutionalists." Of course, it's hard to see how you can be a Constitutionalist if you dump on the 1st Amendment to protect the 2nd.

        But it's not just Republicans with an aversion to having any sort of actual discussion about gun control who jump to censorship. Given that some of the most recent shootings have involved angry, ignorant, idiotic rants posted on 8chan (stop calling them manifestos, guys), there's been a vocal discussion this past weekend on whether or not 8chan should be censored or shut down. 8chan, as you may recall, was founded as something of an alternative to 4chan, after some people (somewhat ridiculously) felt that that site was moderated too much. It was founded with the same hubris as the ignorant people who insist that there should never be any content moderation on any site, without realizing what that means in reality. And now, with even the site's own founder saying that it should be shut down (people might want to go back and look at what he was saying during the GamerGate era...), Cloudflare has now been pressured into cutting off its services for 8chan as well.

      • 'Free Speech Defender' Devin Nunes Sues More Critics, Promises More Such Lawsuits Are Coming

        You can read the complaint here, which is filed by the same lawyer, Steven Bliss, as the previous two lawsuits. Notably, this lawsuit was filed in California state court. The previous two lawsuits were filed in Virginia, likely as a means of evading California's anti-SLAPP statute.

        That's why it's quite interesting that this lawsuit was filed in California. Given that all the defendants are based in California, it's likely that Nunes recognized he couldn't file this case elsewhere -- though it might also explain why this case is filed by his campaign, rather than himself (as the other lawsuits were). However, it does mean that this case is absolutely subject to California's anti-SLAPP laws and could very well mean that Nunes' campaign ends up having to pay the legal fees, should it be judged to be a SLAPP suit. And this lawsuit has many of the hallmarks of a classic SLAPP suit. An elected official, a very public official, suing some critics for their speech criticizing him? Classic SLAPP.

        In this case, the lawsuit is even stranger, as the campaign is -- get this -- arguing "tortious interference with business." Yes, he's arguing that his political critics have gotten in the way of the "business expectancies" of his campaign. Think about that.

        [...]

        He's literally suing over them filing an ethics complaint against him. This is like the quintessential version of what a SLAPP suit is -- one in which a public official sues a critic over petitioning the government. I'd be amazed if the defendants don't move to strike under California's anti-SLAPP law and seek their legal fees from Nunes' campaign.

        Much of the rest of the filing is, as his previous ones, performative, rather than making any reasonable legal claims. Yes, sometimes in campaigns, those who disagree with you do things to try to make you look bad. And, yes, there are reasonable concerns about "dark money" in campaigns -- but I thought it was the Republicans who supported things like Citizens United and the ability to use Super PACs and dark money. Of course, what's amusing is how much this complaint's whining about "dark money" seem to mirror the complaints Nunes' critics make about dark money in his campaign. Indeed, last year, the group "Anybody But Nunes" put out a document raising questions about Nunes' fundraising practices. It calls for an FEC investigation into his own fundraising practices, highlighting an article that the FEC had started investigating his campaign for possible campaign finance violations, though those appear to be focused on a few donations that may have exceeded federal contribution limits.

    • Privacy/Surveillance

      • DEEP DIVE: CBP’s Social Media Surveillance Poses Risks to Free Speech and Privacy Rights

        The U.S. Department of Homeland Security (DHS) and one of its component agencies, U.S. Customs and Border Protection (CBP), released a Privacy Impact Assessment [.pdf] on CBP’s practice of monitoring social media to enhance the agency’s “situational awareness.” As we’ve argued in relation to other government social media surveillance programs, this practice endangers the free speech and privacy rights of Americans.

      • Cisco Shells Out $8.6 Million For Selling The Government Easily Hackable Tech

        Not keen on competing with cheaper Chinese hardware, Cisco has long lobbied the US government to hamstring Chinese competitors like Huawei for lax security practices. At the beginning of this decade as Huawei began to make inroads into US markets, Cisco could frequently be found trying to gin up lawmaker angst on this subject for obvious, financial gain. And while Huawei (like most telecom giants) certainly does dumb and unethical things, it's fairly obvious that at least a portion of our recent hyperventilation over (so far unproven) allegations that Huawei spies on Americans is good old fashioned protectionism.

        Fast forward to this week, when new reports suggested that Cisco should have spent a little more time worrying about its own products. The company was required to pay the government $8.6 million after it was found the company routinely sold the government hackable video cameras, then did nothing to secure the devices once they were in the wild. For years. The vulnerable gear, exposed by a Cisco whistleblower, was sold to a variety of hospitals, airports, schools, state governments and federal agencies.

    • Civil Rights/Policing

      • ‘Judgment at Nuremberg’ more timely than ever

        At the heart of the matter is Nazi Germany’s fear of “genetic pollutants” and miscegenation which led to such policies as forced sterilization. The defense counsel, Hans Rolfe (Maximilian Schell), puts forward a novel legal theory. He sees the entirety of the German people being on trial and therefore partially responsible for the actions of the accused jurists..

      • Invoking Massacres In Dayton And El Paso, Chicago Police Chief Spreads Disinformation About Bail Reform

        In the wake of massacres in Dayton and El Paso, Chicago police chief Eddie Johnson once again promoted misinformation about bail reform and how it has fueled gun violence in Chicago.

        Seven people were reportedly killed, and at least 46 individuals were injured in shootings that took place from Friday evening to early Sunday.

        The Chicago Police Department believes all of the weekend violence was connected to individuals linked to gangs, who are “carrying illegal guns to settle disputes and prey on rivals.”

        Johnson griped during a press conference on August 4, “For $1000 and an ankle bracelet, you can walk out of jail after being arrested with military-grade assault weapons complete with armor-piercing bullets. And I can say that because we saw that happen yesterday.”

        When Johnson was asked to expand on his remarks about bail reform, he defensively replied, “Look, bail reform, I’m okay with that. You know, we clearly should be doing some things differently. What I’m not okay with is a guy has four AK-47s, and he gets out on home monitoring.”

      • St. Louis County Pays Woman $750,000 After Cops Perform A No-Knock Raid, Kill Her Dog... All Over Unpaid Utility Bills

        The taxpayers of St. Louis County are now out $750,000 because the local boys thought the best way to address a "problem property" complaint was to talk themselves into feeling reasonably afraid and head in guns blazing.

        The officers knew Zorich possessed at least one pit bull. But this alone wasn't enough to justify the no-knock raid. Nor the murder of the dog. Officers claimed the dog charged them, necessitating the killing of the family pet. But testimony during the trial exposed this for the lie it was. The dog was shot in the back, six feet away from the nearest officer who, let's remember, was wearing tactical gear.

    • Monopolies

      • Patents and Software Patents

        • Nokia v. Daimler: (anti-)anti suit injunctions and the Brussels I regime in global FRAND litigation

          What a time to start off as GuestKat! Just a few days ago the ECJ issued three landmark copyright decisions [see here] and upheld the invalidation of Red Bull's blue-and-silver color marks [see here].

          In patent law, the Munich Regional Court made waves when it became known that it had issued an "anti-anti suit injunction" in proceedings between Nokia and Daimler [reported on FOSS Patents here, on JUVE Patent here and on the Comparative Patent Remedies blog here].

          This decision is potentially quite important for the developing global landscape, so I'd like to reflect on it in a bit more detail here, particularly how the issues might play out in a European context under the Brussels I regime. A 'Notice of letter to court' filed by Nokia that contains the decision and an English translation thereof has been made available by Florian Mueller of FOSS Patents here.

          [...]

          FOSS Patents notes that Continental US's motion for the anti-suit injunction suffers from various problems and I would agree. Several of Daimler's suppliers were joined in the German proceedings because Daimler invoked indemnity against them, but Continental US was not among them. That suggests that Continental US is not the entity actually supplying Daimler with the TCU's. In addition, the motion seems overbroad as Nokia contends that some of the German cases involve models that don't comprise Continental TCU's. It is thus doubtful whether the anti-suit injunction would have been granted by the District Court or, so long as Continental US does not comply with the Munich injunction, will be granted.

          However, I don't agree with FOSS's suggestion that "there would actually be valid policy reasons" for the District Court to enjoin the German proceedings. That would mean that any party sued for infringement of a SEP before a German court could file a new suit in the US, where FRAND-case law might be more favourable to it, and through an anti-suit injunction block the German proceedings. It seems correct, as the Munich Regional Court finds at 2 a) bb), that this would deprive the patentee "of their right of action in Germany". That is all the more so if it were not just open to the implementer to do this, but also to their supplier, as is the case here.

        • Which Area is Wider?

          The priority filing of Collabo’s U.S. Patent No. 5,952,714 reaches back to 1995. Although the patent is now expired, Sony filed this inter partes review (IPR) to avoid back damages. The pending infringement litigation was stayed pending outcome of the IPR. For its part, Collabo is a subsidiary of the licensing company Wi-Lan, who bought several hundred patents from Panasonic.

          The patent covers an improved solid state image sensor used in cameras. Here, the improvement is a reduction in manufacturing costs by increasing the size of the housing inlet (26) — allowing the chip (27) to be inserted more easily (from below in the drawing).

          [...]

          In its claim construction, the Federal Circuit agreed with the Board, that “wider area” might be a smaller area, so long as one dimension is wider. The Court particularly notes that the specification uses “larger area” when considering the actual area, but “wider” when looking at one dimension of the space. That construction meant that the prior art was easier to link to the claims and support the Board’s invalidity finding.

      • Trademarks

      • Copyrights

        • New official translations of CC legal tools published for Korean and Czech

          The version 4.0 license suite and CC0 are now available in Korean as a result of the collaborative work of CC Korea volunteers. The 4.0 licenses are also now available in Czech, thanks to the work and leadership of CC community members from the Czech Republic.

          For the Korean translations, the process was initiated by a group of CC Korea members as a collaborative project in 2017 and was on hold before being resumed in late 2018. The Korean translations were drafted by Soohyun Pae, professional translator and former CC Asia Pacific Regional Coordinator, and then reviewed by Jay Yoon, the former Public Lead of CC Korea who is a practicing lawyer. The final draft for review was submitted to CC HQ on Feb 8, 2019. With the kind support of the Korea Copyright Commission, the public consultation was held from Apr 1 to Apr 30, 2019 through a dedicated webpage and the announcement was made by CODE through its social media and by the Korea Copyright Commission on its website. The public consultation went smoothly and was completed with no major issues found.



Recent Techrights' Posts

Microsoft Openwashing Stunts Initiative (OSI) is A Vulture in "Open" Clothing
it's quite telling that the OSI isn't protecting the Open Source Definition
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
2025 Will be Fought and Fraught With LLM Slop or Fake 'Articles' (Former Media/News Sites Turning to Marketing Spam)
The elephant in the room?
 
Links 27/12/2024: Perfect Desk, Banning Cellphones, Many Cables Cut Near Finland
Links for the day
Gemini Links 27/12/2024: Slop and Self-hosting
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 26, 2024
IRC logs for Thursday, December 26, 2024
Links 26/12/2024: Japan-China Mitigations and Mozambique Prison Escape (1,500 Prisoners)
Links for the day
Links 26/12/2024: Ukraine's Energy Supplies Bombed on Christmas Day, Energy Lines Cut/Disrupted in the Baltic Sea Again
Links for the day
Gemini Links 26/12/2024: Rot Economy, Self-hosted Tinylogs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 25, 2024
IRC logs for Wednesday, December 25, 2024
[Meme] Time to Also Investigate Bill Gaetz
Investigation overdue
IBM Has Almost Obliterated or Killed the Entire Fedora Community (Not IBM Staff)
Remaining Fedora insiders are well aware of this, but bringing this up (an "accusation" against IBM) might be a CoC violation
Links 25/12/2024: Fentanylware (TikTok) Scams and "Zelle Scams Lead to $870M Loss"
Links for the day
Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day