Bonum Certa Men Certa

Links 8/8/2019: Xfce Settings 4.13.8, Lars Knoll on Qt 6, VLC Fights Back Against FUD War on FOSS



  • GNU/Linux

    • Server

      • Issue #2019.08.05 ? Kubeflow 0.6 Release

        Kubeflow v0.6: support for artifact tracking, data versioning & multi-user – version 0.6 includes several enterprise features to support multiple users and better model training pipelines. For multiple users, Kubeflow v0.6 provides a flexible architecture for user isolation and single sign-on. For data, enhancements have been added to Kubeflow Pipelines and jupyter. In total, over 250+ merged pull requests!

      • State Of Cloud Native Landscape : Sysdig Founder Loris Degioanni

        In this Takeaway segment, Loris Degioanni, founder and CTO of Sysdig, talks about the evolution and state of cloud-native world.

      • Kubernetes Orchestrates Name Change For Mesosphere, It’s Called D2IQ Now

        Mesosphere, one of the earliest players to offer container orchestration platform, is re-tuning its focus with the name change. The company is now called D2iQ.

      • Mesosphere Becomes D2IQ, Moves Into Kubernetes, Big Data

        The jargonized new name means "Day 2 IQ," with Day 2 being a DevOps term that refers to the operations part of the software development lifecycle and with IQ equating to "smart."

      • My Favorite Infrastructure

        Working at a startup has many pros and cons, but one of the main benefits over a traditional established company is that a startup often gives you an opportunity to build a completely new infrastructure from the ground up. When you work on a new project at an established company, you typically have to account for legacy systems and design choices that were made for you, often before you even got to the company. But at a startup, you often are presented with a truly blank slate: no pre-existing infrastructure and no existing design choices to factor in.

        Brand-new, from-scratch infrastructure is a particularly appealing prospect if you are at a systems architect level. One of the distinctions between a senior-level systems administrator and architect level is that you have been operating at a senior level long enough that you have managed a number of different high-level projects personally and have seen which approaches work and which approaches don't. When you are at this level, it's very exciting to be able to build a brand-new infrastructure from scratch according to all of the lessons you've learned from past efforts without having to support any legacy infrastructure.

      • IBM

        • Red Hat Enterprise Linux 7.7 Released with Live Kernel Patching, Improvements

          Red Hat Enterprise Linux 7.7 is here nine months after the release of Red Hat Enterprise Linux 7.6 as the last maintenance and security update in the series to add one more layer of stability and reliability to the Red Hat Enterprise Linux 7 operating system series, which Red Hat promises to keep alive for a few more years, but without releasing additional maintenance updates. As such, Red Hat Enterprise Linux 7.7 will be supported for two years, until August 30th, 2021.

          "As the hybrid cloud takes hold as a preferred production environment for mission-critical workloads, maintaining stability and consistency across all IT footprints is key. With Red Hat Enterprise Linux 7.7, we show our continued commitment to the 10-year Red Hat Enterprise Linux lifecycle while also introducing key new features, like image builder and Red Hat Insights, to help IT organizations get the most from their existing Red Hat Enterprise Linux 7 investments,” said Stefanie Chiras, vice president and general manager, Red Hat Enterprise Linux, Red Hat.

        • Integration overload? Global systems integrators can help

          Harnessing the power of emerging technologies like artificial intelligence, machine learning and big data analytics to make smarter business decisions and improve customer experiences?

          Sure, that sounds great. It will, however, require that you make some complex technology decisions that work for your unique business needs.

    • Audiocasts/Shows

      • FLOSS Weekly 541: Hack-a-day

        Hackaday is a website that promotes the free and open exchange of ideas and information. Besides the articles that the website publishes, it also has hardware development community called Hackaday.io where you can discover, create, collaborate, and get feedback on your projects.

      • mintCast 314 – Moss Interview (for real)

        I started playing with Linux in the early 2000s, I got Slackware and Red Hat disks but was too timid to look up all the information on all my cards. I finally got Mandrake to run, and it was fun but was not ready to replace all the things I did. Mandrake had a numerical upgrade, which would not work on my computer. Then I tried SuSE (just before OpenSUSE started), and it ran. But it was strictly niche at that point. My next-door neighbor played with things and eventually had two Windows boxes, a homemade Hackintosh, and a Fedora box, all networked; years later, he passed and bequeathed all those computers to me. When XP users were being pushed to 7, I moved to Ubuntu Gnome. When Ubuntu moved to Unity, that would not run on my computer, and I went back to Win7. I had some Win 8/8.1 computers but got over that, and went back to 7. Then when they tried to force me to Win 10, I tried it, saw all the open holes, found I couldn’t close all the security holes, went back to 7, and found most of the holes were left open. So I installed Linux Mint 17 and have not gone back. Linux has grown substantially in the last 15 years, and is now, in my opinion, a better system than Windows.

    • Kernel Space

      • I Never Had a Machine With More Than 2GB of RAM. But Phoronix Portrays GNU/Linux as Sucking on Memory Management.

        GNU/Linux is handling reasonably well a complete system with 2GB of RAM (or less). Super-bloated applications is where things start getting trickier.

      • Linux Foundation

      • AMD and NVIDIA

        • AMD EPYC 7002 Series Unveiled With Primed Linux Support & Strong Server Performance

          One month ago today we were talking about the AMD Ryzen 3000 series processor and new Radeon RX 5700 series graphics cards, all manufactured on TSMC's 7nm process. Today, for 7th August, the embargo has now lifted and we are talking about something arguably more exciting, or at least the ability to more profoundly impact an industry (data centers): AMD's EPYC 7002 series is ready and their line-up and ultimately the resulting performance is the most exciting and competitive we have seen ever out of AMD in the server space.

        • AMD EPYC 7502 + EPYC 7742 Linux Performance Benchmarks

          Now that you have read our AMD EPYC "Rome" 7002 series overview, here is a look at the initial performance benchmarks from our testing over the past few weeks. This testing focused on the new AMD EPYC 7502 and EPYC 7742 processors in both single (1P) and dual (2P) socket configurations using AMD's Daytona server reference platform. Tests were done on Ubuntu Linux and compared to previous AMD EPYC processors as well as Intel Xeon Scalable.

        • AMD Submits Navi 12/14 & Arcturus GPU Support Code For Linux 5.4 Kernel Queue

          AMD sent in their initial pull request of feature changes to their AMDGPU Direct Rendering Manager graphics driver to begin queuing in DRM-Next for September's kick off the Linux 5.4 kernel cycle. Notable to this batch of AMDGPU DRM-Next work is a lot of new unreleased GPU support.

          Unlike where the Navi 10 support landed in the mainline kernel after the AMD product launches, Navi 12 and Navi 14 GPU support is now ready to go and will be sitting in DRM-Next until the Linux 5.4 cycle begins. Of course, AMD could end up releasing Navi 12/14 products prior to Linux 5.4 stable going out as stable around November, but at least this support is available. We've also already seen Navi 12/14 happenings go on within the user-space OpenGL/Vulkan drivers and related code.

        • RADV Driver Plumbs Navi Support For Performance-Improving DCC On Storage Images

          Another set of patches was merged on Tuesday for the upcoming Mesa 19.2 to further along its Radeon "Navi" support within the RADV Vulkan driver.

          Following a series of patches, Mesa 19.2's RADV driver has experimental support for delta color compression (DCC) on storage images. Storage images within Vulkan are for operations on image memory from within shaders bound to pipelines. RADV has added the new code for the architecture improvements with Navi for handling DCC on storage images where as previously it was unsupported.

        • NVIDIA Starts Publishing GPU Hardware Documentation To Help Open-Source Drivers

          Today is a wild one for open-source/Linux users. Let's begin with the unexpected news: NVIDIA is releasing more GPU hardware documentation at long last! Yes, freely-available hardware interface documentation to assist in the development of the open-source NVIDIA Linux driver (Nouveau).

        • NVIDIA have released some GPU documentation on GitHub

          Someone check the weather in hell, as NVIDIA seem to be opening themselves up a bit more with the release of some GPU documentation.

    • Benchmarks

      • Initial Benchmarks Of The Spectre "SWAPGS" Mitigation Performance Impact

        Yesterday the SWAPGS vulnerability was made public as a new variant of Spectre V1 that affects all operating systems and is believed to affect only Intel CPUs. The SWAPGS discovery by Bitdefender was quietly mitigated by Microsoft for Windows 10 last month while yesterday the patches were posted for the mainline Linux kernel as the Grand Schemozzle. As soon as learning of this SWAPGS vulnerability and seeing the kernel code, I began running some preliminary performance tests to look at the impact of this latest CPU mitigation.

        Especially with that text, I was quite interested in seeing what the performance is looking like as a result of this latest kernel activity for tightening up the Intel CPU security. This morning I have results wrapped up on an Intel Core i9 9900K processor. SWAPGS or the "Grand Schemozzle" is believed to affect all Intel CPUs from at least Ivybridge through their latest products.

    • Applications

      • ANNOUNCE: gtk-vnc 1.0.0 release

        I’m pleased to announce a new release of GTK-VNC, version 1.0.0.

      • Top 4 Best Blogging Software for Linux in 2019

        In the last few years, blogging has become a popular way of sharing one’s thoughts about almost anything. While people use blogs to express themselves, businesses go with blogging to cement their position as a competent authority in their area of operations. Over the past years, many have taken on blogging as various blogging software makes it as simple and straightforward as possible. Now, you can create a blog site even if you lack technical skills such as coding and web development.

        Today, blogging software is being created for every operating system, not just for Windows and Mac. Since bloggers who want to make themselves heard are using different operating systems, it is essential to help you identify the best blogging software for Linux as well. Here are the top four blogging software for Linux.

      • RV Offsite Backup Update

        I've been very pleased with using my RV media center as an offsite backup, and with the addition of a VPN, it's been even better to have new media while I'm on the road. I just need to find a cost-effective way to keep the Raspberry Pi on and online without racking up a huge cell-phone bill, and then I'll truly have an always-up-to-date off-site backup. Since my last road trip, I've thought of a number of improvements to this setup, so stay tuned for future articles where I'll describe even more updates.

      • 11 Best Free Linux Astronomical Data Analysis Tools

        Astronomy is a branch of science that deals with the study of celestial objects (including stars, planets, moons, comets, asteroids, meteor showers, nebulae, star clusters, galaxies) and other phenomena such as gamma ray bursts and supernovae.

        Astronomy is particularly well suited to the layperson. It is a wonderful hobby which has almost no age limits, it is open to individuals of all financial means, and there is always the potential for an amateur to discover something that has eluded professional astronomers, or to help monitor stars and track asteroids. Professional astronomers are in a very fortunate profession. They have the opportunity to continue their love of astronomy, travel the world, make significant discoveries, and get paid at the same time.

        Professional astronomers spend far more of their time analyzing data and writing articles than actually observing celestial objects. Amateur astronomers are also keen to analyze the data they have collated. Software that can process and analyze images is therefore essential to astronomers. Fortunately, high performance scientific software has always been a strong area for Linux.

      • FFmpeg 4.2 releases with AV1 decoding support through libdav1d, decoding of HEVC 4:4:4 content and more

        Two days ago, the team behind FFmpeg released their latest version of FFmpeg 4.2, nicknamed “Ada”. This release comes with many new filters, decoders, and demuxers.

        FFmpeg is an open-source project composing software suite of libraries and programs to handle multimedia files. It has cross-platform multimedia framework which is used by various games and applications to record, convert and stream audios and videos. The previous version FFmpeg 4.1 was released last year in November. The FFmpeg team has announced on Twitter that the follow-up point release (4.2.1) will be released in a few weeks.

        FFmpeg 4.2 has a AV1 decoding support through libdav1d. It also supports decoding of HEVC 4:4:4 content in nvdec, cuviddec and vdpau. It has many new filters like tpad, dedot, freezedetect, truehd_core bitstream, anlmdn, maskfun, and more.

    • Instructionals/Technical

    • Games

      • 18th century city-builder "Ostriv" still planning to support Linux

        Ostriv is a game I've not heard anything about for quite some time, after initially covering it here on GamingOnLinux back in 2017. It's heading to Steam Early Access this year!

      • Anodyne 2: Return to Dust confirmed for launch on August 12th, Linux support included

        Anodyne 2: Return to Dust, the standalone followup to Anodyne that doesn't require you play the original is officially launching with Linux support on August 12th.

      • Tactical action-platformer Gunslugs:Rogue Tactics is out

        Jump, dodge, shoot and hide in the latest game from Orangepixel, the tactical action-platformer Gunslugs:Rogue Tactics is out now.

      • Porting Games To Linux Is A Waste Of Time? This Game Developer Says You're Doing It Wrong

        It may surprise you to learn, then, that Bearded Giant Games' latest release on Steam -- Space Mercs -- has a whopping 35-percent sales share on Linux. Not only is that significantly higher than the norm, but Bacioiu insists his Linux customers make the development process easier.

        What's going on here?

        I immediately interviewed Bacioiu (who goes by "Zapa" within his community) on my podcast Linux For Everyone after he told me this unusual statistic. I was fascinated with his story.

        Basically, Bacioiu believes there are 2 things the majority of game developers are doing wrong.

        "People say 'OK I know about Linux so I'll just do an export in Unity and make a Linux build and that's it,'" Bacioiu says. "But they don't do any QA [Quality Assurance testing], and it's a terrible experience. People are going to ask for refunds, and then your average developer is going to say 'well Linux isn't worth my time.'"

        Bacioiu also argues that developing on a Linux platform ensures that your game will have better cross-platform compatibility than developing on Windows.

        "All the middleware that I'm using on Linux is guaranteed to work on Windows, because it's not relying on DirectX or any Windows-specific things," he says.

      • Platform Exclusives - A Linux Perspective

        Every time an Epic Store exclusive is announced, the developer/publisher is flooded with messages ranging from dissatisfied to utterly vile. On the latter, just don't, please. The Ooblets developers have been flooded with racist, misogynistic and otherwise needlessly aggressive comments from the cesspits of the internet. I'm not even sure any of those people had any interest in the game to begin with.

        Some of the ire is justified, however. The word "platform" is used in so many contexts that it's becoming meaningless, and extending to areas it should probably not. It once was enough to consider your hardware the platform, or your operating system. And generally people are okay-ish with a game that is exclusive to a different platform, like say Nintendo. But now this has extended to the online store you bought something on. Your "platform" is no longer "PC", or "Windows", it's Microsoft Store, or Steam, or Epic Games Store.

        And people more erudite than myself have given many reasons for why this is bad for PC gaming as a whole. But instead of focusing on ideological reasons, allow me to tell you what this means for a Linux gamer. A platform exclusive announcement for a Windows user might mean the difference between buying/playing via the Fortnite Launcher vs. using the Half-Life launcher. For a Linux user this could well mean that any chance of playing the game goes away entirely. And what makes it irksome, is that there's no good reason for that. It's all artificial barriers.

      • The Best Command-Line-Only Video Games

        rundown of the biggest, most expansive and impressive games that you can run entirely in your Linux shell.

        The original UNIX operating system was created, in large part, to facilitate porting a video game to a different computer. And, without UNIX, we wouldn't have Linux, which means we owe the very existence of Linux to...video games.

        It's crazy, but it's true.

        With that in mind, and in celebration of all things shell/terminal/command line, I want to introduce some of the best video games that run entirely in a shell—no graphics, just ASCII jumping around the screen.

        And, when I say "best", I mean the very best—the terminal games that really stand out above the rest.

        Although these games may not be considered to have "modern fancy-pants graphics" (also known as MFPG—it's a technical term), they are fantastically fun. Some are big, sprawling adventures, and others are smaller time-wasters. Either way, none of them are terribly large (in terms of drive storage space), and they deserve a place on any Linux rig.

      • Screaming Steel: 1914-1918, a WWI total conversion for Day of Infamy has a major update

        If you're after your next FPS fix, perhaps the Screaming Steel: 1914-1918 mod for Day of Infamy might be worth a look.

      • Dota 2 is going through some big changes to matchmaking

        Valve are attempting to address numerous complaints and issues with the Dota 2 community and matchmaking system, with some experimental changes. These changes have been explained in some detail in their latest update.

        Starting off by giving some reasons for the changes, they said over the next year they will be focusing on all sorts including "intra-team balance, player conduct, new player experience, abusive behaviors, account buying, friend and teamplay aspects, high mmr matchmaking dynamics" and more. Why? They want to make Dota 2 more fun for people playing at any level.

        The first set of major experimental are already up and will last until the end of the season. When the experiment is over, they will be requesting feedback sometime after The International tournament concludes.

      • After a mishap losing code, the dev of Exodemon has recovered some making a Linux build possible

        Exodemon, a fast paced first person shooter that recently released on Steam has an unfortunate history with some code being lost. The good news is some has been recovered and work continues, with a Linux version possible again.

        It release on Steam on August 3rd and it came without the previously confirmed Linux version. I was aware of what happened after chatting to the developer previously, but waited until they said something more public on it.

    • Desktop Environments/WMs

      • Xfce Settings 4.13.8 Released

        As we prepare to release Xfce 4.14, each component is receiving another round of reviews and polish. Xfce Settings 4.13.8 includes a bevy of fixes and translations, and forms a solid foundation for the Xfce desktop.

      • GNOME Desktop/GTK

        • Running GNOME in a Container

          Virtualization has always been a rich man's game, and more frugal enthusiasts—unable to afford fancy server-class components—often struggle to keep up. Linux provides free high-quality hypervisors, but when you start to throw real workloads at the host, its resources become saturated quickly. No amount of spare RAM shoved into an old Dell desktop is going to remedy this situation. If a properly decked-out host is out of your reach, you might want to consider containers instead.

          Instead of virtualizing an entire computer, containers allow parts of the Linux kernel to be portioned into several pieces. This occurs without the overhead of emulating hardware or running several identical kernels. A full GUI environment, such as GNOME Shell can be launched inside a container, with a little gumption.

          You can accomplish this through namespaces, a feature built in to the Linux kernel. An in-depth look at this feature is beyond the scope of this article, but a brief example sheds light on how these features can create containers. Each kind of namespace segments a different part of the kernel. The PID namespace, for example, prevents processes inside the namespace from seeing other processes running in the kernel. As a result, those processes believe that they are the only ones running on the computer. Each namespace does the same thing for other areas of the kernel as well. The mount namespace isolates the filesystem of the processes inside of it. The network namespace provides a unique network stack to processes running inside of them. The IPC, user, UTS and cgroup namespaces do the same for those areas of the kernel as well. When the seven namespaces are combined, the result is a container: an environment isolated enough to believe it is a freestanding Linux system.

          Container frameworks will abstract the minutia of configuring namespaces away from the user, but each framework has a different emphasis. Docker is the most popular and is designed to run multiple copies of identical containers at scale. LXC/LXD is meant to create containers easily that mimic particular Linux distributions. In fact, earlier versions of LXC included a collection of scripts that created the filesystems of popular distributions. A third option is libvirt's lxc driver. Contrary to how it may sound, libvirt-lxc does not use LXC/LXD at all. Instead, the libvirt-lxc driver manipulates kernel namespaces directly. libvirt-lxc integrates into other tools within the libvirt suite as well, so the configuration of libvirt-lxc containers resembles those of virtual machines running in other libvirt drivers instead of a native LXC/LXD container. It is easy to learn as a result, even if the branding is confusing.

        • Matthias Clasen: Pango 1.44 wrap-up

          In my last post discussing changes in Pango 1.44, I’ve asked for feedback. We’ve received some, thanks to everybody who reported issues!

          We tried to address some of the fallout in several follow-up releases. I’ll do a 1.44.4 release with the last round of fixes before too long.

          Here is a summary.

    • Distributions

      • Fedora Family

        • Open Position: NeuroFedora is looking for a Spin/Lab master

          Now that we are about a year into the project, we have quite a bit of software ready for users to use.

        • Fedora 30 on Google Compute Engine

          Fedora 30 is my primary operating system for desktops and servers, so I usually try to take it everywhere I go. I was recently doing some benchmarking for kernel compiles on different cloud plaforms and I noticed that Fedora isn’t included in Google Compute Engine’s default list of operating system images.

      • Debian Family

        • RQuantLib 0.4.10: Pure maintenance



          A new version 0.4.10 of RQuantLib just got onto CRAN; a Debian upload will follow in due course.

          QuantLib is a very comprehensice free/open-source library for quantitative finance; RQuantLib connects it to the R environment and language.

          This version does two things related to the new upstream QuantLib release 1.16. First, it updates the Windows build script in two ways: it uses binaries for the brand new 1.16 release as prepapred by Jeroen, and it sets win-builder up for the current and “prospective next version”, also set up by Jeroen. I also updated the Dockerfile used for CI to pick QuantLib 1.16 from Debian’s unstable repo as it is too new to have moved to testing (which the r-base container we build on defaults to). The complete set of changes is listed below:

      • Canonical/Ubuntu Family

        • Linux Mint 19.2 released, here is how to upgrade
        • Canonical set to bring ZFS improvements over the coming Ubuntu cycles

          Canonical has announced that beginning with Ubuntu 19.10, it will begin improving the state of the ZFS file system to make it more practical for desktop users. Ubuntu 19.10 will be the first release with improvements but it’ll be a multi-cycle effort until a time when Canonical feels that it’s production-ready.

          In the first place, Canonical wants to make improvements to Ubuntu’s ZFS support for it to work better on the desktop. In its announcement, the firm said further down the road it’d like to bring it to server releases, presumably when the technology is more mature. Although improvements will be available with Ubuntu 19.10, Canonical warns not to use it on production systems because data may get erased at any time.

        • Ubuntu 19.10 Will Offer Experimental ZFS File System Option

          Have you been itching to know more about Ubuntu’s ZFS file system plans? Well, get ready to stop scratching, ‘cos Canonical has revealed all.

          Now, I know as much about filesystems as I do about world wrestling: that’s to say nothing, other than it can be painful if you’re an amateur. Yet even I’m getting a tiny bit excited by Canonical’s efforts with ZFS.

          The newly announced plan — which I should stress could still go south, but probably won’t, but could, but shouldn’t — is to include an ZFS install option in Ubuntu 19.10, the next short term release due this October.

        • Ubuntu 19.10 to Support ZFS on Root as an Experimental Option in the Installer

          Ubuntu 19.10 (Eoan Ermine) will be the next major release of the popular Ubuntu Linux operating system, and also a testbed for Canonical to implement new features and see if they prove to be useful to the community for upcoming LTS (Long Term Support) releases, such as next year's Ubuntu 20.04 LTS.

          One of these new features coming to the Ubuntu 19.10 release this fall is an experimental option implemented in the graphical installer to let users create a root file system formatted with the ZFS file system. But Canonical warns users that they should not use it on a production machine.

        • Canonical Confirms Their Experimental ZFS Plans For The Ubuntu 19.10 Desktop
        • Enhancing our ZFS support on Ubuntu 19.10 – an introduction
        • Linux Mint 19.2 "Cinnamon" overview | Sleek, modern, innovative

          In this video, I am going to show an overview of Linux Mint 19.2 "Cinnamon" and some of the applications pre-installed.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Intro to Corteza, an open source alternative to Salesforce

        Corteza is an open source, self-hosted digital work platform for growing an organization's productivity, enabling its relationships, and protecting its work and the privacy of those involved. The project was developed entirely in the public domain by Crust Technology. It has four core features: customer relationship management, a low-code development platform, messaging, and a unified workspace. This article will also explain how to get started with Corteza on the command line.

      • Events

        • Christopher Allan Webber: ActivityPub Conf 2019 Speakers

          Good news everyone! The speaker list for ActivityPub Conf 2019 is here! (In this document, below, but also in ODT and PDF formats.)

          (Bad news everyone: registration is closed! We're now at 40 people registered to attend. However, we do aim to be posting recordings of the event afterwards if you couldn't register in time.)

        • The upcoming Linux-Tech&More event's [Ed: I don’t think he knows the meaning of the word “event”… ]
      • Productivity Software/LibreOffice/Calligra

        • LibreOffice or FreeOffice? Manjaro Gives You the Right to Choose

          In the last week of July, Manjaro Linux suddenly decided to drop the popular open source productivity suite LibreOffice in favor of Softmaker’s FreeOffice. The decision faced heavy criticism from people who prefer using open source software.

          The Manjaro team listened to the community feedback and modified its decision of including FreeOffice as the default office suite. From next release, users will get the option to choose between FreeOffice and LibreOffice while installing Manjaro Linux.

          [...]

          Personally, I am glad that Manjaro Linux changed its earlier decision and took a more balanced approach about including the proprietary software.

          There are a few Linux distributions that are determined to include only open source software (like Trisquel) but Manjaro is not one of them. Manjaro Linux is more mainstream and it (seems to) cater to the need of a regular user who would be happy to get his/her work done without going into details of whether or not the software is open source.

      • Education

        • Can toys teach coding to kids?

          On a Christmas morning in the early 2000s, my mom found herself slaving over a freshly unwrapped copy of Lego Mindstorms: Star Wars. The commercials aired on Cartoon Network for months, offering a fantasy that was too appealing for me to pass up: Supposedly, with a sturdy hard drive, an elementary understanding of computer science, and my own recess-honed Lego skills, a 10-year-old like me could construct and program his very own AT-ST mech from The Empire Strikes Back all by himself. With a press of a button, my robot would be able to walk along the kitchen table and swing its head side to side.

          [...]

          And Robo Wunderkind is just the tip of the iceberg. The Chinese company Makeblock offers several DIY programming kits, including one where children can construct their own drones. With a Bitsbox subscription, every month your kids will receive a new create-an-app adventure.

      • Funding

      • FSF/FSFE/GNU/SFLC

        • Fundraiser membership drive comes to an end and we all win!

          The Free Software Foundation (FSF) spring fundraiser has come to an end and we would like to thank you for your help in surpassing our ambitious goal of 200 new members in 28 days, and for all the inspirational words of support we've received over the past weeks.

      • Licensing/Legal

        • REUSE makes copyright and licensing easier than ever

          The licensing of a software project is critical information. Developers set the terms under which others can reuse their software, from individuals to giant corporations. Authors want to make sure that others adhere to their chosen licenses; potential re-users have to know the license of third-party software before publication; and companies have to ensure license compliance in their products that often build on top of existing projects. The REUSE project, led by the Free Software Foundation Europe (FSFE), helps all of these parties.

          REUSE aims to have all copyright and licensing information stored as close to the source files as possible. This is achieved by directly adding this information to the file in a standardised and machine-readable form. If a file does not support that, a .license file or central DEP-5 configuration file can be used instead. This way, developers can be assured that re-users will not oversee copyright holders and their intended license.

      • Programming/Development

        • Technical vision for Qt 6

          7 years ago, Qt 5 was released. Since then, a lot of things have changed in the world around us, and it is now time to define a vision for a new major version. This blog post captures the most important points that can and should define Qt 6.

          Qt 6 will be a continuation of what we have been doing in the Qt 5 series and should as such not be disruptive to our users. But a new major version will give us a higher degree of freedom to implement new features, functionality and better support the requirements of today and tomorrow than we currently can within the Qt 5 series. As described in more detail below, Qt 6 will aim for a large degree of compatibility with the Qt 5 series. We are also still working on new versions of Qt 5, and we’re aiming to bring some of the features that will define Qt 6 in a slightly reduced form to Qt 5.14 and Qt 5.15 LTS. With the feature freeze of Qt 5.14, more R&D focus will shift towards Qt 6, and we’re aiming to have Qt 6.0 ready for a first release by the end of 2020. Before we dive into all the things that will be new, let’s also remember some of the core values of Qt for our users, to define the things we don’t want to change.

        • Lars Knoll Shares His Technical Vision For The Qt 6 Tool-Kit

          Longtime KDE/Qt developer Lars Knoll (and current CTO of The Qt Company) has shared his technical vision for the upcoming Qt 6 tool-kit.

          Qt 6 development will begin heating up more with the initial Qt 6.0 release expected out by the end of 2020. During some summer holidays, Lars Knoll spent some time thinking about his technical vision for how he would like Qt6 to shape-up in relation to Qt5.

        • Documenting Proper Git Usage

          Jonathan Corbet wrote a document for inclusion in the kernel tree, describing best practices for merging and rebasing git-based kernel repositories. As he put it, it represented workflows that were actually in current use, and it was a living document that hopefully would be added to and corrected over time.

          The inspiration for the document came from noticing how frequently Linus Torvalds was unhappy with how other people—typically subsystem maintainers—handled their git trees.

          It's interesting to note that before Linus wrote the git tool, branching and merging was virtually unheard of in the Open Source world. In CVS, it was a nightmare horror of leechcraft and broken magic. Other tools were not much better. One of the primary motivations behind git—aside from blazing speed—was, in fact, to make branching and merging trivial operations—and so they have become.

          One of the offshoots of branching and merging, Jonathan wrote, was rebasing—altering the patch history of a local repository. The benefits of rebasing are fantastic. They can make a repository history cleaner and clearer, which in turn can make it easier to track down the patches that introduced a given bug. So rebasing has a direct value to the development process.

        • Experts Attempt to Explain DevOps--and Almost Succeed

          Luckily, I'm in a position to know some pretty doggone smart people who work in DevOps in one way or another. So I reached out to them with a simple challenge:

          "Explain to me what DevOps means. Bonus points for not using any buzz words."

          What followed were wonderful conversations with four "DevOps experts" during the course of several weeks. To make it all easier to follow for everyone, I've taken the key bits of those conversations and edited them together into one semi-real, semi-fictional chat with a singular DevOps expert that is a combination of all four of them.

        • Why fear of failure is a silent DevOps virus
        • Understanding Python's asyncio

          Earlier this year, I attended PyCon, the international Python conference. One topic, presented at numerous talks and discussed informally in the hallway, was the state of threading in Python—which is, in a nutshell, neither ideal nor as terrible as some critics would argue.

          A related topic that came up repeatedly was that of "asyncio", a relatively new approach to concurrency in Python. Not only were there formal presentations and informal discussions about asyncio, but a number of people also asked me about courses on the subject.

          I must admit, I was a bit surprised by all the interest. After all, asyncio isn't a new addition to Python; it's been around for a few years. And, it doesn't solve all of the problems associated with threads. Plus, it can be confusing for many people to get started with it.

        • This Week in Rust 298
        • Building C++ modules, take N+1

          Modules were voted in C++20 some time ago. They are meant to be a replacement for #include statements to increase build speeds and to also isolate translation units so, for example, macros defined in one file do not affect the contents of another file. There are three major different compilers and each of them has their own prototype implementation available (GCC documentation, Clang documentation, VS documentation).

          As you would expect, all of these implementations are wildly different and, in the grand C++ tradition, byzantinely complicated. None of them also have a really good solution to the biggest problem of C++ modules, namely that of dependency tracking. A slightly simplified but mostly accurate description of the problem goes like this:

  • Leftovers

    • Nobel laureate Toni Morrison dead at 88

      Few authors rose in such rapid, spectacular style. She was nearly 40 when her first novel, "The Bluest Eye," was published. By her early 60s, after just six novels, she had become the first black woman to receive the Nobel literature prize, praised in 1993 by the Swedish academy for her "visionary force" and for her delving into "language itself, a language she wants to liberate" from categories of black and white. In 2019. She was featured in an acclaimed documentary, "Toni Morrison: The Pieces I Am."

    • Breaking Things Takes Time

      The Georgia Association of Broadcasters notes that another Emergency Alert System test will be taking place on August 7th. Another communications law-related site notes that the test will be unique. Unlike prior tests this will be restricted to radio and television broadcasters and will be confined to testing the ability to pass the message down the chain from the Primary Entry Point stations. The closest entry point stations to me would be AM broadcast band stations WTAM and KDKA.

      Now, we need to remember that Ashtabula County is served by six separate radio stations that have no main studio locally and are otherwise completely satellite fed. Another five radio stations are "voice-tracked" where there is a studio but content is either satellite-fed or produced under automation that is prepared quite a bit in advance. Another two stations are about half voice-tracked and half satellite-fed.

      In short, if something goes wrong with the test at any of those stations on Wednesday the likelihood of local staff being there to respond to the situation is minimal to none.

      Now, I ended up writing on Monday about funding needs in SeekingSupport but was somewhat vague as to what is going on. In part that's been due to the complexity of the problem at hand. I haven't been satisfied with any of the preliminary solutions I've come up with. At this point I should lay out what I have.

    • Health/Nutrition

      • Risk of being killed by police use of force in the United States by age, race–ethnicity, and sex

        The average lifetime odds of being killed by police are about 1 in 2,000 for men and about 1 in 33,000 for women. Risk peaks between the ages of 20 y and 35 y for all groups. For young men of color, police use of force is among the leading causes of death.

      • Police Use of Fatal Force Identified as a Leading Cause of Death in Young Men

        Police violence is a leading cause of death of young men in the United States with black men 2.5 times more likely to be killed by law enforcement over their lifetime than white men, according to a Rutgers study.

      • Fatal Use of Force by Police a Leading Cause of Death for Young Men

        But Edwards and others in the study also caution relying on anecdotal evidence like news reports and called for a more data-based approach to track the issue of police violence and its relation to race.

        “What we lack in this country are the solid estimates of police related deaths because there is no official database where this information is stored,” Edwards said.

        The Rutgers study used data compiled by the National Vital Statistic System’s mortality files along with Fatal Encounters, a journalist-run database that uses local news reports and public records to create a database.

    • Security (Confidentiality/Integrity/Availability)

      • Better Encrypted Group Chat

        End-to-end encrypted group messaging is also a hard problem to solve. Existing solutions such as Signal, WhatsApp, and iMessage have inherent problems with scaling, which I’ll discuss in detail, that make it infeasible to conduct group chats of more than a few hundred people. The Message Layer Security (MLS) protocol aims to make end-to-end encrypted group chat more efficient while still providing security guarantees like forward secrecy and post-compromise security.

      • KDE has an unpatched security issue that's been made public [Ed: As KDE clarified, do not run malicious things from malicious sources. This is always common sense; same with Macros.

        However, that might not be good enough. Going by what else Penner also said on Twitter, it's not just .desktop or .directory files as any unknown filetype can be detected by KDE as an application/desktop mimetype making it a lot worse than originally thought. As long as a file contains "[Desktop Entry]" at the top, it seems KDE will have a go at parsing it.

        On top of that, the KDE team were not made aware of the issue before this was all made public. So if you're running KDE, time to be super careful until a patch is out. Hopefully all distributions shipping KDE will be keeping a close eye on this for when a patch is available.

      • Top 20 Best Cybersecurity Courses That You Can Sign Up Now

        Cybersecurity or information security (IT) refers to the practice or process of ensuring the integrity of different networks. In a broad sense, this concept is all about protecting our data, apps, networks or devices from cyber-attacks or unauthorized access. The necessity of securing our networks is increasing day by day. Few people have that master skill to secure the networks. As the increasing demand for cybersecurity specialists, we believe that one of the cybersecurity courses below will enhance your skill.

      • Security updates for Wednesday

        Security updates have been issued by Fedora (hostapd), openSUSE (aubio and spamassassin), Oracle (kernel), Red Hat (augeas, kernel-rt, libssh2, perl, procps-ng, redis:5, and systemd), SUSE (bzip2, evince, kernel, linux-azure, nodejs4, nodejs8, osc, python, python-Twisted, and python3), and Ubuntu (BWA and Mercurial).

      • evil wifi 4 qualcomm – QualPwn – Exploiting Qualcomm Snapdragon via WLAN Wifi and Modem Over The Air

        Researchers discovered the QualPwn vulnerabilities in February and March this year and responsibly reported them to Qualcomm, who then released patches in June and notified OEMs, including Google and Samsung.

        Google just yesterday released security patches for these vulnerabilities as part of its Android Security Bulletin for August 2019. So, you are advised to download the security patches as soon as they are available

        Since Android phones are infamously slow to get patch updates, researchers have decided not to disclose complete technical details or any PoC exploit for these vulnerabilities anytime soon, giving end-users enough time to receive updates from their device manufacturers.

      • KDE4/5 Zero-Day Vulnerability Alert! [Ed: Many steps are needed here (in order to cause actual harm) and also purusing rogue files from untrusted sources. Linux-hostile sites promoted this nonsense, overhyping it.]

        An unpatched zero-day vulnerability exists in KDE 4 & 5 that could allow attackers to execute code simply by tricking a user into downloading an archive, extracting it, and then opening the folder.

      • What we Can Learn from the Recent VLC Security Vulnerability Fiasco: A Conversation with VideoLAN President Jean-Baptiste Kempf

        About a week ago, the LinuxSecurity staff started tracking a security issue related to VLC, the popular open source media player. Security vulnerabilities are a regular part of the software development lifecycle. These vulnerabilities are identified, then a solution is created and distributed to its users. In this case, it wasn’t completely clear whether that’s what happened, though. We decided to find out.

        On July 23rd, CERT-Bund published a security advisory for the popular open-source VLC media player for a vulnerability that had been fixed for the past 16 months. In the advisory, CERT-Bund warned that VLC media player version 3.0.7.1, the latest build available, contained a critical security vulnerability with a CVSS score of 9.8 out of 10. This warning indicated that the security flaw did not require privilege escalation to exploit.

        It is now evident that many aspects of CERT-Bund’s advisory were incorrect. While a vulnerability did exist, it is in a third party library as opposed to in VLC itself, as security experts incorrectly indicated. It was also fixed over a year ago. The security researcher who reported the vulnerability was using Ubuntu version 18.04, which includes an older, unpatched version of the libebml library. As long as users have VLC 3.0.3 or newer installed, they are protected from the vulnerability. Once the correct information about the security bug was revealed, NIST has downgraded the vulnerability’s rating to a 5.5 (Medium).

    • Defence/Aggression

      • Erdogan threatens to attack Syrian Kurdish militia 'very soon'

        Erdogan has repeatedly warned that the Turkish military is preparing an operation in Syria against the Kurdish YPG militia, which the US has supported as the main fighting force against the Islamic State (IS) group.

      • Tensions Spike as Turkey Threatens Syria Offensive

        A U.S. military delegation is currently in Turkey to meet with Turkish officials, Esper said. The delegation is reportedly part of a last-ditch attempt to head off the offensive.

        As NATO’s southern flank and home to a key launching pad for U.S. operations in the Middle East, Incirlik Air Base in Turkey is a crucial U.S. partner in European security and the fight against extremism. But the alliance has frayed in recent years, especially after Turkey’s failed 2016 military coup, U.S. support for the Syrian Kurds, and Turkey’s increasingly cozy relationship with Russia.

      • Wired’s Gee-Whiz High-Tech Militarism

        A deluge of major Western publications stated last month that the US destroyed an Iranian drone in the Strait of Hormuz between the Persian Gulf and the Gulf of Oman (e.g., New York Times, 7/18/19; NPR, 7/19/19; NBC News, 7/18/19). Citing unproven reports from Donald Trump and the US Department of Defense, the outlets stated that the drone came within 1,000 yards of a US Navy warship, after ignoring “multiple calls to stand down.”

        Iran denied the accusations, providing a time-stamped video meant to demonstrate that the drone remained airborne “before and even after the time Americans claim” (BBC, 7/19/19). The US, meanwhile, provided a dubious series of photos, with no indication of when they were taken or their relationship to each other.

        [...]

        Wired has a history of portraying US military operations as dazzling, do-good technological marvels. Days before championing the Marines’ energy weapon, the outlet published a ringing endorsement of the Air Force’s new rescue helicopter (7/19/19), which doubled as an advertorial for both the Air Force and aircraft manufacturer Lockheed Martin. Not unlike a car commercial, the article detailed the vehicle’s bells and whistles: Twice the fuel capacity! Extra range! New surveillance cameras! Weapon mounts! The idea that some of the countries targeted might seek to develop defenses to these devastating attacks was described as the “challenge” of “rapid evolution of opposition to the American military.”

        A new fighter-jet ejection system garnered equally glowing coverage (8/31/18), promising to make “rocketing out of a B-2 bomber surprisingly safe.” A five-pound Lockheed Martin “hit-to-kill” missile, which Wired (5/5/18) playfully termed a “pocket rocket,” received the same PR sheen for its size. Lockheed (11/28/17) was similarly lavished with praise for supplying the US Army and Air Force with “sci-fi” laser weapons, described as a “toy” that “lets you waltz into enemy territory, do your job while zapping missiles out of the sky, and cruise home.” Noting that that “job” involves dropping high explosives on human beings is left unmentioned, lest all the fun be taken out of it.

    • Transparency/Investigative Reporting

      • Judge Denies Chelsea Manning A Hearing, Insists Hundreds Of Thousands Of Dollars In Fines Are Not Punishment

        A federal judge denied Chelsea Manning’s motion to reconsider fines imposed against her for refusing to testify before the grand jury investigating WikiLeaks. He also undermined due process and refused to hold a hearing.

        “Manning has the ability to comply with the court’s financial sanctions or will have the ability after her release from confinement,” Judge Anthony Trenga ruled. “Therefore, the imposed fines of $500 per day after 30 days and $1,000 per day after 60 days is not so excessive as to relieve her of those sanctions or to constitute punishment rather than a coercive measure.”

        Trenga additionally insisted that he had the authority to confine her and impose fines as well.

        “I am disappointed but not at all surprised. The government and the judge must know by now that this doesn’t change my position one bit,” Manning declared in response to the decision.

        Manning has been in jail for 147 days. She already owes $38,000 in fines, as of August 7, and she could owe up to $441,000—nearly a half million dollars—if the sanctions continue.

        Her legal team said Manning will “remain confined for another year and will face ongoing financial hardship,” unless Judge Trenga or a higher court is convinced that the fines imposed will “never coerce her compliance” and amount to punishment.

    • Environment

      • Chernobyl's 'sarcophagus,' which helped contain the spread of radiation, is being dismantled because it's teetering on collapse

        The Ukrainian company that manages the Chernobyl plant, SSE Chernobyl NPP, said in an online statement that expert evaluations revealed that the sarcophagus had a "very high" probability of collapse. Only gravity has kept the structure tethered to its supporting blocks, the company said.

      • Uber and Lyft finally admit they’re making traffic congestion worse in cities

        The findings show that Uber and Lyft account for just 1-3 percent of VMT in the broader metropolitan areas of each city. But those numbers spike when zooming in on the core county of each city. In San Francisco County, for example, Uber and Lyft make up as much as 13.4 percent of all vehicle miles. In Boston, it’s 8 percent; in Washington, DC, it’s 7.2 percent.

        These figures suggest that Uber and Lyft are hitting some cities harder than previously thought. An independent study commissioned by the San Francisco County Transportation Authority looked at 2017 traffic patterns in the county and concluded that TNCs generated about 6.5 percent of the total VMT on weekdays, and 10 percent on weekends. (TNC, which stands for transportation network company, is an industry term used to describe ride-hailing apps like Uber and Lyft.)

      • Airship’s return can boost hydrogen economy

        The airship could be on the way back. Tomorrow’s fuel could be delivered at all-but zero carbon cost by the ultimate in high-technology supertankers: vast dirigibles, sailing round the world at stratospheric heights on the jet stream.

        Enormous balloons or airships more than two kilometres in length, laden with hydrogen and an additional burden of cargo could, according to new calculations, circumnavigate the northern hemisphere in 16 days. They could, on route, deliver their heavy goods, and at the same time transfer 60% or even 80% of their hydrogen in gas form.

        And then, the holds empty, the same airship could float back home in the same direction on the jet stream with the remaining hydrogen to provide the necessary lift, for another trip.

      • Energy

        • Documents Shine New Light on Koch Brothers’ Early Efforts to Abolish the Department of Energy

          A scheme to abolish the Department of Energy (DOE) helped spur a failed 1980 Libertarian Party presidential bid — and in the process laid the groundwork for Charles and David Koch's powerful network of influence — as documents from a newly published archive show.

          The documents in the new KochDocs.org archive include a relatively little-noticed column penned by fossil fuel industrialist Charles Koch for the Libertarian Review in August 1977, in which Charles, who had served as a member of President Carter’s energy task force in 1976, argued against Carter’s energy policy, writing that the “only ‘certainty’ to be associated with governmental planning is that it will not work, will tend to produce results opposite to those intended, and will doom any substantial private long-range planning in energy development.”

          Within three years, the Energy Department had been established by federal law — and its abolishment had become a central plank of the Libertarian Party’s 1980 presidential campaign, which featured Ed Clark as its presidential candidate and Koch Industries’ David Koch as his running-mate.

        • Announcing DeSmog's Koch Network Database

          The Koch Network Database is a new resource library built by DeSmog to assist journalists, academic researchers, and the public to learn more about the backgrounds of individuals and organizations associated with billionaire fossil fuel industrialists Charles Koch and David Koch's free market approach to a broad spectrum of civic issues.

          The Koch Network Database will chronicle the historical and present deeds and quotes associated with the people and organizations that have helped to advance the Kochs' free market approach to environmental regulations, and the subsequent consequences of such approaches for climate change, public health, and democracy.

      • Wildlife/Nature

        • Earth’s Hottest Month Lights a Fire for Progress

          All the while, the Trump administration has been actively suppressing climate science while pushing scientists and other officials out of their jobs. It also proposed weakening coal-burning power plant emissions rules, relaxed sage-grouse protection in land coveted by energy developers, continued to weaken protections for Bears Ears National Monument, and greenlit a controversial plan to allow drilling in Alaska’s Cook Inlet that could harm beluga whales and other marine mammals.

          The administration also appointed William Perry Pendley, a staunch foe of America’s public lands, as acting head of the Bureau of Land Management, which oversees 250 million acres. The appointment could set the stage for the liquidation of public lands and unfettered fossil-fuel development around the country, further driving greenhouse gas emissions fueling the climate crisis.

          Oh yeah, and Trump’s reelection campaign also started selling plastic straws to “own the libs.”

    • Finance

      • [Old] Half of Americans Are Effectively Poor Now. What The?

        There are days I feel like I read dystopian statistics for a living. And then there are day when the dystopian statistics take even my jaded breath away. Here’s one: 43% of American households can’t afford a budget that includes housing, food, childcare, healthcare, transportation, and a cellphone. Translation: nearly half of Americans can’t afford the basics of life anymore. Does that take your breath away too? It should. And yet it might not come as a surprise. You might know it intimately. The statistics say there’s an even chance you’re…living it. What a grim and bizarre reality. Half of people are effectively poor in the world’s richest country. What the? The folks that did the study above call this new class of people ALICE, for “asset limited, income constrained, employed.” It’s a sharp way to think about American collapse. Let me translate this term, too: the people formerly known as the American middle class. Let’s take each of those terms one by one. “Asset limited” means that these households don’t have the resources — the hard financial assets — to drawn down on anymore. That tallies with other research which says the majority of Americans now have a negative net worth. In short, “asset limited” is a polite way of saying: indebted for life, with no real way of ever not getting out of the trap. It’s a nice way of saying: broke.

      • Once More With Feeling: Nearly All General Interest News Paywalls Will Fail

        Just a few weeks ago we pointed out (for not the first time) that news paywalls for general interest publications did not seem likely to succeed outside of a very small number of exceptions: mainly three giant east coast newspapers which have established themselves as key news sources: the NY Times, the Washington Post and the Wall Street Journal (arguably the last one, with its focus on finance, might not even count as "general interest"). In that last post, we pointed out that even people who liked to pay for news tended to only subscribe to a single news source. That helps create a winner take all proposition where only a very small number (see above) can actually build a sustainable business model through an internet paywall.

        [...]

        That's the wrong approach. Subscription growth would be one way to increase revenue -- but to do that you have to give people a reason to subscribe, and just doing the same things as those other newspapers isn't going to cut it. I'm surprised that the LA Times hasn't, instead, decided to buck the paywall trend and go in the other direction. Why not focus on opening itself up, building up traffic, and providing an alternative to the east coast papers who got all the subscribers by doing strong reporting, and then layering in other, better business models?

    • AstroTurf/Lobbying/Politics

      • Judge Not Impressed With DOJ's Attempt To Claim Presidential Tweets And Orders Don't Mean Anything

        The DOJ wants its secrecy. The President keeps taking it away. Over the past couple of years, FOIA litigants have received unexpected support from President Trump, often in the form of tweets. While the DOJ is arguing nothing the records seekers are seeking should be handed over, Trump is tweeting out demands that everything should be released -- largely due to his unwavering belief that selective transparency will somehow expose a massive Deep State operation against him and his associates.

        The stuff Trump wants exposed relates to FISA court orders and other documents related to investigations of Trump's campaign team and their ties to Russia. Trump is convinced there's nothing there and wants the public to see this for themselves. It's inadvertently commendable, even though there's a strong possibility the documents won't actually prove what Trump thinks they'll prove.

      • Yes, The DNC's Debate Format Sucks, And There's An Easy Fix

        Man, these presidential election years sure seem to last longer than a year, don't they? And, in our hyper-partisan world of never ending political stupidity, it's somewhat comforting that the one thing we can all agree on is that the debate formats recently have basically sucked out loud. The complaints about debate formats started with the 2016 RNC primaries, with its crowded field and strange varsity/JV debate night structure. Fast-forward to 2019 and the DNC's Democratic debates are being pilloried as well. In the latter case, the chief criticism appears to be that there is far too little substance discussed, with moderators for cable and OTA networks instead focusing on getting the candidates to clash in the most easy-to-soundbite fashion.

    • Censorship/Free Speech

      • Twitter says it won't verify new candidates until they win their primaries

        “Verification was meant to authenticate identity & voice but it is interpreted as an endorsement or an indicator of importance,” the platform said at the time.

      • Second Circuit Rules That Section 230 Bars Civil Terrorism Claims Against Facebook

        The U.S. Court of Appeals for the Second Circuit last week became the first federal appellate court to rule that Section 230 bars civil terrorism claims against a social media company. The plaintiffs, who were victims of Hamas terrorist attacks in Israel, argued that Facebook should be liable for hosting content posted by Hamas members, which allegedly inspired the attackers who ultimately harmed the plaintiffs.

        EFF filed an amicus brief in the case, Force v. Facebook, arguing that both Section 230 and the First Amendment prevent lawsuits under the Anti-Terrorism Act that seek to hold online platforms liable for content posted by their users—even if some of those users are pro-terrorism or terrorists themselves. We’ve been concerned that without definitive rulings that these types of cases cannot stand under existing law, they would continue to threaten the availability of open online forums and Internet users’ ability to access information.

        The Second Circuit’s decision is in contrast to that of the Ninth Circuit in Fields v. Twitter and the Sixth Circuit in Crosby v. Twitter, where both courts held only that the plaintiffs in those cases—victims of an ISIS attack in Jordan and the Pulse nightclub shooting in Florida, respectively—could not show a sufficient causal link between the social media companies and the harm suffered by the plaintiffs. Thus, the Ninth and Sixth Circuit rulings are concerning because they tacitly suggest that better pleaded complaints against social media companies for hosting pro-terrorism content might survive judicial scrutiny in the future.

      • NY Times Joins Lots Of Other Media Sites In Totally And Completely Misrepresenting Section 230

        So, about a week ago, the NY Times properly mocked politicians for totally misrepresenting Section 230 of the Communications Decency Act. This week it needs to mock itself. Reporter Daisuke Wakabayashi wrote a piece provocatively titled (at least as it was originally published) Why Hate Speech On The Internet Is A Never Ending-Problem, with a subhead saying: "Because this law shields it." And in case you believed it might be talking about some other law, between the head and the subhead it showed part of the text of Section 230 (technically, it showed Section (c)(1)).

        [...]

        Yeah. So that's kind of a big deal. The original version blamed Section 230 -- a bill currently under attack from both sides of the aisle -- for somehow being the root cause of hate speech online, saying it's what "protected" it. And now the article admits in the fine print that, oh, whoops, actually it's that old 1st Amendment that protects it. Kind of a big difference, and one that completely undermines the entire point and thrust of the original article. That's a pretty massive fuck up

        Of course, it's not entirely clear who is to blame here. Editors, not reporters, tend to write the headlines, so it's very likely that the incorrect headline came from the editorial team at the NY Times, and not Wakabayashi himself. After all, the article itself suggested that he had done some research on the matter, including speaking to Section 230 expert Jeff Kosseff, who spends much of his time these days debunking myths about 230. It also notes the actual history of Section 230, and how it was designed in order to encourage content moderation, not block it. Of course, you would not get that from that original headline, which suggested something very, very different.

    • Privacy/Surveillance

      • AT&T staff took bribes to plant malware on corporate network

        Initially, the conspiracy, led by Pakistan-based Muhammad Fahd and Ghulam Jiwani, used the insiders to submit large numbers of IMEI numbers to unlock the devices that AT&T had supplied to customers as part of a mobile plan.

        From around April 2013, Fahd and Jiwani, according to the indictment, bribed their contacts to install malware on AT&T's corporate network that would enable them to submit IMEI numbers themselves, using the network credentials of AT&T employees.

      • Japan: Piracy Warning Popups Could Violate Privacy

        A report compiled by Japan's Ministry of Internal Affairs and Communications has concluded that presenting Internet users with warnings that they are visiting 'pirate' sites could breach privacy laws. Citizens' traffic can't be monitored without permission so any system would currently need users to opt in, something that would limit the effectiveness of any trial.

      • Facebook is suing 2 developers for allegedly hijacking people's phones to fraudulently click on ads

        In a blog post on Tuesday, Facebook announced that it has filed suit against LionMobi and Jedimobi, app developers based in Hong Kong and Singapore respectively, with claims of "click injection" ad fraud.

        The Silicon Valley tech giant claims the two companies launched malicious apps in the Google Play app store that once installed used users' phones to trick Facebook's advertising system into paying out cash to them by pretending to be "real" people clicking on online advertisements.

      • Yelp is Screwing Over Restaurants By Quietly Replacing Their Phone Numbers

        Yelp has historically functioned like an enhanced Yellow Pages, listing direct phone numbers for restaurants along with photos, information about the space, menus, and user reviews. But Yelp began prompting customers to call Grubhub phone numbers in October 2018 after the two companies announced a “long-term partnership.”

        Restaurant owners may not be aware of the change. Mohammad Zaman, an owner of Afghan Kabab and Grill House in Brooklyn, insisted the phone number that showed up in Yelp was a mistake until a call placed to the number rang at his desk.

      • No Aadhaar? You might not be able to obtain a driving licence in future

        The Motor Vehicles (Amendment) Bill, 2019 has proposed several major changes that could go a long way in improving road safety, bolstering transportation network, providing last mile connectivity and weeding out corruption from the system. However, there is one clause regarding driving licences and it seems rather interesting. The new legislation seeks to make Aadhaar mandatory for getting a driving licence.

      • Tutanota Interviews Tim Verheyden, the Journalist Who Broke the Story on Google Employees Listening to People's Audio Recordings

        Investigative journalist Tim Verheyden, who broke the story on how Google employees listen to people’s audio recordings, explains in an interview how he got hold of the story, why he is now using the encrypted contact form Secure Connect by Tutanota and why the growing number of "ghost workers" in and around Silicon Valley is becoming a big issue in Tech.

      • Microsoft Nabs Russian Hackers Exploiting Flimsy IOT Security [Ed: Microsoft is often the cause of the issues described here]

        Year after year after year, we're connecting millions upon millions of devices to home and business networks with paper-mache grade security. And while there's some fleeting efforts to address the problem (like incorporating flaws into product reviews), it's still not something folks are taking seriously enough. And while such proclamations are often dismissed as hyperbole, it's something folks like Schneier predict isn't likely to change until these vulnerabilities result in some notable human casualties.

      • What all the stuff in email headers means—and how to sniff out spoofing

        I pretty frequently get requests for help from someone who has been impersonated—or whose child has been impersonated—via email. Even when you know how to "view headers" or "view source" in your email client, the spew of diagnostic wharrgarbl can be pretty overwhelming if you don't know what you're looking at. Today, we're going to step through a real-world set of (anonymized) email headers and describe the process of figuring out what's what.

        Before we get started with the actual headers, though, we're going to take a quick detour through an overview of what the overall path of an email message looks like in the first place. (More experienced sysadmin types who already know what stuff like "MTA" and "SPF" stand for can skip a bit ahead to the fun part!)

      • Don’t let the crooks ‘borrow’ your home router as a hacking server [Ed: Sophos is badmouthing GNU/Linux and SSH right now. Why? Check what proprietary software this firm is selling. Machines with open SSH ports and generic passwords don't mean SSH or Linux are at fault. Companies that make machines with passwordless (or weak/unchanged password) remote access basically use GNU/Linux to construct honeypots. The outcome is, as expected, bad for security. Not the fault of GNU/Linux.]

        SSH, short for Secure Shell, is the probably the most common toolkit for remotely managing computers.

        Windows users may be more familiar with RDP, or Remote Desktop Protocol, which gives you full graphical remote control of a Windows computer, with access to the regular Windows desktop via mouse and keyboard.

        But almost every Linux or Unix sysadmin out there, plus many Windows sysadmins, use SSH as well as or instead of RDP, because of its raw power.

    • Civil Rights/Policing

      • A DNA test connected two distant cousins — and filled out a family history that slavery erased

        Lakes, who is a graduate student at Fisher College in Boston, wanted to explore her ancestry and also did a DNA test to find out where she was from. She also chose to be notified whenever someone’s DNA matched hers. This is how Kapenda was able to reach Lakes and begin building a relationship.

      • ISIS Is Using Internet Propaganda to Maintain a 'Virtual Caliphate,' UN Report Says

        According to the report, ISIS has recently focused on improving the technical skills of potential attackers abroad by disseminating “online tutorials on building home-made chemical and biological weapons." At the same time, the group is continually encouraging the kinds of “low-tech” attacks—among them stabbings and car attacks against civilian populations—seen across Europe and elsewhere in recent years.

      • Rwandan Women Want to Move the Country Past Its Association With the 1994 Genocide

        That was only the beginning. Over the next three months, Honorine and thousands of other ethnic Tutsis endured a reign of horror. It would be called “the Genocide,” and by the time it ended in July, between 500,000 and 1 million people would be dead.

        This year marked the 25th anniversary of the Rwandan genocide, and as it has nearly every year since the initial events, the international community descended upon the country to recognize the devastating human loss — and its own collective shame for failing to stop it.

    • Internet Policy/Net Neutrality

      • 8chan owner called to testify before U.S. Congress

        Online message board 8chan's fortunes worsened Tuesday, as the site was once again made homeless by a technical services provider and its owner was called to testify before the U.S. Congress.

      • The owner of 8chan is being summoned to testify before Congress over its link to mass shootings, but no one seems to have his mailing address

        Watkins, a US Army veteran, is said to have relocated his family in 2004 to the Philippines, where he reportedly lives today — raising pigs and running various websites, including an audiobook company and, 8chan.

      • The Weird, Dark History of 8chan

        He goes on to complain that 8chan is being treated unfairly. “It is actually sinister behavior,” Watkins says of being kicked offline, a decision he attributes to Cloudfare’s upcoming IPO. “Ours is one of the last independent companies that offer a place you may write down your thoughts free from having to worry about whether they are offensive to one group or the other.” He ends by calling Cloudflare’s actions “cowardly” and “not thought out.” (After some preliminary emails, Watkins declined to be interviewed by WIRED.)

        Also on Tuesday the House Homeland Security Committee sent a letter to Jim Watkins demanding that he appear to answer questions about 8chan's extremist content.

      • AT&T Hopes A Confusing Rebranding Will Help Its Muddled Video Plans Make Sense

        Despite spending more than $150 billion on mergers intended to help it dominate the video space, AT&T's video ambitions are falling flat. The company just posted a loss of more than 778,000 "traditional" video subscribers last quarter (satellite TV, IPTV), but also lost another 168,000 subscribers at its DirecTV Now streaming service. The reason? The company's acquisitions of DirecTV ($67 billion) and Time Warner ($86 billion) saddled it with so much debt, the company was forced to raise rates. This, in turn, helped drive AT&T's customers to the exits.

        Despite its voracious appetite for M&A, it's not entirely clear the company knows what to do from here. The same week it announced record subscriber losses, AT&T proclaimed it would be engaged in a rebranding that will kill off the DirecTV brand. AT&T's DirecTV Now streaming video service will now be, quite creatively, named just AT&T TV Now...

      • After Missing Cord Cutting Trend, Nielsen Falls Apart

        For years, we've noted how popular TV ratings firm Nielsen has turned a bit of a blind eye to cord cutting and the Internet video revolution, on one hand declaring that the idea of cord cutting was "pure fiction," while on the other hand admitting it wasn't actually bothering to track TV viewing on mobile devices. It's not surprising; Nielsen's bread and butter is paid for by traditional cable executives, and really, who wants to take the time to pull all those collective heads of out of the sand to inform them that their precious pay TV cash cow is dying?

        Eventually, the cord cutting trend became too big to ignore, forcing Nielsen to change its tune and start acknowledging the very real trend (though they called it "zero TV households" instead of cordcutters). Broadcasters (especially those hardest hit by cord cutting) didn't much like that, and began bullying the stat firm when it showed data that didn't jive with the view a foot below ground. While Nielsen slowly improved its methodologies, it would occasionally back off on certain data collection and reporting changes if the cable and broadcast industry complained loudly enough.



Recent Techrights' Posts

Microsoft Openwashing Stunts Initiative (OSI) is A Vulture in "Open" Clothing
it's quite telling that the OSI isn't protecting the Open Source Definition
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
2025 Will be Fought and Fraught With LLM Slop or Fake 'Articles' (Former Media/News Sites Turning to Marketing Spam)
The elephant in the room?
 
Links 27/12/2024: Perfect Desk, Banning Cellphones, Many Cables Cut Near Finland
Links for the day
Gemini Links 27/12/2024: Slop and Self-hosting
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 26, 2024
IRC logs for Thursday, December 26, 2024
Links 26/12/2024: Japan-China Mitigations and Mozambique Prison Escape (1,500 Prisoners)
Links for the day
Links 26/12/2024: Ukraine's Energy Supplies Bombed on Christmas Day, Energy Lines Cut/Disrupted in the Baltic Sea Again
Links for the day
Gemini Links 26/12/2024: Rot Economy, Self-hosted Tinylogs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 25, 2024
IRC logs for Wednesday, December 25, 2024
[Meme] Time to Also Investigate Bill Gaetz
Investigation overdue
IBM Has Almost Obliterated or Killed the Entire Fedora Community (Not IBM Staff)
Remaining Fedora insiders are well aware of this, but bringing this up (an "accusation" against IBM) might be a CoC violation
Links 25/12/2024: Fentanylware (TikTok) Scams and "Zelle Scams Lead to $870M Loss"
Links for the day
Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day