08.08.19
Posted in Deception, Patents at 11:26 pm by Dr. Roy Schestowitz
Honesty is paramount. All that these publishers want is money.
Summary: The so-called ‘publishers’ or ‘media’ covering patent matters can’t really be journalism but marketing (e.g. attorney moves and promotions), spin (lobbying and megaphone for law firms, loudspeakers for patent trolls) and even worse things such as bullying of judges
SHORTLY after yesterday's rant we saw a great example of what had happened to the media. IPPro Magazine insists on still posting European Patent Office (EPO) puff pieces like this new one with minimal (or no/none) fact-checking. It’s just parroting executives. Media is a joke if all it can do is write paragraphs like these:
Gaetan Desclée, managing director at Serco Europe, commented: “We are delighted to have signed this framework agreement and look forward to supporting the EPO.”
Zero content, zero facts. Just corporate nodding.
“IPPro Magazine is the go-to industry publication for free news, views and opinion on intellectual property news,” it says (site outline). In the above article it’s just an EPO megaphone, but to its credit it does occasionally give room/space for the views of SUEPO and affiliates. Nevertheless, the site still treats itself as covering a religion, afraid to “offend” members of the religion (the “IP” religion) with “uncomfortable” views or dissent. This is a problem.
Where’s the condemnation of software patents? Where are articles from actual programmers as opposed to lawyers/attorneys?
“So their ‘business model’ — for lack of a better term — is business propaganda, corporate spin, deception and so on. IAM still eagerly whitens the reputation of patent trolls.”Ignoring the law and the global trends (EPC/35 U.S.C. § 101), Campinos/Battistelli push for software patents in Europe, under the guise of “4IR”, “blockchains” and so on…
Why does the media not condemn this? Nobody! It’s like the problem does not exist to them.
Hours ago IP Kat said that the founder of Spicy IP (which we cited many times in the past) had died. In his early forties. Many sites that cover patent issues are dying, including bad ones like IAM and Watchtroll (it only gets attention when it attacks PTAB, as it has just done again in yesterday’s latest rant). IP Kat itself is now run by litigation firms and Big Pharma lawyers, not scholars (many of whom left the blog; another one left about a week ago). So their ‘business model’ — for lack of a better term — is business propaganda, corporate spin, deception and so on. IAM still eagerly whitens the reputation of patent trolls. This makes “business sense” because patent trolls are among sponsors of the site and its events. █
Permalink
Send this to a friend
Posted in News Roundup at 9:38 pm by Dr. Roy Schestowitz
Contents
-
-
Desktop
-
Unveiled last week, the Linux-powered Adder WS laptop is System76′s very first computer to feature a beautiful and vibrant 4K OLED glossy display with true-to-life blacks. The 15.6-inch 4K OLED display is capable of 3840×2160 resolutions and it’s perfect for the latest games and 3D apps.
“Discover a world of prismatic color. With the finest pixels imaginable, the Adder WS’ 4K OLED display features nebulaic hues and blacks deep as the void to bring the universe home,” said System76. “And on the Adder WS’ OLED display, Pop!_OS and its Dark Mode aesthetic reach the pinnacle of visual appeal.”
-
Server
-
PCI policy pays a lot of attention to systems that manage sensitive cardholder data. These systems are labeled as “in scope”, which means they must comply with PCI-DSS standards. This scope extends to systems that interact with these sensitive systems, and there is a strong emphasis on compartmentation—separating and isolating the systems that are in scope from the rest of the systems, so you can put tight controls on their network access, including which administrators can access them and how.
Our architecture started with a strict separation between development and production environments. In a traditional data center, you might accomplish this by using separate physical network and server equipment (or using abstractions to virtualize the separation). In the case of cloud providers, one of the easiest, safest and most portable ways to do it is by using completely separate accounts for each environment. In this way, there’s no risk that a misconfiguration would expose production to development, and it has a side benefit of making it easy to calculate how much each environment is costing you per month.
When it came to the actual server architecture, we divided servers into individual roles and gave them generic role-based names. We then took advantage of the Virtual Private Cloud feature in Amazon Web Services to isolate each of these roles into its own subnet, so we could isolate each type of server from others and tightly control access between them.
By default, Virtual Private Cloud servers are either in the DMZ and have public IP addresses, or they have only internal addresses. We opted to put as few servers as possible in the DMZ, so most servers in the environment only had a private IP address. We intentionally did not set up a gateway server that routed all of these servers’ traffic to the internet—their isolation from the internet was a feature!
Of course, some internal servers did need some internet access. For those servers, it was only to talk to a small number of external web services. We set up a series of HTTP proxies in the DMZ that handled different use cases and had strict whitelists in place. That way we could restrict internet access from outside the host itself to just the sites it needed, while also not having to worry about collecting lists of IP blocks for a particular service (particularly challenging these days since everyone uses cloud servers).
[...]
Although I covered a lot of ground in this infrastructure write-up, I still covered only a lot of the higher-level details. For instance, deploying a fault-tolerant, scalable Postgres database could be an article all by itself. I also didn’t talk much about the extensive documentation I wrote that, much like my articles in Linux Journal, walks the reader through how to use all of these tools we built.
As I mentioned at the beginning of this article, this is only an example of an infrastructure design that I found worked well for me with my constraints. Your constraints might be different and might lead to a different design. The goal here is to provide you with one successful approach, so you might be inspired to adapt it to your own needs.
-
IBM
-
Red Hat has joined the RISC-V Foundation to help foster this open-source processor ISA.
While we’re still likely years away from seeing any serious RISC-V powered servers at least that can deliver meaningful performance, Red Hat has been active in promoting RISC-V as an open-source processor instruction set architecture and one of the most promising libre architectures we have seen over the years. Red Hat developers have already helped in working on Fedora’s RISC-V support and now the IBM-owned company is helping out more and showing their commitment by joining the RISC-V Foundation.
-
Red Hat, Inc has announced the general availability of Red Hat Enterprise Linux 7.7, the final Full Support Phase release of the Red Hat Enterprise Linux 7.x series.
RHEL minor releases are supported for two years so, Red Hat 7.7 will be supported until August 30th, 2021.
Red Hat Enterprise Linux 7.7 adds enhanced features for hybrid cloud deployments and containerized application development while retaining a focus on production stability.
RHEL 7.7 now included container toolkit such as buildah, podman and skopeo, which enable developer teams to build, run and manage containerized applications across the hybrid cloud.
-
-
-
-
Audiocasts/Shows
-
This week we’ve been running Steam in the cloud via an NVIDIA SHIELD TV. We discuss if we even need new distros and whether its more Linux apps we need. Plus we bring you some GUI love and go over all your feedback.
It’s Season 12 Episode 18 of the Ubuntu Podcast! Mark Johnson, Martin Wimpress and Mattias Wernér are connected and speaking to your brain.
-
-
Stuart Langridge, Jono Bacon, and Jeremy Garcia present Bad Voltage, in which we h4XX0r the Dark Web to pwn your s3ns3s, other people are inexplicably less annoyed about this than Stuart is…
-
Distrohoppers delivers a distro that divides us, and we check out the video streaming and recording software OBS Studio.
Plus a handy audio recorder that’s as simple as it gets.
-
OPNsense 19.7.1 is out, ZFS on Linux still has annoying issues with ARC size, Hammer2 is now default, NetBSD audio – an application perspective, new FreeNAS Mini, and more.
-
Kernel Space
-
BPF programs have gained significantly in capabilities over the last few years and can now perform many useful operations. That said, BPF developers have had to work around an annoying limitation until recently: they could not use loops. This restriction was recently lifted by a patch set from Alexei Starovoitov that was merged for Linux 5.3. In addition to adding support for loops, it also greatly decreases the load time of most BPF programs.
-
It has been the better part of a decade since the last KernelShark article appeared here; in the interim, the kernel-tracing visualization tool has undergone some major changes. While the high-level appearance is largely similar, the underlying code has switched from GTK+ 2.0 to Qt 5. On July 26, maintainer Steven Rostedt announced the release of KernelShark version 1.0, which makes it a good time to take another peek.
KernelShark is a graphical interface to help track down information in the voluminous kernel traces that trace-cmd can produce. trace-cmd is a front end for the ftrace kernel tracer. Rostedt wrote about trace-cmd and ftrace (part 1 and part 2) for LWN nearly a decade ago as well. Ftrace can collect an enormous amount of information from within a running kernel; trace-cmd simply makes it much easier for users to configure and manage those traces. KernelShark adds yet another level of capabilities.
-
David Howells put in quite a bit of work on a script, ./scripts/syscall-manage.pl, to simplify the entire process of changing the system call tables. With this script, it was a simple matter to add, remove, rename or renumber any system call you liked. The script also would resolve git conflicts, in the event that two repositories renumbered the system calls in conflicting ways.
Why did David need to write this patch? Why weren’t system calls already fairly easy to manage? When you make a system call, you add it to a master list, and then you add it to the system call “tables”, which is where the running kernel looks up which kernel function corresponds to which system call number. Kernel developers need to make sure system calls are represented in all relevant spots in the source tree. Renaming, renumbering and making other changes to system calls involves a lot of fiddly little details. David’s script simply would do everything right—end of story no problemo hasta la vista.
Arnd Bergmann remarked, “Ah, fun. You had already threatened to add that script in the past. The implementation of course looks fine, I was just hoping we could instead eliminate the need for it first.” But, bowing to necessity, Arnd offered some technical suggestions for improvements to the patch.
-
Unix-like systems traditionally represent many objects as files, but processes have always been an exception. They are, instead, represented by process IDs (PIDs), which are small integers — limited to 32767 by default, though that limit can be raised on Linux systems. There are a few problems with this representation, but the biggest one is arguably that PIDs are reused; when a process exits, its PID can be assigned to a new, unrelated process, and this can happen quickly. That creates a race condition where code that operates on a process, most often by sending it a signal, might end up performing an action on the wrong process.
A pidfd is, instead, a file descriptor that refers to an existing process. Once the pidfd exists, it will only refer to that one process, so it can be used to send signals without worry that the wrong process might end up being the recipient. This feature is valuable enough that some process-management systems, most notably the one used by Android, are being rewritten to take advantage of it.
There are two ways to create a pidfd. The preferred method in most cases will be to supply the CLONE_F_PIDFD flag to the clone() system call (or perhaps clone3() in the future); upon successful process creation, a pidfd representing the child will be returned to the parent. It is also possible to create a pidfd for an existing process with pidfd_open(), which was merged for the 5.3 kernel.
-
Graphics Stack
-
libinput 1.14.0 is now available.
A flurry of patches over the last RC but most of these were CI related. Two
new significant bugfixes: the calibration matrix is now returned correctly
even when it is the identity matrix. And the tablet pressure range is scaled
correctly into the available physical range. Previously, the bottom 5% where
effectively missing and pressure offset on worn-out pens handling took some
of the scale away from the top.
Below is the text from the 1.14.rc1 announcement which lists the other big
features added since the 1.13 release.
We have new and improved thumb detection for touchpads, thanks to Matt
Mayfield. On Clickpad devices this should make interactions where a thumb is
resting on the touchpad or dropped during an interaction more reliable. A
summary of the changes can be found here:
https://who-t.blogspot.com/2019/07/libinputs-new-thumb-detection-code.html
The Dell Canvas Totem is now supported by libinput. It is exposed as a new
tool type through the tablet interface along with two new axes. Note that
this is only low-level support, the actual integration of the totem needs
Wayland protocol changes and significant changes in all applications that
want to make use of it. A summary of the changes can be found here.
https://who-t.blogspot.com/2019/06/libinput-and-dell-canvas-totem.html
Touch-capable tablets now tie both devices together for rotation. If you set
the tablet to left-handed, the touchpad will be rotated along with the
tablet. Note that this does not affect the left-handed-ness of the touchpad,
merely the rotation.
Tablet proximity out handling for tablets that are unreliably sending
proximity out events is now always timeout-based. It is no longer necessary
to add per-device quirks to enable this feature and it is completely
transparent on devices that work correctly anyway. The blog post below has a
summary:
https://who-t.blogspot.com/2019/06/libinput-and-tablet-proximity-handling.html
Tablets that send duplicate tools (BTN_TOOL_PEN and BTN_TOOL_ERASER) now
ignore the latter. This is an intermediate fix only but at least makes those
tablets more usable than they are now. Issue #259 is the tracker for this
particular behaviour if you are affected by it.
The handling of kernel fuzz has been slightly improved. Where our udev rule
fails to reset the fuzz on the kernel device, we disable the hysteresis and
rely on the kernel now to handle it. Previously our hysteresis would take
effect on top of the kernel's, causing nonresponsive behaviour.
Note to distribitors: the python-evdev dependency has been dropped, the
tools that used it are now using python-libevdev instead.
As usual, the git shortlog is below.
Benjamin Tissoires (3):
gitlab-ci: allow to run on unprivileged containers
gitlab-ci: force using docker format for the generated images
tests: increase the timeout for the subprocess to receive the quit signal
Brian Ashworth (1):
evdev: always store user calibration matrix
Peter Hutterer (14):
tools: record: fix segfault on exit
tools: record: fix two memory leaks
meson.build: drop explicit install:true from configure_file
gitlab CI: replace the user:password with a netrc file
gitlab CI: fetch the WAYLAND_WEB_TOKEN from a file
tablet: point the pressure offset log messages to the right URL
tablet: add a comment explaining why we adjust the pressure offset downwards
Add the ck_double_eq_tol() macros to the backwards compat headers
test: fix the pressure offset tests
tablet: make the pressure-offset inclusive of the axis minimum
tablet: reduce the pressure range by the offset
test: don't test at the 100 y range
tablet: scale the available pressure range into the pressure thresholds
libinput 1.14.0
git tag: 1.14.0
-
Version 1.14 of the libinput library for unified input handling on Linux X.Org and Wayland systems is now available.
Libinput 1.14 is notable for introducing support for the Dell Canvas Totem input device as a unique input device and we could be seeing more of these types of devices in the future.
-
The Khronos Group has released the OpenCL 2.2-11 specification to address various issues with the existing OpenCL specification while the next major release as “OpenCL-Next” is likely still a number of months away.
OpenCL 2.2-11 was released overnight with various bug fixes, clarifications, better formatting of the documentation, and integration with the OpenCL reference pages. That updated specification is available from the Khronos.org Registry.
-
Benchmarks
-
If you didn’t have a chance since last night to check out our benchmarks of the AMD EPYC 7742 and EPYC 7502 Linux performance, I certainly encourage you to do so. Even if you aren’t a server enthusiast, it’s incredible to see the engineering achievement of AMD with Zen 2 and how the race is certainly back on in the CPU space. If you are short on time, here’s the quick summary of our initial AMD EPYC 7002 benchmark results.
As all independent reviewers seem to be in consensus, the EPYC 7002 series is a godsend for just about everyone, sans Intel. The EPYC 7002 line-up provides the most competitive option against Intel we’ve seen in the server space in many years if not ever, customers have these lower-cost CPUs that actually perform better and more power efficient in a majority of real-world workloads, and Rome further benefits consumers by reigniting Intel’s engine and they will certainly need to respond in some manner by either (much) better pricing or some card up their sleeves.
-
Applications
-
Vector graphics software paves the way of editing, manipulating, drawing and modifying images, diagram and figure seamlessly with sophistication and perfectness. There are far-ranges of vector graphics editors that are commonly used on the Linux platform. These vector graphics tools smooth the way of creating digital objects for the designers, and the objects can be scaled indefinitely without losing quality. Graphics applications are frequently used to generate high regulations illustration to use in web, multimedia, and games.
-
Markdown is a widely adopted plain-text formatting syntax used to specify HTML rendering. It is also an essential skill to learn if you want to contribute to open source software.
Like many concepts in open source communities, there are multiple, domain-specific distributions of Markdown. CommonMark provides an unambiguous rendering specification for defined Markdown incantations while many communities offer extensions to the official specification.
This cheat sheet provides you with a reliable baseline for writing and reading Markdown using the CommonMark specification. It also includes syntax for the two most popular Git repository services, GitHub and GitLab. Each service extends CommonMark to give users helpful shortcuts to common, or just plain fun, markup.
-
A new version of Mark Text, a popular Markdown editor, is out. Mark Text 0.15.0 includes a new find in files backend, new GUI settings, and a rewritten image component.
Mark Text is a free and open source Electron Markdown editor for Windows, Mac and Linux. It features support for CommonMark and GitHub Flavored Markdown, seamless live preview, multiple edit modes, and support for code fence for all popular languages.
In the latest 0.15 release, Mark Text has received a new preferences window (File > Preferences). In earlier versions, the application preferences could only be chanced by editing a configuration file (preference.md), which opened in Mark Text. This is now deprecated in favor of the new Preferences window.
-
Cockpit is the modern Linux admin interface. We release regularly. This is version Two Hundred, prepared for you live and in person from the Cockpit team sprint in Berlin!
-
GTK-VNC 1.0 switched from Autotools to Meson as its build system but more notably it finally gutted its GTK2 support and now mandates the GTK3 tool-kit. GTK-VNC 1.0 also has improved demos for showing off this VNC viewing widget, fixes a variety of authentication issues, and has a number of other fixes throughout.
-
There is an increasingly active development effort, known as Darling, that is aiming to provide a translation layer for macOS software on Linux; it is inspired in part by Wine. While Darling isn’t nearly as mature as Wine, contributors are continuing to build out capabilities that could make the project more useful to a wider group of users in the future.
[...]
Darling is licensed under GPLv3 and, according to the project home page, it does not violate Apple’s End User License Agreement (EULA) since it only uses the parts of Darwin that have been released as free software. Darwin, however, is licensed under the Apple Public Source License (APSL), which is a free-software license, but is not compatible with the GPL according to the FSF.
-
Instructionals/Technical
-
Games
-
Eagle Island, the gorgeous pixel-art rogue-lite platformers from Pixelnicks just had a major update. Solving some issues players were having, along with some new options to tweak how you play.
The developer said one of their major aims with Eagle Island was to make rogue-lites more accessible. They mostly succeeded on that too but this update aims to enable even more players to enjoy what it has to offer.
-
Interrogation seems like it could be good, a noire detective game where you will take down a mysterious terrorist organization named The Liberation Front.
-
Now this is exciting, as a huge fan of creature collecting and battling games, I’ve been closely following Monster Sanctuary since the original Kickstarter.
-
Valve along with CodeWeavers today issued a small and focused update to Proton, the software behind Steam Play.
-
Following the big Proton 4.11 update for Valve’s Steam Play that just arrived over one week ago, a second update to this Wine-derived software is now available for enhancing the Windows games on Linux experience.
Proton 4.11-2 updates now against the new and improved DXVK 1.3.2. Just pulling in new DXVK updates tend to be worthwhile but this 4.11-2 release also upgrades to FAudio 19.08 and Wine-Mono 4.9.2.
-
I’m very much used to seeing roguelikes with ASCII art, but an RPG? That’s quite different! After around five years in development, Stone Story RPG enters Early Access. Note: Key provided by the developer.
A very strange experience this, with no direct control of your character it initially feels a bit like a clicker. You pick a location and watch as your ASCII character travels across the screen gathering resources, fighting and more. However, the game gradually expands and opens up, turning it into a very unique adventure. It’s also very weirdly relaxing.
-
Lab Zero Games (Skullgirls) and 505 Games have announced that the action RPG platformer Indivisible finally has a release date.
Blending together the side-scrolling exploration from a platformer, with beautifully hand-painted background art and fast-paced real-time battles it’s been high up on my “wanted” list for some time. After getting funded on IndieGoGo way back in 2015, they managed to pull in quite a lot of support with over thirty thousand backers and around two million dollars raised. It’s been a long wait but it’s finally about to end, as today they’ve revealed the launch date to be October 8th.
-
Yesterday, OXXO from game developer Hamster On Coke Games was released as their latest sweet puzzle game. I’ve been playing it through and it’s wonderful. Note: Copy provided by the developer to our Steam Curator.
Much like some of their previous games including Scalak, PUSH and Art Of Gravity it has a very simple and inviting style to it. Starting off extremely easy so you learn the controls and the idea, it quickly starts getting a little complicated.
-
Making it into this update is a New Game Plus mode, unlocked by completing the story. It allows you to play again, while keeping most non-story progress gained from your previous playthrough. Additionally, there’s a new higher difficulty setting “Legend Remix”, it’s not just more challenging but also contains some “gameplay twists of its own” although it’s only available for New Game Plus. They also added a sweet art gallery, containing a bunch of unseen concept art, illustrations and a jukebox.
-
Gibbous – A Cthulhu Adventure, a comedy cosmic horror adventure from Transylvanian developer Stuck In Attic has released with same-day Linux support and it’s a wild ride.
-
-
Desktop Environments/WMs
-
The latest release of Catfish improves integration with OpenBSD, Wayland, Xfce, and numerous other desktop configurations. It also features a wealth of translation updates to improve Catfish’s international support.
-
K Desktop Environment/KDE SC/Qt
-
I called this wallpaper Mountain, because … well, there are mountains with a sun made with the KDE Neon logo.
-
In June, I had the opportunity to be the mentor representing KDE in the Google Code-in (GCi) 2018 trip in San Francisco, California. For those who don’t know what GCi is, it is basically a competition organized by Google for students with ages between 13-17 years old that introduces them into open source contributions with some tasks involving coding, documentation, artwork, etc.
In the end of this program, each participant open source organization selects two winners based on their involvement with the community projects and the number of tasks that they have completed. I have participated in this program as one of the mentors for the KDE community and this previous post explains about how amazing my experience was.
-
GNOME Desktop/GTK
-
OARS (Open Age Ratings Service) defines a scheme to include content rating information in apps’ AppData/AppStream file. GNOME Software and similar tools use this metadata to show age ratings for applications. In Endless OS, we also support restricting which applications a given user can install based on this data – see this page, and the reports it links to, for a bit more information about this feature and its future.
-
After more than a year of work libfprint 1.0 has just been released!
It contains a lot of bug fixes for a number of different drivers, which would make it better for any stable or unstable release of your OS.
There was a small ABI break between versions 0.8.1 and 0.8.2, which means that any dependency (really just fprintd) will need to be recompiled. And it’s good seeing as we also have a new fprintd release which also fixes a number of bugs.
-
-
New Releases
-
There are new live/install iso images of SparkyLinux 2019.08 “Po Tolo” special editions: GameOver, Multimedia & Rescue available to download. Sparky ‘Po Tolo’ follows rolling release model and is based on Debian testing “Bullseye”.
GameOver Edition features a very large number of preinstalled games, useful tools and scripts. It’s targeted to gamers.
Multimedia Edition features a large set of tools for creating and editing graphics, audio, video and HTML pages.
-
You can help Tails by testing the first beta for the upcoming version 4.0!
We are very excited about it and cannot wait to hear your feedback 
-
OSMC’s July update is now here and we continue to improve the OSMC experience for all of our users over the Summer. We have also been working on adding support for 3D Frame Packed (MVC) output for Vero 4K / 4K + and will make test builds available during the week on the forums. We are still preparing Raspberry Pi 4 images and will make these available soon.
-
Arch Family
-
EndeavourOS has a lot of potential. It is an impressive addition to the shortlist of distros that want to make using Arch a more rewarding experience.
For a Linux distro built around one of the more challenging Linux families, EndeavourOS is a stable, solid performer with few, if any, noticeable quirks. That shouts volumes, given the relative youth of the first stable release following beta development.
EndeavourOS is not an easy choice for Linux users with no hands-on experience with the Arch Linux ecosystem. Despite its newness, though, it is a better Arch Linux choice than other Arch variants.
It is a great choice for those willing to roll up their sleeves and learn Arch Linux’s inner workings. Hopefully, EndeavourOS succeeds in making the Arch-based neighborhood a more inviting place for new users and seasoned Arch users as well.
-
Fedora Family
-
Fedora Workstation is all about Gnome and it has been since the beginning, but that doesn’t mean we don’t care about Qt applications, the opposite is true. Many users use Qt applications, even on Gnome, mainly because many KDE/Qt applications don’t have adequate replacement written in Gtk or they are just used to them and don’t really have reason to switch to another one.
For Qt integration, there is some sort of Gnome support in Qt itself, which includes a platform theme reading Gnome configuration, like fonts and icons. This platform theme also provides native file dialogs, but don’t expect native look of Qt applications. There used to be a gtk2 style, which used gtk calls directly to render natively looking Qt widgets, but it was moved from qtbase to qt5-styleplugins, because it cannot be used today in combination with gtk3.
For reasons mentioned above, we have been working on a Qt style to make Qt applications look natively in Gnome. This style is named adwaita-qt and from the name you can guess that it makes Qt applications look like Gtk applications with Adwaita style. Adwaita-qt is actually not a new project, it’s been there for years and it was developed by Martin Bříza. Unfortunately, Martin left Red Hat long time ago and since then a new version of Gnome’s Adwaita was released, completely changing colors and made the Adwaita theme look more modern. Being the one who takes care of these things nowadays, I started slowly updating adwaita-qt to make it look like the current Gnome Adwaita theme and voilà, a new version was released after 3 months of intermittent work.
-
Friday with Infra is a new event done by CPE (Community Platform Engineering) Team, that will help potential contributors to start working on some of the applications we maintain. During this event members of the CPE team will help you to start working on those applications and help you with any issue you may encounter. At the end of this event you should be able to maintain the application by yourself.
-
Canonical/Ubuntu Family
-
Canonical has announced the immediate availability of Ubuntu 18.04.3 LTS as the newest update to this long-term support series.
Ubuntu 18.04.3 LTS incorporates the latest stable bug/security fixes into the release ISOs and also pulls in the “hardware enablement stack” from Ubuntu 19.04. For Ubuntu 18.04.3 desktop users this means having an updated Mesa and other components, most prominently being the switch from Linux 4.18 now to using Linux 5.0.
-
Coming six months after the Ubuntu 18.04.2 LTS release, which shipped with the hardware enablement (HWE) kernel from the not deprecated Ubuntu 18.10 (Cosmic Cuttlefish) operating system, Ubuntu 18.04.3 LTS here as the third point release in the Ubuntu 18.04 LTS (Bionic Beaver) series with up-to-date components.
Ubuntu 18.04.3 LTS includes all the latest software and security fixes that have been published on the official repositories of the Ubuntu 18.04 LTS release since February 14th, 2019, when Ubuntu 18.04.2 LTS hit the streets. It also ships with updated kernel and graphics stacks from Ubuntu 19.04 (Disco Dingo), such as Linux kernel 5.0.
-
Ubuntu 18.04.3 is the third of five point releases planned to accompany the latest Ubuntu long-term support release, and is the second to see release this year.
If you’re sure what the point of a point release is I can explain it to you in one simple word: convenience.
Ubuntu point releases are new .iso install images which contain all of the bug fixes, security patches, performance enhancements, and key app updates released to the OS since the previous install image was produced.
-
Devices/Embedded
-
Typically, we want to communicate with strangers online, so this should be possible by default. But if we are being actively harassed, we can assume that further messages from strangers are unsafe, and switch our account to “safety mode”–rejecting messages, invites and other interactions from strangers. We can rely on our trusted contacts for help and support, including passing on well-wishes from strangers.
At-risk individuals might choose to start their account in safety mode.
Trusted caretakers might maintain lists of bad actors, but trusting a caretaker should require very careful consideration: What is their governance model? What is their appeals process? Do they leak information about list recipients?
-
Mobile Systems/Mobile Applications
-
-
On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen.
-
It is with sadness that we report that Linux Journal has ceased publication. The magazine announced its demise at the end of 2017, then was happily reborn in early 2018, but apparently that was not to last. Editor Kyle Rankin posted “An Awkward Goodbye” on August 7.
-
Due to this change in the market, most major publications have either shut down or been acquired and have lost their primary focus. The list includes IDG (acquired by a Chinese company and laid of writers), Recode (sold to Vox), Anandtech, TechCrunch (sold to Verizon), eWeek and more. The list is long.
A very minuscule chunk of these publications is made up of publications focused on consumer Linux. As someone who once ran a ‘consumer desktop Linux’ publication, I am aware of the fact that there is only so much one can do in that space. There is nothing new to write about it from a consumer’s perspective. Linux Desktop space has stagnated and not much innovation is happening in that area. There isn’t much scope of valuable content in that space. What could have been written has already been written?
The real work is happening at a low level. LWN is doing an incredible job of covering low-level kernel stuff. It’s sustainable and healthy.
-
Linux Journal shuts down, because cheapskate Linux users don’t spend money [Ed: And Brian Fagioli goes into troll mode again; many publishers shut down, so this headline is a provocative lie (Linux users spend more money than Windows users)]
-
By now you’ve likely seen the fantastic performance out of AMD’s new “Rome” 7002 series processors. The performance is phenomenal and generally blowing well past Intel’s Xeon Cascade Lake processors. So that’s all good and it can get even better outside of performance: I asked AMD about the prospects of Coreboot / open-source BIOS support and got a surprising response.
At an event in Austin last month when AMD was talking up Rome, when they weren’t talking about the new server CPU’s performance potential they were often mentioning the chip’s security. That set the stage for bringing up open-source support and Coreboot support without coming across as just an open-source zealot/nerd question. After all, if their lower-level bits were (again) open-source it would ensure a more auditable boot process and ensuring the integrity of their Platform Security Processor (PSP) and the like, which in this day and age is important and trying to ensure no nefarious back-doors to the system. Companies like Facebook and Google are also genuinely interested in this open-source functionality with their work on the likes of Coreboot and LinuxBoot.
-
Events
-
Laurent Pinchart began his Open Source Summit Japan 2019 talk with a statement that, once upon a time, camera devices were simple pipelines that produced a sequence of video frames. Applications could control cameras using the Video4Linux (V4L) API by way of a single device node; there were “lots of knobs”, but the overall task was straightforward. That situation has changed over the years, and application developers need more help; that is where the libcamera project comes in.
In truth, if your editor may interject a brief comment, even the basic V4L API is not entirely straightforward for the uninitiated. There is a negotiation process that must happen so that the application can determine whether a given camera can deliver the sort of data stream that is needed. The number of parameters to tweak is large. It was not uncommon to find applications that worked with some camera devices, but not others. V4L makes many things possible, but even the simplest tasks may not be easy.
-
DevNation Live tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this talk, Edson Yanaga, Director of Developer Experience at Red Hat, reviews some tips from the classic Effective Java book to help you update your Java skills.
Joshua Bloch has given us the third edition of Effective Java, but almost 10 years have passed since the last edition. And, now we have a whole generation of Java developers who could benefit from this knowledge.
It’s about time to revisit all of this wonderful content and upgrade your skills to the latest versions of the Java platform. Join us in this deep session to check what’s new in the updated Effective Java and even add some more tips not included in the book.
-
The Linux Foundation today announced the session line-up for its Open Source Summit Europe, the leading conference for open source developers, architects and other technologists and a hotbed for emerging technologies, and Embedded Linux Conference Europe. The event takes place October 28-30 in Lyon, France.
-
Web Browsers
-
Mozilla
-
I have a couple announcements for today. I’d like you all to welcome our two new community managers.
First off Kiki has officially joined the SUMO team as a community manager. Kiki has been filling in with Konstantina and Ruben on our social support activities. We had an opportunity to bring her onto the SUMO team full time starting last week. She will be transitioning out of her responsibilities at the Community Development Team and will be continuing her work on the social program as well as managing SUMO days going forward.
In addition, we have hired a new SUMO community manager to join the team. Please welcome Giulia Guizzardi to the SUMO team.
-
The Public Library of Science‘s Ten Simple Rules series can be fun reading; they’re introductory papers intended to provide novices or non-domain-experts with a set of quick, evidence-based guidelines for dealing with common problems in and around various fields, and it’s become a pretty popular, accessible format as far as scientific publication goes.
-
So a couple of months ago when I was looking for some new interesting and challenging sport events, which I could participate in to reach my own limits, I was made aware of the Mega Hike event. It sounded like fun and it was also good to see that one particular event is annually organized in my own city since 2018. As such I accepted it together with a friend, and we had an amazing day. But hey… that’s not what I actually want to talk about in this post!
The thing I was actually more interested in while reading content on this web site, was the high CPU load of Firefox while the page was open in my browser. Once the tab got closed the CPU load dropped back to normal numbers, and went up again once I reopened the tab. Given that I haven’t had that much time to further investigate this behavior, I simply logged bug 1530071 to make people aware of the problem. Sadly the bug got lost in my incoming queue of daily bug mail, and I missed to respond, which itself lead in no further progress been made.
Yesterday I stumbled over the website again, and by any change have been made aware of the problem again. Nothing seemed to have been changed, and Firefox Nightly (70.0a1) was still using around 70% of CPU even with the tab’s content not visible; means moved to a background tab. Given that this is a serious performance and power related issue I thought that investigation might be pretty helpful for developers.
In the following sections I want to lay out the steps I did to nail down this problem.
-
Back in January I was privileged to speak at StarCon 2019 at the University of Waterloo about responsible data collection. It was a bitterly-cold weekend with beautiful sun dogs ringing the morning sun. I spent it inside talking about good ways to collect data and how Mozilla serves as a concrete example. It’s 15 minutes short and aimed at a general audience. I hope you like it.
-
Productivity Software/LibreOffice/Calligra
-
The third major, feature-full update to the latest LibreOffice 6 office suite series, LibreOffice 6.3, comes exactly six months after the LibreOffice 6.2 release to add better performance, enhanced interoperability with proprietary document formats, as well as a set of new features and other improvements.
The LibreOffice 6.3 office suite will be supported for the next ten months with smaller maintenance updates until May 29, 2020. The Document Foundation has planned a total of six point releases for LibreOffice 6.3, but currently recommends users the LibreOffice 6.2 series for extra stability in production environments.
-
LibreOffice 6.3’s new features have been developed by a large community of code contributors: 65% of commits are from developers employed by companies sitting in the Advisory Board like Collabora, Red Hat and CIB, plus other organizations, and 35% are from individual volunteers.
In addition, there is a global community of individual volunteers taking care of other fundamental activities such as quality assurance, software localization, user interface design and user experience, editing of help system and documentation, plus free software and open document standards advocacy.
-
After a slight delay, The Document Foundation this morning announced the release of the LibreOffice 6.3 cross-platform open-source office suite.
This leading Microsoft Office alternative has performance improvements particularly around Writer (its word processor) and Calc (spreadsheet) components, the tabbed compact user-interface work is now available throughout more of the suite, better PDF export support, continually ongoing improvements to the Microsoft Office file format interoperability support, and a plethora of other improvements.
-
LibreOffice 6.3 is the latest version of The Document Foundation’ open source office suite for Windows, macOS and Linux — and it’s pretty big on changes.
Among the new LibreOffice 6.3 features that productivity-focused folks will benefit from are A, B and, important for secret government agencies, the ability to redact information from documents.
You’ll see a new “tip of the day” dialog open on startup (once per day). There’s also a new “what’s new? infobar” linking to the LibreOffice release notes when launching an updated version of the suite for the first time.
-
Programming/Development
-
I had the pleasure of giving a talk about Python virtual environments at this week’s Christchurch Python meetup. It described the problem that virtualenvs solve, some gotchas and the tools people use to create and manage them. We also spent some time on some of the newer entrants in this space including pew, pipenv and poetry. The slides are available.
Giving presentations is a great way of solidifying your knowledge of a particular subject – you want to make sure you’re describing things accurately so end up doing extra research and thinking more deeply. I’m sure I get as much out of preparing for a talk as the people who attend.
-
Coinciding with yesterday’s glorious AMD EPYC “Rome” 7002 series CPU launch, AMD’s software folks released AOCC 2.0 as their LLVM/Clang-based compiler optimized for Zen processors. AOCC 2.0 brings optimized compiler support now for Zen 2 processors not just only the EPYC 7002 line-up but also the Ryzen 3000 series consumer processors.
AMD Optimizing C/C++ Compiler 2.0 is the update adding in their Zen 2 “Znver2″ bits and the first update to AOCC since the end of last year. Besides adding in Zen 2 support, they re-based their entire compiler toolchain against LLVM 8.0 and its sub-projects like the Clang 8.0 front-end. They also moved to using FLANG as their default Fortran language front-end.
-
Public License (GPL). Linux, like any OS, mediates between the hardware of the machine (CPU, memory, and storage) and its software. The OS manages how the hardware is used to meet the needs of the software.
A Linux-based OS uses a Linux kernel, which is used to manage the hardware resources. A bootloader runs the machine through a startup sequence, and daemons—background services—work in the background to ensure key functions run smoothly. The OS shell, or command line, receive code instructions from the developer and transmits them to the machine.
-
Because scrum and kanban both fall under the agile methodology umbrella, many people confuse them or think they’re the same thing. There are differences, however. For one, scrum is more specific to software development teams, while kanban is used by many kinds of teams and focuses on providing a visual representation of an agile team’s workflow. Some argue that kanban is about getting things done, and scrum is about talking about getting things done.
-
This release is the third of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. The next pre-release of Python 3.8 will be 3.8.0b4, the last beta release, currently scheduled for 2019-08-26.
-
One of the highlights of my work as the Fedora Community Action and Impact Coordinator is giving people good news about travel funding. I often send this information over email. Here, I’ll show you how I send custom messages to groups of people using Mailmerge, a command-line Python program that can handle simple and complex emails.
-
Welcome! In this series of videos you’ll get an overview of the features of the Real Python platform, so you can make the most of your membership.
-
In this article, you’ll explore inheritance and composition in Python. Inheritance and composition are two important concepts in object oriented programming that model the relationship between two classes. They are the building blocks of object oriented design, and they help programmers to write reusable code.
-
souphttpsrc is the C version of HTTP source plugin of GStreamer. Making reqwesthttpsrc feature equivalent to that of souphttpsrc is a very important part of the conversion. Although Rust HTTP source is functioning well, it is not fully in to use because it is not equivalent to C HTTP source.
For now there is only one property implemented from C HTTP source apart from the ones which come from base class. That is ‘location’. We can set a URL to read using this property.
-
Initial support for the rls Rust LSP server has landed in kate.git master. The matching rls issue about this can be found here.
Given I am no Rust expert, I can only verify that at least some operations seem to work for me if the Rust toolchain is setup correctly ;=)
-
Anvil is a UK-based company sponsoring one month of work to revive PyPy’s “sandbox” mode and upgrade it to PyPy3. Thanks to them, sandboxing will be given a second life!
The sandboxed PyPy is a special version of PyPy that runs fully isolated. It gives a safe way to execute arbitrary Python programs (whole programs, not small bits of code inside your larger Python program). Such scripts can be fully untrusted, and they can try to do anything—there are no syntax-based restrictions, for example—but whatever they do, any communication with the external world is not actually done but delegated to the parent process. This is similar but much more flexible than Linux’s Seccomp approach, and it is more lightweight than setting up a full virtual machine. It also works without operating system support.
-
Python is a high-level, general-purpose, structured, powerful, open source programming language that’s used for a wide variety of programming tasks. It features a fully dynamic type system and automatic memory management, similar to that of Scheme, Ruby, Perl, and Tcl, avoiding many of the complexities and overheads of compiled languages. The language was created by Guido van Rossum in 1991, and continues to grow in popularity, in part because it is easy to learn with a readable syntax. The name Python derives from the sketch comedy group Monty Python, not from the snake.
Python is a versatile language. It’s frequently used as a scripting language for web applications, embedded in software products, as well as artificial intelligence and system administration tasks. It’s both simple and powerful, perfectly suited for beginners and professional programmers alike.
-
This is a guest blog by Vick Kelkar from Portworx. Vick is a Product person at Portworx. With over 15 years in the technology and software industry, Vick’s focus is on developing new data infrastructure products for platforms like PCF, PKS, Docker, and Kubernetes.
Kubernetes adoption initially was powered by stateless applications. As the project matured, Kubernetes introduced the StatefulSet object so that applications can run with persistent data in a cloud native manner. As stateful applications, like PostgreSQL, started running on Kubernetes clusters, the need to easily manage complex deployments became clear. The built-in Kubernetes constructs did not allow for more complex install, upgrade or management of Kubernetes resources which resulted in a person doing manual post install deployment tasks.
To solve this problem, the CoreOS team (now part of Red Hat) launched the Operator Framework project. The idea of an Operator is to introduce a custom controller and custom resource into Kubernetes cluster which understands the life cycle of a stateful application. At Portworx, we decided to adopt the Operator Framework in order to embed domain-specific knowledge into our CustomResource called StorageCluster and introduced a new Kubernetes object to make maintenance and management of Portworx platform easier.
-
Python is an important programming language that any developer should know. Many programmers use this language to build websites, create learning algorithms, and perform other important tasks. But trying to learn Python can be intimidating, frustrating, and difficult, especially if you’re not sure how to approach it.
One of the things that I found most frustrating when I was learning Python was how generic all the learning resources were. I wanted to learn how to make websites using Python, but it seemed like every learning resource wanted me to spend two long, boring, months on Python syntax before I could even think about doing what interested me.
-
Python Ireland is the Irish organisation representing the various chapters of Python users. We organise meet ups and events for software developers, students, academics and anyone who wants to learn the language. One of our aims is to help grow and diversify the Python community in Ireland.
-
This morning I had a shower for 6.11686718 minutes. For breakfast I had 189.41576911 ml of fruit juice, followed by 75.24902503 g of muesli topped with 36.55668786 ml of milk and 15.44171338 g of yogurt.
Something wrong?
Maybe you think I’m a bit crazy — or at least very silly — to have so many decimal places in those numbers? Then how about the latitude/longitude of I Love Istanbul, one of my favourite eateries in Melbourne, Australia? According to the city’s “Census of Land Use and Employment” in Melbourne’s open data portal, ILI is at -37.80467681 144.9659498.
I’ve written before about too many lat/lon digits and so have many other people, including Randall Munroe in a recent xkcd webcomic. In Wikipedia there’s a table explaining how the number of decimal places in a decimal-degree lat/lon relates to length. Following that table, ILI at 95 Lygon Street has been located ±0.55 mm in latitude and ±4.6 mm in longitude. Not bad for a property with a footprint maybe 20 x 20 m.
-
PyCharm 2019.2.1 Preview is now available!
-
To keep your codebase clean, it helps to have a separation of concerns. Splitting your codebase into a backend and frontend directory a great way to do this.
-
One of the items of feedback I got from the article about interface immutability is that it did not give any concrete feedback for how to design interfaces. Given that they are forever, it would be good to have some sort of guidance.
The first item is that you want something that uses the implementation, as well as several distinct implementations. However, this item is too obvious: in almost all cases I have seen in the wild of a bad interface, this guideline was followed.
It was also followed in all cases of a good interface.
-
In this episode, we removed Node.js from deployment. We had to finish off an issue with permissions first, but the deployment got simpler. Then we continued on the steps to make deployment do even less.
Last episode, we got the static assets to the staging environment, but we ended the session with a permissions problem. The files extracted from the tarball had the wrong user and group permissions.
I fixed the permissions by running an Ansible task that ran chown to use the www-data user and group. To make sure that the directories had proper permissions, I used 755 to ensure they were executable.
Then we wrote another task to set the permission of non-directory files to 644. This change removes the executable bit from regular files and reduces their security risk.
-
In Qt (and most User Interfaces) ‘widget’ is the name given to a component of the UI that the user can interact with. User interfaces are made up of multiple widgets, arranged within the window.
Qt comes with a large selection of widgets available, and even allows you to create your own custom and customised widgets.
Load up a fresh copy of MyApp_window.py and save it under a new name for this section.
-
Using a computer in order to do rather complex Math is one of the reasons this machine was originally developed. As long as integer numbers and additions, subtractions, and multiplications are exclusively involved in the calculations, everything is fine. As soon as floating point numbers or fractions, as well as divisions, come into play it enormously complicates the whole matter.
As a regular user, we are not fully aware of these issues that happen behind the scenes and may end up with rather surprising, and possibly inaccurate results for our calculations. As developers, we have to ensure that appropriate measures are taken into account in order to instruct the computer to work in the right way.
-
In theory, the public API of a Python standard library module is fully specified as part of its documentation, but in practice it may not be quite so clear cut. There are other ways to specify the names in a module that are meant to be public, and there are naming conventions for things that should not be public (e.g. the name starts with an underscore), but there is no real consistency in how those are used throughout the standard library. A mid-July discussion on the python-dev mailing list considered the problem and some possible solutions; the main outcome seems to be interest in making the rules more explicit.
It should be noted that the Python language does not enforce any access restrictions at all; any program that can import a module can access any top-level name defined in it. All of the “rules” that govern access restrictions are simply conventions, though they are meant to delineate things that can be changed by a module maintainer without going through the usual deprecation cycle. A big part of the public API is effectively a list of names that the module maintainer promises not to change without a good deal of warning (at least two full development cycles).
-
-
“Essentially PewDiePie has embraced the most basic principal in the YouTube playbook,” Wilson wrote. “Focus on a topic, and deliver that to your audience with every single video that you make.”
His reignited interest in the game has led to other YouTube creators picking up on the trend. Sean “Jacksepticeye” McLoughlin, a creator with more than 22 million subscribers, has started to play the game, too. People have picked up on Minecraft having a moment and have decided to jump on the train before it goes away again. It’s not entirely because of Kjellberg — YouTube creator Keemstar’s weekly Minecraft tournaments, for example, also drive traffic and interest — but Kjellberg’s visibility is a major factor, according to Wilson.
-
Hardware
-
Meanwhile, the auto industry is doing little, or not enough, to protect a mass attack on the most critical mode of transport, the car, within a critical industry.
-
What Linux needs to do to reach the masses [iophk: This is a red herring. Reinstalling an OS is like changing the engine on your car. The strangle hold on the OEMs needs to be released.]
I understand the problem is a combination of proprietary hardware and the mixing and matching of components. But Linux has managed to work flawlessly on desktop hardware for a very long time. To me this says Linux can work with similar success on mobile hardware. And it should. The landscape of current users won’t revert back to the desktop any time soon. In fact, if we’re to believe any of the prognostications, users will continue the mass migration toward mobile, until there’s only a handful of us hardcore users still working diligently at desktop machines.
-
Security (Confidentiality/Integrity/Availability)
-
New data from Check Point Research says dozens of vulnerabilities found in a commonly used protocol left millions of Microsoft cloud users open to attack.
In a presentation this week at the Black Hat security conference in Las Vegas, the firm noted that flaws in the Remote Desktop Protocol (RDP)—routinely used to access remote Windows machines—could be exploited to execute arbitrary code on a target’s system, allowing them to view, change, and delete data or create new accounts with full administrative rights.
RDP was originally developed by Microsoft, and is frequently used by users looking to connect to a remote Windows machine. There’s several popular open-source clients for the RDP protocol utilized by Linux and Mac users as well.
-
The researchers pulled it off with a simple hand-built computer they cobbled together from off-the-shelf components. The device, which cost about $100 to assemble, consisted of a single circuit board packing a 3G modem for communicating with a remote-control server and executing attacks.
“While in transit, the device does periodic basic wireless scans, similar to what a laptop does when looking for Wi-Fi hotspots. It transmits its location coordinates via GPS back to the C&C [command and control server,” Henderson detailed.
“Once we see that a warship device has arrived at the target’s front door, mailroom or loading dock, we are able to remotely control the system and run tools to either passively or actively attempt to attack the target’s wireless access,” he elaborated. “The goal of these attacks is to obtain data that can be cracked by more powerful systems in the lab.”
-
The expression has been coined by IBM X-Force Red researchers to describe a new attack vector, which consists of covertly delivering to the target’s premises small devices that can be used to gain access to the home or office wireless network and assets connected to it.
-
Kurian and his peer Sanjay Poonen, chief operating officer for customer operations at VMware, each used that post to identify a pool of customers that had been asking for better interoperability between the two vendors, with the Google Cloud VMware Solution by CloudSimple announced as a result.
This new product, which will be generally available later this year, allows customers to run workloads on VMware’s flagship vSphere platform natively in Google Cloud Platform.
-
At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched five of them, a few have yet to be patched.
-
At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane’s network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane’s safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787′s network architecture would make that progression impossible.
Santamarta admits that he doesn’t have enough visibility into the 787′s internals to know if those security barriers are circumventable. But he says his research nonetheless represents a significant step toward showing the possibility of an actual plane-hacking technique. “We don’t have a 787 to test, so we can’t assess the impact,” Santamarta says. “We’re not saying it’s doomsday, or that we can take a plane down. But we can say: This shouldn’t happen.”
-
Security updates have been issued by Arch Linux (exim, python-django, python2-django, and sdl2), Debian (proftpd-dfsg), Fedora (php and sqlite), openSUSE (proftpd), Red Hat (kernel), Slackware (kdelibs), SUSE (nodejs10, squid, and tcpdump), and Ubuntu (php5 and ruby-rack).
-
KDE rips out ability for KConfig to run shell code [Ed: This is hardly a threat unless you download and then tamper with malicious files from arbitrary, untrusted sources]
KDE has fixed a vulnerability within its KDE Framework that allowed for malicious code execution simply by viewing a .desktop file, by removing the feature being exploited altogether.
Earlier this week, a security researcher Dominik Penner published a proof of concept that showed how users could be compromised simply by viewing a malicious .desktop file, which is typically used to show an icon for a file or directory, in the KDE file browser.
The researcher did not notify KDE before dropping the vulnerability.
-
The Cloud Native Computing Foundation (CNCF) today released a security audit of Kubernetes, the widely used container orchestration software, and the findings are about what you’d expect for a project with about two million lines of code: there are plenty of flaws that need to be addressed.
The CNCF engaged two security firms, Trail of Bits and Atredis Partners, to poke around Kubernetes code over the course of four months. The companies looked at Kubernetes components involved in networking, cryptography, authentication, authorization, secrets management, and multi-tenancy.
Having identified 34 vulnerabilities – 4 high severity, 15 medium severity, 8 low severity and 7 informational severity – the Trail of Bits report advises project developers to rely more on standard libraries, to avoid custom parsers and specialized configuration systems, to choose “sane defaults,” and to ensure correct filesystem and kernel interactions prior to performing operations.
-
Unless you’ve been living under a rock, hardly a day goes by anymore without a new software security problem popping up. The folks at the Cloud Native Computing Foundation (CNCF) certainly have noticed. So, when it came time to give Kubernetes, the most important container orchestration program, a security audit, the CNCF tried an open-source approach for checking it for security problems.
This wasn’t a new idea. That credit goes to the Core Infrastructure Initiative (CII) Best Practices Badge program. Open-source projects that get this badge must show they follow security best practices. The CII used this approach on three other projects: CoreDNS, Envoy, and Prometheus. Then, it used it on the big one: Kubernetes.
-
The ICS Advisory (ICSA-19-211-01) released on July 30th by the Cybersecurity and Infrastructure Security Agency (CISA) is chilling to read. According to the documentation, VxWorks is “exploitable remotely” and requires “low skill level to exploit.” Elaborating further, CISA risk assessment concludes, “Successful exploitation of these vulnerabilities could allow remote code execution.”
The potential consequences of this security breech are astounding to measure, particularly when I look back on my own personal experiences in this space, and now as an Account Executive for Embedded Systems here at SUSE.
[...]
At the time, VxWorks was the standard go-to OS in the majority of the embedded production platforms I worked with. It was an ideal way to replace the legacy stove-piped platforms with an Open Architecture (OA) COTS solution. In light of the recent CISA warning, however, it is concerning to know that many of those affected systems processed highly-classified intelligence data at home and abroad.
-
TLS 1.3 is the sixth iteration of the Secure Sockets Layer (SSL) protocol. Originally designed by Netscape in the mid-1990’s to serve the purposes of online shopping, it quickly became the primary security protocol of the Internet. Now not limited just to web browsing, among other things, it secures email transfers, database accesses or business to business communication.
Because it had its roots in the early days of public cryptography, when public knowledge about securely designing cryptographic protocols was limited, the first two iterations: SSLv2 and SSLv3 are now quite thoroughly broken. The next two iterations, TLS 1.0 and TLS 1.1 depend on the security of Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA1).
-
Environment
-
Extinction Rebellion (XR), a campaign of civil disobedience born in Britain and aiming to address a worldwide climate crisis, has been endorsed by Swedish climate activist Greta Thunberg, the teenage poster child of environmentalism. XR has pledged to cause more disruption, arguing that governments are not doing enough to stop the “climate emergency.”
The group, which is spawning similar campaigns in the United States and Australia, says climate activists have no choice but to take matters into their own hands. It demands that governments prevent further biodiversity loss and commit to producing net-zero greenhouse gases by 2025. Otherwise, XR says, there will be a mass extinction of life forms on the planet within the lifetimes of the demonstrators themselves.
-
Since 2000, the number of Danes bothered by traffic-related noise has more than doubled from 6 to 14 percent, according to a new report from the national institute of public health, Statens Institut forFolkesundhed.
-
Energy
-
Reacting to the decision by train companies in the UK to stop accepting Interrail passes from January (1), Green Party Deputy Leader Amelia Womack said:
“This is entirely the wrong direction of travel, in both environmental and international relations terms.
“We need to be encouraging people to travel by train rather than taking the plane. It needs to be the easiest, simplest and cheapest option, as well as being as it already is by far the most pleasant.
-
In early 2018 when major financial publications like the Wall Street Journal were predicting a bright and profitable future for the fracking industry, DeSmog began a series detailing the failing business model of fracking shale deposits for oil and gas in America.
Over a year later, the fracking industry is having to reckon with many of the issues DeSmog highlighted, in addition to one new issue — investors are finally giving up on the industry.
-
Wildlife/Nature
-
The universities of Tampere and Jyväskylä will conduct the study funded by Kela, the national social insurance agency, to examine how nature and the support of a group can help in the rehabilitation and recovery from depression. As part of the study, free nature therapy groups will be held in August and next April.
-
In 1887 the Belgian-British zoologist George Albert Boulenger, who famously named more than 2,000 species around the world, scientifically described a slim New Zealand lizard he called Oligosoma infrapunctatum — the speckled skink.
More than 130 years later, a new paper examines the genetics and morphology of speckled skinks from around New Zealand and comes up with a surprising conclusion: They’re actually at least six different species, one of which — ironically enough, the one first identified by Boulenger — may now be extinct.
The research, published in the journal Zootaxa, builds upon work done over the past several years that analyzed and alternately named and renamed various populations of speckled skinks. Now, by examining the lizards’ physical characteristics and mitochondrial DNA, the researchers were able to conclusively determine that the speckled skink represents an entire species complex. Each species lives in a different part of the country and has small but significant variations in genetics, coloration, scale composition and limb structure.
There’s something they all have in common, though: None of them are doing very well, as the five remaining species all face enormous pressures from introduced predators and habitat loss. Using New Zealand’s classification system for endangered species, the paper recommends that two of the skink species should be considered as “nationally critical,” a third as “nationally vulnerable” and the final two as “at risk.”
-
Overpopulation
-
The Balkans is one of the world’s most troubled regions, often the setting for outbreaks of territorial, ethnic and religious conflict.
Now the area is also having to face up to the problems caused by a changing climate – in particular the prospect of severe water shortages in the years ahead.
Albania, a mountainous country with a population of just under 3 million, has abundant water resources at present. But government studies predict that due to increasing temperatures and declining rainfall, there could be severe water shortages within ten years.
The government says that within a decade water levels in three of the country’s biggest rivers – the Drin, Mat and Vjosa – will be up to 20% lower than at present.
-
Finance
-
It works like this: Pension funds from California to New Jersey and college endowments pour money into venture capital and private equity firms, which scour the globe for the best investment opportunities. In recent years, many of these firms have turned to China, helping fuel the success of global giants such as Alibaba Group Holding Ltd. and rising stars like drone-maker DJI and artificial-intelligence pioneer SenseTime Group Ltd. Pension and endowment fund managers may recognize such investments could become politically unacceptable, but they also have a fiduciary responsibility to pursue lucrative returns for their clients.
-
Summertime is well and truly here, and for many of us, that means sunny vacations. Disneyland? Florida? A European adventure?
But for tens of millions of Americans, there will be none, because they cannot afford one. A new and widely reported poll from financial services company BankRate.com found that over one in four people are forgoing a vacation, primarily because they cannot pay for it.
The average expected cost of a vacation, for those planning one, was $1,979. But, as a well-publicized survey found, the large majority of millennials (and a majority of Americans overall) are living paycheck-to-paycheck and could not even afford a $1,000 emergency, let alone a $2,000 luxury.
[...]
Under greater time pressure than ever, media resort to rewriting or copying and pasting press releases, then branding them as news. At the same time, advertorials—paid advertisements presented as news—are becoming an increasingly common way for media to increase their income.
Advertorials work. The general public has great difficulty distinguishing between paid for content and traditional news. A Reader’s Digest study found news consumers were 500 times more likely to read an advertorial than a traditional advertisement, and that advertorials generated 81 per cent more sales than standard commercials. Were the BankRate stories advertorials, or simply media lazily repeating PR? CNBC responded with a comment that suggested it was an organic story, while Fox did not reply.
Either way, Americans are in perilous financial straits, and millions are trapped in debt. Media should not be handing out highly questionable recommendations for the sake of extra content. There could be expensive consequences for those who take advice from cheap news.
-
AstroTurf/Lobbying/Politics
-
The owner of 8chan, the fringe messaging board that has been linked to a string of mass shootings this year, told lawmakers that he is coming back to the U.S. this week as Congress escalates its scrutiny of his website.
Jim Watkins, who has owned 8chan since 2015, told lawmakers in an email on Tuesday that he would be back in the U.S. by the next day.
-
A Twitter account sympathising with the Kashmiri separatists movement and a supporter of secession of Jammu and Kashmir from the union of India uploaded a highly doctored old video of journalist Arnab Goswami. The account uploaded Goswami’s edited video from February this year to imply as if Goswami is calling for the genocide of Kashmiris opposing the recent abrogation of Article 370.
-
Instead, the “Gravel teens” conducted the campaign almost entirely online, via the aforementioned caustic Twitter account and over-the-top YouTube videos — including a jacked-up sequel to the infamous “rock” ad from Gravel’s first presidential run. Essentially, it was a modern, digital version of the “front-porch campaign,” a turn-of-the-century phenomenon whereby presidential candidates mostly stayed at home and waited for voters to come to them.
And … it kind of worked? No, Gravel didn’t get anywhere close to the nomination, but the tweets and stunts did convince 65,000 people to donate to the campaign, thus qualifying Gravel to participate in the July primary debate. (He ultimately was not invited to appear, [...]
-
Censorship/Free Speech
-
A Ugandan court on Tuesday charged Bobi Wine, a singer-turned-politician and avowed adversary of President Yoweri Museveni, with “annoying” the country’s leader in a move some analysts say is part of a “worrying” increase in political repression.
-
Privacy/Surveillance
-
Check Point Software Technologies Ltd., an Israeli company that provides security for computer networks, said its researchers found three potential ways to alter conversations. One uses the “quote” feature in a group conversation to change the appearance of the identity of a sender. Another lets a hacker change the text of someone else’s reply. And the other, which has been fixed, would let a person send a private message to another group participant disguised as a public message to all, so when the targeted individual responded, it was visible to everyone in the conversation.
A WhatsApp spokeswoman declined to comment.
-
It’s alarming (arf) at the very least for users, as parent company Amazon can now release Ring footage directly to cops without a warrant. It has also been accused of ghostwriting police documentation on the service, turning local forces into free advertising and implied an endorsement for its products. Users can even gain discounts on Ring products if they opt-in, with police forces managing a reward system.
-
Emails obtained from police department in Maywood, NJ—and emails from the police department of Bloomfield, NJ, which were also posted by Wired—show that Ring coaches police on how to obtain footage. The company provides cops with templates for requesting footage, which they do not need a court warrant to do. Ring suggests cops post often on Neighbors, Ring’s free “neighborhood watch” app, where Ring camera owners have the option of sharing their camera footage.
-
What is it about companies leaving consumer data publicly exposed on an Amazon cloud server? Verizon made headlines after one of its customer service vendors left the personal data of around 6 million consumers just sitting on an Amazon server without adequate password protection. A GOP data analytics firm was also recently soundly ridiculed after it left the personal data of around 198 million citizens (read: most of you) similarly just sitting on an Amazon server without protection. Time Warner Cable also recently left 4 million user records sitting in an openly-accessible Amazon bucket.
-
Nothing nefarious about this if you subtract the slow drip of surveillance tech into every corner of everyone’s existence. By the time the little scamps roll into adulthood, they won’t even view omnipresent cameras and their surveillance add-ons as encroachments. They’ll just be a normal part of life, like cellphones and high-speed internet connections.
This situation is better than most. Waldo’s service is completely opt-in. Parents who want to use it have to go through several affirmative steps, like uploading photos of their kids to be used by the software. The end result is a curated collection of photos containing opted-in kids, saving parents the trouble of weeding through hundreds of photos to find the ones they actually care about.
This is a far more responsible use of facial recognition tech on children than the New York Police Department’s version.
-
Even though government statistics show that crime in the United States has been steadily decreasing for decades, people’s perception of crime and danger in their communities often conflict with the data. Vendors prey on these fears by creating products that inflame our greatest anxieties about crime.
Ring works by sending notifications to a person’s phone every time the doorbell rings or motion near the door is detected. With every update, Ring turns the delivery person or census-taker innocently standing on at the door into a potential criminal.
Neighborhood watch apps only increase the paranoia. Amazon promotes its free Neighbors app to accompany Ring. Other vendors sell competing apps such as Nextdoor and Citizen. All are marketed as localized social networks where people in a neighborhood can discuss local issues or share concerns. But all too often, they facilitate reporting of so-called “suspicious” behavior that really amounts to racial profiling. Take, for example, the story of an African-American real estate agent who was stopped by police because neighbors thought it was “suspicious” for him to ring a doorbell.
Even law enforcement are noticing the social consequences of public-safety-by-push-notification. At the International Associations of Chiefs of Police conference earlier this year, which EFF attended, Chandler Police Assistant Chief Jason Zdilla said that his city in Arizona embraced the Ring program, registering thousands of new Ring cameras per month. Though Chandler is experiencing a historic low for violent crime for the fourth year in a row, Ring is giving the public another impression.
“What happens is when someone opens up the social media, and every day they see maybe a potential criminal act, or every day they see a suspicious person, they start believing that this is prevalent, and that crime is really high,” Zdilla said.
If getting an alert from your front door or your neighbor every time a stranger walks down the street doesn’t cause enough paranoia, Ring is trying to alert users to local 911 calls. The Ring-police partnerships would allow the company to tap into the computer-aided dispatch system, and alert users to local 911 calls as part of the “crime news” alerts on its app, Neighbors. Such push alerts based on 911 calls could be used to instill fear and sell additional Ring services.
-
To be part of your local law enforcement’s surveillance network, all you need is a little tech from Amazon. Amazon’s Ring doorbell/camera is being handed out to cops, who can then give them to citizens with the implication the recipients of this corporate/government largesse will deliver recordings upon request.
Every Ring installed is another contributor to this ad hoc network of cameras — something both cops and Amazon have access to. Amazon is looking to corner two markets at one time, roping in both the public and private sectors with an eye on dominating both. The added bonus — at least as far as Amazon is concerned — is its Neighbors app. Neighbors allows people to report suspicious things to other neighbors, as well as law enforcement. Unsurprisingly, early adopters have tended to report the existence of brown people in their neighborhoods more often than anything else.
The whole process is guided by Amazon’s heavy hand. Government agencies participating in the Ring handouts are given talking points, pre-written press releases, and contractual obligations to promote the product they’re giving away. Recently-obtained documents show Amazon has even crafted scripts for police officers and press relations staff to use when questioned by citizens.
But there’s even more to this partnership than everything you see above. Lucas Ropek of GovTech reports cops have an Amazon-enabled workaround if Ring recipients aren’t willing to turn over footage without a warrant.
-
Civil Rights/Policing
-
With ISIS defeated, 40,000 Christians have returned to their ancient homeland, repopulating nine historically Christian towns. Overall, about 250,000 remain in Iraq, down from 1.5 million in 2003, on the eve of the U.S. invasion. For the moment, they are safe, but Sunni Muslims and Iran-backed militias have designs on their land and property.
-
Overall, though, the ethnic composition of the group of all mass shooters in the US is roughly equivalent to the American population.
-
You’d think an entity with the name “New York Police Department” would at least have some passing respect for the law. But the more time you spend examining the NYPD, the more you find it acts in opposition of almost every law meant to control it. Sure, it’s more than willing to kill you over unlicensed cigarette sales, but it can’t seem to hold any of its own accountable for their multiple violations.
Anything meant to bring a modicum of accountability to the agency is met with a shrug of official indifference. The only thing that’s been proven to effect change in the department is orders from federal judges, and even these are greeted with foot-dragging and brass-enabled resistance.
Adding to the annals of the PD’s refusal to play by rules it doesn’t like is this report from The Marshall Project. The NYPD and city prosecutors are using supposedly expunged arrests to push for plea deals, longer sentences, and the denial of bail.
In one case examined by The Marshall Project, a man arrested for being in a vehicle that also contained an unlicensed handgun assumed he’d get cited and fined because of his lack of a criminal record. Instead, the man (referred to only as J.J.) watched as the city prosecutor produced printouts of expunged charges from back in the PD’s stop-and-frisk heyday to argue for a prison sentence. J.J. had never been convicted of a crime, but the city was presenting records that should have been removed from the system to argue he was a career criminal.
-
Hey, SCOTUS says it’s OK so it must be OK. Via Greg Doucette comes another WTF decision [PDF] — one that gives North Carolina cops the green light to engage in retaliatory arrests over protected speech.
It’s not like there’s no case law to work with. The Eighth Circuit Appeals Court denied immunity to an officer who arrested someone for shouting “Fuck you!” at him as they drove by. Other federal courts have come to the same conclusion: flipping the bird/dropping f-bombs in the direction of police officers is protected speech and cannot form the basis for traffic stops or arrests.
In the state court of appeals, North Carolina judges have come to pretty much the same conclusion our nation’s top court did: so long as an officer can imagine a crime has been committed, they’re allowed to detain and arrest people who have offended them with their words and/or hand gestures.
-
Internet Policy/Net Neutrality
-
The move by the European Commission could make it more difficult for telecoms operators to do similar deals to share networks, seen as key to saving costs and reducing time in the face of regulatory barriers to mergers.
The European Commission said the deal, which the country’s two biggest mobile operators and Cetin, then part of O2 CZ, struck in 2011 and subsequently expanded, may breach the bloc’s competition rules.
The network sharing agreement now covers all mobile technologies including 4G and 85% of the Czech population.
-
In its latest proposal to ward off fresh EU antitrust penalties, Google on Friday announced plans to auction spots on a “choice screen” from which users will select their preferred search engine.
The move comes a year after the European Commission fined the U.S. tech giant 4.34 billion euros ($4.81 billion) for blocking rivals by pre-installing its Chrome browser and search app on Android smartphones and notebooks.
The EU competition enforcer also ordered the company to halt its anti-competitive practices or face fines up to 5% of Alphabet’s average daily worldwide turnover.
-
The internet has a sustainability problem. Many of its critical services depend on the dedication of unpaid volunteers, because they can’t be monetized and thus don’t have any revenue stream for the maintainers to live on. I’m talking about services like DNS, time synchronization, crypto libraries—software without which the net and the browser you’re using couldn’t function.
These volunteer maintainers are the Load-Bearing Internet People (LBIP). Underfunding them is a problem, because underfunded critical services tend to have gaps and holes that could have been fixed if there were more full-time attention on them. As our civilization becomes increasingly dependent on this software infrastructure, that attention shortfall could lead to disastrous outages.
I’ve been worrying about this problem since 2012, when I watched a hacker I know wreck his health while working on a critical infrastructure problem nobody else understood at the time. Billions of dollars in e-commerce hung on getting the particular software problem he had spotted solved, but because it masqueraded as network undercapacity, he had a lot of trouble getting even technically-savvy people to understand where the problem was. He solved it, but unable to afford medical insurance and literally living in a tent, he eventually went blind in one eye and is now prone to depressive spells.
-
Monopolies
-
Turkey’s Supreme Court has ended more than two years of speculation regarding when non-use cancellation actions against trademarks can be filed, lawyers tell Managing IP, arguing that the court has come to a logical conclusion.
-
The deal could involve some 1.5 million square feet (139,000 square meters), about 50% more than was previously reported, said the people, who asked not to be identified discussing the private negotiations. While much of the space would be at 50 Hudson Yards — a 2.9 million-square-foot tower being built by Related Cos. and Oxford Properties Group — Facebook is also looking at 30 Hudson Yards and 55 Hudson Yards, the people said.
-
Patents and Software Patents
-
Singapore will consolidate civil IP disputes in the High Court, the lower division of the Supreme Court, but in-house counsel air concerns over the potentially heavy caseload.
-
Recently, a group of patent attorneys—along with the self-proclaimed “patent holder for all neural systems that contemplate, invent, and discover via such confabulations”—has filed a set of patent applications at the U.S. Patent and Trademark Office, European Patent Office, and the UK Intellectual Property Office. But—reminiscent of the infamous “monkey selfie” copyright case, and unlike any other patent application filed with those offices—these applications list an artificial intelligence (AI) as the inventor, but claim that the AI’s owner should receive the patent.
Setting aside any arguments about whether the law currently recognizes an AI as an inventor—though at least in the U.S., the requirement that the inventor be human seems clear based on the monkey selfies decision, the patent statute’s use of the term “person,” and the requirement that an inventor sign an oath or declaration—the real question is whether permitting AI owners to own the output of the machine would be a wise policy choice. Would permitting AI output to be patented by the AI’s owner promote progress?
[...]
But even if we assume that the developed idea is non-obvious, it’s equally non-obvious that assigning the invention to the AI’s owner would meaningfully promote innovation. The owner hasn’t performed any intellectual creative act and would simply receive a windfall for the output of something they bought. 1And the AI itself doesn’t need any incentive to create the new idea—it would create the idea whether or not a patent was available, meaning that there’s no reason to think that providing a patent on the output of the machine would promote progress. At most, providing a patent on the output of the machine might incentivize people to design better idea-creating AIs—but such an AI would already be patentable and doesn’t require additional incentive.
At the end of the day, the question really is “why give anyone exclusive rights to work generated by non-human entities?” That’s an extension of the question asked—and answered—over 30 years ago by Prof. Pamela Samuelson, concluding that perhaps no one should own the output of a computer. There’s no reason to think that answer has changed—especially since, in the past 30 years, we’ve seen an explosion in AI without any need to assign ownership of its output to the operators of the AI.
-
Less than a year into his role, Kitchin talks about life as a UK Supreme Court justice and why – despite his extensive IP background – he is being excluded from one of the biggest patent cases in years
-
Patent claims reciting a “medium comprising computer-readable instructions for depositing a check” included a “technological invention,” and thus were not eligible for Covered Business Method (CBM) review, held the Patent Trial and Appeal Board (PTAB) in Wells Fargo Bank, NA et al v. United Services Automobile Ass’n., Case CBM2019-00004, Patent 8,977,571 B1 (May 15, 2019). Even though U.S. Patent No. 8,977,571B1 may otherwise have been directed to a “financial product or service,” it qualified for the statute’s provision “that the term does not include patents for technological inventions.” America Invents Action § 18(d).
Representative claim 1 of the ’571 patent recites:
A non-transitory computer-readable medium comprising computer-readable instructions for depositing a check that, when executed by a processor, cause the processor to:
monitor an image of the check in a field of view of a camera of a mobile device with respect to a monitoring criterion using an image monitoring and capture module of the mobile device;
-
Sovereign immunity does not exempt state governments from inter partes review, according to a Federal Circuit decision issued on Friday in Regents of the University of Minnesota v. LSI Corp. The decision extends the Federal Circuit’s earlier decision in Saint Regis Mohawk Tribe v. Mylan Pharmaceuticals that Native American tribes cannot rely on sovereign immunity against an IPR.
This case began with the University of Minnesota suing semiconductor supplier LSI and customers of telecommunications company Ericsson for infringement. LSI and Ericsson responded with inter partes review petitions. Despite Minnesota’s status as a public university, that is, part of the state government of Minnesota, the Patent Trial and Appeal Board ruled that sovereign immunity did not prevent the IPR petition from being instituted. The decisions to institute the IPRs was appealed immediately to the Federal Circuit. Pharmaceutical company Gilead, facing a similar situation, successfully intervened in the appeal.
-
Citing Federal Circuit decisions including SAP America, Inc. v. Investpic, LLC, 898 F.3d 1161 (Fed. Cir. 2018) and Elec. Power Grp., LLC v. Alstom S.A., 830 F.3d 1350 (Fed. Cir. 2016), the court characterized the claims as providing “results of data collection and analysis” and thus “resid[ing] squarely in the realm of abstract ideas.” The claims recited only generic computing technology, i.e., although court did not use these words, lacked a technical improvement, and therefore “fail[ed] both steps of the Alice test.”
So this was an easy § 101 case for a district judge. And it was evidently an easy § 101 case for the USPTO, which allowed the claims in the second Office action, with nary a § 101 rejection. (Take a look at the file history for U.S. Patent No. 9,978,107.) The ’107 patent issued from a long priority chain, and I confess I did not look at those file histories – but regardless, the lack of a § 101 rejection in the application for the ’107 patent is certainly striking in light of the ultimate fate of the claims. (And I would bet this is the ultimate fate – even if appealed, can anyone see the Federal Circuit reversing?)
-
The defendant had argued that “the claims were directed to the ‘abstract idea of delaying and outsourcing the scanning of paper checks.” The Federal Circuit agreed that the claims were “directed to an abstract idea, although we articulate it a bit differently.” The abstract idea of these patent claims, said the court, is “crediting a merchant’s account as early as possible while electronically processing a check.
This case was like Ultramercial, LLC, et al. v. WildTangent, Inc. (Fed. Cir. 2014), in that it depending simply on rerdering steps of a transactions. It was even more like Content Extraction & Transmission Llc v. Wells Fargo Bank, N.A. (Fed. Cir 2014), where the court held that “extracting and then processing information from hard copy documents, including paper checks, was drawn to the abstract idea of collecting data, recognizing certain data within the collected data set, and storing that recognized data.” And there was no improvement to how computers operate, so under the second prong of the § 101 test, there was not a significant additional innovation beyond the abstract idea.
-
The Federal Supreme Court confirmed the Federal Patents Court’s (FPC) Decision of 12 June 2018 in which the FPC decided that article 140k of the Swiss Patent Act lists in an exhaustive manner all nullity grounds which can be invoked against SPCs. The six month application deadline of article 140f PA is not listed in this catalogue and, therefore, an allegedly wrong reinstatement of said deadline cannot be invoked as a nullity ground in civil proceedings.
-
It is with profound sadness that IPkat reports that Professor Shamnad Basheer, 43 years of age, passed away earlier today in his beloved India, where he was born and flourished. Shamnad was one of the IP world’s great human beings. The founder of the iconic IP blog, Spicy IP, this Kat had the honor of joining with him as co-editors of the book, “Overlapping Intellectual Property Rights”, by which this Kat came to view Shamnad as a dear friend. IPKat will publish more on Shamnad as soon as it gathers more complete information.
-
Some aspects of patent law are unduly complicated. Here is one: Prosecution History Estoppel (PHE) as applied to the Doctrine of Equivalents (DOE).
The DOE finds infringement when someone is practicing something very similar (albeit different) than what is literally claimed. Although the doctrine is court-created, courts are also wary of the potentially unmoored doctrine and thus have created a number of major limitations on the doctrine that have severely limited its scope. Prosecution History Estoppel is one such limitation and arises when patent claims are narrowed during patent prosecution (something that happens in the vast majority of cases).
Under PHE, a narrowing limitation during prosecution is “presumed to be a general disclaimer of the territory between the original claim and the amended claim.” Festo Corp. v. Shoketsu Kinzoku Kogyo Kabushiki Co., 535 U.S. 722 (2002). In Festo though, the Supreme Court identified the disclaimer as rebuttable upon proof that “the amendment cannot reasonably be viewed as surrendering a particular equivalent.”
[...]
The original claim language covered SEQ ID NO: 2 along with modification such as “deletion, substitution, insertion or addition of one or several amino acids” of SEQ ID NO: 2. That claim was narrowed after an anticipation rejection to get around a different naturally occurring protein (YfiK). By narrowing the claim, it also now excludes the particular YddG protein variation used by CJ.
On appeal, the Federal Circuit held that the purpose of the appeal was to get around the YfiK prior art, not the YddG prior art. As such, the reasons for the amendment were merely tangential to the equivalent in question.
-
The listservs I’m on have exploded lately with concern, and some anger, about proposed fees on practitioners, and the potential for CLE requirements. Today, I happened to be reading an article, in a peer reviewed journal, by Frank Fagan, that purportedly shows that every one-hour of CLE decreases charges brought to state bars by 10%.
-
State bar associations require bar applicants to pass the Multistate Professional Responsibility Examination over a range of scores and earn a variable number continuing legal education credits in ethics annually. Panel data from 2007-2014 across the fifty states and the District of Columbia are used to assess whether these requirements reduce charges of ethical misconduct against attorneys. Deviations GMM estimation provides evidence that increases in MCLE annual credit-hours in ethics reduce charges. Specifically, a one-hour increase in MCLE reduces the number of charges of ethical misconduct by 10.506%. The result is robust to different types of models and estimators, but requires making several strong assumptions which are discussed in detail.
-
Trademarks
-
‘Going down’ is a common English phrase whose meaning is descending or sinking. But when it tried to be registered as a trade mark for some sex-related products in China, it encounters the issue whether such a phrase leads to a bad influence on morality.
Similar to Article 7(1)(f) EUTMR, Article 10 (8) of the PRC trade mark law prevents a mark from registering if it is harmful to socialism morality or has other bad influence.
In its recent decision(here, in Chinese), the Beijing High Court affirms that ‘going down’ is a trade mark that causes bad social influence when it is designated for sex-related products.
[...]
A trade mark is a commercial sign attached to products that disseminate to the public. In addition to distinguishing goods and services from others and bearing reputation, a trademark can also disseminate value and culture. A trade mark’s influential power and contact in the public are wide and uncertain. The cultural taste and the value represented by a trade mark would be widely disseminated through the use.
The trade mark ‘going down’ is designated for the goods such as vaginal syringes, condoms, non-chemical contraceptives and sex dolls. The applicant uses the vulgar implication of the trade mark as a marketing gimmick to attract public attention. Such an act causes bad influence on the public order, business culture and morality.
Based on the above reasoning, the Court decides that the trade mark shall not be registered.
-
“Aceto Balsamico di Modena (PGI)” has PGI status under Regulation 1151/2012, as conferred by Regulation No. 583/2009. Balema produces and markets in Germany vinegar-based products under the names “Balsamico” and “Deutscher Balsamico”; their labels note that the products are manufactured from local (Baden) wine. The Consorzio (owner of the PGI) alleged trade mark infringement by Balema on the basis that Balema’s products do not conform to the product specifications required for lawful use of the PGI. Balema sought a declaration that there had been no infringement.
Balema failed at first instance but succeeded on appeal, because the appeal court considered that only the whole name – “Aceto Balsamico de Modena” – was protected, and not the non-geographical component parts of the PGI. The case was further appealed to the Bundesgerichtshof (Federal Court of Germany), which referred the following question to the Court of Justice:
“Does the protection of the entire name ‘Aceto Balsamico de Modena’ extend to the use of the individual non-geographical components of the term as a whole (‘Aceto’, ‘Balsamico’, ‘Aceto Balsamico’)?”
[...]
The AG’s Opinion looks to be legally correct (even if some might question his view of genericness under Articles 3(6) / 13(1). One would expect the Court of Justice to follow the AG’s reasoning.
The Bundesgerichtshof (BGH) has already indicated that if the above terms are not protected under Regulation 1151/2012, Balema’s appeal will succeed. This presumably means that the BGH is satisfied that Balema’s product names do not use the contested terms in a misleading manner that might be contrary to Article 13(1)(c) or (d) (which are not subject to the exemption under Article 13(1) discussed above), or such claims are not being run. Presumably this also means that a legal alternative such as an unfair competition claim (perhaps a claim akin to extended passing off in the UK) will not get off the ground.
-
GoPro has been successful in its bid to stop a Chinese competitor from registering a trademark at the European Intellectual Property Office (EUIPO).
-
Copyrights
-
Epic Games’ efforts to take several “Fortnite” cheaters to court over copyright infringement continues. In one of the cases, the defendant, who’s still a minor, has asked the court to dismiss the complaint. The kid’s attorneys, however, argue that the court doesn’t have jurisdiction and that requiring a minor to defend himself in another state would be unreasonable.
-
It’s been a bit of a roller coaster ride for Kangaroo Manufacturing over the past few weeks. The company — which has admitted that it looks for popular items that are being sold on Amazon, and then develops competing products — won its lawsuit a few weeks back, in which it was accused of copyright infringement for copying a floating duck pool float. In that case, the court determined that the ducks in question were not similar enough to be infringing. However, in another case, involving banana costumes, Kangaroo was not so lucky. Back in April we wrote about the appeals court hearing in that case, in which the judges joked that they were disappointed none of the lawyers showed up in the costume. However, in the end, the 3rd Circuit appeals court upheld the lower court’s injunction that the two banana costumes were too similar and that Kangaroo’s violated the copyright of Rasta Imposta (ht to Bill Donahue for spotting this one).
There were two keys to this particular ruling. The first was the Supreme Court’s terrible ruling in the Star Athletica case upturning decades of copyright law saying that you can’t get a copyright on “useful articles,” (which many people believed included clothing). In Star Athletica, the Supreme Court effectively changed that, saying that if there’s artwork within the clothing, that could be viewed separately from the clothing, it’s a different story. That’s why there is suddenly a bunch of these kinds of copyright lawsuits. Here, the judges feel that Star Athletica means that if two banana costumes are too close, well, that’s infringement.
[...]
Kangaroo also tried a different approach, saying that even if Rasta’s banana design met that minimal level of creativity to be eligible for copyright, it was ineligible due to two other copyright doctrines: the merger doctrine and scenes a faire. The merger doctrine is related to the idea/expression doctrine and says that certain types of expression can only be done in one way, and therefore you shouldn’t be able to copyright that expression, as it would effectively be banning the idea. Here, Kangaroo argued that was the case with a banana costume. Scenes a faire is a similar doctrine that basically says certain “background” elements in a work are so common that it’s ridiculous to think they could be copyrightable, as you’d block out lots of other works.
-
Academic publishing giant Elsevier really, really, really hates Sci-Hub, the site that offers up access to lots of academic research. Elsevier has sued the site directly and tried many times to get it blocked (which, to date, seems to have only helped it get more attention). Last week, Elsevier got all legal-threaty against Citationsy, a site that helps scholars create citations. Elsevier claimed that Citationsy was infringing its copyright by linking to Sci-Hub.
[...]
Of course, expecting Elsevier to recognize how hypocritical it’s being is a fool’s errand as well. Elsevier is not in the business of actually understanding how academics work. It’s in the business of squeezing as much cash as possible from universities.
Permalink
Send this to a friend
Posted in Deception, Europe, Patents at 8:03 am by Dr. Roy Schestowitz
These should have been front page/cover stories; Europe’s second-largest institution is profoundly corrupt, but media doesn’t wish to say that
Summary: The EPO continues to lie, to break the law, to abuse staff and to grant fake patents with complete impunity; not even the media in Europe is scrutinising what the EPO does in direct violation of many laws
THE month of August is a very quiet one, almost universally, but that doesn’t mean that António Campinos and the European Patent Office (EPO) will keep quiet and quit lying.
Their Web page “Data protection & privacy” (warning: epo.org link) was updated about two weeks ago (updated 25.07.19 08:00; Google News picked up that change only last night) and it says: “The European Patent Office (EPO) is committed to protecting privacy and the personal data users provide when using our website.”
“The EPO bribed and threatened European media.”WWW/HTML geeks can easily dispute that. We always warn people when we post epo.org links (as we did above); their visitors’ IP addresses can be ‘leaked’ to Microsoft, Facebook and Twitter for de-anonymisation (through cookies, ISPs and so on), e.g. in the “Share” button on all pages. Just see the page source; it’s JS code. They say they value privacy, but they’re liars. They’re very serious violators of privacy; they habitually break privacy laws in Germany, but they know they’re above the law, e.g. earlier this year (we leaked information about this, but European media pretended not to see it, even when approached to cover that). What’s with the media complicity? Is real journalism not only dead but corrupt? Does it turn a blind eye based on sponsorships? The EPO bribed and threatened European media. The media is therefore silent. It intentionally refuses to cover leaks, even if and when these are published. Theory? No. We published evidence. This is pure corruption of journalism in Europe (by its second-largest institution). Disturbing? Sure. But not even news… the news sites won’t cover the corruption of news sites. Obviously.
The EPO keeps lying every day, even if we don’t bother rebutting everything as many of these lies are repetitive. Hours ago the EPO tweeted: “How long does the #patent grant procedure take?”
“The European Patent Office (EPO) told lies to the media back in March when it spoke about CQI; months later we rebutted with EPO leaks. Did anyone in the media pay attention? Of course not.”“Depends,” I responded. “As you no longer do actual, real examination, might as well grant within 10 seconds (of application being received)…”
I cited past coverage of this (leaks). The European Patent Office (EPO) told lies to the media back in March when it spoke about CQI; months later we rebutted with EPO leaks. Did anyone in the media pay attention? Of course not. To be a little sarcastic, maybe they wish to preserve our ‘exclusivity’…
A day ago the EPO also linked to this bizarre page (warning: epo.org link) we did not see before. It’s named “ict.html” (ICT), but it is titled “Digital technologies” (very vague).
The EPO’s page was cited in this tweet and introduced as follows: “Digital technologies are finding their way into every aspect of our modern lives. Have a look here to learn more about the #patenting landscape in this field…”
“So a year after Campinos came from the EUIPO nothing has improved. The EPO lies every single day, several times per day; the main difference is, having bribed much of the press there’s little coverage of these EPO issues.”Now watch that utterly ridiculous page. The EPO nowadays says “Hardware and software” (to mean algorithms disguised as “running on a machine”), "HEY HI" (AI), and more meaningless buzzwords like “4IR” to grant illegal software patents in Europe. On the same day we also saw this tweet about Battistelli-styled ‘studies’. Once again the EPO funds a ‘study’ that EPO itself manufactures (how very objective), then cites. The EUIPO too participates in this.
So a year after Campinos came from the EUIPO nothing has improved. The EPO lies every single day, several times per day; the main difference is, having bribed much of the press there’s little coverage of these EPO issues. Is it because the media in general is dying? We don’t think so. It’s true that many blogs about patents are dying*. But can they never even mention EPO scandals? Watch what happened to IP Kat. An astounding reversal. They’ve moved from blasting the EPO’s President to protecting him. █
____
* Bejin Bieneman’s software patents advocacy blog is the latest casualty. From about one post a day it moved to one per week. Now it posts about once per month. Software patents are buried so deep in the ground (in the US at least, owing to 35 U.S.C. § 101) that almost nobody bothers promoting them anymore.
Permalink
Send this to a friend
Posted in Europe, Patents at 6:55 am by Dr. Roy Schestowitz
Summary: A giant European patent troll, IPCom, shows the ramifications of the EPO failing to do its job; Europe is being left behind for the sake of parasitic bullies that put Germany to shame
The German patent troll IPCom was mentioned earlier this year in relation to this controversial decision to keep breaking the law, to keep violating the EPC. This is no laughing matter because this troll removes good products from the market… even in the UK, far away from Germany (showing that the patent system has gone all wrong).
As BBC (UK) put it the other day:
HTC has stopped offering its phones for sale in the UK while it is involved in an intellectual property dispute.
The Taiwanese company’s online store currently lists all of its models as “out of stock” despite the fact they remain available in other nations.
HTC has been involved in a long-running dispute with research and development company Ipcom over a wireless technology developed for car phones.
To resolve it, HTC agreed to sell only mobiles with a workaround in the UK.
However, Munich-based Ipcom has alleged it carried out tests earlier this year that showed no workaround had been implemented.
[...]
An HTC spokeswoman said: “As a leading innovator, HTC takes intellectual property issues very seriously.
“We are proactively investigating an infringement claim by a third party with respect to a single handset model.”
HTC was the first manufacturer to sell an Android handset, in 2008. A decade later, it sold part of its smartphone division to Google.
Rose Hughes (Big Pharma’s lawyer in the UK) has just commented on it; she’s usually a megaphone of EPO management. Last month when covering a decision on IPCom and Haar she published only a puff piece. Here’s what she wrote about the above:
IPKat has followed for many years the case law on stays of infringement proceedings in the UK. Guidance on when a stay may be granted was provided in Glaxo v Genentech [2008] EWCA Civ 23 (IPKat post here). The Glaxo guidance was subsequently reformulated by the Court of Appeal in IPCom v HTC [2013] EWCA Civ 1496 (IPKat post here). A UK High Court decision has recently applied the IPCom guidance in a case where stay of proceedings was requested in view of a pending EPO opposition: Coloplast v Salts [2019] EWHC 1979 (Pat).
Coloplast is a Peterborough (UK) based manufacturer and the current market leader in ostomy products. An ostomy or stoma is a surgically made hole in the intestinal wall. An ostomy may be required in patients with severe disorders of the gut (e.g. Crohn’s disease, ulcerative colitis or bladder cancer) or following injury to the bowel. There are many specialist products associated with ostomies, designed to make patients’ lives more comfortable. The ostomy product market is currently worth approximately £120 million per annum.
[...]
According to Guideline 10 of IPCom, it is important to consider the length of time it will take the EPO to reach a decision in an pending opposition proceedings. Both parties agreed that after the opposition division had given its decision, this would be appealed to the EPO Boards of Appeal. A European patent attorney for Salts estimated that the Boards of Appeal would reach a decision “in late 2021, but ‘perhaps’ earlier if accelerated proceedings are granted” (para. 21.). A solicitor for Coloplast provided a different estimate of between January 2022 and January 2024. The likelihood of a “ping-pong” effect between the Boards of Appeal and the opposition division was also considered. If this happened, Coloplast estimated that a final decision may take until 2028.
The Deputy Judge commented that there appeared “to be a tendency to stretch the estimates a little”. The estimations were also likely to have been made difficult in view of the imminent introduction of the revised Rules of Procedure of the Boards of Appeal (RPBA) (IPKat post here). The revised rules aim to increase efficiency and reduce the likelihood of “ping-pong”.
The witnesses both estimated that the UK trial would occur in 2020 (with an appeal in 2021 or 2022).
The Deputy Judge concluded that a final Board of Appeal decision could be expected around January 2022. “Ping-pong” was possible but unlikely. The UK Court of Appeal could be expected to rule on any appeal of the UK case in late 2021 (para. 29).
Possibly fake European Patents (disputed at present) let patent trolls bully British people and companies, such as those stocking products from the faraway Taiwan. So even if the EPO itself still wrestles with the validity of said Invalid Patents (IPs), the embargo goes ahead. Imagine how much worse it would be if the UPC ever became a reality (expanding embargo’s scope). █
Permalink
Send this to a friend
Posted in Europe, Patents at 6:35 am by Dr. Roy Schestowitz
Summary: Brexit one of many factors dooming the UPC or anything resembling the UPC; the German government/Federal Ministry of Justice comments on the matter
THE European Patent Office no longer mentions the UPC, knowing that it’s likely dead. Even Team UPC recently admitted that it was only trying to create and maintain an illusion of progress. It used the media to lobby for it — a form of corruption and bribery.
There’s this new article in German. No English version. Bearing in mind that "tweets" as sources aren't as reliable as journalism (people spin or abbreviate articles and sometimes take out of context pertinent paragraphs for their personal agenda), we can still quote Dr. Thorsten Bausch on Twitter (he’s a pretty honest person):
German government says that the factual and legal consequences of #Brexit first have to be clarified and agreed on a European level before ratifying the #UPCA. https://www.finanzen.net/nachricht/aktien/regierung-sieht-brexit-als-bremse-fuer-europaeisches-patentgericht-7841696 …
“There are many more issues — apart from Brexit — and not only in Germany so it would be a massive self-nuke if they attempted to ever ratify,” I told him.
We recently commented on the impact of the Johnsons.
Team UPC attempted to provide a translation:
„The question of Britain’s withdrawal from the EU plays “an important role” in the further implementation of the agreement on a Single Patent Court, according to a response by the Federal Ministry of Justice to a question from the FDP parliamentary group“
I asked them: “What about the half a dozen other issues with UPC?
“This whole thing should be canned for good.”
“Germany also needs to arrest EPO executives past and present for their crimes.” Battistelli and his circle broke the law many times. Germany’s reluctance to take action (total impunity) makes Germany look bad. █
Permalink
Send this to a friend
Posted in GNU/Linux at 5:54 am by Dr. Roy Schestowitz
Summary: Linux Journal shuts down; the future doesn’t bode well for GNU/Linux journalism and it’s getting worse pretty fast
Back in March we wrote about PIA hypocrisy; how or why is a privacy company putting spyware in all Linux Journal pages? That wasn’t too long after PIA had bought Linux Journal, saving it from shutdown.
“The death of a (Linuxjournal) friend,” as a Techrights reader put it, is now sadly confirmed.
“Jump to the present and with all the efforts to (in my humble opinion) undermine the credibility /sanctity of FOSS/Linux by Microsoft and its allies I just received notice that Linux Journal is closing its doors for good!”
–AnonymousLast night I noticed Lunduke, editor of the above, posting in the Purism site as if he’s staff there. I found that baffling. Hours later a reader told me something that did not shock me given what I had observed, including mass publication of many Linux Journal articles (like an archives dump).
The reader is apparently very supportive of us. “I’ve been reading your articles of late that I’ve been seeing on Slashdot,” he said. “Thank you for your contributions to the truth. I now have Techrights.org bookmarked and spend considerable time visiting.”
“Sad to say that I write you this letter as I sit at my desk in sadness and disbelief. You see, many years ago I got my first issue of Linux Journal at a news stand. Back then there was no electronic version, just good old fashioned printed paper. My how things have changed. Jump to the present and with all the efforts to (in my humble opinion) undermine the credibility /sanctity of FOSS/Linux by Microsoft and its allies I just received notice that Linux Journal is closing its doors for good! This is so sad and I wonder how I’ll keep up with all things FOSS/Linux…
“My friend Glyn Moody wrote there.”“Perhaps you can write an obituary for our old friend? Anyway just wanted to alert you to this tragedy.”
My friend Glyn Moody wrote there. Even as recently as days ago when he spoke about FOSS in relation to ethics. So it impacts people I know. Not so long ago I also lost an online friend from FOSS Force, Robin “Roblimo” Miller, a very kind person. FOSS Force has, in general, barely been active in recent years (no posts published for a whole year even!).
Technical journalism seems to be dying and we’re left with marketing and PR agencies that tell us about “smart” and “cloud” and other such nonsense. Look what happened to Linux.com. It’s horrific. Linux Foundation sponsors use it as their dumping ground. It’s openwashing and lying. I can’t begin to express how disappointing it is; my wife too is frustrated to see what that site became (she followed it closely for many years and liked some of the writers there).
“Thank you for your perseverance and dogged determination regarding the future of FOSS and Linux,” the reader ended in his message. “You are a real trooper.”
My wife has alerted me that this was already stated publicly some hours ago and LWN has comments about it, such as: “I kind of hope that these reports of LJ’s demise are exaggerated… Didn’t this almost happen to LWN once before?”
She finds the demise of the site very sad. She says “these people like to write, but the Web site cannot afford it anymore. That’s the second time.” █
Permalink
Send this to a friend
Content is available under CC-BY-SA