Linux Magazine

• We are here

  As one who has been watching Linux for a long time, I’m saddened to mark the end of Linux Journal, which was just announced this week. I know what you’re thinking – aren’t they a competitor? But it isn’t like that. The community spirit of the open source world is an umbrella for everyone in it – including publishers. If anything, there has always been a kind of camaraderie among the Linux mags.

  I knew about Linux Journal long before I had this job. In fact, my associations with Linux Journal date to an earlier era in IT publishing – back to when I was working for other magazines, like SysAdmin and C Users Journal. Linux Journal has been around for so long that I was especially surprised to read the comments on their site that said, “What? You’re gone already? I just found out about you!”

  Huh, you use Linux, and you’ve never heard of Linux Journal?

  That made me consider how important it is to spread the word about worthy IT publications. In the old days, publishers spent a lot of money on branding and direct marketing to be sure everyone knew they were out there, but all that ended a couple market crashes back. Nowadays, most of our readers hear about us from other readers, unless they happen to live near a full-service IT newsstand, which are also getting rarer in this world.

• Bookkeeping the FOSS way

• Automatic backups to external media

• Backup with restic

• Shimmer dimmer

• Zack’s Kernel News

• The prpl Foundation

• Open hardware and crowdfunding

• Managing your tasks at the command line with TaskBook

• Calculating weekdays and dates with Go

• On the DVD: Linux Mint 19.2 “MATE Edition” and Debian 10 “Buster”

• This month in Linux Voice.

• GPX viewer

• Linux Mint 19.2 “Tina” Released

• DIY photography tools

• Streaming services on LibreELEC 9.0 with Kodi 18.0

• FOSSPicks

• Firewall management

• Setting up a local DNS server with Unbound

• Rclone as a helper for external backups

• Memorable but secure passwords

• Copyright law and licensing on the Internet

Server

• Cloud providers and telemetry via Qt MQTT

  First, the focus is on getting devices connected to the cloud. Being able to send and receive messages is the prime target. This post will not talk about services, features, or costs by the cloud providers themselves once messages are in the cloud.

  Furthermore, the idea is to only use Qt and/or Qt MQTT to establish a connection. Most, if not all, vendors provide SDKs for either devices or monitoring (web and native) applications. However, using these SDKs extends the amount of additional dependencies, leading to higher requirements for storage and memory.

• SUSE Enterprise Storage and Veeam go great together

  Whether you’re new to the popular Windows-based backup tool Veeam or an old pro, you know that ever-growing demands on your storage resources are a true challenge. The flexibility of Ceph makes it a good choice for a back-up target, and SUSE Enterprise Storage makes it easy.

• IBM

  • Why Centos is one of the best OS to set up your local hosting service

    We have been using Centos for years and I must say that we are totally impressed by the outstanding reliability of it.

    Why are we using it? Well, it’s simple. HDroid runs on a dedicated webserver and although this might sound to you as granted stuff to talk about, we were literally going nuts before assembling it.

    Our network of websites is not just limited to this site; and this is where Centos shines, with its ease of control for hosting solution environments. And my goal was pretty unclear at the beginning. This is what I wished “to achieve” with a dedicated web hosting service, completely ‘hosted’ at home.

  • KaaS Vs PaaS: Mirantis Kubernetes-As-A-Service Vs OpenShift

    Many companies who use Kubernetes today do it using Red Hat’s OpenShift distribution, so one question we often hear from users asking about the Mirantis Kubernetes as a Service beta is “How is KaaS different from OpenShift?”

    The short answer is that OpenShift is a Platform as a Service (PaaS) and Mirantis KaaS is…well…a KaaS. These two concepts are different. Let me explain.

    OpenShift is a Platform as a Service, or PaaS, that just happens to use Kubernetes as its underlying substrate. But just because a PaaS uses K8s, that doesn’t automatically make it a KaaS.

  • OpenShift Scale-CI: Part 1 – Evolution

    In order to make efficient use of the lab hardware or the hourly paid compute and storage in public cloud which might get very expensive at large scale, automation does a better job at optimization than humans do at the endless wash. rinse and repeat cycle of CI-based testing. This led us to create automation and tooling which works on any cloud provider and runs performance and scale tests to cover various components of OpenShift; Kubelet, Control plane, SDN, Monitoring with Prometheus, Router, Logging, Cluster Limits and Storage can all be tested with the click of a button.

    We used to spend weeks to running tests and capturing data. Scale-CI speeds up the process, thus saving lots of time and money on compute and storage resources. Most importantly: It gave us the time to work on creative tasks like tooling and designing new scale tests to add to the framework.

    Not every team or user has the luxury of building automation, tooling and access to the hardware to test how well their application or OpenShift component is working at scales above 2000 nodes . Being part of the Performance and Scalability team, we have access to a huge amount of hardware resources and this motivated us to build Scale-CI in such a way that anyone can come use it and participate in the community around it. Users can submit a pull request on Github with a set of templates to get their workload onboarded into the pipeline. The onboarded workloads are automatically tested at scale on an OpenShift cluster built with the latest and greatest builds. It doesn’t hurt that this entire process is managed and maintained by the OpenShift Scalability team.

  • Red Hat Customer Portal named one of the “Ten Best Support Websites” for ninth consecutive year

    We’re excited to announce that for the ninth consecutive year, the Red Hat Customer Portal has been named one of the “Top Ten Best Support Websites” by the Association of Support Professionals (ASP).

    The ASP is a global membership organization for customer support managers and professionals. Its “Ten Best Support Websites” competition, now celebrating its 21st year, showcases excellence in online service and support. Selected by a panel of judges with experience in web support design and implementation, winners are scored in 25 different areas.

    For the last nine years, the awards program has highlighted the continued evolution of Red Hat’s Customer Portal and commitment to improving our customers’ experience.

    This year’s award submission highlighted how the Red Hat Customer Portal is implementing tools that help users self-solve issues, as well as improving user experiences across the site based on customer feedback.

  • Hardening Gluster Installations with TLS

    Data availability, confidentiality, and integrity are important aspects of security. One concern is securing the data and control information used by Gluster nodes which flows over the network. To address this problem network encryption can now be enabled in Gluster using TLS. Encrypting communications between glusterd, Gluster client, and the Gluster server will add significant complexity to any attacker attempting to abuse the Gluster nodes and services.

    Deployment guidelines recommend that Gluster?s internal network should be isolated and not accessible to general users. Even with an isolated network, requiring these connections to use cryptography can prevent access to in-flight network data from attackers with access to these internal networks.

    Enabling encryption requires an attacker to be able to successfully authenticate before being able to interact with Gluster nodes and services.

  • Kogito for Quarkus intelligent applications

    The Quarkus project is becoming quite popular among developers. Quarkus provides a fast-dev environment, and it has already a set of libraries, standards, and frameworks that are made available through extensions like RestEasy, Panache, SmallRye, Keycloak, and Kafka. Additionally, you can start using Kogito today to create intelligent Quarkus applications.

  • How Will Open Source Deal With Success?

    That level of success was perhaps most succinctly explained to me at the event by Chris Aniszczyk, COO at the Cloud Native Computing Foundation (CNCF). “This is the golden age of open source and we are hitting more industries now,” Aniszczyk told me during an interview at the show. “If you are a developer in open source you can find a good job in so many different areas.”

    Aniszczyk’s optimistic tone followed a brief keynote address by Red Hat CTO Chris Wright, who stated flatly that “open source has won,” citing the dramatic increase in GitHub users and numbers from the Linux Foundation touting the financial benefits of open source software. That statement of open source success wasn’t necessarily the most controversial as it was made at an open source-focused event.

    However, Wright also spent some of his limited time on stage and a considerable part of a follow up interview questioning how the ecosystem was going to deal with its success.

    “Part of winning is that with great power comes great responsibility,” Wright said on stage. He explained that the community had changed from its humble origins based on the benefits of sharing software code to where it’s at today in powering some of the largest corporate entities.

Audiocasts/Shows

• Retro Computing with the Altair-Duino

  Katherine Druckman, Doc Searls and Petros Koutoupis talk to Chris Davis of adwaterandstir.com about his Arduino-based Altair 8800 replica kits.

• New podcast episode: Reality 2.0 – Retro Computing with the Altair-Duino

  An exciting new podcast episode is out: Reality 2.0 – Retro Computing with the Altair-Duino. This is a follow-up conversation about the Altair-Duino. Katherine Druckman, Doc Searls and myself talk to Chris Davis of www.adwaterandstir.com about his Arduino-based Altair 8800 replica kits. I had a lot of fun with this conversation.

Kernel Space

• Linux 5.2.11

  I’m announcing the release of the 5.2.11 kernel.

  All users of the 5.2 kernel series must upgrade.

  The updated 5.2.y git tree can be found at:

  git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.2.y

  and can be browsed at the normal kernel.org git web browser:

  https://git.kernel.org/?p=linux/kernel/git/stable/linux-s…

• Linux 4.19.69

• Linux 4.14.141

• Celebrating Linux’s 28 years

  Today, there are nearly 300 active distributions. Some target specific audiences and come prepackaged with special-purpose tools, such as Kali for penetration testing. Others are very general purpose.

  By some accounts, more than 95% of the top 1 million web servers run Linux, along with over 90% of the public cloud and well over 80% of smartphones. So, even if you’re walking around offices still dominated by Windows desktops, Linux is winning big time in some of the most important markets and remains the beating heart of the open source movement.

  Happy birthday, Linux! Here’s to wishing you many decades of continued success, dedicated contributers, and happy users.

• Linux Foundation

  • The Linux Foundation’s LF Edge Releases V2.0 of the Open Glossary of Edge Computing

  • The Linux Foundation’s LF Edge Releases V2.0 of the Open Glossary of Edge Computing

    LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced Version 2.0 of its Open Glossary of Edge Computing. This latest version of the Open Glossary adds a year of updates from the edge community while further iterating vocabulary across the entirety of LF Edge projects.

    The Open Glossary of Edge Computing was created in 2018 as a vehicle to organize a shared, vendor-neutral vocabulary for edge computing to improve communication and accelerate innovation in the field. Launched as part of the first annual State of the Edge report, the Open Glossary is now an open source project under the LF Edge umbrella. The Open Glossary 2.0 is available in a publicly-accessible GitHub repo, and the new versions will be included in the State of the Edge 2019 report, to be released later this fall.

    “The Open Glossary of Edge Computing exemplifies a community-driven process to document and refine the language around edge computing,” said Arpit Joshipura, general manager, Networking, Edge, and IoT, the Linux Foundation. “As the diversity of LF Edge increases, we want frameworks in place that make it easy to talk about edge computing in consistent and less-biased ways. It’s imperative the community comes together to converge on a shared vocabulary, as it will play a substantial role in how our industry discusses and defines the next-generation internet.”

• Graphics Stack

  • Intel Gen 12 Graphics Bringing “Display State Buffer” Engine

    Since June there has been the Intel open-source development team volleying Linux patches for bringing up Tiger Lake “Gen 12″ graphics. There have been several rounds of patches working on the new Gen 12 graphics and that experimental open-source support is coming with Linux 5.4. A new patch series sheds more light on one of the new Gen 12 hardware features: the Display State Buffer engine.

    The Display State Buffer (or shortened as the “DSB”) is a new engine to handle batch submit display register programming. The Intel Linux driver at least will be making use of the DSB for LUT programming and yet-to-materialize patches will leverage the DSB for HDR (High Dynamic Range) meta-data programming and page-flipping related operations. The DSB hardware allows for reduced loading time and CPU activity with punting more work to this engine attached to the display controller and is said to improve the context switching performance with Gen 12 graphics.

  • Navi 14 Is Ready To Go On Mesa 19.3 Git & Back-Ported To Mesa 19.2

    As a follow-up to the recent story on AMD looking to land Navi 14 support in the imminent Mesa 19.2, that code for the smaller Navi GPU did successfully land into Mesa 19.3-devel and was back-ported to the 19.2 series for the upcoming 19.2.0 stable release.

    As explained previously, the Navi 14 Linux driver support wasn’t a trivial PCI ID addition but other changes were necessary. Most notably, Navi 14 required disabling of the “Next-Gen Geometry” support and falling back to the legacy pipeline as apparently NGG is buggy on Navi 14.

  • AMDVLK 2019.Q3.5 AMD Vulkan Driver Brings Fixes & Optimizations

    Two weeks have passed since AMDVLK 2019.Q3.4 while out this morning is the next iteration of this open-source AMD Radeon Vulkan driver derived from the company’s official cross-platform driver code-base.

    AMDVLK 2019.Q3.5 is built against the Vulkan 1.1.119 headers and now exposes the second revision to the VK_EXT_subgroup_size_control extension.

  • VDPAU Library 1.3 Switches To Meson Build System, Adds VP9 Video Format Definitions

    While NVIDIA is focused upon their CUDA-based video encode/decode solution moving forward, they do continue supporting and maintaining their existing VDPAU-based video decode stack. Of the driver-neutral VDPAU library (libvdpau) on Wednesday they issued the newest update.

    Libvdpau is the vendor-neutral library for the Video Decode and Presentation API for Unix that was engineered by NVIDIA and also leveraged by Mesa’s Gallium3D VDPAU state tracker. While NVIDIA moving forward has NVENC/NVDEC as their premiere video solution, VDPAU still works out well on their current Linux driver releases.

Benchmarks

• Intel Core i9 9900K vs. AMD Ryzen 9 3900X Linux Gaming Performance

  Here is our most extensive look yet at the AMD Ryzen 9 3900X Linux gaming performance up against the Intel Core i9 9900K while testing the latest Linux drivers with the Radeon RX 5700 XT as well as the NVIDIA GeForce RTX 2070 and RTX 2080 graphics cards. Beyond testing all the benchmark-friendly Linux-native and Steam Play OpenGL/Vulkan games, the performance-per-Watt and performance-per-dollar of the tested systems are also being covered.

  The Ryzen 9 3900X vs. Core i9 9900K gaming performance on Windows has been a hot race and it’s quite competitive as well on Linux both for native OpenGL/Vulkan ports as well as for Windows games running on Linux via Valve’s Steam Play paired with DXVK for mapping D3D11 to Vulkan.

Applications

• Proprietary

  • BuyDRM launches Linux support for DRM

    BuyDRM has announced Linux support for its MultiKey Server, a multi-DRM software platform specifically designed for deployments in remote or limited connectivity environments.

  • Some airlines are banning Apple’s MacBook Pros even if they weren’t recalled

    In June, Apple recalled the 2015 MacBook Pro with Retina Display, sold between September 2015 and February 2017, because the battery “may pose a fire safety risk,” and the FAA soon reminded airlines not to carry those laptops with defective batteries on board. But some airlines are now banning Apple laptops whether they’ve got a bad battery or not, as reported by Bloomberg.

  • More Airlines Ban MacBook Pros in Checked Luggage

    All 15-inch versions of Apple Inc.’s MacBook Pro must be carried in the cabin and switched off, Qantas said in a statement Wednesday. The rule went into effect Tuesday morning. Rival Virgin Australia Holdings Ltd. went further on Aug. 26, banning all Apple laptops from checked-in luggage.

  • Popular PDF app was quietly plonking malware onto Android phones

    The security smart folks note that the app itself doesn’t appear to be a malicious one, but rather it contains a trojan that gathers spyware and other malware from a malicious server and then runs in on a victim’s phone. This trojan, dubbed Necro.n appears to have been sneaked into the app through the use of a legit-looking advertising library package.

    As such, the developers of the app, which has received some 100 million downloads, might not even realise their software is causing their users a malware headache.

  • [Cracker] Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button

    Your car’s immobilizer is supposed to be used for good. If a crook steals your car, it’s possible for you to connect to the immobilizer, which tracks the vehicle and allows you to stop anyone from turning on the engine. But with one particular immobilizer – the U.K.-made SmarTrack tool from Global Telemetrics – an easy-to-hack vulnerability meant it was simple for researchers at Pen Test Partners to turn on the immobilizer permanently, without the customer knowing a thing.

    To prove it was possible, the researchers from British cybersecurity company Pen Test Partners hacked the vehicle of one of their own employees, disabling his car whilst they were in the U.K. and he was in Greece, not long before he was due to head to a wedding.

  • French cyberpolice, Avast and FBI neutralise global ‘botnet’ [iophk: Windows TCO]

    French police have neutralised a [cracking] operation that had taken control of more than 850,000 computers, mainly in Latin America, while also managing to remove the malware from the infected devices.

    The agents went into action last spring after the Czech antivirus firm Avast alerted them to the software worm, called Retadup, that was being controlled by a server in the Paris region.

  • Putting an end to Retadup: A malicious worm that infected hundreds of thousands [iophk: Windows TCO]

    Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware authors’ behalf. However, in some cases, we have also observed Retadup distributing the Stop ransomware and the Arkei password stealer.

  • Authorities free 850,000 machines from grasp of Retadup worm [iophk: Windows TCO]

    After gaining persistence, Retadup goes on to distribute secondary malware on infected machines. It most commonly delivers a Monero cryptomining program, but also has been observed spreading over malware programs including Stop ransomware and the Arkei password stealer, Avast reports.

    The vast majority of Retadup victims whose infections were neutralized in last month’s crackdown are based in Latin American countries. However, the law enforcement operation itself specifically targeted C2 infrastructure based in France and the U.S.

  • Report finds majority of 2019 ransomware attacks have targeted state and local governments [iophk: Windows TCO]

    The majority of ransomware attacks in the U.S. in 2019 have targeted state and local governments, a report published Wednesday by cybersecurity group Barracuda Networks found.

    The report counted a total of 55 ransomware attacks on U.S. state and local government entities between January and July of 2019. These attacks involve a malicious actor or group encrypting a network and asking for money, often in the form of bitcoin, to allow the user access.

  • Threat Spotlight: Government Ransomware Attacks [iophk: this is disinformation which fails to steer potential victims away from Windows and towards GNU/Linux or one of the BSDs]

    Barracuda researchers have identified more than 50 cities and towns attacked so far this year. The team’s recent analysis of hundreds of attacks across a broad set of targets revealed that government organizations are the intended victims of nearly two-thirds of all ransomware attacks. Local, county, and state governments have all been targets, including schools, libraries, courts, and other entities.

    Here’s a closer look at state and local government ransomware attacks and solutions to help detect, block, and recover from them.

Instructionals/Technical

• Red Hat Enterprise Linux 8 installation tips and tricks

• exim postfix test – telnet testing smtp mta mail server connections (TLS)

• Why I prefer SSH for Git?

• What It Takes to Become a Successful Linux Administrator

• How to use WhatsApp on Linux

• Linux lsof Command

• How to make LightDM suspend to RAM automatically from the login screen and lock screen in Lubuntu 18.04

• How to install the Zoom video conferencing app on Linux

• How to install and use iTunes on Ubuntu

• Linux tr Command

• How to install ERPNext on Ubuntu 18.04 LTS

• How to Run Mac Apps on Linux

• Linux umount Command

• How to List Mounted Drives on Linux

• How to Increase Swap Size on Ubuntu

• How to Create and Use Swap File on Linux

• How to Install JAVA with APT on Debian 10

• Getting started with HTTPie for API testing

• Create your first application with Kogito

• linux bash backup config and scripts

• bash „forgets“ history does not save all history commands

• Variables in PowerShell [Ed: Why does Red Hat promote Microsoft?]

• Using GNS3 with Fedora

Games

• A Short Hike is a very sweet and serene experience

  Taking a break to go on A Short Hike turned out to be a rather beautiful experience, one that has allowed me to sit back and appreciate the calmer side of life for a moment.

• Rocket League Season 12 and the Rocket Pass 4 are live, with the new Weekly Challenge system

  Another Competitive Season ends and a fresh one begins, Rocket League Season 12 is now officially live and so is the new Rocket Pass 4 with a tweaked Weekly Challenge system.

  This season comes with some new stats for those who manage to pull of some fun tricks. You can now perform a High-Five by bumping into a team mate above the goal after scoring, a Low-Five by bumping into a team mate on the ground after scoring and a Swish Goal for the Hoops mode where you score by not touching the rim before the goal. Additionally, in the patch notes they did some audio work on the game to include “audio priority rebalancing, HDR audio, and object elevation”.

• Go on a wild Cornish adventure in Knights And Bikes, out with Linux support

  Knights And Bikes is a tale of two lost souls discovering friendship, going on an adventure inspired by Earthbound, Secret of Mana and The Goonies. Note: Key provided by Double Fine’s PR team.

  Taking place on a fictional island called Penfurzy, off the coast of Cornwall in the UK. It’s a co-op “coming-of-age story” although you don’t have to play it with a partner as you are able to switch between the two, which is pretty handy and didn’t cause any issues for me.

• Bag a free copy of DiRT Rally during the Humble Store end of Summer sale, some deals on Steam too

  For 72 hours Humble Store are giving away DiRT Rally (has Linux support – ported by Feral Interactive) during their big end of Summer sale.

• Tame monsters and explore the world in Monster Sanctuary, out in Early Access now

  Moi Rai Games and Team17 Digital Ltd have released Monster Sanctuary in Early Access with Linux support.

  Following a successful Kickstarter, Moi Rai Games have blended a few different experiences together in Monster Sanctuary. It has the exploration and adventuring found in metroidvania-like titles, with creature catching and combat that Pokemon made popular.

• The Hunter & The Beast expansion announced for Total War: WARHAMMER II

  Arriving on Linux “shortly” after the Windows release, the next expansion for Total War: WARHAMMER II has been announced and it does sound quite enticing.

  We’re not just getting a new DLC though, everyone will also get a free update to the base game which will include the Lizardmen Legendary Lord Gor-Rok, a campaign map region rework for Mortal Empires, Empire Fort Battles, a new starting position for Balthasar Gelt and an Old World update for the Empire with more info to come on other things coming.

• Twin-stick exploration shooter Smith and Winston is out now, some thoughts

  Execution Unit have now officially released their fantastically styled exploration shooter Smith and Winston, with great Linux support.

Desktop Environments/WMs

• K Desktop Environment/KDE SC/Qt

  • Plasma Browser Integration 1.6

    I’m pleased to announce the immediate availability of Plasma Browser Integration version 1.6 on the Chrome Web Store as well as Firefox Add-Ons page.

    Plasma Browser Integration bridges the gap between your browser and the Plasma desktop. It lets you share links, find browser tabs in KRunner, monitor download progress in the notification center, and control music and video playback anytime from within Plasma, or even from your phone using KDE Connect!

  • KDE websites infrastructure update and new websites

    Since my latest post two months ago, a lot of things changed regarding the KDE websites. More and more KDE websites are switching to the Aether theme designed by Ken Vermette. You can follow the progress at the Phabricator task T10827.

    One of the big problems encountered was the multiplication of different versions of the CSS files. There is a CCS file used by konsole.kde.org and choqok.kde.org, one for all the MediaWiki instances, and one for kde.org. This was getting harder and harder to maintain, so I decided to create a single SASS codebase for all the KDE websites.

    The code is located in the KDE Gitlab instance and uses Symfony Encore to generate all the CSS files from the SASS codebase.

    For the moment, the CSS code is only split into multiple SASS modules and the tooling builds multiple versions using some generic components (breeze buttons) and other more specific components (MediaWiki dark theme).

  • Lars Knoll, CTO at Qt and Keynote Speaker at Akademy 2019

    Paul Brown: Hello Lars, how are you this morning? You seem very busy…

    Lars Knoll: Hi Paul, I’m doing good. There’s more than enough to do, but I had a good weekend.

    Paul: Great! So tell me a bit about yourself. Looking over your résumé, you seem to have been in software production forever. Is this something you always wanted to do, since you were young?

    Lars: No, not really. Of course I played around with computers a bit when I was young. I had a Commodore 64 back then, but I mostly used it for games.

    I actually went and studied physics when I went to University, and had quite a few years where I did very little with computers.

    Things started picking up again during my masters and PhD thesis time in Heidelberg. I needed to use computers a lot to analyze the data that we collected during our experiments. We used Linux computers and Unix machines at that time, and I had to do quite a bit of my programming in Fortran. I really didn’t like that language, so I started teaching myself C and some C++ to have a better language to work with. That was around 1996, 1997, if I remember correctly.

    At that time, I also read about KDE for the first time, as a project to create a Desktop for Linux. That was something that also triggered my interest, and I started looking into it a bit and started subsequently to use it, as it was way easier than FVWM which is what I was using before.

  • Mounamnamat Médias Teaches Animation using Krita

    Amine Sossi Alaoui and Sonia Didier write to tell us about their experience teaching children 2D animation using Krita, with some very cool results:

    We’re a Moroccan animation studio, created 6 months ago and based in Rabat, Morocco. Before that we worked in animation studios in France during 10 years. Our goal now is to develop animation industry in Morocco and Africa. It’s a long way to go, and for the moment, we’re just beginning with 2d animation. Krita is a great tool for that, and we’re very happy to use it, and to share the knowledge we have about it.

    So, this summer, we wanted children to learn about 2D animation, so we created an one-week animation course for children from 8 to 14 years old. It was 2 hours per day during 5 days, for a group of 8 to 12 children. The goal was to create an one-minute animated shortfilm in 2D, from the writing of the story, storyboard, background, animation, colorisation and compositing.

    For that we chose to use Krita (and Shotcut for the final compositing and sound). It’s great software, very complete and fun to work with. And as it’s free, we’re sure that the children could use it at home if they like, to make their own projects.

• GNOME Desktop/GTK

  • Matthias Clasen: GTK BoF at Guadec

    We also discussed things outside GTK proper that will keep applications from porting to GTK4. This includes commonly used libraries such as GtkSourceView, vte and webkitgtk, which all will need GTK4 ports before applications that depend on them can be ported. Some of this work is already underway; but any help in this area is appreciated!

    Another potential blocker for GTK4 porting is platform support. The GL renderer works well on Linux; the Vulkan renderer needs some fixups. On Windows we currently use cairo fallback, which may be good enough for 4.0. Alternatively, we could merge existing work for using the GL renderer with ANGLE. The situation is less pleasant on OS X, where we don’t have a working backend; if you want to help us here, the first still would be to adapt the GDK backend to changes in GDK.

  • GTK 4.0 Isn’t Expected To Be Released Until Autumn 2020

    GTK 4.0 won’t be out this year, nor is it expected next spring as part of the GNOME 3.36 cycle, but now the developers believe this next major tool-kit update will be ready to ship in just over one year’s time with the autumn release of GNOME 3.38.

    Taking place the past few days was GNOME’s annual GUADEC conference where understandably were a lot of discussions around GTK4.

  • Julian Sparber: Rust Hackfest in Berlin

    It was a lot of fun hanging out with all the GNOME people who were in Berlin for this. I unfortunately had some unexpected deadlines from my University. Therefore I couldn’t hack as much as I wanted but I still got a couple of things done.

    I spent most of the time on an example which shows how to implement drag and drop reordering of rows in a GtkListbox which is bound to a ListModel. Sadly I didn’t have the time to fix the few reaming issues (mostly commenting the code), therefore it’s not yet merged. This is the pull request to gtk-rs.

  • Swayamjeet Swain: GSoC 2019 Final Report

    This year I worked on Pitivi, an Open Source Video Editor. With GSoC coming to an end, this post is a brief summary of the tasks that were done during the period, the things that were implemented, the work that is ongoing and the future plans that are left to do.

    My project involved implementing Nesting Timelines in Pitivi, such that the clips can be easily nested to form one single clip.

Distributions

• MariaDB, VLC, Plopper, Apache Packages Update in Tumbleweed

  There have been three openSUSE Tumbleweed snapshots released this week.

  The snapshots brought new versions of VLC, Apache, Plopper and an update of the Linux Kernel.

  Snapshot 20190824 delivered a fix that was made to the swirl option, which produced an unexpected result, with the update of ImageMagick?s 7.0.8.61 version. Improved adaptive streaming and a fix for stuttering for low framerate videos became available in VLC 3.0.8; 13 issues, including 5 buffer overflows we fixed and 11 Common Vulnerabilities and Exposures were assigned and addressed in the media player version. More than a handful of CVEs were addressed with the apache2 2.4.41 update. One of the CVEs addressed was that of a malicious client that could perform a Denial of Services attack by flooding a connection with requests and basically never reading responses on the TCP connection. The new version also improves the balancer-manager protection against XSS/XSRF attacks from trusted users. The x86 emulation library fixed a compiler warning in the 2.4 version and the X11 RandR utility updated the geometry text file configure.ac for gitlab migration with the xrandr 1.5.1 version. The snapshot is trending at a rating of 86, according to the Tumbleweed snapshot reviewer.

• Reviews

  • Drauger OS Makes a Capable Linux Game Console Platform

    This distro lacks an OS upgrade mechanism. So upgrading to the next release requires a fresh installation. However, system updates to the existing installation come from Ubuntu and are regularly updated by Drauger OS.

    If you play around with the live session, the default user name is “user” or “default.” The default password is “toor.”

    Complete instructions are found in the Readme.pdf file. Also, check out the Welcome screen. It provides access to help files and shows buttons that open links to the distribution’s website, launch a tool for installing third-party drivers, and link to some online resources.

    There is also a tutorial button on the Welcome screen that opens a series of pop-up messages about the desktop elements. The welcome window is pretty straightforward to use and navigate.

• New Releases

  • BlackArch Linux 2019.09.01 is Released with Kernel 5.2.9

    The BlackArch Linux Community has released the new version of BlackArch Linux 2019.06.01 ISOs and OVA image on yesterday (28th Aug, 2019).

    This new release brings the 5.2.x Linux kernel.

    Linux Kernel 5.2 includes Sound Open Firmware, Pressure Stall Information resource monitoring, BFQ I/O scheduler has gained some performance improvements, the ARM Mali t4xx and newer 6xx/7xx have been added and lot more.

    Also, they have added more than 150 new tools that allows penetration testers to discover new things.

• Fedora Family

  • Modularity at Flock 2019

    The Modularity Team was able to hold a session at Flock 2019 to gather feedback and discuss a few issues. The session was well attended and there was a bunch of great discussion.

    [...]

    We then asked people to vote on what they felt were the most important items that we should focus on. As you can see in the picture, which is a little cryptic, “offline local builds,” “OBS/COPR Compat,” “upgrade path,” and “default streams in BR”. As we elaborate on the outcomes of each topic we will also explain the somewhat cryptic shorthand we used for each topic.

• Canonical/Ubuntu Family

  • Ubuntu Podcast from the UK LoCo: S12E21 – Rebelstar Raiders

    This week we?ve been using Unity and learning about code of conduct incident response. We bring you a bumper crop of news and events from the Ubuntu community plus we round up some of our favourite stories from the tech world.

    It?s Season 12 Episode 21 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

  • Ubuntu 19.10 Daily Builds with Gnome 3.34 Beta Run Through

    In this video, we are looking at Ubuntu 19.10 Daily Builds. as of 28 August, with Gnome 3.34 Beta For links and more, look here: https://www.linuxmadesimple.info/2019/08/ubuntu-1910-daily-builds.html Background Music: The Big Beat 80s by Kevin MacLeod, Syrinx Starr

  • A technical comparison between snaps and debs

    Snap installations are also different from debs. Since snaps are fully self-contained applications, during the installation, the snap package (SquashFS filesystem archive) is decompressed and mounted as a read-only loopback device, with a separate writable private area created in the user’s home directory. Because snaps contains all the elements required to run an application, their disk footprint is typically larger than an equivalent Deb package. This is partially mitigated by having snaps compressed, and in some cases they might actually have a smaller size on the disk.

    During the installation, a security profile will be created for the snap, which will determine what the snap can or cannot do once run. By default, snaps cannot access other snaps, or ever the underlying system. Specific overrides are required, which we will touch upon shortly. Furthermore, the isolated manner in which snaps are configured means that once the user removes a snap, all the assets are completely removed from the system.

    Snaps are cryptographically signed. Users can install snaps that originate outside the Snap Store by providing an explicit, manual override flag. This is common during development, allowing developers to test their snaps before uploading them to the store.

  • Compact embedded computer features Ryzen Embedded V1000

    Ibase’s compact, Ubuntu-ready “CMI300-988” embedded computer is based on its MI988 Mini-ITX board equipped with a quad-core AMD Ryzen Embedded V1807B. Highlights include up to 32GB DDR4, HDMI and DP, and 4x USB 3.1 ports.

    [...]

    The CMI300-988 runs Windows 10 or Ubuntu 18.04 with Linux Kernel 4.14.14 on AMD’s top-of-the-line V1807B model with 4x Zen cores and 8x threads clocked to 3.35/3.8GHz. The 35-54W TDP V1807B features the high-end, 11-compute-unit version of AMD’s impressive Vega GPU.

Devices/Embedded

• Mobile Systems/Mobile Applications

  • CamScanner app for Android contains malware, finds Kaspersky; removed from Google Play Store

  • New Botnet Targets Android Set-Top Boxes

  • Another Android Fraud Warning: 1.5M Users Are Being Forced To Click Ads

  • New Google Camera 6.3 version adds transparent top bar, requires Android 10

  • Android Q would have been ‘Queen Cake’ if Google didn’t lose its sense of fun

  • How to get Android 10′s hidden features on any phone today

  • OnePlus 7 Pro deals, spec and news: OnePlus might release Android 10 update next week

  • Nokia 5.1, Nokia 3.1 Plus getting latest Android 9 Pie build with August security patch

  • T-Mobile Galaxy J7 Star receives Android Pie and One UI update

  • Lenovo’s latest Android tablets start at $89 w/ Android Pie and thinner bezels

  • ACT Stream TV 4K Review: Possibly The Best Android TV Box to Replace Your Cable TV Plan

  • Plex partners with Warner Bros. to stream TV and movies 2019/08/29 6:00am PDT

  • OnePlus TV will get Android TV updates for ‘at least’ 3 years

  • Mixer’s iOS and Android apps update with a massive speed boost and offline channel improvements

  • I really wish Apple would steal this revolutionary new Android feature for the iPhone 11

  • Tips and tricks for Chrome on Android or iOS

  • Android Studio 3.5 Aims to Be Faster and More Memory Efficient

  • Android Auto 4.6 preps to kill phone UI in favor of Assistant Driving Mode [APK Insight]

  • Android Auto will be onboard 2020 Toyota Camry models

  • Malware Discovered in Popular Android App CamScanner

  • New Huawei phones can’t use Android, report says

  • Five apps you need to add to your Android phone

  • Java On iOS and Android via Gluon

  • Samsung Galaxy A71, Samsung Galaxy A91 With Android 10 to Launch in 2020: Report

  • Surprise for OnePlus 7 users: Android 10 update could release same day along with Google Pixel phones

  • Xiaomi’s Mi TV PRO Series to Get Android Pie Update Starting in September: Report

  • You can now quickly switch Gmail accounts on Android with a swipe

Free, Libre, and Open Source Software

• Alternatives for Adobe Acrobat, Photoshop and more [iophk: could have also mentioned Krita and LibreOffice Draw]

  GIMP (GNU Image Manipulation Program) offers 130-plus amazing filters and special effects. See Alvin Alexander’s blog for all the cool stuff GIMP can do. I especially like the Borders Sparkles, Reflections, and Gradient Flare effects; and the Whirl and Pinch features. I also appreciate that GIMP works on multiple platforms, uses minimal system resources, and is super-easy to use.

• Web Browsers

  • Mozilla

    • My Next Chapter

      Earlier this morning I shared the news internally that – while I’ve been a Mozillian for 15 years so far, and plan to be for many more years – this will be my last year as CEO.

      When I returned to Mozilla just over five years ago, it was during a particularly tumultuous time in our history. Looking back it’s amazing to reflect on how far we’ve come, and I am so incredibly proud of all that our teams have accomplished over the years.

      Today our products, technology and policy efforts are stronger and more resonant in the market than ever, and we have built significant new organizational capabilities and financial strength to fuel our work. From our new privacy-forward product strategy to initiatives like the State of the Internet we’re ready to seize the tremendous opportunity and challenges ahead to ensure we’re doing even more to put people in control of their connected lives and shape the future of the internet for the public good.

      In short, Mozilla is an exceptionally better place today, and we have all the fundamentals in place for continued positive momentum for years to come.

      It’s with that backdrop that I made the decision that it’s time for me to take a step back and start my own next chapter. This is a good place to recruit our next CEO and for me to take a meaningful break and recharge before considering what’s next for me. It may be a cliché — but I’ll embrace it — as I’m also looking forward to spending more time with my family after a particularly intense but gratifying tour of duty.

    • Thank you, Chris

      Thank you, Chris.

      Chris Beard has been Mozilla Corporation’s CEO for 5 and a half years. Chris has announced 2019 will be his last year in this role. I want to thank Chris from the bottom of my heart for everything he has done for Mozilla. He has brought Mozilla enormous benefits — new ideas, new capabilities, new organizational approaches. As CEO Chris has put us on a new and better path. Chris’ tenure has seen the development of important organization capabilities and given us a much stronger foundation on which to build. This includes reinvigorating our flagship web browser Firefox to be once again a best-in-class product. It includes recharging our focus on meeting the online security and privacy needs facing people today. And it includes expanding our product offerings beyond the browser to include a suite of privacy and security-focused products and services from Facebook Container and Enhanced Tracking Protection to Firefox Monitor.

      Chris will remain an advisor to the board. We recognize some people may think these words are a formula and have no deep meaning. We think differently. Chris is a true “Mozillian.” He has been devoted to Mozilla for the last 15 years, and has brought this dedication to many different roles at Mozilla. When Chris left Mozilla to join Greylock as an “executive-in-residence” in 2013, he remained an advisor to Mozilla Corporation. That was an important relationship, and Chris and I were in contact when it started to become clear that Chris could be the right CEO for MoCo. So over the coming years I expect to work with Chris on mission-related topics. And I’ll consider myself lucky to do so.

    • Thunderbird 68.0 is out: major email client update

      The Thunderbird team has released Thunderbird 68.0, a new major version of the desktop email client that is going to replace the current branch Thunderbird 60.x in the long run.

      Thunderbird 68.0 is a major update that changes quite a few things; that explains why it is not pushed via the email client’s automatic updating system at this point in time. Thunderbird users who are interested in the new version may download it from the project website to install it manually. Organisations may point the browser to the Thunderbird for Organisations page instead to download a MSI package or the 64-bit installer for Windows.

      Check out our guide on upgrading 32-bit Thunderbird to 64-bit if you still run a 32-bit copy.

      The team plans to push Thunderbird 68.1 via the automatic update systems.

• Productivity Software/LibreOffice/Calligra

  • LibreOffice AppImage Version Looks Great on Elementary OS

    LibreOffice is a really great free software project which provides its product in all formats possible, whether it is DEB or RPM, Snap, Flatpak, or even AppImage. If you don’t know, AppImage is just like DMG on MacOS, it’s application in single file format just click to run it. However, if you see closer, LibreOffice AppImage looks good on elementary OS 5.0. That’s why it’s very interesting to use on elementary OS. In this article I just want to report screenshots and my short comments about it. I hope you are interested to run LibreOffice AppImage version on elementary OS too. Enjoy!

    If you do not have office suite on elementary OS yet, I recommend you to use LibreOffice AppImage. It runs instantly, unlike Snap or Flatpak version, without dependencies installation. You can run it by double-click on file manager. It works, and it looks so elementary fashioned.

  • LibreOffice monthly recap: August 2019

    Over in Europe, members of the German LibreOffice community attended FrOSCon, one of the largest FOSS events in the country. We had a stand with flyers, stickers and a computer demonstrating LibreOffice Online and its integration in eGroupWare. It was great to meet so many passionate free software fans, and all being well, we’ll be back there again next year…

    [...]

    While we’re gearing up for the aforementioned LibreOffice Conference 2019, we’re also looking ahead to proposals for the 2020 event. The Document Foundation received two different proposals for the organisation of LibOCon 2020, from the Turkish and German communities. TDF members are voting to decide on exactly where it will take place, so stay tuned for the announcement…

• CMS

  • Best WordPress Translation Plugins for a Multilingual Website

    You might be thinking, which is the best WordPress translation plugin for a Multilingual Website. If you research, you’ll find a lot of options, circling on the internet.

    But which is the best plugin, and how to use it? Google suggests many, but how many of them are reliable? How to use a particular plugin and why is it so popular? These are some of the things you might be contemplating as you begin your search for the best WordPress translation plugin for a Multilingual Website.

    WordPress is the world-famous open-source platform giving options to create your website in your language. Millions around the world use WordPress to create their website but, the crux of the problem is WordPress doesn’t have enough linguistic tools.

• FSF/FSFE/GNU/SFLC

  • GNU Emacs 26.3 Released, How to Install it in Ubuntu 18.04

    GNU Emacs text editor 26.3 was released last night. Here’s how to install it in Ubuntu 18.04 and higher.

  • GIMP open source image editor forked to fix ‘problematic’ name

    Glimpse is a fork of the popular open source image editor, GIMP, created primarily to offer the software under an alternative name.

    GIMP is a longstanding project, first announced in November 1995. The name was originally an acronym for General Image Manipulation Program but this was changed to GNU Image Manipulation Program.

    The new fork springs from a discussion on Gitlab, where the source code is hosted. The discussion has been hidden but is available on web archives here.

• Openness/Sharing/Collaboration

  • Open Hardware/Modding

    • SparkFun continues to innovate thanks to open source hardware

      When SparkFun Electronics founder and CEO Nathan Seidle was an engineering student at the University of Colorado, he was taught, “Real engineers come up with an idea and patent that idea.” However, his experience with SparkFun, which he founded from his college apartment in 2003, is quite the opposite.

      All 600 “SparkFun original” components are for sale on the site in addition to 1000+ resell products. All of the company’s schematics and code are licensed under CC BY-SA, with some firmware CC0, and its design files are available on public GitHub repos. In addition, some of the company’s designs are Open Source Hardware Association (OSHWA) certified.

• Programming/Development

  • Is Perl 6 Being Renamed?

    The issue suggested renaming Perl 6. While some may think that the name of the issue is trolling, or offensive, the actual issue was created by Elizabeth (Liz) Mattijsen, one of the core Perl 6 developers, a long-time Perl 5 developer, and with her spouse, Wendy, has long been an enthusiastic support of Perl 5/6. There is no trolling here. There is a lot of deep thought, careful discussion, and a genuine desire to find a way to bypass some deeply divisive issues in the Perl community.

    [...]

    So yeah, there’s bitterness and the Perl community not only needs to heal, but we need to find a way forward for both languages. The suggestion to change the name of Perl 6 to ‘raku’ is effectively designed to make this happen. Perl 5 can figure out how to get beyond the branding issue that’s been plaguing it and Perl 6 can do the same thing.

  • Don’t omit tests from coverage

    There’s a common idea out there that I want to refute. It’s this: when measuring coverage, you should omit your tests from measurement. Searching GitHub shows that lots of people do this.

    This is a bad idea. Your tests are real code, and the whole point of coverage is to give you information about your code. Why wouldn’t you want that information about your tests?

    You might say, “but all my tests run all their code, so it’s useless information.” Consider this scenario: you have three tests written, and you need a fourth, similar to the third. You copy/paste the third test, tweak the details, and now you have four tests. Except oops, you forgot to change the name of the test.

    Tests are weird: you have to name them, but the names don’t matter. Nothing calls the name directly. It’s really easy to end up with two same-named tests. Which means you only have one test, because the new one overwrites the old. Coverage would alert you to the problem.

  • anytime 0.3.6

    A fresh and very exciting release of the anytime package is arriving on CRAN right now. This is the seventeenth release, and it comes pretty much exactly one month after the preceding 0.3.5 release.

    anytime is a very focused package aiming to do just one thing really well: to convert anything in integer, numeric, character, factor, ordered, … format to either POSIXct or Date objects – and to do so without requiring a format string. See the anytime page, or the GitHub README.md for a few examples.

    This release updates a number of things (see below for details). For users, maybe the most important change is that we now also convert single-digit months, i.e. a not-quite ISO input like “2019-7-5” passes. This required adding %e as a month format; I had overlooked this detail in the (copious) Boost date_time documentation. Another nice change is that we now use standard S3 dispatching rather a manual approach as we probably should have for a long time but better late than never. The code change was actually rather minimal and done in a few minutes. Another change is a further extended use of unit testing via the excellent tinytest package which remains a joy to use. We also expanded the introductory pdf vignette; the benchmark comparisons we included look pretty decent for anytime which still combines ease of use and versability with performance.

  • What is an Object in Java?

    In general, all Cartesian geometric objects, like circles, squares, triangles, lines, and points, have basic properties, like location and extension. Objects with zero extension, like points, usually don’t have anything more than that. Objects like lines have more—e.g., the start and endpoint of a line segment or two points along a line (if it’s a “true line”). Objects like squares or triangles have still more—the corner points, for example—whereas circles may have a center and radius.

    We can see there is a simple hierarchy at work here: The general geometric object can be extended into specific geometric objects, like points, lines, squares, etc. Each specific geometric object inherits the basic geometric properties of location and extension and adds its own properties.

    This is an example of single inheritance. Java’s original object-oriented model allowed only single inheritance, where objects cannot belong to more than one inheritance hierarchy. This design decision comes out of the kinds of ambiguities programmers found themselves facing in complex multiple-inheritance scenarios, typically in cases where “interesting design decisions” led to several possible implementations of the function foo() as defined (and re-defined) in the hierarchy.

  • 20 Excellent Free Books to Learn Perl

    Programming is about solving problems and good communication. But before code is written, you need to know how to solve the problem. Breaking the problem into component parts assists in the process. And being able to model the problem so that it’s easy to implement and test also helps. Combine this with a solid understanding of the programming language itself – a good programming book contributes to all aspects of problem solving. Perl has the virtue it can solve a problems in a few lines of code. Perl programmers solve problems and get things done.

    The popularity of a book is influenced by personal feelings, tastes, and opinions. Programming books accord to this general rule. There is a wide range of Perl books. As Perl is an open source programming language, with an eclectic heritage written by Larry Wall with thousands of contributors, it is welcome some authors have released their Perl books under a freely distributable license.

Al Jazeera uncovers doping among leading Kenyan athletes

Al Jazeera has uncovered doping among Kenyan athletes, training alongside some of the world’s top runners.

The country’s officials say they are doing their best to stop it. But banned drugs – such as the blood-booster EPO – are easily available.

Inside the Black Market for Bots That Buy Designer Clothes Before They Sell Out

A tool for beating others to buying the items you want consists of three main components, finalphoenix explained. A monitoring bot, which scouts the target websites for new items; an account creation part, which will make a load of accounts on the site so you have a higher chance of pushing through the crowd as you control more of it; and a purchase bot, the part that actually orders and pays for your item. Users will also need to get some server space to run their bots.

Hiding from the clothes websites that you’re using a bot is a bit more complicated; companies will likely ban you if they suspect you’re scraping their website. Here, buyers need to use different accounts, proxies to route their traffic, and other technical means as workarounds.

Angry fans keep wrecking podcasts with one-star reviews

Podcast reviews can be easy to game, and Apple Podcasts has become the main target for angry fans interested in taking down a show. Apple’s service is the biggest name in podcasting, and it’s one of the few major platforms that allows listeners to leave public reviews. While hosts abused that feature in the past to beat the system with fake positive reviews, others have used it to inundate hosts they don’t like with a barrage of one-star marks, making the shows look like a bust.

Science

• Fire and the “Changing Narrative” Thing

  Changing narratives is a new buzz term. I even heard a Distinguished Professor say he can change the narrative about himself. He can’t change it much. Narratives are intellectual, depending on concepts that depend on societies. They are ultimately conservative.

• Celebrating 50 years of the Unix operating system

  Towards the end of the 1960s, a small group of programmers were embarking upon a project which would transform the face of computing forever.

• Unix at 50: How the OS that powered smartphones started from failure

  Today, Unix powers iOS and Android—its legend begins with a gator and a trio of researchers.

• To Be Always Surfing On Tectonic Shifts

  If you think about it for a minute, it is amazing that any of the old-time IT suppliers, like IBM and Hewlett Packard, and to a certain extent now Microsoft and Dell, have persisted in the datacenter for decades or, in the case of Big Blue, for more than a century. It is difficult to be constantly adapting to new conditions, but to their great credit, they still do as they world is changing – sometimes tumultuously – both around them and underneath their feet.

  So it is with HPE, which is going through its umpteenth restructuring and refocusing since we entered IT publishing more than three decades ago, this time under the helm of Antonio Neri, its relatively new president and chief executive officer. The current Hewlett Packard is a very different animal than the one that sold proprietary minicomputers and then Unix systems in the 1980s and 1990s, and it is in many ways more of a successor to the systems businesses of Compaq and Digital Equipment, which the company absorbed two decades ago.

Security (Confidentiality/Integrity/Availability)

• Security updates for Thursday

  Security updates have been issued by Debian (apache2 and faad2), openSUSE (schismtracker), Red Hat (ceph and pango), Scientific Linux (pango), SUSE (apache-commons-beanutils, ceph, php7, and qemu), and Ubuntu (ceph, dovecot, and ghostscript).

Defence/Aggression

• How the U.S. Sowed the Seeds of Its Border Crisis

  One of the first casualties of the 2009 Honduras coup was the 19-year-old son of a pastor, who was shot in the back of the head by U.S.-outfitted snipers.

• The Greek Way to a Green Planet

  The dawn of the twenty-first century is giving us a whiff of another Dark Age. Christianity and Islam have been hovering over each other, fighting small-scale crusades. More than a billion Moslems hate America because America has been an ally of Israel and because America destroyed Iraq, eyeing the oil of the entire Middle East. Even Europeans resent America, its pretense of exceptionalism, superiority and military prowess.

Environment

• Why is the Climate Changing Like This?

  “By 4 p.m. we had to light a fire to stay warm here,” says Augustine Vadakil on his struggling farm in Kerala’s hilly Wayanad district. “But that was 30 years ago. Wayanad is no longer the cold, misty place it once was.” From a maximum of 25 degrees Celsius by early March, temperatures here now easily cross 30 degrees by that time of the year.

• Greta Thunberg wraps up 15-day carbon-free voyage to New York City

  Thunberg made the trip across the Atlantic to attend a United Nations climate summit taking place in September — and she did it without leaving a carbon footprint. She traveled aboard the Malizia II, which has its own solar panels and hydro-generators to power the yacht. (Her journey did spark some criticism for the emissions associated with it because others will fly to New York to bring the yacht back to Europe, although those flights will reportedly be offset.)

• G7 Climate Meeting

• Greta Thunberg, Frances Crowe and a Passing of the Torch

  Greta Thunberg, a 16-year-old Swedish climate activist, sailed into New York Harbor Wednesday after an occasionally harrowing, two-week trans-Atlantic voyage. Greta walks the walk, living her life with as small a carbon footprint as she can. She decided to forgo flying as part of that commitment, so, in order to make it from Europe to North America, she sailed on a zero-emissions racing yacht. The day before Greta’s arrival, on Tuesday, another activist ended a remarkable voyage. Frances Crowe, a lifelong peace activist, died at home in Western Massachusetts, surrounded by her family, at the age of 100. Frances was a firebrand, a nonviolent warrior for justice, arrested countless times protesting war, nuclear weapons, nuclear power plants and more. The departure of one elder activist on the eve of the arrival of one so young symbolizes, bittersweetly, the passing of a torch.

• Gillibrand Says She’s Ending 2020 Presidential Bid

  Democrat Kirsten Gillibrand is dropping out of the presidential race as a campaign that once looked poised to ride strong #MeToo credentials to formidability was instead plagued by low polling and major fundraising struggles.

• Canada and Bolsonaro

  By now most environmentally conscious people understand that Jair Bolsonaro is a bad guy. Brazil’s president has scandalously blamed environmentalists for starting fires burning in the Amazon region, after having called for more “development” of the huge forests.

• Bolsonaro Fiddles While the Amazon Burns

  Of course, my title conjures up images of the Emperor Nero (37-68 A.D.) fiddling while ancient Rome burned, and for many reasons, this mythwas a historical falsehood. Fiddles did not exist in 64 A.D. when a great fire ravaged ancient Rome, but stringed instruments did nonetheless, like the citharaand lyre. Moreover, Nero himself was not responsible for the conflagration. He was away at his villa but quickly returned to Rome to deal with the crisis. Even so, the myth supports the notion that Nero was an idle and an incompetent governor. Regardless of whether or not he was responsible for Rome’s burning, to many, Emperor Nero, was incapable of leading the empire. Nero was overly self-indulgent and had more thespian ambitions than political ones.

• Energy

  • Plentiful renewable energy awaits the world

    Cheap and plentiful renewable energy is possible: pure hydrogen power in the ground, enough wind in European skies to power the world.

• Wildlife/Nature

  • Spurning Amazon Aid, Bolsonaro Brings Up Notre Dame Fire

    Brazil insisted on Tuesday that it would set conditions for accepting any aid from the world’s richest nations to help fight Amazon fires, saying France couldn’t protect the Notre Dame Cathedral from fire devastation and should focus on its own problems.

  • Puerto Rico Braces for Rain, Power Outages as Dorian Nears

  • Endangering the Ark

Finance

• CEOs Say Shareholders Won’t Be No. 1 Anymore. Turns Out They Already Weren’t

  To great fanfare Monday, the chief executives who make up the Business Roundtable declared that companies should pursue a variety of social goals rather than focus solely on shareholders. The CEOs said they should invest in employees, foster diversity and protect the environment. As Jamie Dimon, the CEO of JPMorgan Chase and head of the Business Roundtable, put it, “If companies and CEOs do not get involved in public policy issues, making progress on all these problems may be more difficult.”

• The Key to a Sustainable Economy Is 5,000 Years Old

  We are again reaching the point in the business cycle known as “peak debt,” when debts have compounded to the point that their cumulative total cannot be paid. Student debt, credit card debt, auto loans, business debt and sovereign debt are all higher than they have ever been. As economist Michael Hudson writes in his provocative 2018 book, “And Forgive Them Their Debts,” debts that can’t be paid won’t be paid. The question, he says, is how they won’t be paid.

• What’s Behind America’s Racial Wealth Gap?

  What follows is a conversation between author Mehrsa Baradaran and Jacqueline Luqman of The Real News Network. Read a transcript of their conversation below or watch the video at the bottom of the post.

• Trump’s Trade War and the Emerging Corporatist-Fascist State

  President Donald Trump’s fit over China speaks to the rise of neofascism in American politics, at a time when neither Congress nor the courts are showing any interest in rolling back presidential power. Trump’s unique brand of neofascism first emerged in the form of his attempt to crack down on journalistic critics for “treason,” and via the onset of his white ethno-nationalist, which he declared via a “state of emergency” that allowed him to criminalize immigrants in “concentration camp”-style detainment settings, and to confiscate taxpayer funds to build a wall with Mexico that was never authorized by Congress. This nascent fascism is quickly morphing into full-blown fascism, via Trump’s efforts to dictate the rules of investment to U.S. corporations, and in relation to his emerging trade war with China.

• Corporate Media Take the Trump Line on Trade

  While this headline may be especially egregious, it is characteristic of trade coverage that takes an almost entirely Trumpian view of the topic. Trump portrays the issue as one of some countries, most obviously China, benefiting at the expense of the United States. The media take a somewhat different tack on this country versus country story, but they nonetheless embrace the nonsense Trumpian logic.

AstroTurf/Lobbying/Politics

• Democracy Watchdog Warns FEC Is Courting ‘Disaster’

  The Federal Elections Commission was left without a quorum Monday when vice chairman Matthew Petersen, the fourth member of the already depleted agency, resigned, just months before the 2020 election cycle kicks into gear with the primaries in Iowa and New Hampshire.

• Would-be opposition candidate for Moscow City Duma re-arrested immediately after completing fourth straight jail sentence

  Ilya Yashin, who attempted to run for the Moscow City Duma as an opposition candidate, was arrested today as he left the holding cell where he was serving his fourth jail term this month, MBK Media reported. The exclusion of independent candidates like Yashin from the Moscow City Duma elections has sparked ongoing protests in Moscow since mid-July.

• 9 Ways to Stay Sane During the Primaries

  9. Lastly, don’t lose faith in America. We’ve been through dark times before, but we have come out stronger on the other side. We will do so again.

• Revisiting the First Time President Trump Blabbed Out Classified Information for Political Gain

  It was clear even at the time that it was a reference to the Vault 7 files, now alleged to have been leaked to WikiLeaks by Joshua Schulte; the first installment of files were released eight days earlier.

  The next day, Adam Schiff, who as the then-Ranking HPSCI member, likely had been briefed on the leak, responded to Trump’s comments and suggested that, while Trump couldn’t have broken the law for revealing classified information, he should nevertheless try to avoid releasing it like this, without any kind of consideration of the impact of it.

• Is the Threat of ‘Fake Science’ Real?

  These constraints do not impose impossible barriers to a fake science operation. Indeed, activists have repeatedly demonstrated that the peer-review process can be deliberately deceived. But these differences limit the ability of such an operation to function as a clear analog to fake news by creating additional difficulties. While an operation could attempt to rely purely on open-access platforms, such as SSRN, to spread fake science, these open-access platforms lack the implicit credibility of a publication with a peer-review system, so the effect of an open-access operation would likely be more limited.

  Of course, popular, nonacademic readers could be deceived by such publications, but then the dynamics of the operation would not be meaningfully different from fake news. The Segals’ report, for instance, convinced large swaths of the general public but had only modest effects in the scientific community. Many scientists from the Soviet bloc disagreed with the Segals conclusions. By 1988, as the Soviet Union began to grapple with HIV/AIDS among its own population, the Soviet academy of scientists disavowed any link between the government and the virus.

• The Queen’s Active Role in the Right Wing Coup

  Our obsequious media is actively perpetuating the myth than the monarch can do no wrong, and is apolitical. In fact the monarchy has been active and absolutely central to the seizure of power from the Westminster parliament in a right wing coup. Yesterday’s collaboration at Balmoral between the Queen and Jacob Rees Mogg is only the latest phase.

• U.K. Takes a Giant Step Toward No-Deal Brexit

• Boris Johnson Crosses the Rubicon: We Must React Now

  Boris Johnson has crossed the Rubicon today by announcing the suspension of Parliament at this crucial time, no matter how many days the suspension lasts. The United Kingdom has found itself with the most right wing government in nearly two hundred years. I still find it hard to believe that Sajid Javid, Dominic Raab and Priti Patel hold great offices. Even that minority of those voting who put this Tory minority government in place did not expect that. Now that right wing coup is being doubled down on by the deliberate suspension of the Westminster parliament just as the most crucial and divisive issue in several generations is being resolved.

• Will US Congress Admit Delegate From Cherokee Nation?

  Native American representation in Congress made great strides with the 2018 election of two American women to Congress. Now, the Cherokee Nation in Oklahoma says it will send its own delegate to Congress, a move that will test both the tribe’s sovereignty and the willingness of the U.S. to meet its treaty promises.

  Newly-elected Cherokee Principal Chief Chuck Hoskin, Jr., announced the decision on August 22, naming Cherokee Nation Vice President of Government Relations Kimberly Teehee as his choice to represent the tribe on Capitol Hill.

• US Cracks Down on Chinese Economic Espionage

  In the last 10 months, the Justice Department has brought charges against Chinese nationals and entities in at least seven separate economic espionage cases, up from three during the prior 10 months. In addition, the department has obtained guilty pleas and convictions in six older espionage cases, while charging four Chinese nationals for evading sanctions against North Korea.

• Exclusive: U.S. officials fear ransomware attack against 2020 election [iophk: Windows TCO]

  The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta.

• [Old] Mother of NSA Whistleblower Reality Winner: My Daughter Was “Nailed to the Door” by the Trump Admin

  Reality Winner was arrested by FBI agents at her home in Augusta, Georgia, June 3rd, 2017, two days before The Intercept published an exposé revealing Russian military intelligence conducted a cyberattack on at least one U.S. voting software company just days before the U.S. presidential election in 2016. The exposé was based on a classified NSA report from May 5th, 2017, that shows the agency is convinced the Russian General Staff Main Intelligence Directorate, or GRU, was responsible for interfering in the 2016 presidential election.

• Rashida Tlaib’s “grandmother” trick – nice try

  It’s always been the classic routine to gain sympathy, and no one does it better than BDS-flavored Palestinian Arabs, or more cynically than Rashida Tlaib, who was elected to represent Michigan’s 13th congressional district, largely Detroit. Imagine the surprise, among voters, to listen to her say, “When I won, it gave the Palestinian people hope…”

  Wasn’t she elected to give the “Michigan people hope?”

Censorship/Free Speech

• Court Rejects Plaintiff’s Attempt To Seal His Entire Lawsuit Against A Website That Publishes Court Documents

  Eugene Volokh has come across another attempt by a litigant to bury his own court proceedings. This isn’t a malicious or underhanded attempt to remove embarrassing info from the court system in order to… say… scrub a client’s reputation. This is simply a pro se litigant perhaps misunderstanding what he was getting into when he decided to start filing lawsuits.

• Protocols, Not Platforms: A Technological Approach to Free Speech

  For many years now, I’ve talked about why so many of the problems that face the current internet could be understood by looking at how we moved from an internet dominated by open protocols to one dominated by central platforms — and I continue to note that many of those problems could be solved by moving back to open protocols (with some modern additions). I first raised this idea nearly five years ago, when people were first debating how internet platforms should moderate toxic speech. It came up again last summer in the context of the various fights over “deplatforming” certain individuals. I mentioned it, yet again, earlier this year in noting that this would be the most effective way to truly create competition and “break up” the big internet platforms.

• Guy Sues Facebook For Violating Basically All The Laws, For Shutting Down His Account And For Everything Else Bad Facebook Has Ever Done

  “This case is likely one of the first filed in this Court that addresses the relationship between the First Amendment and the Internet-based [Facebook] communications platform” claims a new lawsuit filed against Facebook by a guy very angry that his account got shut down (case first spotted by John Roddy). Suffice it to say that this is not one of the first such lawsuits. Many have been filed, and literally every single one of them has failed. Facebook is not bound by the First Amendment. Courts are clear on this. Over and over and over again, courts have been clear on this. But this lack of understanding of what’s come before is just the first of many fun things in this 174 page pro se lawsuit. The complaint is so long that only the first 91 pages were filed as the official complaint, and the rest were put in the docket as an “attachment.”

• Police open investigations into social media posts of al-Taee, Räsänen

  Al-Taee, meanwhile, is being investigated for a series of writings disparaging religious and sexual minorities on Facebook between 2011 and 2012. Helsinki Police Department said the investigation was opened after it was determined that the right to prosecute has not expired because the writings have circulated in public in the past five years.

Privacy/Surveillance

• EFF and Mozilla Release Public Letter to Venmo

  EFF is teaming up with the Mozilla Foundation to tell Venmo to clean up its privacy act. In a public letter sent to President/CEO Dan Schulman and COO Bill Ready today, we are telling Venmo to make transactions private by default and let users hide their friend lists.

  Both EFF and Mozilla have voiced concern with Venmo’s privacy practices in the past. Venmo is marketed as a way for friends to send and receive money, so people can easily split bills like restaurant checks or concert tickets. However, those transactions are public by default, which can reveal private details about who you spend time with and what you do with them. While users do have an option to hide their transactions if they dig into Venmo’s privacy settings, there is no way for users to hide their friend lists. That means that anyone can uncover who you pay regularly, creating a public record of your personal and professional community.

• EFF and Mozilla to Venmo: Clean Up Your Privacy Settings

  San Francisco – The Electronic Frontier Foundation (EFF) and Mozilla have teamed up in an open letter to Venmo, telling the popular payment app to clean up its privacy settings, which leaves sensitive financial data exposed to the public.

  Venmo is marketed as a way for friends to send and receive money, so people can easily split bills like restaurant checks or concert tickets. However, those transactions are public by default, which can reveal private details about who you spend time with and what you do with them. While users do have an option to hide their transactions if they dig into Venmo’s privacy settings, there is no way for users to hide their friend lists. That means that anyone can uncover who you pay regularly, creating a public record of your personal and professional community.

• Uh-oh: Silicon Valley is building a Chinese-style social credit system

  Some Western press reports imply that the Chinese populace is suffocating in a nationwide Skinner box of oppressive behavioral modification. But some Chinese are unaware that it even exists. And many others actually like the idea. One survey found that 80% of Chinese citizens surveyed either somewhat or strongly approve of social credit system.

  It can happen here

  Many Westerners are disturbed by what they read about China’s social credit system. But such systems, it turns out, are not unique to China. A parallel system is developing in the United States, in part as the result of Silicon Valley and technology-industry user policies, and in part by surveillance of social media activity by private companies.

  Here are some of the elements of America’s growing social credit system.

• Sweden issues first GDPR fine over facial recognition use in classrooms

  The Swedish Data Protection Authority (DPA) said that under its rules, the use of biometric data, including images of faces, were protected under special rules which require separate licensing which those involved had not sought.

  It also added that the three week limit on the trial was the only thing that had kept the fine from being much higher. Only 22 students from one school had been monitored, with the only data recorded being a presence indication as they entered or exited the classroom.

• Facebook ‘has to do a lot better than this,’ say Senators

  Earlier this year, an implementation error in the Messenger Kids app had allowed children to create group chats with unauthorized users. That violated a core promise of the app, which had pledged to give children a way to talk with friends without potentially exposing them to strangers online.

  In the wake of the news, Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) wrote to Facebook seeking more information on the flaw, specifically raising the question of whether the company had violated the Children’s Online Privacy Protection Act (or COPPA). But Facebook’s response, sent August 27th, makes clear that the company does not believe the app ultimately violated that law.

• Facebook Says It Spoke to FTC About Kids Chat App That Had Flaw

  In the letter, which Markey’s office provided on Wednesday, Martin did not say when any conversations with the FTC occurred or what they were about. The flaw, which Martin called a “technical error,” allowed some children to chat with users their parents had not approved.

• A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?

  It’s no secret that password security is often terrible. Good passwords – ones that are long and include a mix of lower case, upper case, numbers, and special characters – are hard to remember unless you use a password manager, which few seem to do. As a result, people tend to choose easy-to-guess passwords like names or dates of birth, or even absurd ones like “password” and “1234”. Attempts to wean people off such passwords continue to fail, and as a result many companies and organizations are trying to avoid the problem by getting rid of passwords completely. The alternative, to use biometrics like fingerprints, iris scans and facial recognition, is well developed, and increasingly widespread.

• EFF Sues DHS To Uncover Information About Border Agents Using GPS Devices Without a Warrant To Track Vehicles

  The Electronic Frontier Foundation (EFF) sued the Department of Homeland Security (DHS) and its component agencies today to obtain information about the agencies’ warrantless use of global positioning system (GPS) devices to track vehicles entering the U.S.

  In 2012, the Supreme Court unanimously ruled in a landmark decision in U.S. v. Jones that such warrantless GPS tracking inside the U.S. is unconstitutional under the Fourth Amendment. When Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) disclosed in court filings in 2018 that they used GPS devices without a warrant at the border, the federal judge overseeing the case extended the Supreme Court’s ban to include such searches at the border. EFF’s Freedom of Information Act (FOIA) lawsuit seeks to uncover information and provide the public with details about the agencies’ policies and procedures for warrantless GPS tracking.

Freedom of Information/Freedom of the Press

• China Arrests Australian Writer On Espionage Charges

  He is the author of three spy novels set in China, according to Reuters. In the past, he has written voluminously on his blog about the rule of law, democracy and human rights, according to news.com.au. However, according to Reuters, in recent years, he has stayed away from sensitive topics and concentrated instead on running an import-export business.

  Yang was first detained seven months ago in China’s southern province of Guangzhou after arriving there from New York en route to Beijing, according to the news agency. Australia’s Foreign Minister Marise Payne says Yang has been held under “harsh conditions” and that Canberra has “serious concerns” for his welfare.

Civil Rights/Policing

• New Government Documents Reveal That Backpage Was Actively Helping Law Enforcement Track Down Traffickers

  For many years, we’ve pointed out that for all the salacious stories and claims about how Backpage.com was somehow supporting and facilitating sex trafficking, the site was actually an amazing tool for finding, arresting, and convicting sex traffickers. Earlier this year, we wrote about a very detailed piece in Wired that highlighted just how far Backpage went in helping law enforcement stop sex trafficking:

• The World is Watching Kashmire

  “The hasty stroke goes oft astray.” This piece of remembered wisdom from The Lord of the Rings seems to be an apt description of the Indian military siege of Kashmir.

• Captain Pia Klemp Arrives as David Koch Departs the United States of Altamont

  Fifty Years after rhapsodic auguries of the acid-informed era involving the coming “Woodstock Nation,” the US citizenry — convulsed by violence, strung out on all the wrong drugs, and with the Rolling Stones still touring — stumble in mortification through the grim phantasmagoria of the United States Of Altamont. What a long, strange, bad (Nixonian in its dour, paranoid cultural and political aura; Reagan/Clinton/Obama in noxious, neoliberal fantasy; Bush/Trump in cresting tsunamis of raging stupid) trip it has been.

• On the Persistence of Religion

  Recently I received an angry note about the persistence of religion in the modern world as proof of the world’s ongoing irrationality in response to some of my comments in my lately published article “The Metaphysics of Revolution”.

• The NRA Used Funds to Settle a Sexual Harassment Claim Against a Top Official — And Then He Was Accused Again

  The National Rifle Association over the past two years has grappled with two separate sexual harassment allegations against Josh Powell, a senior official, including a case involving an employee.

  The employee’s complaint was settled in 2017 using the nonprofit’s funds, according to three sources familiar with the matter. Earlier that year, Wayne LaPierre, the organization’s leader, had promoted Powell to executive director of general operations.

• California’s ‘Model’ Police Use-Of-Force Law Won’t Change Much About Deadly Force Deployment

  In response to controversial shootings of citizens by police officers, California’s governor has (far too proudly) signed into law a bill that will do almost nothing to prevent more of these kinds of killings…

• Algerians Patiently Protest

  On February 22, thousands took to the streets in Algeria to protest the ruling regime, triggered by the infirmed President Bouteflika’s candidacy for a fifth mandate. The April resignation of the long-time president did not stop the demonstrations. Au contraire: the demonstrations have continued. August 16, 2019, marked the twenty-six consecutive Friday of protests in Algiers and elsewhere in the country. For the moment, there has been no violence similar to clashes in France between the police and Gilets Jaunes and no obvious external interference. But no resolution of the crisis is in sight.

• ‘A little human rights buggy’ The rise of ‘OVD-Info,’ Russia’s lifeline for arrested protesters

  On December 5, 2011, Russians demonstrated against vote rigging in the State Duma elections. Throughout the winter, Moscow witnessed the largest protests of the Putin era, as tens of thousands of people turned out to chant slogans and listen to speeches criticizing the political system’s lack of power turnover between the country’s different factions. Before dawn on December 6, activists had formed what would become OVD-Info — an independent human rights media project that helps the victims of political persecution. OVD-Info makes it easy for anyone to find out who’s been arrested at a rally, the police station where they’ve been booked, and whether they need any assistance or legal aid. Detainees can call the project’s hotline and get psychological or legal counseling. OVD-Info has been a vital resource for activists during the summer of 2019, as Moscow’s City Duma elections have sparked another round of major protests. Meduza looks back at the project’s origins, and explains how OVD-Info became full-time work for the activists who run it.

• Ready to propose? In Russia, you can hire a special ops team to give you a hand and set up a fake drug bust for your beloved.

  Fabricated drug busts are so common in Russia that the law used to prosecute Russians for alleged drug use is known as “the people’s statute.” In June 2019, when police “found” multiple bags of narcotics on Meduza correspondent Ivan Golunov, that law united journalists and activists in an unprecedented solidarity campaign. As it turns out, though, that’s far from the only way Article 228 of the Russian Criminal Codex can bring people together.

• Ukrainian court releases jailed Russian state journalist Kirill Vyshinsky

  A court in Kyiv has released Russian journalist Kirill Vyshinsky, the editor-in-chief of RIA Novosti — Ukraine, on his own recognizance. Vyshinsky was arrested by Ukraine’s National Security Agency more than a year ago, in May 2018, for allegedly carrying out subversive, treasonous activities on the Kremlin’s behalf.

• After a dozen homophobes disrupt a documentary stage production in Moscow, the director is brought in for questioning by police

  On August 28, roughly a dozen men disrupted a performance of “Coming Out of the Closet,” a documentary stage production about Russia’s LGBTQ community. The theater’s website says the show is “about life, love, and the search for truth among modern-day Russian gay people.”

• YouTube Finally Takes a Stand on Racist Creators

  Multiple prominent white nationalist YouTube personalities lost their channels, Right Wing Watch reported Tuesday. As writer Jared Holt explains, “The move came as a shock to the white nationalist community, and now racist content creators are panicking.”

• Federal Judge Blocks Missouri’s 8-Week Abortion Ban

  A new Missouri ban on abortions at or after eight weeks of pregnancy won’t take effect Wednesday after a federal judge temporarily blocked it from being implemented.

• Bernie Sanders Makes Media Democracy An Issue For 2020 Primary Voters

  Senator Bernie Sanders’ presidential campaign put out a plan for addressing the collapse in journalism in the United States. He became the first presidential candidate to propose solutions to a crisis that has greatly intensified since 2000.

  The plan was introduced through an op-ed that was published by the Columbia Journalism Review.

• Protest Song Of The Week: ‘Special Announcement’ By The Felice Brothers

  The Felice Brothers are a veteran folk-rock band, who throughout their career have sacrificed commercial success by sticking to their principles. They have turned down offers to work with big-name producers and resisted pressure to adopt a more mainstream sound.

• Protectors of Mauna Kea Are Fighting Colonialism, Not Science

  Thousands of Native Hawaiians and their supporters have been congregating since July 15 at the base of Mauna Kea, a dormant volcano and mountain on the island of Hawaii. Known in Hawaiian as the kia’i, the protectors—a term the group prefers to “protesters”—seek to deter construction of the $1.4 billion Thirty Meter Telescope (TMT), the largest telescope in the Northern Hemisphere. Business owners and state officials promise the telescope will provide jobs, educational opportunities and high-resolution astronomical imagery.

• New Resource Tool Sheds Light on Government’s Prepublication Review System

• Stripped of Their Rights

  In March 2011, a tactical team of guards at a state prison in Lincoln, Illinois gathered 200 women and ushered them into a gymnasium, where they were brought in small groups into a separate room nearby. Inside that room, they were told to strip naked in plain view of other guards, cadets, and civilians, without any explanation. Women on their periods were ordered to remove their tampons and sanitary pads. One-by-one, each woman was ordered to lift her breasts, cough and squat, and display her vaginal and anal cavities. Those who refused were threatened with punishment. In total, the ordeal lasted nearly four hours.

• Incoming Harvard Freshman Ismail B. Ajjawi Says CBP Denied Him Entry to the U.S. Due to His Friends’ Social Media Posts

  “I responded that I have no business with such posts and that I didn’t like, [s]hare or comment on them and told her that I shouldn’t be held responsible for what others post,” he said. “I have no single post on my timeline discussing politics.”

  Ismail said that the officer then canceled his visa and told him he’d be sent home. Ismail is currently working with the nonprofit who granted him a scholarship to study in the U.S., Amideast, to get legal help, the Crimson reported. Harvard is also “working closely with the student’s family and appropriate authorities to resolve this matter,” according to a university spokesperson.

• First-Hand Report: Why is the World Ignoring This Genocide?

  At least 1,200 people were killed and close to 200,000 were displaced in northeast Nigeria in 2018 alone due to the brutal and genocidal campaign being waged by the Islamist terror group Boko Haram. To date, nearly 30,000 have been killed and two million displaced.

  The group, which literally means “secular education is forbidden,” is indiscriminate in its mission, targeting Christians as well as Muslims they do not agree with.

• Emine Bulut: Anger in Turkey over mother’s murder

  According to “We Will Stop Femicide”, a women’s rights platform, 245 women have been killed in Turkey in the first seven months of 2019.

• A Man Spent 82 Days in Jail on Meth Charges. The Meth Was Actually Honey.

  The case highlights a heap of inane government incompetence. Why would an immigration detainer remain in place for a misdemeanor drug offense, even after the government shutdown ended on January 25? Why was Haughton’s honey tested at the first lab if that facility was not prepared to render a result? Why did it need to be tested three times to get an accurate result, and why did that take so many months to complete?

  During the ordeal, Haughton lost both of his jobs, one as a cleaner and the other as a construction worker. He also has six children, and he says that their school performance suffered immensely while he was away.

• Man Spends Three Months In Jail Because A Drug Dog And A Field Test Said His Honey Was Methamphetamines

  Another field drug test has managed to misidentify a common legal substance. This doesn’t matter to the government, which is only out ~$2. But it does matter to the non-criminals being treated like criminals because the ultra-faulty tests are even worse than K-9s at detecting actual drugs.

  Field drug tests have determined everything from cotton candy to donut crumbs to drywall dust to bird poop (on the hood of a car no less!) to be illegal substances, resulting in a cascade of horrors on the innocent, starting with the arrest and criminal charges, and proceeding directly to indefinite pretrial detention and the loss of income, housing, etc. that comes with it.

  Field drug tests are more “reliable” than drug dogs. I mean, to the extent that they’ll more reliably generate the “probable cause” needed to search a car or arrest a person. If you’re looking to boost your drug war stats, nothing’s more useful than a cheap kit that can’t tell the difference between narcotics and common household items.

Internet Policy/Net Neutrality

• Internet shutdowns in West Papua are within Australia’s responsibility

  “There is a serious lack of quality information about the ongoing unrest in West Papua because the Indonesian authorities have blocked internet connectivity to the province,” said Digital Rights Watch Chair Tim Singleton Norton.

• Introducing Small Technology Foundation, Site.js, and Tincan

  Today, Laura and I want to introduce you to Small Technology Foundation, where we will be continuing the work we started at Ind.ie five years ago.

  In those five years, we’ve developed a strong understanding of the problem (surveillance capitalism) and we’ve been iterating on solutions to it.

  Our work led us to leave the UK, move to Sweden, and finally, last year, to settle in Ireland.

• NY Times Goes Off On Amazon Because Some People Are Publishing Fake George Orwell Books

  David Streitfeld is a NY Times reporter who, among other things, covers Amazon. As far as I can tell, he has never written about Amazon in an article where he doesn’t present things in the worst, most distorted anti-Amazon light. It’s gotten to the point where I generally just won’t bother with a Times article about Amazon if it’s by Streitfeld, because it’s guaranteed to be misleading. Somehow, however, I made it through most of this recent article about counterfeit George Orwell books on Amazon before realizing it was yet another Streitfeld hit piece. The article itself is kind of interesting: there are a bunch of folks attempting to sell unofficial George Orwell books on Amazon, and sometimes they’re garbage.

  What I find odd, is that while the article admits that many are published in India, where Orwell’s works are in the public domain, the article makes no mention of the odd copyright situation in the US and UK, where Orwell’s books all should be in the public domain based on the copyright deal that was made with Orwell when he wrote the books. Under those terms, all of Orwell’s books — including Animal Farm (1945) and Nineteen Eighty-Four (1949) — should have entered the public domain years ago, meaning that there would be a robust market for legitimate copies of those works.

• The FCC Doesn’t Actually Know How Many People Have Broadband

  For a country that likes to talk about “being number one” a lot, that’s sure not reflected in the United States’ broadband networks, or the broadband maps we use to determine which areas lack adequate broadband or competition (resulting in high prices and poor service). Our terrible broadband maps are, of course, a feature not a bug. ISPs have routinely lobbied to kill any efforts to improve data collection and analysis, lest somebody actually realize the telecom market is a broken mono/duopoly whose dysfunction reaches into every aspect of tech.

  While these shaky maps have been the norm for several decades, recent bipartisan pressure by states (upset that they’re not getting their share of taxpayer subsidies because we don’t actually know where broadband is) has finally forced even the Ajit Pai FCC and the telecom industry to take some modest action.

Monopolies

• Steve Wozniak says Apple should have broken up years ago

  Here’s the full quote: “I wish Apple on its own has split off a long time ago and spun off independent divisions to far away places and let them work independently, like Hewlett Packard did when I was there.”

• Why France’s Antitrust Cop Is Wary of Apple Pay and Deadly Deals [iophk: she neglects to mention Microsoft at all]

  In an interview at her Paris office last month, de Silva said she’s set her sights on Apple Inc. and Facebook Inc.’s forays into online payments. She’s also wary of the power Amazon.com Inc. and Alphabet Inc.’s Google could gain via their digital assistants.

• Trademarks

  • Canadian Brewery Changes Name Of Brew Due To Peanut Butter Company Bully That Doesn’t Ship In Canada

    We’ve been talking about the trademark crisis facing the craft brewing industry for some time. To recap, an industry explosion coupled with the habit of that industry to come up with creative and referential names for its products has collided with trademark attacks coming both from within and outside of the industry. The industry, which once had a quite permissive and fraternal approach to intellectual property, has since become corporatized. New entrants to the market, therefore, face challenges with how to name their craft beers without facing legal threats.

  • The Patent And Trademark Office Is Apparently Branching Out Into The Immigration Enforcement Business

    Here’s another one of those weird signs of the time. Under any normal presidential administration, this move by the US Patent and Trademark Office might look a bit strange. But only a bit. There are some legitimate reasons for doing this, but filtered through the administration’s xenophobia, it seems to be just another way to hassle non-citizens. (h/t Jef Pearlman)

• Copyrights

  • Top MPAA Lawyer, Mastermind Behind Its Plan To Attack The Internet, Arrested On Blackmail And Sexual Assault Charges

    A while back, an MPAA whistleblower sent me a big file of internal MPAA documents. I spent many months going through them and trying to track down any actual story in them, but there really wasn’t much there. Most of the documents were quite old and not all that revealing beyond what was already known (or widely assumed) about how the MPAA acted. The only thing that struck me as interesting, was a very old memo, written by lawyer Steven Fabrizio, before he became the MPAA’s General Counsel, when he was still at the MPAA’s favorite law firm, Jenner & Block. The memo outlined a very long list of potential anti-piracy strategies, and whether or not they were legal. Some of them were… quite surprising in what they were even considering (it included things like taking over a pirate site and using it as a honeypot). Many were what I would personally classify as somewhere between sleazy, dishonest and unethical. I never wrote up any details, because there was no evidence that the MPAA ever actually did any of the proposed programs, and a few people I ran questions by pointed out that, as as corporate lawyer, reviewing crazy ideas by clients and giving a legal opinion on them is standard practice.

    The Fabrizio connection struck me as interesting on a few levels, though. Beyond being the MPAA’s top legal attack dog for nearly a decade, the Sony Pictures email leak showed that Fabrizio was the mastermind behind Hollywood’s Project Goliath to use MPAA/Hollywood Studio funds to pay for having state Attorney’s General and news media owned by those studios, to attack Google to try to pressure it into some sort of “deal” with the studios. Fabrizio was also formerly the top litigator at the RIAA, and led its charge against Napster. Fabrizio was deeply involved in key copyright lawsuits, including the fights against Grokster, Hotfile, and Aereo. Basically, much of the history of “anti-piracy” litigation and “anti-piracy” efforts regarding the internet, was somehow touched by Steve Fabrizio.

  • There Are No Magic Words That You Can Post to Change Instagram’s Terms of Service

    This isn’t how privacy or copyright law works. This isn’t how contract law, which governs your relationship with a company’s terms of service, works. And it does not matter that Judd Apatow, Julia Roberts, Usher, or Secretary of Energy Rick Perry all fell for it.

    While this phenomenon has been called a hoax, a scam, and a new iteration of the chain letter, it’s also something like a superstition. People are legitimately concerned about the power of giant companies like Facebook, and it’s kind of believable that it’d be able to make these kinds of rules and you, the user, would be stuck with them. Thinking there must be some legal way out of this unequal relationship—that the law wouldn’t let one company act with impunity in this way—isn’t so irrational. And so these words keep popping up and, since there was no change in the first place, they seem to “work” and do no harm—like knocking on wood—so everyone forgets for a couple of years.

  • The US Department of Justice (DoJ) has filed criminal charges against a former senior engineer at Google’s owner Alphabet alleging he stole [sic] car technology secrets.

    The claim is that before leaving Waymo, Mr Levandowski downloaded thousands of files in 2015 related to Alphabet’s self-driving car technology, including details related to Lidar, a crucial sensor technology for self-driving cars.

    [...]

    Mr Levandowski faces up to 10 years in jail and could be fined $250,000 per count, $8.25m in total.

  • RIAA Refuses to Share Results of ‘Six Strikes’ Anti-Piracy Scheme

    The RIAA is refusing to share information about the effectiveness of the “Six Strikes” Copyright Alert System with Cox Communications. The ISP subpoenaed the data as part of an ongoing piracy liability lawsuit. The company wants to show that its own anti-piracy measures worked better than the alternative that was praised by the music industry.

  • It’s Happening—The CC Global Summit Will Be in Lisbon, May 14-16!

    We’re happy to announce that the 2020 CC Global Summit will once again be in Lisbon from May 14-16, 2020! Please save the date!

Desktop

• Linux on Chromebooks getting Ansible integration for enterprise package management

  This seems to be a big week for Chromebooks in the enterprise. First, we heard the joint announcement between Google and Dell for new, high-end Latitude Chromebooks. And now I’ve found some code commits indicating that Project Crostini wasn’t just about adding Linux to address a Chrome OS “app gap” but also to add new services for enterprise users.

  There are at least a dozen recent Chromium code commits that mention both “crostini” and “Ansible”. Not knowing what the latter was, I did some searching and quickly found that Red Hat Ansible is an open-source project to automate IT through these main areas…

• New App Makes Linux Firmware Management A LOT Simpler

  But there are times when a user either needs to or wants to find out more about the firmware that their devices are running on. They might, for instance, have encountered issues and want to perform more advanced tasks, like downgrading firmware version.

  Today, to do that, to check firmware versions and gauge other details about connected hardware, users get directed to the command line (indeed, this is where I had to go when trying to update the firmware of my 8BitDo controller).

• GNOME Wants to Make Linux Firmware Updates Easier to Deploy with New Tool

  Long-time GNOME developer Richard Hughes talks in his latest blog post about a new tool that will be integrated in future versions of the GNOME desktop environment to make deployments of firmware updates easier for all users.

  At the moment, the GNOME Software Center only displays devices when firmware updates are pending, but Richard Hughes and Andrew Schwenn, an intern from Dell, have been working lately on a new tool that would be integrated as a panel into GNOME Control Center, which promises to make it easier for users to install new firmware versions for their hardware.

  Meet GNOME Firmware Updater, a new power user tool that would help you keep your hardware secure and up-to-date at all times by allowing you to more easily install new firmware updates that are available from the vendor.

• Pinebook Pro ($199) Linux Laptop Pre-Orders are Available to Everyone

  Pine64 was launched Pinebook in April 2017. Pinebook is a lightweight and low cost Linux notebook, which is based on the Pine A64 single board computer and it costs 89 or 99 USD for the 11,6″ and 14″ model respectively.

  It is very lightweight and comes equipped with a full-sized keyboard and large multi-touch trackpad. It runs numerous mainline Linux distributions as well as *BSDs and Android.

• Google and Dell team up to tackle Microsoft with first Chromebook Enterprise laptops

  Chromebooks are mighty popular with cheapskate students and in the education sector, but they haven’t exactly taken the rest of the world by storm; Windows machines dominate in the enterprise world, and MacBook Pros are the go-to for moustachioed matcha latte-chugging creative types.

  While Google isn’t ready to take on the latter, it seems to want to square up to the former. And the Dell Latitude 5300 2-in-1 Chromebook Enterprise and Latitude 5400 Chromebook Enterprise could be the ticket for it to do so. Both machines will go on sale on 27 August, with prices starting at £699 and £449, respectively.

Server

• [Older] Why choose Puppet for DevOps?

  If you’re like most in the DevOps world, you’re always interested in automating tasks and securing your infrastructure. But it’s important to find ways that won’t sacrifice the quality or lose efficiency. Enter Puppet for DevOps. Forty-two percent of all DevOps businesses currently use this handy tool, for good reason.

  Puppet for DevOps is unique because it allows you to enforce automation, enhance organization, boost security measures, and ramp up the overall speed across an entire infrastructure. Puppet’s special abilities are clearly game-changing. And a big part of this sharp setup is due to the initialization of the module authoring process.

• BT bets big on Canonical for core 5G network

  The foundations for the future of BT’s 5G network will be open source, with practically every virtualised aspect of the future infrastructure to be delivered and managed with Canonical’s Charmed Openstack distro.

• IBM

  • OpenPOWER opens further

    n what was to prove something of a theme throughout the morning, Hugh Blemings said that he had been feeling a bit like a kid waiting for Christmas recently, but that the day when the presents can be unwrapped had finally arrived. He is the executive director of the OpenPOWER Foundation and was kicking off the keynotes for the second day of the 2019 OpenPOWER Summit North America; the keynotes would reveal the “most significant and impressive announcements” in the history of the project, he said. Multiple presentations outlined a major change in the openness of the OpenPOWER instruction set architecture (ISA), along with various related hardware and software pieces; in short, OpenPOWER can be used by compliant products without paying royalties and with a grant of the patents that IBM holds on it. In addition, the foundation will be moving under the aegis of the Linux Foundation.

    Blemings also wrote about the changes in a blog post at the foundation web site. To set the stage for the announcements to come, he played a promotional video (which can be found in the post) that gave an overview of the foundation and the accomplishments of the OpenPOWER architecture, which includes underlying the two most powerful supercomputers in the world today.

Audiocasts/Shows

• The Linux Link Tech Show Episode 823

• mintCast 316 – TonyH Runs Arch!

  In our Wanderings, Leo talks snapd and spicing up the terminal, Tony Hughes dives into EndeavourOS (Arch!) and Mint, Josh has been playing around with drones, Joe gets some help with Borderlands and eyes the Note 10, and Tony Watts installs Mint and changes carriers.

Kernel Space

• Reconsidering unprivileged BPF

  The BPF virtual machine within the kernel has seen a great deal of work over the last few years; as that has happened, its use has expanded to many different kernel subsystems. One of the objectives of that work in the past has been to make it safe to allow unprivileged users to load at least some types of BPF programs into the kernel. A recent discussion has made it clear, though, that the goal of opening up BPF to unprivileged users has been abandoned as unachievable, and that further work in that direction will not be accepted by the BPF maintainer.
  The BPF verifier goes to great lengths to ensure that any BPF program presented to the kernel is safe to run. Memory accesses are checked, execution is simulated to ensure that the program will terminate in a bounded period of time, and so on. Many of these checks are useful to ensure that all programs are safe and free of certain types of bugs, but others are aimed specifically at containing a potentially hostile program — an obvious necessity if the kernel is to accept BPF programs from unprivileged users.

  Much of this work was done in 2015 for the 4.4 kernel; in particular, a great deal of effort went into preventing BPF programs from leaking kernel pointer values to user space. Those pointers could be highly useful to an attacker who is trying to figure out where specific data structures or code are to be found on a target system, so making them easily available to unprivileged processes is clearly a bad idea. “Constant blinding” was added for 4.7. In essence, this mechanism will exclusive-OR constant values in programs with a random number (repeating the operation at run time when the values are actually used), preventing an attacker from sneaking in unverified BPF code disguised as constants. Other patches have been aimed at preventing speculative-execution attacks by BPF programs.

• On-disk format robustness requirements for new filesystems

  The “Extendable Read-Only File System” (or “EROFS”) was first posted by Gao Xiang in May 2018; it was merged into the staging tree for the 4.19 release. There has been a steady stream of work on EROFS since then, and its author now thinks that it is ready to move out of staging and join the other official filesystems in the kernel. It would seem, though, that there is one final hurdle that it may have to clear: robustness in the face of a corrupted on-disk filesystem image. That raises an interesting question: to what extent do new filesystems have to exhibit a level of robustness that is not met by the filesystems that are currently in heavy use?
  As suggested by its name (and its acronym), EROFS is a read-only filesystem. It was developed at Huawei, and is intended for use in Android systems. EROFS is meant to differ from existing read-only filesystems in the area of performance; it uses a special compression algorithm that creates fixed-length blocks that, it is claimed, allows random access to compressed data with a minimum of excess I/O and decompression work. Details can be found in this USENIX paper [PDF] published in July.

• Graphics Stack

  • Virglrenderer and the state of virtualized virtual worlds

    With the release of virglrenderer 0.8.0, getting accelerated OpenGL within a virtual machine (VM) made a big leap forward. Since virglrenderer-0.7.0, the code base has seen ~600 commits, and by providing more than 80% of these contributions, Collabora took the lead in this development cycle.

    On the technical side the work has been focusing on more conformance, and performance. One specific aim was to support hosts that support only OpenGL ES to a point that within the VM guest also OpenGL 4.3 applications can be run, an aim that was fully acheived as we can now run games like Alien Isolation ™ within qemu on certain devices that support only OpenGL ES 3.2 and a number of extension. On the performance side, thanks to the excellent work by done by Alexandros (Collabora), and Gurchetan and Chau-i Wu (Google ChromeOS team) on buffer transfers we can now run many games at a decent speed.

  • Accelerated OpenGL in a virtual machine is advancing with virglrenderer

    Collabora put out a fresh technical blog post today to talk a little about virglrenderer, with the latest version 0.8.0 (released recently) enabling a big leap for accelerated OpenGL within a virtual machine.

    The work they talk about, which Collabora took the lead on this dev cycle with help from Google Chrome OS team, is aimed at essentially creating a virtual 3D GPU for use in QEMU virtual machines (more on that here). Quite a different approach to GPU Passthrough!

  • Virglrenderer 0.8 Offers Better Open-Source OpenGL Support To KVM/QEMU Guests

    Virglrenderer 0.8 was released last week as one of the components to the “Virgl” graphics stack for getting OpenGL acceleration working within KVM+QEMU guests that is in good enough shape for handling relatively recent GL/GLES Linux games and other workloads.

    The Virgl stack continues maturing and getting better with its OpenGL support for its Mesa/Gallium3D driver as well as faster performance thanks to varying optimizations throughout. Collabora, Google, Red Hat, and others continue working on this leading open-source means of 3D graphics support for VMs as alternatives to VirtualBox or VMware 3D solutions.

  • AMD Renoir APUs Bringing “DCN 2.1″ Display Engine

    Raven Ridge APUs brought the DCN 1.0 “Display Core Next” engine, Navi GPUs upped that to a DCN 2.0 implementation for the display engine, and now the Renoir APUs are ushering in DCN 2.1. This is a bit interesting particularly with Renoir being a Vega-based GPU and not Navi as one would have hoped prior to the Vega confirmation in the earlier patches.

  • AMD Navi 14 Support To Be Backwards Compatible With Mesa 19.2 And Arrive In Lower-End Affordable Graphics Cards?

    AMD is yet to officially confirm its Navi 14 GPU. However, the AMD’s Navi 10 GPU which uses the RDNA 1.0 architecture and is made using a 7 nm production process at TSMC, could debut soon, indicated multiple entries. The Navi 10 GPU succeeds the ‘Polaris’ GPU, indicated a Linux driver and even the CompuBench database that appeared last month. It is interesting to note that AMD is expected to backport the Navi 14 support to the Mesa 3D Graphics Library. The Mesa3D’s Mesa 19.2 version, which could be released within the next 30 or so days, should include the support for the latest Navi 14 GPU.

Applications

• Nikola – Static Site Generator for your webz

  The modern web is all about dynamic content. But in most cases, this is a technological illusion. A large number of website uses dynamically generated pages, i.e. stuff gets read from a database and rendered on the screen when requested, even for things that don’t necessarily require any interaction. This takes resources, and might even be considered less secure, because bad or malformed instructions could theoretically generate something undesired.

  The old Web was all about static content – HTML pages with links and images and not much else. Not bad, very light on the resources, and as secure as the Web server what does it. But then, not much interaction happens, and updating content can be tedious. What if there was something midway between the two worlds? That would be Nikola, a static site generator.

• HP Linux Imaging & Printing Drivers Now Support Linux Mint 19.2 and Debian 10

  The HP Linux Imaging and Printing 3.19.8 software is now available with support for several new HP printers and scanners, among which we can mention HP DesignJet T1530 Postscript, HP DesignJet T2530 Postscript, HP DesignJet T930 Postscript, HP DesignJet T1600 Postscript Printer, and HP DesignJet T1600dr Postscript Printer.

  Additionally, the HP DesignJet T2600 Postscript MFP, HP LaserJet Pro MFP M329dn, HP LaserJet Pro MFP M329dw, HP LaserJet Pro M305d, HP LaserJet Pro M304a, HP LaserJet Pro M305dn, and HP LaserJet Pro M305dw printers are supported as well in the HP Linux Imaging and Printing 3.19.8 release, which also adds support for new GNU/Linux distributions.

• HPLIP 3.19.8 Released with Linux Mint 19.2, Debian 10 Support

  HPLIP 3.19.8, HP developed printer and scanner drivers for Linux, was released today with new devices and new Linux Distro’s support.

Instructionals/Technical

• Broken and Fixed Virt-Manager on openSUSE

• How to use port forwarding in VirtualBox

• How to use Harbor to scan Docker images for vulnerabilities

• How to view FPS for games on Android [No root]

• Set Dolphin as Default File Manager of Ubuntu

• LDAP Filter Syntax Validation

• How To Install VirtualBox on Debian Linux 10 Linux

• Use Linux Graphical Softwares on Windows via X11 Forwarding

• Linux ulimit Command

• Traceroute with Nmap

• Nmap Stealth Scan

• How to Install GNU Octave on Debian 10

• Installing PlayOnLinux on Debian 10

• Installing PostgreSQL on Debian 10

• Configure SSH X11 Forwarding on Debian 10

• How to easily install DEB packages on Ubuntu

• Using the LXD Kali container image

• How to Install Kooboo CMS on Ubuntu 18.04 LTS

• How to set up a ZFS storage pool on Ubuntu

• How to install Neptune 6.0

• How to install Evernote on Linux

• Making GNU/Linux Multiboot USB with The Awesome Aguslr’s Tool

Games

• Rogue Rocks, a new take on classic Asteroids gameplay with upgrades and more

  Rogue Rocks from AUX-IN Games is a recent release, one that aims to bring the classic gameplay of Asteroids “into the modern era”.

• Soldak Entertainment have officially released Din’s Legacy, their latest action RPG

  Something I am always in the mood for are more action-RPGs and Din’s Legacy is certainly an interesting and unique game overall. Note: Key from the developer.

• Spiritfarer continues to look like it will be an incredible experience

  Spiritfarer, a game that’s described as “a cozy management game about dying” was a big surprise a few months ago when it was announced. Turns out we missed their newer trailer this month!

  It looks absolutely gorgeous and seems like it will be a pretty wholesome experience. You travel around, looking after spirits until they’re ready to be released into the afterlife. Check out the newer trailer below:

• Yacht Club Games have shown off quite a lot of upcoming Shovel Knight content

  The retro-inspired platformer continues to get love from its developers five years on from launch. Expect more content in December and as well as a new spinoff game sometime in the future.

  If you’re not familiar with Shovel Knight, it’s 2D side-scrolling platformer that is heavily inspired by the 8-bit era of video games. I’m a big fan of what the developer has accomplished. The original campaign has players assume control of the titular Shovel Knight and wield his sharp shovel on an adventure to rid the land of evil and rescue his beloved. The game world is large and colorful, the music memorable and its gameplay is both fun and challenging.

  Shovel Knight has gotten a steady drip of new content from its developers over the years in the form of spinoff campaigns and other goodies. Owners of the original game (renamed Shovel Knight: Treasure Trove) have gotten all of them for free and the two upcoming addons will be no exception. In a presentation earlier today, the developer has shown off more of what’s in store for Shovel Knight.

• The Humble Spooky Horror Bundle 2019 is out with a few quality Linux games inside

  While not all of the games in this latest bundle support Linux, those that do are some great picks to have a go.

  The Humble Spooky Horror Bundle 2019 went live today, with a total of seven games.

Desktop Environments/WMs

• GNOME Desktop/GTK

  • Sam Thursfield: Blog about what you do!

    Am I the first to blog from GUADEC 2019? It has been a great conference: huge respect to the organization team for volunteering significant time and energy to make it all run smoothly.

    The most interesting thing at GUADEC is talking to community members old and new. I discovered is that I don’t know much about what people are doing in GNOME. I discovered Antonio is doing user support / bug triage and more in Nautilus. I discovered that Bastian is posting GNOME-related questions and answers on StackOverflow. I discovered Britt is promoting us on Twitter and moderating discussions on Reddit. I discovered Felipe is starting to do direct user support for Boxes. I wouldn’t know any of this if I hadn’t been to GUADEC.

    So here’s my plea — if you contribute to GNOME, please blog about it! If everyone reading this wrote just one blog post a year… I’d have a much better idea of what you’re all doing!

    Don’t forget: Planet GNOME is not only for announcing cool new projects and features – it’s “a window into the world, work and lives of GNOME hackers and contributors.” Blog about anything GNOME related, and be yourself — we’re not a corporation, we’re an underground network with a global, diverse, free thinking membership and that’s our strength.

Distributions

• Arch Family

  • BlackArch Linux Ethical Hacking OS Adds over 150 New Tools in Latest Release

    Powered by the Linux 5.2.9 kernel, the BlackArch 2019.09.01 ISO snapshot for September 2019 is now available featuring more than 150 new tools for ethical hacking and penetration testing tasks, the Terminus font for all supported window managers, and an updated installer (blackarch-installer) to version 1.1.19.

    New ~/.vim and ~/.vimrc configuration files for the Vim text editor have been added as well in BlackArch 2019.09.01, along with an updated look and feel consisting of a brand-new BlackArch theme that’s available for all supported window managers, as well as for the bootloaders (GRUB and Syslinux).

• Canonical/Ubuntu Family

  • Ubuntu 19.10 OS for Raspberry Pi

    Based on the upcoming Ubuntu 19.10 “Eoan Ermine” operating system, due for release on October 17th, the new RaspEX release includes packages from the GNU/Linux 10 “Buster” operating system series and the open-source Linaro software for ARM SoCs, and it’s powered by the Linux 4.19.63 kernel.

    “I have upgraded the whole system and replaced the old kernel 4.19.50-exton-v7+ with kernel 4.19.63-raspex-v7l+. RaspEX Build 190807 is a Linux ARM system for Raspberry Pi 4, 3 Model B, 3 Model B+ and Raspberry Pi 2. It is based on Debian 10 Buster, Ubuntu 19.10 and Linaro (Open Source software for ARM SoCs),” says Exton.

  • Canonical joins the ROS 2 Technical Steering Committee

    We at Canonical care deeply about robotics. We firmly believe that robots based on Linux are cheaper to develop, more flexible, more secure, and faster to market. One of the contributing factors to this being the case is the Robot Operating System (ROS). ROS is by far the most popular middleware for creating Linux-powered robots. It provides all sorts of open source tools and libraries and pre-made components that solve common problems encountered during robot development. This allows roboticists to avoid needing to reinvent the wheel and instead focus on what really makes their robot unique. Of course, another reason we care about ROS is that most of the ROS community use Ubuntu. We love our users, and we want to make sure the experience they have on Ubuntu is consistently stellar!

    We also care deeply about security, and that permeates everything we do. We’ve all seen how the IoT wave has been going in this regard: badly. IoT devices are low-margin, and no one has any incentive to keep them up to date or ensure that they’re secure in the first place. Manufacturers want to drive costs down, and users don’t consider the devices computers and don’t give a second thought to connecting them to the internet. It’s an unfortunate set of circumstances.

    We think that the best way out of this situation is to make security and maintenance so easy that it becomes the obvious choice. If it was suddenly easier and cheaper for device manufacturers to create secure devices that can be automatically updated, why wouldn’t they do it? That’s the premise behind snaps and Ubuntu Core: by making complex topics like security and updates transparent and straightforward, we can make the entire ecosystem better for everyone.

  • Rough, tough Coffee Lake industrial PC offers Ubuntu BSP

    Logic Supply’s rugged “Karbon 700” industrial PC runs Ubuntu or Windows on Intel Coffee Lake chips with 3x DP, 6x USB 3.0, 2x mini-PCIe, 3x M.2, 3x GbE, and optional 2x SATA and dual PCIe.

    We typically associate Logic Supply with mini-PCs, but the company also offers more feature-rich industrial computers such as its Intel Kaby Lake based MC850-50. Now the company has launched a more advanced system with its ruggedized, Coffee Lake based Karbon 700. The system supports challenging environments for data loggers NVRs, or edge devices “in heavy industrial, in-vehicle or remote installations in the manufacturing, physical security and energy management industries,” says Logic Supply. The rugged system offers a number of automotive-focused features.

  • Multi-tenancy in MAAS

    In this blog post, we are going to introduce the concept of multi-tenancy in MAAS. This allows operators to have different groups of users own a group of resources (machines) without ever even knowing about other groups of users enabling enhanced machine utilisation.

    A common use case for medium and large-scale environments is to provide a different set of machines for different users or groups of users. MAAS has historically approached this by allowing users to pre-reserve machines (allocate) for later use. However, as of MAAS 2.4 we introduced the concept of resource pools.

  • Ubucon Europe 2019: Our first gold sponsor – ANSOL!

    Our first gold sponsor of this event is ANSOL (Associação Nacional para o Software Livre), the Portuguese national association for free and open source software.

    [...]

    Thanks to them, we have received significant support to sustain our event and our journey to give you one of the best open source experiences in Sintra.

Devices/Embedded

• Gateworks GW5913 Compact NXP i.MX 6 SBC Supports PoE, GPS and 4G LTE Cellular Connectivity

  The company provides OpenWrt and Ubuntu Board Support Packages (BSP) for the board, and documentation is publicly available in the Wiki. The board is designed for small embedded applications such as IoT Gateways, Man-Portable Units (MPUs), Unmanned Aerial Vehicles (UAV), digital signage, and robotics.

• Thin client powers up with Raspberry Pi 4

  ClearCube announced a “C4Pi Thin Client” built around the Raspberry Pi 4 that runs Stratodesk’s Linux-based Cloud Desktop OS with support for Citrix HDX, VMWare, and Microsoft VDI stacks.

  In conjunction with this week’s VMWorld 2019 conference in San Francisco, ClearCube has announced the imminent release of a thin client based on the Raspberry Pi 4 Model B. The C4Pi Thin Client updates its C3xPi Thin Client, which is built around the Raspberry Pi 3 Model B+.

• UP Squared Is A Very Capable Intel SBC For Makers & IoT

  After learning of the UP-Squared SBC maker board this summer when this Intel Apollolake single board computer was added to Coreboot, the company sent over a review sample and for the past number of weeks have been putting this mini board through its paces and performance tests.

• A Linux-to-Cloud IoT Solution the Microsoft Way [Ed: Microsoft trap]

• Cloud-based OTA manager for IoT is now free for up to three Linux devices

  UpSwift is offering a free lifetime subscription to makers and developers who want to manage up to three Linux-based devices with the UpSwift cloud-based IoT management and micro-updating platform.

  Israeli startup UpSwift announced its cloud-based UpSwift IoT management and update service for Linux-based IoT and embedded devices in Jan. 2018 and over the last year has deployed it in “multiple companies.” The company is now announcing a new “Prototyping” offering that provides a free lifetime subscription for “maker/developers” who want to manage up to three Linux devices.

• Tiny i.MX6 SBC has GbE with PoE and mini-PCIe for 4G

  Gateworks has launched a 100 x 35mm “Ventana GW5913” SBC for IoT gateways that runs Linux on a dual-core i.MX6 with a GbE port, a mini-PCIe slot with nano-SIM, -40 to 85°C support, and optional GPS.

  The tiny new GW5913 is the latest in Gateworks’ line of NXP i.MX6 powered Ventana single board computers. Supported with OpenWrt and Ubuntu BSPs, the industrial temperature board is designed for IoT gateway applications in industrial factory environments, outdoor oil & gas sites, agriculture, health care, and transportation and asset tracking.

• Mobile Systems/Mobile Applications

  • Meet the startup making ethical electronics mainstream

    With ethical consumers increasingly concerned with the origin of their purchases, almost every industry, from fashion to food to diamonds, has been held to account over the ethics of its supply chain.

    Bar a small number in the tech community, the ethical implications of the electronics industry has gone largely unnoticed by many consumers. However, the smartphone many have in their pocket may have a questionable past.

    The average smartphone contains over 60 different metals, so tracking the supply chain of each component is complex. The mining and processing of many of these metals contributes to environmental damage and poor working conditions for those involved.

    For example, cobalt, found in lithium-ion rechargeable batteries, is commonly sourced from the Democratic Republic of Congo, where it is frequently mined by child labourers. Last year, Bloomberg reported that factory workers making the casing for iPhones were working long hours in hazardous conditions. According to a study from 2014, 97% of the 39 electronics companies studied did not pay factory workers a living wage.

    [...]

    The concept of ethical electronics is not a new one. Although a fairtrade certification does not yet exist for electronics, some people within the tech community have been aware of the ethical implications of the electronics industry for a number of years with software movement activist Richard Stallman, for example, only running Linux software on fairtrade laptops.

  • A mobile phone that respects your freedom

    Motivation and challenges building a mobile phone that respects your freedom, privacy and digital rights – and is hackable. This talk will present a summary of a two year journey, which is still ongoing.

    Today mobile phones are _the_ computing device of the decade, maybe even of this century. Almost everyone carries one, every day to every place. They are pretty much always connected and we entrust almost our entire digital life to them – any form of communication (voice, text, video), all kinds of entertainment (reading, web surfing, video/movies), personal information (address books, social media), location (navigation, location sharing) etc. Pretty much our entire digital life is mirrored by these devices and to a growing extent happening right on them.
    What is often not fully recognized is that this huge ecosystem of mobile hard- and software is controlled by only a very few globe spanning companies. Our digital life is to a large part controlled by these companies and currently there is little way around them.

  • Purism Shows Off First Shots Of The Librem 5 Smartphone’s PCB

    The Librem 5 smartphone is still advertised as shipping in Q3’2019 though it looks next to impossible with just one month left in the quarter. Purism CTO Nicole Faerber presented at CCC’s Camp 2019 and the phone wasn’t demoed but pictures of the Librem 5 PCB were on display.

    With not even having any hardware on display for this CCC event even as a static display but just pictures in a slide deck of the PCB design, it’s a further let-down for this Linux smartphone that’s already been delayed and is currently said to be shipping this quarter.

  • Librem 5 smartphone will have two M.2 slots for replaceable wireless cards

    Purism’s upcoming Librem 5 smartphone is designed to stand out from in a few big ways. It’ll ship with an open source, GNU/Linux-based operating system called PureOS. Users will be able to replace the operating system with an alternate OS if they like. And there will be hardware kill switches to let you shut off features you’re not using in order to give users more control over privacy.

    The phone has been in development for a few years and while it seems unlikely that the estimated ship date of Q3, 2019 is still accurate, Purism CTO Nicole Faerber recently gave a presentation about the progress made so far… and publicly revealed what the phone’s printed circuit board (PCB) will look like.

    One intriguing detail? There are two M.2 slots for the wireless cards. That means users may be able to swap out cards to replace or upgrade wireless capabilities in the future.

  • Purism CTO Presents “A Mobile Phone that Respects Your Freedom” at CCCamp

    It is not easy to build hardware that respects your freedom, and it becomes even more challenging when that hardware is a mobile phone. No one knows this better than Purism CTO Nicole Faerber–and at CCCamp 2019 she elaborated on these challenges in a 45-minute presentation: “A Mobile Phone that Respects Your Freedom.” While we strongly suggest everyone view the talk itself (it’s so good!), in this post we will pull out a few of the highlights:

  • Realme XT announced: The first 64MP smartphone is (sort of) here

  • JBL Link Bar review: Solid sound and Android TV smarts, but Google’s a step too slow

  • Android TV might add some of OnePlus’ improvements to be more ‘fast and smooth’

  • Here’s an ‘ethical’ Android phone made of recycled materials

  • Google’s Android team talks Android 10, ‘Queen Cake,’ gestures, and more [Video]

  • Huawei P30 Pro confirmed to get Android 10-based EMUI 10 update soon; Here’s a glimpse

  • Huawei plans high-end phone launch under cloud of Android ban

  • Huawei Mate 30 could launch without an official build of Android or Google apps

  • New Botnet Targets Android Set-Top Boxes

  • Android 10 will start rolling out to Pixel devices next week

  • ZTE Axon 10 Pro hits the US for $549 w/ Snapdragon 855, Android 10 by end of 2019

  • Samsung Galaxy J5 (2017) is now receiving the Android 9 Pie update with One UI

  • Xiaomi Mi TV Pro Lineup to Start Receiving Android 9 Pie Update Next Month: Report

  • Time to spin the wheel of pwnage! This week, malware can infect your…. Android set-top box!

  • New Ares IoT Botnet discovered on Android OS based Set-Top Boxes

  • Apple Music beta for Android adds Chromecast support

  • Apple Music Gaining Chromecast Support on Android

  • The mid-range Fairphone 3 keeps the modular Android phone dream alive in 2019

  • SailfishOS on Sony Xperia XA2 Plus

    Not too much noise has been made about it, but fairly recently SailfishOS for Sony Xperia XA2, XA2 Ultra and XA2 Plus (finally) came out of beta stage after the initial release last autumn. I went and got myself an XA2 Plus and have been using it for a week now and am very pleased with it. Compared to former SailfishOS devices the Android runtime for the XA2 models is at version 8.x (compared to 4.x for previous devices), meaning a lot more Android apps will run on it.

    So if you’re looking for a proper GNU/Linux phone and/or an alternative to the Google/Apple duopoly now is your chance to run SailfishOS on very decent and affordable midrange hardware. Below is a video of the XA2 Plus running SailfishOS (not mine).

Free, Libre, and Open Source Software

• DeepMind introduces OpenSpiel, a reinforcement learning-based framework for video games

  A few days ago, researchers at DeepMind introduced OpenSpiel, a framework for writing games and algorithms for research in general reinforcement learning and search/planning in games. The core API and games are implemented in C++ and exposed to Python. Algorithms and tools are written both in C++ and Python. It also includes a branch of pure Swift in the swift subdirectory.

• Release notes for the Genode OS Framework 19.08

  The stated theme of this year’s road map is “bridging worlds”, which expresses our ambition to smoothen the practical use of Genode-based systems such as Sculpt OS. The current release pays tribute to this ambition by addressing a great number of practical concerns: How to accommodate the staggering variety of keyboard layouts out there? (Section Flexible keyboard layouts) How can the system gracefully respond when confronted with exotic USB devices? (Section Storage-stack improvements) How to set the system time from within the system? How does SNTP fit in here? (Section General system time concept) How to approach the remote administration of the system? (Section Enhanced SSH terminal) How to copy and paste text securely between mutually distrusting subsystems? (Section Clipboard) Or how to overcome the captive portal of a Hotel WiFi with Sculpt OS? (Section Disposable VM for handling captive portals) By providing answers to those questions, we believe to make Genode – and Sculpt OS in particular – generally more useful.

  As another take on “bridging worlds”, we continue our effort to bring the rich Sculpt OS software stack to the 64-bit ARM world, in particular to our most loved SoC family, namely NXP i.MX. Section 64-bit ARM and NXP i.MX8 reports on our progress in this direction.

• Genode OS 19.08 Released With Better POSIX Compatibility, Qt 5.13 Support

  Genode OS Framework 19.08 ships with better keyboard layout support, extended 64-bit ARM support and i.MX8 SoC support, various POSIX compatibility improvements, a new SMBIOS decoder, a better SSH terminal, Qt 5.13 is now included, and many other updates.

• curl exercises

  Recently I’ve been interested in how people learn things. I was reading Kathy Sierra’s great book Badass: Making Users Awesome. It talks about the idea of deliberate practice.

  The idea is that you find a small micro-skill that can be learned in maybe 3 sessions of 45 minutes, and focus on learning that micro-skill. So, as an exercise, I was trying to think of a computer skill that I thought could be learned in 3 45-minute sessions.

  I thought that making HTTP requests with curl might be a skill like that, so here are some curl exercises as an experiment!

• Altruism Still Fuels the Web. Businesses Love to Exploit It

  In practice, if not in theory, you’re no doubt familiar with the free rider problem: the roommate who doesn’t help with the dishes but happily eats from clean plates; the student assigned to a group project who lets everyone else do the work, knowing they all get the same grade. It’s a basic tenet of analysis in social science, especially in economics and political science. And yet Linux exists. Wikipedia exists.

  Here’s how I’d explain these apparent grand exceptions to our visitor. Under the right conditions, there are clearly some people who will put in a lot of work simply because it’s rewarding to contribute to something larger than themselves. And when the number of people who can theoretically collaborate on a project scales up into the billions, your chance of yoking together a critical mass of volunteers goes up exponentially. Then, suddenly, things that look impossible, like Wikipedia or Linux, can happen.

  But there’s a rub. The free rider problem does emerge in the realm of open source software, and with a vengeance. Because even though humans aren’t incorrigibly or universally selfish, we’ve built plenty of institutions that do act that way.

• Web Browsers

  • Mozilla

    • Mozilla Thunderbird 68.0 Released with Many New Features and Improvements

      Many months in the works, the Mozilla Thunderbird 68.0 release if finally here, bringing lots of new features and improvements. Highlights include the ability to mark all folders of an email account as read, improved filter logging and support for running filter periodically, TCP keepalive support for the IMAP protocol, as well as OAuth2 authentication support for Yandex.

      Also new is the ability to link to attachments in an email instead of uploading them, support for selecting language packs in Advanced Options, a policy engine that allows for customized enterprise deployments of Thunderbird using a cross-platform JSON file or Windows Group Policy, and complete Unicode support for MAPI interfaces, including MAPISendMailW.

    • Thunderbird 68.0 Released As A Big Update For The Mozilla Mail Client

    • Mozilla Thunderbird: What’s New in Thunderbird 68

      Our newest release, Thunderbird version 68 is now available! Users on version 60, the last major release, will not be immediately updated – but will receive the update in the coming weeks. In this blog post, we’ll take a look at the features that are most noteworthy in the newest version. If you’d like to see all the changes in version 68, you can check out the release notes.

      Thunderbird 68 focuses on polish and setting the stage for future releases. There was a lot of work that we had to do below the surface that has made Thunderbird more future-proof and has made it a solid base to continue to build upon. But we also managed to create some great features you can touch today.

    • Thunderbird 68 Released with New App Menu, Other UI Changes

      Yes, a brand new version of the Thunderbird e-mail client is now available to download for Windows, macOS and, er, that “not big or professional” project a Finnish student started back in 1991. Freax?

      Thunderbird 68 features a revamped app menu, an improved dark theme, and ‘full colour support’ throughout the app.

      Yes folks: with this release you can finally make all of the text of every email you read pink — if you want to, that is!

• BSD

  • In-Kernel TLS | BSD Now 313

    OpenBSD on 7th gen Thinkpad X1 Carbon, how to install FreeBSD on a MacBook, Kernel portion of in-kernel TLS (KTLS), Boot Environments on DragonflyBSD, Project Trident Updates, vBSDcon schedule, and more.

• FSF/FSFE/GNU/SFLC

  • FSF News: Alexandre Oliva joins Free Software Foundation board of directors

    A longtime free software activist and founder of FSF Latin America, Oliva brings decades of experience in the free software movement to the FSF board. In the community, he is held in especially high regard for being the chief developer of the GNU Linux-libre project, a version of the kernel Linux that removes all nonfree bits from the kernel’s source code, enabling users around the world to run fully free versions of the GNU/Linux operating system, and is a program of vital importance in the cause for software freedom. For his deep commitment and tireless work in free software, Oliva was the recipient of the 2016 Advancement of Free Software award given annually by the FSF.

    Aside from being a contributor to the GNU Project since 1993, Oliva is an accomplished public speaker and author on the importance of software freedom. He worked as a computer engineer at Red Hat from 2000 to 2019, making large contributions to crucial components of the GNU toolchain like GCC and the GNU C library. Most recently he has announced the founding of the 0G project, a vision for mobile phones that free users from the constant danger posed by bulk surveillance.

  • Developer forks GIMP image editor over naughty name

    One of the world’s biggest photo editors, GIMP, suffers from an image problem (pun absolutely intended).

    It’s an undeniably sophisticated piece of software, and since 1995 has served millions as a free alternative to Adobe’s photoshop. But many also wince at its unfortunate name.

• Openness/Sharing/Collaboration

  • Open Hardware/Modding

    • $5 Longan Nano GD32V RISC-V Development Board Comes with LCD Display and Enclosure

      There’s been some exciting news about RISC-V microcontrollers recently with Gigadevice announcing GD32V, one of the first RISC-V general-purpose microcontrollers, which outperforms its Arm Cortex-M3 equivalent in terms of performance and power consumption.

      The company also announced some development boards, but they are not quite that easy to purchase being listed on Tmall website in China. The good news is that Sipeed has introduced Longan Nano development board powered by GD32VF103CBT6 microcontroller, and it’s up for sale on Seeed Studio for $4.9.

• Programming/Development

  • FLOSS Weekly 544: Perl

    Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects.

  • This Week in Rust 301

  • Python, the perpetual time suck

    The thing that should have been apparent to me long ago is that the Python folks don’t appear to care about end users. They seem to have lost touch with the fact that Python is very popular! Each and every time they make core language behavior changes, API changes, and deprecate things, a lot of code has to accommodate. It’s a non-trivial amount of work to keep Python code working. Especially so if you’re trying to support code that has to run across multiple versions spanning many years. The test matrix just keeps on getting bigger. The code hacks to accommodate versions becoming more and more intrusive.

    The python 2 to python 3 debacle should have convinced everyone that the Python project cares more about the language and how they can make it better than the effect it has on the existing code written in it. One would have assumed that once the whole 2 -> 3 conversion was over, that things would have settled down. That the things that needed to be fixed would be done, but the incompatible changes just keep coming. It’s like the Python developers got a taste for change, perfection, they just can’t help themselves regardless of cost to the development community. I understand, it’s virtually impossible to get things exactly right the first time, but you have to let go and leave it alone. Once it’s out there, it needs to stay as is unless it’s a security hole. It’s totally fine to add features, improve performance etc., but horrible and inexcusable to break existing code.

  • A Review of ReportLab: PDF Processing with Python

    These days it’s easy to get swept up into the buzz around Python’s strengths as a data science package, but Python is also great for the more mundane, business process side of computing. One of the most important business processes is generating reports, and the most used and venerable form of report is the PDF. Python has a great library for generating and manipulating PDFs: ReportLab. I recently read more about this extremely useful library in ReportLab: PDF Processing with Python, by Michael Driscoll. With a few caveats, it’s an excellent resource.

    Python remains a great choice for the stuff that no one ever got rich on Patreon writing or talking about. Things like processing spreadsheets (which pandas is great at, by the way), mail-merge and of course, arguably one of the most important business activities, generating PDF reports. For this, Mike Driscoll’s book is a great introduction, tutorial, and resource for any Python programmer looking to get into the exciting world of programmatically generated Quarterly TPS reports!

  • PyPI Security Q4 2019 Request for Information period opens.

    The Python Software Foundation Packaging Working Group has received funding from Facebook research to develop and deploy of enhanced security features to PyPI.
    PyPI is a foundational component of the Python ecosystem and broader computer software and technology landscape. This project aims to improve the security and accessibility of PyPI for all users worldwide, whether they are direct users like project maintainers and pip installers or indirect users. The impact of this work will be highly visible and improve crucial features of the service.

    Specifically, this project aims to implement verifiable cryptographic signing of artifacts and infrastructure to support automated detection of malicious uploads to the index.
    We plan to begin the project in December 2019. Because of the size of the project, funding has been allocated to secure one or more contractors to complete the development, testing, verification, and assist in the rollout of necessary features.

  • Introduction to the Python Pyramid Framework

    In this tutorial, we’re going to learn how to use the Pyramid framework in Python. It is an open source web development framework which uses the Model-View-Controller (MVC) architecture pattern and is based on Web Server Gateway Interface (WSGI). The Pyramid framework has a lot of useful add-on packages that make web development a lot more convenient. Some other popular alternatives for web development in Python include Django and Flask.

  • Ruslan Spivak: Let’s Build A Simple Interpreter. Part 17: Call Stack and Activation Records

    To put it simply, it is a system for storing and accessing data in memory. At the hardware level, it is the physical memory (RAM) where values are stored at particular physical addresses. At the interpreter level, because our interpreter stores values according to their variable names and not physical addresses, we represent memory with a dictionary that maps names to values. Here is a simple demonstration where we store the value of 7 by the variable name y, and then immediately access the value associated with the name y:

  • PyCharm for Productive Python Development (Guide)

    As a programmer, you should be focused on the business logic and creating useful applications for your users. In doing that, PyCharm by JetBrains saves you a lot of time by taking care of the routine and by making a number of other tasks such as debugging and visualization easy.

  • Publishing my first Game

    My father and I, we built our first computer (a Pentium 286) and the first thing that I remember to do was to play some DOS games like Prince of Persia and Lunar Lander. I learned a bunch of CLI commands just to play my favorite games.

    The passion for playing and making games followed me as a hobby. I have a pygame series of posts on this blog, where I go through basic concepts of game development trying to explain them to someone who is starting to learn about it.

  • PHP and P++

    PHP is the Fortran of the world-wide web: it demonstrated the power of code embedded in web pages, but has since been superseded in many developers’ minds by more contemporary technologies. Even so, as with Fortran, there is far more PHP code out there than one might think, and PHP is still chosen for new projects. There is a certain amount of tension in the PHP development community between the need to maintain compatibility for large amounts of ancient code and the need to evolve the language to keep it relevant for current developers. That tension has now come into the open with a proposal to split PHP into two languages.
    PHP has been around for a long time; a previous version of the LWN site was implemented in PHP/FI in 1998. For most of its 25 years of existence, PHP has been criticized from multiple directions. Its development community has done a lot of work to address many of those criticisms while resisting others that, it was felt, went against the values of the language. Often these changes have forced code written in PHP to change as well; such changes tend to be the most controversial.

  • Find the maximum value within a string with Python

    In this chapter we are going to solve the above problem with a Python method. Given a string which consists of words and numbers, we are going to extract out the numbers that are within those words from that string, then compare and return the largest number within the given string.

  • Episode #227: Maintainable data science: Tips for non-developers

    Did you come to software development outside of traditional computer science? This is common, and even how I got into programming myself. I think it’s especially true for data science and scientific computing. That’s why I’m thrilled to bring you an episode with Daniel Chen about maintainable data science tips and techniques.

Jeffrey Epstein and the Power of Networks

Epstein was, in the parlance of the sciences, a marker. Like the radioactive tracer you get injected with before an fMRI, his villainy illuminates how the connections among a relatively small clique of American intellectuals allowed them, privately, to define the last three decades of science, technology, and culture. It was a Big-Ideas Industrial Complex of conferences, research institutions, virtual salons, and even magazines, and Jeffrey Epstein bought his way in.

How did these geniuses find themselves cozying up to a child rapist? In putting his apologies on the record with Stat reporter Sharon Begley, Church chalked it up to “nerd tunnel vision.” Ito, who also let Epstein contribute to his personal technology investment funds, called it “an error in judgment.” (Two people affiliated with the Media Lab have announced their departures as a result.)

Security (Confidentiality/Integrity/Availability)

• Testing an OnlyKey hardware password manager

  So far I’ve experimented with simple passwords only, but it appears to support TOTP via Google Authenticator or Yubikey OTP as well, in addition to being OpenPGP compatible and a “plug and play encryption device”. These features are explained in the documentation. There’s also an OnlyKey SSH/GPG agent which looks as though it could work; unfortunately the documentation suggests using keybase.io to generate keys which is a shame. Basically what one has to do is to copy/paste a private RSA key onto the OnlyKey.

• Making containers safer

  Administrators of these system containers will often give SSH access to the “host” to their users, who will run whatever they want on them. That is one of the reasons the project cares a lot about security. It uses every trick available, he said, to secure those containers: namespaces, control groups, seccomp filters, Linux security modules (LSMs), and more. The goal is to use these containers just like VMs.

  Since the project targets system containers, it builds images for 18 distributions with 77 different versions every day, Graber said. That includes some less-popular distributions in addition to the bigger names; it also builds Android images. Beyond that, LXD is being used as part of the recent Linux desktop on Chromebooks feature of Chrome OS. There are per-user VMs in Chrome OS, but the Linux desktop distribution runs in a container with some persistent storage, he said. It has GPU passthrough and other features to make the desktop seamlessly integrate with Chrome OS.

  All of the users of those distribution images built by the project can run any code they want inside those containers, which means that the Linux containers project needs to care a lot about security, Graber said.

• Internet Society weighs up the cost to business of cyber security breaches [iophk: Windows TCO]

  The financial impact of ransomware rose by 60% in 2018, losses from business email compromise (BEC) doubled, cryptojacking incidents – the unauthorised use of others’ computing resources to conduct cryptomining – more than tripled, and there continued to be a steady stream of high-profile data breaches, according to a report from the Internet Society’s Online Trust Alliance.

• Business losses to cyber crime data breaches to exceed US$5 trillion by 2024 [iophk: Windows TCO]

  Business losses to cybercrime data breaches will rise from US$3 trillion each year to over US$5 trillion in 2024, an average annual growth of 11%, according to a new global cybersecurity report.

• How insurance companies are fueling a rise in ransomware attacks by paying the ransom [iophk: Windows TCO]

  “More often than not, paying the ransom is a lot cheaper for insurers than the loss of revenue they have to cover otherwise. But, by rewarding [attackers], these companies have created a perverted cycle that encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies. In fact, it seems [attackers] are specifically extorting American companies that they know have cyber insurance. After one small insurer highlighted the names of some of its cyber policyholders on its website, three of them were attacked by ransomware.

• The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks [iophk: Windows TCO]

  The FBI and security researchers say paying ransoms contributes to the profitability and spread of cybercrime and in some cases may ultimately be funding terrorist regimes. But for insurers, it makes financial sense, industry insiders said. It holds down claim costs by avoiding expenses such as covering lost revenue from snarled services and ongoing fees for consultants aiding in data recovery. And, by rewarding [attackers], it encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies.

• Dutch regulator looking into possible Microsoft Windows privacy breach

  The regulator says that Microsoft is remotely collecting data from users of Windows Home and Windows Pro, a discovery made while testing privacy protection changes in Windows made last year.

• Dutch regulator sees potential privacy breach in Microsoft Windows

  Microsoft is remotely collecting data from users of Windows Home and Windows Pro, in a potential breach of privacy rules, the Dutch Data Protection Agency (DPA) said on Tuesday.

  The DPA said it had found the practices while it was testing privacy protection changes in Windows made last year by Microsoft at the agency’s request.

Environment

• Brazil has angrily attacked offers to help it put out the huge fires in the Amazon — here’s why it is pushing back against global outrage

  Pushback against Bolsonaro in Brazil has been clear. Former environment ministers wrote an open letter in May denouncing Bolsonaro’s Amazon policies, and thousands of Brazilians marched over the weekend to urge government action about the fires.

  Pereira pointed to a survey this month in which 96% of respondents said they agreed with the statement “President Jair Bolsonaro and the federal government should increase enforcement measures to prevent illegal deforestation in the Amazon.”

  The survey found the same result among Bolsonaro voters and opposition voters.

• Wildlife/Nature

  • Trump moves to permit new logging in Alaska’s Tongass National Forest: report

    The president reportedly directed Agriculture Secretary Sonny Perdue to lift the restrictions put in place under the Clinton administration’s 2001 “Roadless Rule” earlier this month, three sources familiar with the matter told The Post.