Bonum Certa Men Certa

Links 13/10/2019: Red Hat CFO Fired and KDE Plasma 5.17 Preparations



  • GNU/Linux

    • Desktop

      • With Windows Virtual Desktop, the bad old days are coming back

        This is not a good thing. Ultimately, I want computing power to be in my hands, not Microsoft’s or any other company’s. If you go along with this, as any poor sod working in Venezuela with Adobe products can tell you, you’re asking for pure misery.

      • System76 will ship Coreboot-powered firmware, a new OS for the apocalypse, and more open source news

        The Denver-based Linux PC manufacturer announced plans to start shipping two laptop models with its Coreboot-powered open source firmware later this month. Jason Evangelho, Senior Contributor at Forbes, cited this move as a march towards offering open source software and hardware from the ground up.

        System76, which also develops Pop OS, is now taking pre-orders for its Galago Pro and Darter Pro laptops. It claims that Coreboot will let users boot from power off to the desktop 29% faster.

        Coreboot is a lightweight firmware designed to simplify the boot cycle of systems using it. It requires the minimum number of tasks needed to load and run a modern 32-bit or 64-bit operating system. Coreboot can offer a replacement for proprietary firmware, though it omits features like execution environments. Our own Don Watkins asked if Coreboot will ship on other System76 machines.

    • Server

      • IBM

        • Red Hat CFO Loses Out on Retention Bonus Following Standards-Related Ouster

          Red Hat Inc.’s finance chief Eric Shander has been dismissed from the company, forfeiting a $4 million retention award that was agreed to ahead of Red Hat’s acquisition by International Business Machines Corp.

          The Raleigh, N.C.-based software company confirmed late Thursday that Mr. Shander was no longer working at Red Hat. “Eric was dismissed without pay in connection with Red Hat’s workplace standards,” a company spokeswoman said in a statement.

          The company, which said that its accounting and control functions remain healthy, on Friday declined to provide specifics about what led to Mr. Shander’s dismissal.

        • Red Hat CFO 'Dismissed' From Company, Forfeits $4M Retention Award

          "Red Hat Inc.'s finance chief Eric Shander has been dismissed from the company, forfeiting a $4 million retention award that was agreed to ahead of Red Hat's acquisition by IBM," reports the Wall Street Journal...

        • Top Red Hat official was let go, company confirms as new CFO steps in
    • Kernel Space

      • Linux 5.3.6

        I'm announcing the release of the 5.3.6 kernel.

        All users of the 5.3 kernel series must upgrade.

        The updated 5.3.y git tree can be found at:

        git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.3.y

        and can be browsed at the normal kernel.org git web browser:

        https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

      • Linux 4.19.79
      • Linux 4.14.149
      • Graphics Stack

        • Godot's Vulkan Renderer Is Getting Into Increasingly Good Shape

          Lead developer of the open-source Godot 2D/3D game engine Juan Linietsky has continued working daily on the engine's Vulkan renderer ahead of Godot 4.0.

        • GNOME's Mutter 3.35.1 Fixes The Night Light Mode On Wayland

          With many of the prominent fixes that we've talked about for GNOME Shell and Mutter since last month's 3.34 release having been back-ported to 3.34.1, this weekend's release of GNOME Shell 3.35.1 and Mutter 3.35.1 as the first steps towards GNOME 3.36 aren't all that big. But at least in the case of this new Mutter development release are some worthwhile fixes.

          GNOME Shell 3.35.1 has just different bug fixes and clean-ups but nothing particularly special. While no big features yet, at least the useful fixes over recent weeks were back-ported to the 3.34 stable series.

        • Vulkan To Better Handle Variable Rate Displays / Adaptive-Sync In The Future

          While longtime X11 developer Keith Packard is now working for SiFive on RISC-V processors by day, he's still involved in the Linux graphics world through his contract work for Valve. At the XDC2019 conference earlier this month he presented on display timing, the current Linux plumbing for it, and also bringing up Vulkan will better support variable rate displays in the future.

          Keith for a while now has done contract work for Valve with Linux graphics infrastructure improvements around better supporting VR HMD hardware on the Linux desktop and more recently on display / refresh rate timing and ensure it works punctually.

    • Applications

      • Proprietary

        • Hospitals Resume Accepting Patients After Malware Attack [iophk: Windows TCO]

          The DCH Health System said its hospitals in the west Alabama cities of Tuscaloosa, Northport and Fayette resumed admitting patients Thursday, and its imaging and patient scheduling services were going back online Friday.

          The system said key operations were back to normal 10 days after a ransomware attack encrypted information and prevented its computer systems from communicating with each other. The hospitals kept treating people, but new patients were sent to alternative locations in Birmingham or Mississippi.

          The company hasn't said how much ransom it paid to regain control of its systems, but an executive said insurance covered the cost.

        • What To Do When You Get Sherlocked By Apple

          It’s pretty standard for at least a few third-party developers to get crushed during Apple’s annual press conference. At some point in the presentation, Apple will announce a new OS feature, while some developer watches in disbelief as Apple swindles their entire business.

          It’s a phenomenon widely referred to as getting “sherlocked” (you can read more about how the term came to be here). It’s oddly flattering and intensely infuriating, and I know this first hand because it happened to the company I work for.

    • Instructionals/Technical

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • This week in KDE: Plasma 5.17 approaches

          Lots of great backend work happened this week which is very important, but not terribly flashy. And most of the in-progress work I alluded to last week hasn’t landed yet. So I’m afraid the user-visible changes will have to be a bit light this week. But fear not! For Plasma 5.17 is undergoing its last rounds of final polish and bugfixing before the release next week, and work churns along on lots of great stuff slated for Plasma 5.18 and the next apps versions!

        • KDE Plasma 5.17 Seeing Last Minute Bug Fixing

          With KDE Plasma 5.17 releasing soon, it's been seeing a lot of last minute fixes while feature activity is also brewing around Plasma 5.18.

          Plasma 5.17 reached beta last month while next week is the anticipated release of Plasma 5.17.0! Just a few days to go for that big update to the KDE desktop. As such, developers have been tidying it up while also brainstorming about what should be in store for Plasma 5.18.

      • GNOME Desktop/GTK

        • 10 Ways to Customize Your Linux Desktop With GNOME Tweaks Tool

          There are several ways you can tweak Ubuntu to customize its looks and behavior. The easiest way I find is by using the GNOME Tweak tool. It is also known as GNOME Tweaks or simply Tweaks.

          I have mentioned it numerous time in my tutorials in the past. Here, I list all the major tweaks you can perform with this tool.

          I have used Ubuntu here but the steps should be applicable to any Linux distribution using GNOME desktop environment.

    • Distributions

    • Free, Libre, and Open Source Software

      • 'Collapse OS' Is an Open Source Operating System for the Post-Apocalypse

        Between nuclear weapons, climate disaster, and tech bros' unbridled thirst for control over our lives, it sure does feel like the end is approaching "nigh" status.

        In a post-apocalyptic future, be it nuclear wasteland or Anthropocene nightmare, a common sci-fi trope is that those able to harness old world technology will have the upper hand. Collapse OS is a new open source operating system built specifically for use during humanity's darkest days. According to its creator, software developer Virgil Dupras, Collapse OS is what the people of the future will need to reconfigure their scavenged iPhones. For now, though, he's hosting the project on GitHub and looking for contributors.

      • New Open Source ‘Collapse OS’ Can Survive The Post-Apocalyptic World

        Multiple threats like climate disaster, nuclear war, depletion of resources keep looming over the world, and the idea of apocalypse seems inevitable.

        In any case, it’s never a bad idea to prepare for the future in advance. So a software developer named Virgil Dupras has developed a new self-replicating open-source ‘Collapse OS‘ that can survive humanity’s darkest days.

        In the post-apocalyptic world, we’d probably have to return to old-world technology by scavenging whatever we have built so far.

        Dupras envisions a future where the global supply chain collapses — and there won’t be mass production of electronics anymore. But those who manage to get hold if it will have the upper hand.

      • Collapse OS is an open-source operating system for a post-apocalyptic future

        Wondering what kind of operating system you would use in a post-apocalyptic world after the collapse of society might sound like kind of a low priority. But that’s because you’re not actually in the situation and don’t have to worry about how humankind can make a go of it in Earth’s darkest hour yet. This is where Collapse OS, a new Z80 processor-based open-source operating system being developed by software developer Virgil Dupras, comes into play.

      • New Vector to scale open-source alternative to WhatsApp and Slack, where users own their data

        New Vector has announced $8.5 million in funding to scale its open-source, secure communication network, a bid to revolutionise data privacy and ownership in the messaging app space. The investments come from European VCs who specialize in enterprise tech: Notion Capital, Dawn and firstminute capital.

        Necessary for understanding New Vector’s business is to first understand Matrix. Matrix is an open-source project, building a global network for decentralised communication. Users can collaborate securely via end-to-end encryption, and notably, they retain all ownership and control over their data.

      • New Vector raises $8.5 million to develop an open source Slack and WhatsApp

        Tech giants like Facebook, Google, Apple, and Microsoft needn’t be gatekeepers to communication. That’s the idea upon which Matrix, an open standard and decentralized protocol for real-time communication, was formulated. It’s designed to allow users of one service provider to communicate with users of different providers via online chat, voice over IP, and videotelephony, ideally as seamlessly as SMTP (Simple Mail Transfer Protocol) facilitates email exchanges across clients and services.

        Implementing the Matrix protocol at scale requires infrastructure and technical expertise, however — and that’s where startups like New Vector have carved out a niche for themselves. In a little over two years, the startup has helped to grow the Matrix network 400% to 11 million users across 40,000 deployments, including French and U.S. government agencies, Wikipedia parent Wikimedia, KDE, RedHat, and more.

      • Paris uses open source to get closer to the citizen

        Around 35 per cent of Paris’ 1,000 IT applications are Lutece-driven and 15 per cent are based on other open-source software, with the remaining 50 per cent using proprietary systems. As applications are upgraded or new ones added, Lutece and open-source tools will be deployed as much as possible, Lanouar said, noting that this approach enables greater autonomy and agility for the City, as well as the ability to be more transparent and create a better user experience for the citizen.

      • After Dallas County's TechShare software failure, the future must be open source

        There has been plenty of coverage of the very expensive failures of TechShare, Dallas County's attempt to create case-tracking software that could be used in any Texas criminal court. Like many battles over operations-level issues, it is easy to miss the forest for the trees.

        One basic principle of good governing was flagrantly violated in this instance: Government shouldn't be involved in a for-profit operation. TechShare's leadership sought profit, rather than to merely recoup costs. I hope members of both parties can agree this is a principle we should consciously adopt. A public discussion will help avoid future misadventures that cost the county $30 million for a hot plate of nothing.

        The term "crony capitalism" gets tossed around a lot, and it sometimes unfairly tarnishes good models of public-private partnerships. Crony capitalism usually means the government gives preference to certain favored private firms without seeking the best price (or quality) for a service or good. That preference is odious because it denies taxpayers the best price. Crony capitalism props up firms that would otherwise fail, using taxpayer money as insurance.

      • AI Researchers' Open-Source Model Explanation Toolkit AllenNLP Interpret

        Although the techniques are generic, AllenNLP Interpret is intended for use in NLP. Inputs to NLP systems are strings of text, usually sentences or whole documents, and the text is parsed into its constituent words or tokens. AllenNLP Interpret includes saliency maps that show each token's contribution to the model prediction; a use case for this might be explaining which words in a sentence caused its sentiment to be classified as positive or negative. The toolkit also includes two adversarial methods that show how changing the tokens in the input could affect the output. The first, HotFlip, replaces the input word that has the highest gradient with other words until the model output changes. The other attack, input reduction, iteratively removes the word with the smallest gradient without changing the output; this results in input texts that are "usually nonsensical but cause high confidence predictions."

      • The best open source software of 2019
      • InfoWorld Identifies the Most Innovative Products Available to Developers, Data Analysts, and IT Organizations

        InfoWorld — the technology media brand committed to keeping IT decision-makers ahead of the technology curve — announces the winners of its 2019 Best of Open Source Software Awards, better known as the Bossies. The annual Bossie awards recognize the most important and innovative open source projects for businesses and the IT professionals who serve them. The 26 winners in this year’s Bossie Awards are the next-generation tools and technologies that are enabling digital transformation, allowing businesses to succeed and IT organizations to excel at a time when the technology is more complex than ever.

      • Events

        • Andile Ngcaba urges embracing open source

          Given the growth of data and the Internet of things, insofar as data is concerned, the fibre industry must adopt open source architecture in terms of designing and building networks.

          This is the sentiment shared by Andile Ngcaba, president of the FTTx Council Africa, at the annual Fibre Optic Conference that kicked-off at the Sandton Convention Centre yesterday.

          Ngcaba was speaking about the future of the industry and how to be part of it, pointing out that modern businesses are being built on open source, while modern telcos are going to be built on open source.

        • All Things Open: The ‘hidden tech gem in the Triangle’ that draws thousands

          In its seventh year, All Things Open is preparing for more than 5,000 attendees. The conference will feature more than 250 talks from some of the top technologists and decision-makers discussing open source technology during three days of programming at the Raleigh Convention Center.

        • Six reasons why you should attend All Things Open in Raleigh

          Haven’t decided whether to attend the All Things Open conference in Raleigh? Well, Open Source is growing more important in technology so you might want to keep an open mind about attending. And more than 4,500 people are already scheduled to attend. Action begins Sunday.

        • Tech Village Hosting HacktoberFest Open-Source Meetup This Weekend

          The event will be hosted in Bulawayo in the 1st floor of the NetOne Building, Corner Fife Street and L.Takawira. Opposite Central Police Station.

          Maintainers -the guys/girls who build source code into a binary package for distribution, commit patches, or organize code in a source repository– will be present to help out would-be contributors to help move open-source projects forward.

      • Web Browsers

      • Linux Foundation

        • Open Source Rules the World

          Not too long ago I attended Linux Foundation’s Open Source Summit in San Diego, and this declaration of world dominance (tongue in cheek) was a fairly prominent refrain throughout. From best practices in OS development to emerging technologies to getting started—how to create an open source strategy, sustain it, and the right path to developing an Open Source Program Office (OSPO).

          All open source all the time.

          What became abundantly clear to me through the cacophony of voices representing developers, technologists and enthusiasts is that at the center of all that is open source are three key components critical to ultimate success (however you define it): people, processes, and technology.

          [...]

          The entire tech space is being redesigned by a digital transformation and the emergence of new open source technology platforms. It’s a revolution of sorts, led by groundbreaking innovations in machine learning, open source IoT, cyber security, virtual reality, big data analytics, blockchain and open source development tools. Additionally, there’s technology to help you know what’s in your code and automate the detection and remediation of license compliance and security issues in your DevOps life cycle.

        • Extreme Networks Transitions StackStorm to the Linux Foundation

          Extreme Networks, Inc. (EXTR) today announced it has turned governance of StackStormâ„¢ platform, its popular open-source workflow automation platform, over to The Linux Foundation. In making this transition, Extreme expects the Foundation's open source community to accelerate development and adoption of the platform so enterprises everywhere can reap the benefits of new applications and use cases.

      • SaaS/Back End/Databases

        • What to expect from Scylla Summit 2019

          Scylla (the company) takes its name directly from Scylla [pronounced: sill-la], a Greek god sea monster whose mission was to haunt and torment the rocks of a narrow strait of water opposite the Charybdis whirlpool.

          Outside of Greek history, Scylla is an open source essentially distributed NoSQL data store that uses a sharded design on each node, meaning each CPU core handles a different subset of data.

        • Licence to grill: A year on, MongoDB's Eliot Horowitz talks to The Reg about SSPL

          A year after its controversial switch to the Server Side Public License (SSPL), and with new products livening up the summer, MongoDB remains unrepentant.

          The change was aimed at making vendors selling a service using the company's code share the source of applications used to run the service as well as any tweaks. The move appeared to be aimed squarely at cloud vendors, content to "capture all the value and give nothing back to the community," as Dev Ittycheria, CEO of MongoDB, told us at the time.

          Elements of the open source community were less than impressed. The Open Source Initiative (OSI) rejected the company's attempts to get the licence approved and eventually MongoDB withdrew the thing from the process, although the company continued to use it for its own products. Indeed, at MongoDB's London .Local event, where we met co-founder and CTO Eliot Horowitz, the company was trumpeting the opening up of its Compass GUI for MongoDB under the SSPL.

        • From Russia with OLAP: Percona uses ClickHouse analytics

          At Percona Live Europe last week, one such example came up around the open source scene that is developing in Russia and how one of the projects that is now starting to open up to international use.

        • The love and the lament: Percona CEO details state of open source data

          Open source has changed, obviously it has. Starting from its origins among the hobbyist programmers and hackers who dared to defy the proprietary Silicon Valley behemoths, the open community-centric model for software development has now been widely adopted by the commercial software sector. In many cases, open source has become the norm for modern platforms, tools and applications. But how has this affected the nature of open development and what impact has this shift left in its wake on the data landscape that we view today?

        • GraphDB 9.0 Open Sources Its Front End and Engine Plugins to Support Knowledge Graph Solutions

          Ontotext has announced GraphDB 9.0, which is aimed at lowering the effort required for development and continuous operation of knowledge graphs by opening multiple integration extension points for its users and developers.

          GraphDB is a database for managing semantic information with more than 30 large production installations in big enterprises. With the growing complexity of enterprise data integration, many organizations are starting the journey of building knowledge graphs.

        • Ververica Announces Open Source Framework to Enable Lightweight, Stateful Applications at Scale

          Ververica, the original creators of Apache Flink, today announced at Flink Forward Europe the launch of Stateful Functions (statefun.io), an open source framework that reduces the complexity of building and orchestrating stateful applications at scale. Stateful Functions enables users to define loosely coupled, independent functions with a low footprint that can interact consistently and reliably in a shared pool of resources. Ververica will propose the project, licensed under Apache 2.0, to the Apache Flink community as an open source contribution.

        • DataStax offers bidirectional data dexterity for Apache Kafka

          DataStax has opened up ‘early access’ to its DataStax Change Data Capture (CDC) Connector for Apache Kafka, the open source stream-processing (where applications can use multiple computational units, similar to parallel processing) software platform.

          As a company, DataStax offers a commercially supported ‘enterprise-robust’ database built on open source Apache Cassandra.

          Stream processing is all about speed and cadence, so, the DataStax CDC Connector for Apache Kafka gives developers ‘bidirectional data movement’ between DataStax, Cassandra and Kafka clusters.

      • CMS

        • ExpressionEngine Under New Ownership, Will Remain Open Source for Now

          EllisLab founder Rick Ellis announced yesterday that ExpressionEngine has been acquired by Packet Tide, the parent company of EEHarbor, one of the most successful EE add-on providers and development agencies in the community. A year ago EllisLab, the developers of EE core, was acquired by Digital Locations but Ellis said the company ended up not being a good fit for the future of the CMS...

      • Pseudo-Open Source (Openwashing)

      • fOSS/Finance/Currency

      • Licensing/Legal

        • Invasion of The Ethical Licenses

          About 23 years ago, I created the Debian Free Software Guidelines to help the Debian developers decide what software was permissible to include in Debian, which aspired to be 100% Free Software, and what should be consigned to a “non-free” repository upon which Debian would never depend. Nine months later, those guidelines became the Open Source Definition, and I announced Open Source to the world.

          [...]

          Despite the seeming impossibility of its enforcement, the Vaccine License is the most professionally constructed of this pack, carefully targeting the approval process of the Open Source Initiative – and IMO missing it. But all three licenses appear to be unlikely to obtain the agreement of a court in enforcement, and scaling their requirements would be a sort of full-employment act for lawyers.

          Let’s work through how these licenses would be enforced.

          When these licenses are enforced, the copyright holder is the plaintiff, a fancy word for someone who makes a complaint. Their complaint is that the defendant, the licensee, committed a tort, a violation of civil law. The tort is copyright infringement.

          The important point here is that the complaint isn’t that the license was violated, the complaint is that the defendant did not have a license at all, and is infringing copyright. The defendant then has to prove that they did have a license, and that they were obeying the license’s terms, or that the court should for some reason not honor those terms.

          Licenses are also contracts, and thus the tort can be breach of contract. But contracts require the consent of both parties – the copyright holder, and the licensee. Real consent is indicated by signing the contract, but that doesn’t ever happen with this sort of license. Instead, there is a lesser indication of consent by the action of using, distributing, or modifying the software.

      • Openness/Sharing/Collaboration

        • Open Source Seed, a Hoax or a Wake-Up Call?

          “Open source” is a trend in various industries. It started to take root in the software industry (Mozilla), followed by biotechnology (CAMBIA) and publishing, where the creative commons concepts have taken root. Several of these trends are based in an opposition against corporate power generated by exclusive rights provided by patents and copyright. Others have a positive goal, i.e. to enhance participation by a much wider population to generate, validate and share information (e.g. Wikipedia).

          The seed sector has a very good story to tell with regard to its contributions to societal goals, but in parts of society, the corporate image and the use of patents create questions, so we could expect that also our sector would be challenged. It is there now. The University of Wisconsin developed an Open Source Seed Initiative several years ago, which was followed in Germany more recently. Access to “freed” plant genetic resources is made conditional to users making them available under the same “open source” conditions – that no IP is vested. The system should thus go “viral” and “force” breeders to join and thus stop protecting their products through IP.

        • Open Data

          • Satellite images and open-source programs for mapping during disasters

            A few weeks ago, the states of Assam and Bihar were reeling under floods. Over 200 people were reported dead, with at least 10 million (one crore) of the states’ residents estimated to have been displaced. To save more lives and prevent further infrastructural damage, search and rescue missions during such disasters need to be effective, and more importantly, need to be rapid.

            The answer to this may lie in space.

            Open-source access to satellite images and new technologies to process these images have been a significant breakthrough to help document the true extent of flooding. Getting this information in time is key to plan and conduct evacuation missions, response operations and damage assessments.

            The European Space Agency (ESA)’s Sentinel-1 mission and the web-based Google Earth Engine (GEE) platform are two recent developments that have helped timely capture and analysis of satellite information.

            A research team from the Indian Institute for Human Settlements (IIHS) used this combination (Sentinel and GEE) to come up with an illustrative example of how such mapping can be used in the future to help in rescue missions, through accurate mapping of flood extents.

        • Open Hardware/Modding

          • Open Source Hardware Trends, Arm Takes a Different Tack

            The open-source movement that has driven software innovation is now creating a buzz in the microprocessor realm, thanks to the growing popularity of open-source microprocessor instruction set architecture RISC-V. Although the term “open source” conveys sentiments such as research sharing and community building, leading semiconductor IP provider Arm, which supports 95 percent of smartphone embedded processors, is not a fan.

            Synced recently sat down with Rhonda Dirvin, who is Arm’s senior director of Embedded, IoT and Automotive Marketing. Dirvin believes today’s open source hardware landscape is not as simple and straightforward as it may seem: “We’re starting to see some people say free is not free. Because at the end of the day they have to look at what it takes to verify that and what it takes to implement the instruction or architecture. You don’t have the whole ecosystem out there that supports it the way that you do with Arm or some of the other more established vendors.”

      • Programming/Development

        • Xilinx unveils open source FPGA platform

          The Vitis unified software platform from FPGA vendor Xilinx is the result of five-year project to create software development tools using familiar languages like C++ and Python to develop a wide range of applications for its reprogrammable chip.

        • Listen: How ActiveState is tackling “dependency hell” by providing enterprise-level support for open source programming languages [Podcast]

          “Open source back in the late nineties – and even throughout the 2000s – was really hard to use,” ActiveState CEO Bart Copeland says. “Our job,” he continues, “was to make it much easier for developers to use open source and much easier for enterprises to use open source.”

        • 10 open source projects proving the power of Google Go

          Now 10 years in the wild, Google’s Go programming language has certainly made a name for itself. Lightweight and quick to compile, Go has stirred significant interest due to its generous libraries and abstractions that ease the development of concurrent and distributed (read: cloud) applications.

          But the true measure of success of any programming language is the projects that developers create with it. Go has proven itself as a first choice for fast development of network services, software infrastructure projects, and compact and powerful tools of all kinds.

        • The Eclipse Foundation Launches The Eclipse Cloud Development Tools Working Group for Cloud Native Software

          The Eclipse Foundation today announced the launch of the Eclipse Cloud Development Tools Working Group (ECD WG), a vendor-neutral open source collaboration that will focus on development tools for and in the cloud. The ECD WG will drive the evolution and broad adoption of emerging standards for cloud-based developer tools, including language support, extensions, marketplaces, and developer workspace definition. Founding members of the ECD WG include Broadcom, EclipseSource, Ericsson, IBM, Intel, Red Hat, SAP, Software AG, and Typefox among many others.

        • You cannot cURL under pressure

          With cURL having this many features (with the general mass of them being totally unknown to me, let alone how you use them) got me thinking… What if you could do a game show style challenge for them?

        • Follow-up on ‘ASCII Transliteration without ICU or iconv’

          By an anonymous commenter, I got pointed to that Unicode (in Qt) is slightly more complicated than I had considered when writing the code: I missed to handle planes beyond the Basic Multilingual Plane (BMP) and the ‘surrogates’ between code points 0xD800 and 0xDFFF. In a series of recently pushed Git commits I addressed problem of surrogates and fixed some more issues. Some preparatory work has been done to support more planes in the future, but as of now, only the BMP is supported. For details, please have a look at the five commits posted on 2019-10-12.

    • Leftovers

      • Augmented reality (AR) vs. virtual reality (VR): What’s the difference?

        However, AR and VR today are two distinct things – more like cousins than twins. VR gets much more coverage and AR can be more nebulous given the various ways in which it can be deployed, says Leon Laroue, technical product manager of augmented reality solutions for Epson. “For people who’ve never actually seen an AR or VR device, it’s very easy to assume everything is VR.”

        [...]

        “At a high level, AR applications are best suited for use cases where users need to be connected to and present in the real world,” Laroue explains. Some AR enterprise solutions include remote assistance, on-the-job training, remote collaboration, and computer-assisted tasks.

        “In our research of both technologies, we have found AR to be well-suited for industrial use cases, particularly workforce training and product maintenance,” says Michael M. Campbell, executive vice president, augmented reality products, at PTC. In particular, companies that are facing knowledge gaps and expertise loss as workers retire are capturing that knowledge digitally and sharing it with less-experienced workers via AR tools.

      • Security (Confidentiality/Integrity/Availabilitiy)

        • Critical remote code execution flaw fixed in popular terminal app for macOS

          A security audit sponsored by Mozilla uncovered a critical remote code execution (RCE) vulnerability in iTerm2, a popular open-source terminal app for macOS. The flaw can be exploited if an attacker can force maliciously crafted data to be outputted by the terminal application, typically in response to a command issued by the user.

        • Patch now, Mac users: Critical 7-year-old flaw in open-source macOS app iTerm2

          Any developers or admins using the iTerm2 app should install the available patch immediately, judging by Mozilla's description, and it sounds like the bug could be exploited in as yet unknown ways.

          "An attacker who can produce output to the terminal can, in many cases, execute commands on the user's computer," Mozilla's Tom Ritter writes.

        • iTerm2 issues emergency update after MOSS finds a fatal flaw in its terminal code

          The author of popular macOS open source terminal emulator iTerm2 has rushed out a new version (v3.3.6) because prior iterations have a security flaw that could allow an attacker to execute commands on a computer using the application.

          The vulnerability (CVE-2019-9535) was identified through the Mozilla Open Source Support Program (MOSS), which arranged to audit iTerm2 under its remit to review open source projects for security problems. A third-party security biz, Radically Open Security, performed the audit.

        • WireGuard Snapshot `0.0.20191012` Available
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA256
          
          

          Hello,

          A new snapshot, `0.0.20191012`, has been tagged in the git repository.

          Please note that this snapshot is a snapshot rather than a final release that is considered secure and bug-free. WireGuard is generally thought to be fairly stable, and most likely will not crash your computer (though it may). However, as this is a snapshot, it comes with no guarantees; it is not applicable for CVEs.

          With all that said, if you'd like to test this snapshot out, there are a few relevant changes.

          == Changes ==

          * qemu: bump default version * netns: add test for failing 5.3 FIB changes

          Kernels 5.3.0 - 5.3.3 crash (and are probably exploitable) via this one liner:

          unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234::1'

          We fixed this upstream here:

          https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26

          This is relevant to WireGuard because a very similar sequence of commands is used by wg-quick(8).

          So, we've now added some tests to catch this code path in the future. While the bug here was a random old use-after-free, the test checks the general policy routing setup used by wg-quick(8), so that we make sure this continues to work with future kernels.

          * noise: recompare stamps after taking write lock

          We now recompare counters while holding a write lock.

          * netlink: allow preventing creation of new peers when updating

          This is a small enhancement for wg-dynamic, so that we can update peers without readding them if they've already been removed.

          * wg-quick: android: use Binder for setting DNS on Android 10

          wg-quick(8) for Android now supports Android 10 (Q). We'll be releasing a new version of the app for this later today.

          This snapshot contains commits from: Jason A. Donenfeld and Nicolas Douma.

          As always, the source is available at https://git.zx2c4.com/WireGuard/ and information about the project is available at https://www.wireguard.com/ .

          This snapshot is available in compressed tarball form here: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.xz SHA2-256: 93573193c9c1c22fde31eb1729ad428ca39da77a603a3d81561a9816ccecfa8e BLAKE2b-256: d7979c453201b9fb6b1ad12092515b27ea6899397637a34f46e74b52b36ddf56

          A PGP signature of that file decompressed is available here: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.asc Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

          If you're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot.

          Finally, WireGuard development thrives on donations. By popular demand, we have a webpage for this: https://www.wireguard.com/donations/

          Thank you, Jason Donenfeld
        • WireGuard 0.0.20191012 Released With Latest Fixes

          WireGuard is still working on transitioning to the Linux kernel's existing crypto API as a faster approach to finally make it into the mainline kernel, but for those using the out-of-tree WireGuard secure VPN tunnel support, a new development release is available.

        • SafeBreach catches vulnerability in controversial HP Touchpoint Analytics software

          Now the feature is embroiled in another minor controversy after security researchers at SafeBreach said they uncovered a new vulnerability. HP Touchpoint Analytics comes preinstalled on many HP devices that run Windows. Every version below 4.1.4.2827 is affected by what SafeBreach found.

          In a blog post, SafeBreach Labs security researcher Peleg Hadar said that because the service is executed as "NT AUTHORITY\SYSTEM," it is afforded extremely powerful permissions that give it wide access.

          "The CVE-2019-6333 vulnerability gives attackers the ability to load and execute malicious payloads using a signed service. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass Signature Validation Bypassing," Hadar wrote.

          [...]

          The company has long had to defend HP Touchpoint Analytics against critics who say it gives HP unnecessary access to users' systems. When it first became widely noticed in 2017, dozens of users complained that they had not consented to adding the system.

        • Security Tool Sprawl Reaches Tipping Point
        • How trusted digital certificates complement open source security

          Application developers incorporating open source software into their designs may only discover later that elements of this software have left them (and their customers) exposed to cyber-attacks.

        • Securing the Container Supply Chain
      • Defence/Aggression

        • Turkish ISP Blocks Social Media Sites Near Syrian Border [iophk: preparations for warcrimes and probably genocide]

          Turkey restricted access to Facebook, Instagram, Twitter, and WhatsApp in at least three cities in the southern part of the country for about 48 hours earlier this week as it launched an attack on northern Syria, according to data collected by civil society group NetBlocks and reviewed by WIRED. Turkey moved against Kurdish forces in northern Syria Wednesday, launching an air and ground assault on a militia allied with the US days after President Donald Trump pulled US troops out of the area.

          Turks close to the border rely on those social media services to access and share uncensored [sic] news.

        • Christian Communities in Northeast Syria Are the Target of a Turkish Attack

          Turkey plans to use the Syrian National Army, an alliance of Islamist rebels, for its operations in Northern Syria. The Army of Islam, one of the members of the Syrian National Army, has paraded around hostages from Syria's religious minorities in cages. Its late leader, Zahran Alloush, once referred to some minorities as "filth" that should be "cleansed," although he walked back the rhetoric in a later interview.

          "Turkey can only expand outside its current borders by embracing a religious agenda," Ishak claimed. "What would bring together a Syrian, a Kurd, an Arab, and a Turk together like it was during the Ottoman Empire? It's the religious identity."

          Ishak, Vergili and the Assyrian Policy Institute's statement all accused Turkey of backing ISIS.

        • Clarion Special Report: NY’s Sharia Patrol

          This is where things got interesting. He went on to say that the patrol presence was needed not just for protecting mosques, but also to stop people— Muslim people, in particular—from doing what was harmful and what the Quran considers haram, or forbidden, for Muslims.

          Abdul remembered Wahhaj saying, “The mosques need protection and the MCP cars can help stop people who were not following the rules and regulations of the sharia, doing what they’re not supposed to be doing, but still doing it.”

          That is, they were there to physically enforce “laws” that were not U.S. or New York laws.

        • 300 terrorists active in Kashmir, 500 receiving training in camps at PoK: Gen Ranbir

          [...] He said Pakistan is in a fix over the situation and is trying different ways to send in the weapons. Speaking to mediapersons in Bhaderwah, Singh also refuted reports about infiltration of Afghan militants into the valley. Terrorists are facing a shortage of weapons in Kashmir. So they try to snatch weapons from Special Police Officers (SPO) or loot them from police stations, the Army commander said. Even Pakistan has been caught in a difficult situation so it uses various ways to provide weapons to the terrorists in Kashmir, he said. [...]

        • France to Curtail Some Arms Exports to Turkey

          The Latest on Turkey’s military offensive into northeastern Syria against Syrian Kurdish fighters...

      • Environment

        • Sea levels are rising, so why is coastal construction?

          Yet coastal development, not retreat from rising sea levels, is still ascendant here and in other communities along America’s southeastern coast. The pattern is fueled by money, by age-old human affinity for “blue spaces,” and by government policies such as flood insurance that can subsidize risky residences.

          Now it’s an uneven real estate market. Many at-risk homes are losing value even as others are snapped up. One home near Mr. Cobau’s is being demolished due to frequent flooding. Another just sold for $1 million. Other owners are seeking approval to elevate their homes.

          “The majority of people’s retirement savings is the equity in their house,” says Ryan Lewis, a University of Colorado sea level expert. “And if you think about the timeline of [sea level rise] and people’s savings, those things are converging.”

        • Tokyo Area Shuts Down as Powerful Typhoon Lashes Japan

          A heavy downpour and strong winds pounded Tokyo and surrounding areas on Saturday as a powerful typhoon forecast to be Japan’s worst in six decades made landfall and passed over the capital, where streets, nearby beaches and train stations were long deserted.

      • AstroTurf/Lobbying/Politics

        • Elizabeth Warren targets Facebook's ad policy -- with a Facebook ad [iophk: once again she omits Microsoft from her list of offenders]

          The Warren ad puts Facebook in a challenging position, said Dave Karpf, an associate professor of media and public affairs at George Washington University.

          "Either Facebook doesn't touch the ad and the ad is therefore noteworthy, or they touch the ad and it's noteworthy," he said. "It's a smart tactical move."

        • AP Fact Check: Trump's Shoddy Information on Syria, Impeachment, More

          President Donald Trump spread shoddy information about Syria, the economy and matters at the heart of the impeachment inquiry against him in a week of caustic rhetoric.

        • Ecuador's Indigenous Leaders Willing to Talk After Fuel-Price Protests

          Indigenous leaders of fuel-price protests that have paralyzed Ecuador’s economy for nearly a week said Saturday they are willing to negotiate with President Lenín Moreno, signaling a possible exit from the crisis even as violence prompted the president to impose a curfew in the capital and surrounding areas.

      • Censorship/Free Speech

        • Hong Kong Protests: Apple CEO Tim Cook defends removal of app used by protesters

          Apple CEO Tim Cook, it apparently giving in to Chinese demands of removing apps used by pro-democracy protesters in Hong Kong. The company removed the HKmap.live app from its app store.

          The app was used by protesters to track police movements inside Hong Kong. The fact came to light after the Communist Party of China owned newspaper China Daily accused the company of listing the app in its App Store.

        • Exclusive: CEO of world’s largest e-sports firm ESL warns staff not to discuss Hong Kong protests

          In September, ESL announced that it was forming a partnership with Huya, a Chinese streaming service backed by Chinese internet conglomerate Tencent. Huya pledged to buy US$30 million (HK$235 million) in ESL shares. The partnership was expected to expand ESL’s access to China’s huge competitive gaming market.

          When asked by HKFP if it was concerned about its China market, and whether it respected free speech, a spokesperson said ESL maintains social media policies for staff.

      • Privacy/Surveillance

        • How Photos of Your Kids Are Powering Surveillance Technology

          The pictures of Chloe and Jasper Papa as kids are typically goofy fare: grinning with their parents; sticking their tongues out; costumed for Halloween. Their mother, Dominique Allman Papa, uploaded them to Flickr after joining the photo-sharing site in 2005.

          None of them could have foreseen that 14 years later, those images would reside in an unprecedentedly huge facial-recognition database called MegaFace. Containing the likenesses of nearly 700,000 individuals, it has been downloaded by dozens of companies to train a new generation of face-identification algorithms, used to track protesters, surveil terrorists, spot problem gamblers and spy on the public at large.

        • Chinese app on Xi Jinping's ideology allows data access to 100 million users' phones: Report

          The Chinese Communist Party appears to have "super-user" access to all the data on more than 100 million cellphones, owing to a back door in a propaganda app that the government has been promoting aggressively this year.

          An examination of the code in the app shows it enables authorities to retrieve every message and photo from a user's phone, browse their contacts and Internet history, and activate an audio recorder inside the device, according to a US-funded analysis.

          [...]

          The app collects and sends detailed log reports on a daily basis, containing a wealth of user data and app activity, the investigation found.

      • Freedom of Information / Freedom of the Press

        • WBAI Signs Off. Its Future Remains Uncertain.

          On Monday, October 7, at around 7 am, WBAI-NY essentially went off the air. A small group organized at the direction of the Pacifica Foundation’s Interim Executive Director John Vernile (who’d only been the job for two months) threw the staff out of the WBAI studios in Brooklyn, handed them termination letters, posted a guard at the door, and switched WBAI programming to a feed from Pacifica’s KPFA station in Berkeley, California. In a style that would make a CIA destabilization crew proud, they went through the station, disconnected computers and the soundboard, placing them in inner rooms with padlocks, took out the Emergency Alert system (required for all broadcast facilities), and told the landlord that the studio would be unoccupied within 24 hours. She was advised to find a new tenant.

          Vernile had given instructions to the facility that housed the station’s antenna, which broadcast at 99.5 FM, to bar any WBAI staff. The WBAI website was redirected to a page that announced that programming would now emanate from Pacifica Across America, presenting the “best” of programming from other Pacifica stations.

          By the close of October 7, WBAI’s Local Station Board (Pacifica has both a National Board and Local Station Boards) had gotten a temporary restraining order barring the takeover, but Pacifica refused to comply. As a contempt-of-court hearing was about to be begin, Pacifica’s lawyers moved the case to Federal Court in Manhattan. Litigation continues.

      • Civil Rights/Policing

        • Nadia Murad and Amal Clooney want ISIS to face Nuremberg-like trials

          Her path to the Nobel Peace Prize began when she joined an activist group in Germany. It took her to the U.N., where she became a human rights ambassador and then wrote a book. The U.N. recognizes the genocide that happened to the Yazidis, but there are more steps to secure a trial. Clooney agreed to help.

          "I saw it as a test of the international system. It was so egregious because it involved ISIS and involved a clear case of genocide. It involved sexual slavery at a scale that we haven't seen in modern times," says Clooney. "I thought if the U.N. can't act in this case then what does the international rule of law even mean?"

        • When Cops Aren’t The Answer to 911 Calls

          The Eugene CAHOOTS team shows up in work boots, jeans and T-shirts — and without police officers — in response to 911 calls diverted to the program.

          "That difference in uniforms can assist folks with letting their guard down and being open to accepting the help that is being offered," said Tim Black, the Eugene CAHOOTS' operations coordinator.

          For people with a history of volatile arrests often while in mental health crisis, this could make treatment more accessible, less traumatic and safer. One in 4 deaths from police shootings represent people with mental illness, according to the Treatment Advocacy Center.

        • Are We Sure Women Aren't Too Fragile To Have The Vote?

          What's now criminal is being male. All you need to be is male and accused of something, whether or not it fits any definition of a crime. It sounds unbelievable, but it's increasingly the case.

        • Defining ‘True Islam’ Is Harder Than Progressives Think

          As a review of the book published on Qaradawi’s own website (islamonline.net) explains, jihad is not about “spiritual values and behavioral virtues”; it is an armed struggle, and that “without jihad, the Ummah’s boundaries will be violated, the blood of its people will be as cheap as dust, its sanctuaries will be less worthy than a handful of desert sand, and it will be insignificant in the eyes of its enemies.”

          Qaradawi’s work, by the way, is frequently cited by leading American clerics.

          A 200-year-old book republished in 2016 by Al-Azhar — the most important Islamic seminary in the world — only refers to jihad as an “armed struggle.” And when, as NPR put it in 2003, “around the Muslim world, mainstream Muslim clerics are calling on their followers to make jihad, or holy war, against American troops” in Iraq, were they only asking for Muslims to practice a quiet internal struggle?

        • Young girls forced into sick ‘pleasure marriages’ with dozens of men

          Rusul has been married dozens of times — some marriages lasting just three hours.

          Each time, she’s given a dowry — which can be around $360 — and is forced into a quick wedding ceremony, after which she is expected to have sex with her new husband.

          But her spouses — usually old men — can be violent, with some forcing her to perform their favourite sex acts even when she resists.

          And the marriages always have an end date, leaving Rusul alone following the horrendous assaults.

          The brave teen appears in a new BBC documentary that shines a light on the illegal practice of “pleasure marriage” and how it’s being used to pimp out vulnerable girls in war-torn Iraq. Obviously, the vast majority of Muslims find the practice absolutely abhorrent.

        • Calls to end early marriages dominate Day of the Girl child

          The day, aimed at highlighting the needs and challenges girls face, while promoting girls’ empowerment and fulfilment of their human rights, was observed on Friday under the theme “Girl Force: Unscripted and Unstoppable “. The celebrations were held at Kasana playground in Luweero town.

          At the function, girls and activists decried rampant early marriages, teenage pregnancies and other sexual abuses which have led girls to drop out of school. Shalom Kaitesi, a Senior three student of Janan Secondary School in Luweero said that two of her friends were forced into marriage.

        • The Foreign Office Must Be Challenged Over Sacoolas’ Immunity
      • Monopolies

        • #DeleteUber for Good

          California’s passage of Assembly Bill 5 (AB-5) would effectively force Uber and its many “gig economy” imitators to recognize their workers as employees and, unsurprisingly, they’re doing everything they can stop it. It’s time to bring back the #DeleteUber campaign for good this time — and expand it to Lyft, DoorDash, and all the rest.

        • Copyrights



Recent Techrights' Posts

Comparing U.E.F.I. to B.I.O.S. (Bloat and Insecurity to K.I.S.S.)
By Sami Tikkanen
New 'Slides' From Stallman Support (stallmansupport.org) Site
"In celebration of RMS's birthday, we've been playing a bit. We extracted some quotes from the various articles, comments, letters, writings, etc. and put them in the form of a slideshow in the home page."
Thailand: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter
Desktop Operating System Market Share Thailand
António Campinos is Still 'The Fucking President' (in His Own Words) After a Fake 'Election' in 2022 (He Bribed All the Voters to Keep His Seat)
António Campinos and the Administrative Council, whose delegates he clearly bribed with EPO budget in exchange for votes
Adrian von Bidder, homeworking & Debian unexplained deaths
Reprinted with permission from Daniel Pocock
Sainsbury’s Epic Downtime Seems to be Microsoft's Fault and Might Even Constitute a Data Breach (Legal Liability)
one of Britain's largest groceries (and beyond) chains
 
People Don't Just Kill Themselves (Same for Other Animals)
And recent reports about Boeing whistleblower John Barnett
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 18, 2024
IRC logs for Monday, March 18, 2024
Suicide Cluster Cover-up tactics & Debian exposed
Reprinted with permission from Daniel Pocock
Gemini Links 19/03/2024: A Society That Lost Focus and Abandoning Social Control Media
Links for the day
Matthias Kirschner, FSFE: Plagiarism & Child labour in YH4F
Reprinted with permission from Daniel Pocock
Linux Foundation Boasting About Being Connected to Bill Gates
Examples of boasting about the association
Alexandre Oliva's Article on Monstering Cults
"I'm told an earlier draft version of this post got published elsewhere. Please consider this IMHO improved version instead."
[Meme] 'Russian' Elections in Munich (Bavaria, Germany)
fake elections
Sainsbury's to Techrights: Yes, Our Web Site Broke Down, But We Cannot Say Which Part or Why
Windows TCO?
Plagiarism: Axel Beckert (ETH Zurich) & Debian Developer list hacking
Reprinted with permission from Daniel Pocock
Links 18/03/2024: Putin Cements Power
Links for the day
Flashback 2003: Debian has always had a toxic culture
Reprinted with permission from Daniel Pocock
[Meme] You Know You're Winning the Argument When...
EPO management starts cursing at everybody (which is what's happening)
Catspaw With Attitude
The posts "they" complain about merely point out the facts about this harassment and doxing
'Clown Computing' Businesses Are Waning and the Same Will Happen to 'G.A.I.' Businesses (the 'Hey Hi' Fame)
decrease in "HEY HI" (AI) hype
Free Software Needs Watchdogs, Too
Gentle lapdogs prevent self-regulation and transparency
Matthias Kirschner, FSFE analogous to identity fraud
Reprinted with permission from Daniel Pocock
Gemini Links 18/03/2024: LLM Inference and Can We Survive Technology?
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 17, 2024
IRC logs for Sunday, March 17, 2024
Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
Links for the day
Molly Russell suicide & Debian Frans Pop, Lucy Wayland, social media deaths
Reprinted with permission from Daniel Pocock
Our Plans for Spring
Later this year we turn 18 and a few months from now our IRC community turns 16
Open Invention Network (OIN) Fails to Explain If Linux is Safe From Microsoft's Software Patent Royalties (Charges)
Keith Bergelt has not replied to queries on this very important matter
RedHat.com, Brought to You by Microsoft Staff
This is totally normal, right?
USPTO Corruption: People Who Don't Use Microsoft Will Be Penalised ~$400 for Each Patent Filing
Not joking!
The Hobbyists of Mozilla, Where the CEO is a Bigger Liability Than All Liabilities Combined
the hobbyist in chief earns much more than colleagues, to say the least; the number quadrupled in a matter of years
Jim Zemlin Says Linux Foundation Should Combat Fraud Together With the Gates Foundation. Maybe They Should Start With Jim's Wife.
There's a class action lawsuit for securities fraud
Not About Linux at All!
nobody bothers with the site anymore; it's marketing, and now even Linux
Links 17/03/2024: Abuses Against Human Rights, Tesla Settlement (and Crash)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 16, 2024
IRC logs for Saturday, March 16, 2024
Under Taliban, GNU/Linux Share Nearly Doubled in Afghanistan, Windows Sank From About 90% to 68.5%
Suffice to say, we're not meaning to imply Taliban is "good"
Debian aggression: woman asked about her profession
Reprinted with permission from Daniel Pocock
Gemini Links 17/03/2024: Winter Can't Hurt Us Anymore and Playstation Plus
Links for the day