Bonum Certa Men Certa

Links 22/10/2019: Pacman 5.2, Shame of Disney+ DRM, Microsoft's DRM Scheme, Microsoft Reprimanded for Privacy Abuses



  • GNU/Linux

    • Samsung Kills ‘Linux on DeX’ With Android 10 Rollout

      Samsung will no longer provide support for the program for future operating systems and devices.

    • Samsung Linux on DeX is dead, here are open source alternatives

      Over the weekend, Samsung sent a relatively small number of its customers an email that they probably didn’t want to read on a weekend or on a weekday. The company was put its Linux on DeX beta program to rest and not because it was graduating to a stable release. On the contrary, Samsung was ending the program completely. It may have had a small number of users but LoD, as it was known, was well-loved by those because of what it enabled. Fortunately, there are other ways to carry on that promise in a hopefully more sustainable and more future-proof way.

      There are actually two things involved here as the name may suggest, neither of which are actually intrinsically dependent on the other. The first is DeX, which is Samsung’s makeshift desktop experience that runs only on a large screen, either directly on a tablet or via an external screen in the case of phones. Despite looking like a conventional desktop, you are still running Android, just with a different home screen and with windowed apps by default.

    • Samsung's 'Linux on DeX' project shuts down after just 11 months

      The desktop environment that turns your Samsung phone or tablet into a PC when connected to an external display, nicknamed 'DeX,' has been around for a while now. Nearly a year ago, Samsung introduced the Linux on DeX beta, which could run a full Linux OS on top of DeX. Sadly, the project seems to have been discontinued.

      Samsung is sending out an email to testers explaining that the beta program has ended, and that Linux on DeX will not be supported on devices running Android 10...

    • Samsung won't support Linux on DeX in Android 10

      The beta programme allowed users to run an entire Linux distro on their Samsung device, using the company's DeX feature to connect it to an external monitor and keyboard to create a complete desktop computer.

      However, Samsung has announced that the Android 10 builds for its devices will remove the feature. DeX users will still be able to access a customised version of Android, but the Linux option will be gone.

      It told users in an email: "Linux on DeX will not be supported on Android 10 Beta. Once you update your device to Android OS 10, you will not be able to perform a version rollback to Android Pie. If you decide to update your device to Android 10 Beta, we recommend backing up data before updating."

    • Stephen Michael Kellat: Assessing Cord Cutting

      And then to see OMG! Ubuntu! mention today that Disney+ won’t support Linux adds to why I’m having trouble with the whole notion of shifting to streaming.

    • Disney+ incompatible with certain devices, Linux developer reveals why

      The content streaming market just welcomed another competitor that hopes to attract new subscribers. With a massive library of movies and upcoming exclusive series, Disney+ appears to be the platform to beat. However, a recent report from developers confirms that the service might not be compatible with all devices. It appears that the strict DRM built into the system is causing problems for owners of these devices. If the issue is not addressed soon, it can push users to switch to alternatives that can support their platforms.

      Among the items reportedly affected are Chromebooks, Linux PCs and some Android devices that fail to meet the DRM system's requirements. Lifehacker points out that credit for this discovery goes to Hansdegoede, a Linux developer who confirmed what causes the Disney+ compatibility matter. Based on the findings, Disney's streaming service relies on Widvine DRM. Ideally, this security measure is in place to block users from accessing content over the web on devices deemed as potential risks for unauthorised usage.

    • Disney+ Does Not Work On Linux Devices

      De Goede noticed that Disney+ would not work in any of the web browsers that he tried on systems running Fedora Linux. He tried Firefox and Chrome, and both times Disney+ threw the error "error code 83." Disney+ Support was not able to assist de Goede. It replied with a generic message stating that the error was known and that it happened often when customers tried to play Disney+ in web browsers or using certain devices. Support recommended to use the official applications on phones or tablets to watch the shows or movies. Other streaming services, e.g. Netflix, work fine on Linux.

    • Disney+ does not work on Linux devices

      Linux users who plan to subscribe to Disney's Disney+ video streaming service may have a rude awakening when they are greeted with Error Code 83 when trying to play any TV show or movie offered by Disney+ on Linux devices.

      Fedora Linux package maintainer Hans De Goede from the Netherlands decided to try out Disney+ as the service launched recently in some regions including in the Netherlands. Interested users can sign up for a free trial to test the service.

    • Happily Never After: Why Disney+ Doesn’t Support Linux (Yet)

      As many of you will no doubt know, most major online video streaming services work on Linux via Google Chrome and Firefox browsers “thanks” to DRM and the “Widevine” plugin.

      This plugin, controversial though it is, is what enables Linux desktops to access content on Netflix, Amazon Prime, and other VoD providers.

      Now, in theory, there’s no technical reason why folks can’t watch Disney+ on Linux using Widevine too (Disney+ uses it on Windows and macOS).

      Hans de Goede mailed Disney to explain his issues, which Disney said they were aware of and that their IT department was “working hard to solve”.

      But a month on from that mail there’s been zero progress.

    • Disney+ Might Not Work on Your Device

      Those looking forward to the upcoming Disney+ may want to double-check their preferred devices can actually run the streaming service in the first place. According to Linux developer Hansdegoede, Linux PCs, Chromebooks, and some Android devices are incapable of meeting Disney’s stringent DRM requirements necessary for accessing Disney+ via web browsers.

      Disney+ uses the “Widevine” DRM, which restricts access to content based on a security level between 1 (low) and 3 (high). Most streaming services only require devices meet level 1 security in order to watch (non-4K) content, but Disney+ is only accessible to devices that meet level 3. Linux, Chromebooks, and some older Android devices are only compatible with level 1, meaning all those devices are locked out of the service. Disney is aware of this issue and told Hansdegeode that the issue was being worked on back in September, but the error persists.

    • Sadly Disney+ Won’t Work on Chromebooks, Linux, & Some Android Devices Because of DRM

      If you plan to get Disney+ with the hopes of using it on a Chromebook, Linux computer, or some Android streaming players, you may be out of luck. Sadly, early testing in the Netherlands has shown Disney+ does not work on these devices.

      So why are devices like Chromebooks blocked? It seems that Disney has set its DRM (Digital Rights Management) to a very high level to help prevent piracy. Disney uses a DRM system created by Google called Widevine. The Widevine system has three different levels of security, and Disney has set their level of security all the way up to 3 according to Hasdegoede who first reported this and Cord Cutters News has later confirmed. Sadly many devices including Chromebooks and Linux do not support level 3 Widevine as their support stops at level 1.

      Google’s Widevine DRM is a widely used DVR standard for services like Google Play, Netflix, and Amazon Prime Video. This DRM standard is also why you can’t stream Netflix higher than 480p on mobile devices and some Android streaming players.

    • Desktop

      • Audio capture in Linux on Chromebooks testing about to begin in Chrome OS

        may be one of the few that wants to record audio using a Linux app on my Chromebook, but I’m going to share this news anyway. The effort to bring audio capture support to Project Crostini that started in February is nearly ready for testing, at least on a limited basis.

        ’ve tried to start my conainer with the new –enable-audio-capture argument using the Dev Channel of Chrome OS 79 but the extra parameter isn’t yet recognized. Hopefully, it arrives in the next Dev Channel update for Chrome OS.

        My specific need for audio capture is when using Audacity, an open-source audio editing tool available for Linux, as well as Windows and macOS.

    • Server

      • Kubernetes networking, OpenStack Train, and more industry trends

        As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update.

      • IBM

        • Red Hat has open source credibility: CEO Jim Whitehurst

          Red Hat’s strategy remains unchanged. We are an open source software company looking to deliver open source platforms. Every line of code we have is open source—that will continue to be true going forward. In fact, even for employee contributions, IBM changed their entire contribution policy to match that of Red Hat. The logic of the deal is more around how IBM's go-to-market capability can help us scale faster. Earlier, we just didn't have the size and the scale to really be able to deliver these huge platforms for telcos, etc. IBM is working hard to better optimize their software to run on our platforms.

          I think the biggest change really has happened over the last 6-7 years. Open source has grown from basically being used either by hobbyists, or vendors looking to build alternatives to traditional software, to being adopted by large IT users such as Google and Twitter and LinkedIn and Facebook—all of whom have started doing most of their own engineering work for their infrastructure and doing it with open source. Open source has also evolved from being a lower-cost alternative and something you might consider if you're a techie, to consume it if I want to innovate. So if you want to do Artificial Intelligence (AI) or Machine Learning (ML), you're going to use open source. If you're going to use cloud, you're going to use open source; if you're going to do analytics and Big Data, you're going to consume a lot of open source. That’s a fundamental switch in the minds of enterprises. In the context of developers, too, the vast majority of open source is coming from programmers paid by their employers.

        • How collaboration fueled a development breakthrough at Greenpeace

          We'd managed to launch a prototype of Planet 4, Greenpeace's new, open engagement platform for activists and communities. It's live in more than 38 countries (with many more sites). More than 1.75 million people are using it. We've topped more than 3.1 million pageviews.

          To get here, we spent more than 650 hours in meetings, drank 1,478 litres of coffee, and fixed more than 300 bugs. But it fell short of our vision; it still wasn't the minimum lovable product we wanted and we didn't know how to move it forward.

          We were stuck.

          Planet 4's complexity was daunting. We didn't always have the right people to address the numerous challenges the project raised. We didn't know if we'd ever realize our vision. Yet a commitment to openness had gotten us here, and I knew a commitment to openness would get us through this, too.

        • After Seven Quarters Of Growth, Power Systems Declines

          The tough compares have hit home on IBM’s Power Systems business, but the good news is that this has happened after seven consecutive quarters of growth for the Power-based server business that Big Blue owns lock, stock, and barrel. Even with this decline, which was quite steep because of the triple whammy of tough compares (more on that in a moment), there is still a healthy underlying Power Systems business that is much better off than the last time it was hit by similar declines.

          Let’s take a look at the numbers for IBM’s Power Systems division and then work our way up through its Systems group and to the company at large. According to the presentation put together by IBM’s chief financial officer, Jim Cavanaugh, to go over the numbers for the third quarter of 2019, the Power Systems division had a decline of 27 percent in constant currency (meaning growth in local currencies aggregated across those economies), with as-reported sales also being down 27 percent. In other words, currency had no effect on the overall Power Systems business even if it did impact IBM’s sales, as reported in U.S. dollars, by 1.3 percent in the period ended in September.

        • Red Hat Government Symposium: Transforming culture and creating open innovation powerhouses

          For state, local and federal government agencies, digital transformation means much more than just migrating away from legacy technology systems. It involves inspiring ideas, encouraging communication and collaboration, and empowering government employees to forge their organizations’ innovation pathways.

          That’s why we are focusing on cultural transformation at our upcoming Red Hat Government Symposium. This year’s one-day event—Open transforms: A future built on open source—will be on Nov. 12, 2019, in Washington, D.C., and will feature a stellar lineup of keynotes and panels, as well as fantastic networking opportunities with industry peers.

        • Journey to the Future of Money with Red Hat at Money 20/20

          Event season is in full swing for the Red Hat Financial services team, and this time, we are headed to the bright lights of Las Vegas to attend Money 20/20 USA, being held from October 27 - 30th. Red Hat will be attending to sponsor a number of activities and discuss the important role open source technologies play in the future of payments, money and banking activities.

    • Audiocasts/Shows

      • 2019-10-21 | Linux Headlines

        New off-line features coming to Firefox, an update on exFAT support in the Linux Kernel, why Disney+ might not stream on Linux, and the trick Pop!_OS 19.10 has up its sleeve.

      • SMLR 316: Interview with Ohio Linux Fest
      • gnu World Order 13x43

        Klaatu is back in New Zealand after the All Things Open conference in Raleigh, NC.

      • Our Trip To Texas Cyber Summit | Jupiter Extras 24

        We're back from Texas Cyber Summit with stories of new friends, great food, and our experiences from the event.

      • Deus Ex & DevOps Episode 1
      • LHS Episode #308: Ciao, Enzo

        Welcome to Episode 308 of Linux in the Ham Shack. In this short-topic episode, the hosts discuss the JOTA/JOTI weekend, Homebrew Heroes, youths as the future of amateur radio, GNU, Perl, OpenLibra, open hardware, FOSS satellites and much more. Thank you for tuning in. We appreciate you all.

      • Illustrating The Landscape And Applications Of Deep Learning

        Deep learning is a phrase that is used more often as it continues to transform the standard approach to artificial intelligence and machine learning projects. Despite its ubiquity, it is often difficult to get a firm understanding of how it works and how it can be applied to a particular problem. In this episode Jon Krohn, author of Deep Learning Illustrated, shares the general concepts and useful applications of this technique, as well as sharing some of his practical experience in using it for his work. This is definitely a helpful episode for getting a better comprehension of the field of deep learning and when to reach for it in your own projects.

    • Kernel Space

      • Graphics Stack

        • RLSL Allows Running A Subset Of Rust On Vulkan/SPIR-V Enabled GPUs

          There was a recent Khronos meet-up in Munich where Maik Klein of Embark Studios talked about their work on bringing a sub-set of the Rust programming language to Vulkan (SPIR-V) enabled GPUs.

          RLSL is the project being worked on by the Swedish game studio for opening up Rustlang use for GPUs to benefit from the language's same design advantages, provide a unified front-end, and being able to leverage the existing Rust ecosystem with the likes of Cargo/crates.

        • Raspberry Pi 4's V3D Driver Lands OpenGL ES 3.1 Bits In Mesa 19.3-devel

          The Broadcom "V3D" Gallium3D driver that is most notably used by the new Raspberry Pi 4 boards now is effectively at OpenGL ES 3.1 support within the newest Mesa 19.3 code.

          We've known that Igalia has been ironing out OpenGL ES 3.1 for V3D after taking over the work from Eric Anholt who left Broadcom earlier this year to go work for Google.

          Merged this past week was the OpenGL compute shader bits as the main blocker that prevented the V3D open-source Gallium3D driver from exposing GLES 3.1. Following that was a memory violation fix and then explicitly exposing OpenGL ES Shading Language 3.1. That merge request does note that a few more fixes are still needed before V3D will officially pass all of the OpenGL ES 3.1 conformance tests, but at least Mesa 19.3's code is good enough along to enable the support.

    • Microsoft

      • Euro data watchdog has 'serious concerns' as to whether EU deals with Microsoft obey GDPR

        The way Windows 10 is configured is critical, and the report concludes that if the Timeline is disabled and telemetry set to the lowest level, there are "no high data protection risks resulting from the diagnostic data collection in Windows 10".

        The Dutch report on Office 365 is less positive, particularly with regard to Office mobile apps and Office Online, for which "five high data protection risks" are identified. "Until Microsoft takes measures to mitigate these risks, government organisations should refrain from using Office Online and the mobile Office apps included in Office 365 licence," it states. There is also advice that "in order to prevent continued vendor lock-in, government organisations are advised to conduct a pilot with alternative open-source productivity software". That said, if all recommended measures are followed, "there are no more known high data protection risks for data subjects related to the collection of data about the use of Microsoft Office 365 ProPlus", it concludes.

        In July 2019, the Dutch government published a "State of Play" memo [PDF] indicating that Microsoft had largely resolved the issues which prevented Office from meeting GDPR requirements. "Microsoft has now made the most urgent changes in accordance with the improvement plan. These were tested by SLM Microsoft Rijk in June 2019 and found to be in order," it says.

        This explains why the EDPS now states that the agreement forged between Microsoft and the Dutch government is a model for the rest of the EU. "The EDPS is of the opinion that such solutions should be extended not only to all public and private bodies in the EU, which is our short-term expectation, but also to individuals."

      • EU's Microsoft probe throws up 'serious concerns' over GDPR compliance

        "Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services," it said.

      • EU data watchdog raises concerns over Microsoft contracts

        Microsoft’s (MSFT.O) contracts with European Union institutions do not fully protect data in line with EU law, the European Data Protection Supervisor (EDPS) said in initial findings published on Monday.

        [...]

        The EU introduced new rules on data protection in 2018, known as GDPR, applicable to all companies operating in the bloc and designed to give individuals more control over their personal data and to create a more level playing field for businesses.

        “We are committed to helping our customers comply with GDPR, Regulation 2018/1725 and other applicable laws,” a Microsoft spokesman said.

        “We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS.”

        The EDPS has worked with the Dutch ministry of justice, which carried out risk assessments last June and found that public authorities in member states face similar issues

        The two have since set up a forum designed to set up fair rules for public administrations.

        The EDPS said there is “significant scope” for improvement of contracts with powerful software developers and that contractual terms and technical safeguards agreed between the Dutch ministry and Microsoft were a positive step forwards.

    • Applications

      • Darktable 2.6.3 Released with New Cameras support (Ubuntu PPA)

        Darktable, open source photography workflow app and RAW developer, released version 2.6.3 today with new features, bug-fixes, and many new cameras support.

      • Proper Linux Screen Sharing Coming to Chromium & Electron Apps like Discord

        A patch to add ‘screen enumeration’ to the Chromium browser is currently pending merge upstream.

        Once this fix is accepted Chromium and Chromium-based apps (like Discord) will finally support full screen sharing on Linux in a manner similar to that on Windows and macOS.

        Not being a multi-monitor user, or someone who shares their screen often, I wasn’t aware of this particular limitation until recently.

        So I’ll explain.

      • Proprietary

        • Avast's internal network was [cracked] via a compromised VPN profile

          "The user, whose credentials were apparently compromised and associated with the IP, did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges."

        • Can the Internet of Things Prevent Colony Collapse?

          Nordic software consultant Tieto Oyj has placed sensors in two beehives in Sweden, connecting some 80,000 bees in each to the Internet. The hives send data to the off-site servers where it can be remotely accessed in real time, and soon artificial intelligence algorithms will be used to analyze the information.

        • Apple plans its own Mac processors, report claims

          Apple’s top brass is well aware that dependency for key components on third-party suppliers is a big risk. This is why it likes to have at least two suppliers for most of its components across its chain.

          It is also why the company invests deeply in proprietary technologies.

        • Apple's ARM-based Macs are probably arriving next year

          A shift to custom-based ARM chips, while bad news for Intel, would be hardly surprising. It would see Apple more closely merging its hardware efforts, and would also mean the firm no longer have to deal with issues such as Intel's ongoing processor shortages, which could see new MacBooks make it to market more quickly.

        • Apple’s Smart Glasses Could Make 2020 the Year of AR

          Apple plans other revamps for later next year, too: a Watch with sleep-tracking features and Macs that might run on custom processors, which would likely have greater efficiency and lower battery drain.

    • Instructionals/Technical

    • Games

      • Steam 'Remote Play Together' is now in Beta, allowing local multiplayer games over the net

        Today, Valve have released an exciting update to the Steam Beta Client which adds in Remote Play Together, allowing you to play local co-op, local multiplayer and shared/split screen games over the net with your friends.

        From what Valve said, it will allow up to four players "or even more in ideal conditions", meaning if you all have reasonable internet connections you might be able to play with quite a few people.

        Something that has of course been done elsewhere, although the advantage here is no extra payments or software needed as it runs right from the Steam client. It's very simply done too. Just like you would invite friends to join your online game, you invite them to Remote Play Together from the Steam Friends list and if they accept…away you go. Only the host needs to own the game too, making it easy to get going.

      • Another OpenRA preview build is up needing testing, Tiberian Sun support is coming along

        Work continues on the open source game engine OpenRA which allows you to play Command & Conquer, Red Alert and Dune 2000 on Linux and other modern platforms with support for Tiberian Sun progressing well.

        [...]

        One issue they've been dealing with is deployable units in Tiberian Sun, while OpenRA had basic support for the feature due to the Construction Yards in classic C&C it wasn't suitable for Tiberian Sun. Now though? They've overhauled it and expanded it. You can now queue up deploy commands between other orders, deployable units can be ordered to pack up and then move somewhere else as a single action too.

        Additionally, the code for aircraft and helicopter movement has also been given an overhaul to add in many of the extra features and dynamics needed for Banshees, Orcas, and Carryalls. The transport behaviour for the Carryall was also updated, with unit pick-up behaviour closer to the original game and allowing you to queue up multiple transport runs.

      • Devespresso Games join with Headup for Western release of The Coma 2: Vicious Sisters

        The Korean survival horror-adventure The Coma 2: Vicious Sisters from Devespresso Games is now getting a helping hand from publisher Headup for Western audiences.

        Also confirmed through the press emails is that The Coma 2 will be entering Steam Early Access on November 5th, with a full release expected in "Q1 2020".

      • Humble Store is doing a Female Protagonist Sale, plus the upcoming Steam sale dates leaked

        The week has only just begun and there's plenty of sales going on, with even more coming up. Let's have a little look. First up, Humble Store is doing a Female Protagonist Sale celebrating various heroines across multiple genres.

      • Kowai Sugoi Studios close up so they've made their point & click horror 'Shiver' free

        Times are tough for indies, with Kowai Sugoi Studios announcing they're closing up shop and so they've set their point and click horror title Shiver free for everyone.

        Kowai Sugoi Studios said in a blog post on the official site that this month they're shutting down, no reason for it was given but they gave their "sincere appreciation to our friends, family, and fans" for supporting them along the way. Shiver seems to be their only game, released originally back in 2017.

      • vkBasalt, an open source Vulkan post processing layer for Contrast Adaptive Sharpening

        This is an interesting open source project! vkBasalt is a new Vulkan post processing layer that currently supports Contrast Adaptive Sharpening.

        Unlike Radeon Image Sharpening, vkBasalt supports Linux and works with both NVIDIA and AMD. This isn't entirely reinventing the wheel though, as it's partly based upon the ReShade port of AMD's CAS. Still, it's fun to see what hackers are able to do with little layers like this, especially when we don't have official support.

      • Ikey Doherty Launches Open-Source Focused Game/Software Development Company

        Well known open-source figure Ikey Doherty who rose to prominence for his work on the Solus Linux distribution and then went on to work on Intel's Clear Linux project is now having his hand at game engine development.

        Ikey shared with us that he left Intel back in May to begin his new adventure: Lispy Snake. Lispy Snake is a UK software development firm that at least initially is working on a game engine and games. Given Ikey's experience, the firm is focused on leveraging open-source technologies.

      • After making Crusader Kings II free, Paradox are now giving away The Old Gods expansion

        It's been a bit of a whirlwind of Paradox news recently and we have even more to share. With a tiny amount of effort, you can get The Old Gods expansion for Crusader Kings II free.

        This is after Crusader Kings II was set free to play and Crusader Kings III was announced just like I suggested it would be.

      • Failbetter Games are upgrading owners of Sunless Skies to the Sovereign Edition next year

        Failbetter Games have announced that Sunless Skies is getting a bit of an upgrade with the Sovereign Edition and it's going to be free to existing purchasers when it's release next year.

        Part of the reason, is that it will be releasing on Consoles so they're polishing the experience up some more. It's not just a special console edition though, it's coming with a bunch of new content and various improvements to the flow of it. To release on PC at the same time as Consoles, free for existing players.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • AAB Support in Qt for Android

          Starting with Qt 5.14.0 beta2, users will notice that there are a lot fewer Qt for Android distributions than in previous versions. But don't panic: All the usual target architectures are still available! Instead of distributing a single package for each target ABI, we now have one larger package that covers all the ones we support: arm64-v8a, armv7a, x86 and x86-64.

          For users building from source, the new default is also to build for all target ABIs in one go.

          The reason for this is that Google Play is moving away from requiring the upload of multiple publisher-signed APK packages. Instead, the recommended form of distribution now is the new AAB format: An unsigned package that contains all supported target ABIs in one. Based on this, the app store will generate signed APKs that are suitable and optimized for the device issuing the request.

      • GNOME Desktop/GTK

        • GNOME sends message to 'patent trolls' and files defence against lawsuit

          The GNOME Foundation has filed a defence against the patent lawsuit it received a month ago, saying it wants to "send a message to all software patent trolls out there".

          The alleged "patent troll" in question, Rothschild Patent Imaging (RPI), sued the GNOME Foundation in September, making claims that the Linux desktop provider had infringed a patent related to the wireless distribution of images.

          In its original legal complaint, RPI said GNOME's Shotwell program infringed upon its patent as the platform wirelessly shared photos to social media, imported camera photos onto Shotwell, and filtered various photographic images by topics such as events or groups.

          In response to the patent lawsuit, the Linux desktop provider has filed three legal defences -- a motion to dismiss the case outright, an answer to the claim, and a counterclaim.

    • Distributions

      • Lightweight Linux Distros for Old Laptop (2019)

        Do not discard that old PC or laptop yet. You can use a lightweight Linux distro to make them as good as new. Some of these Linux distros are specifically for use in older machines.

        You can use any of the lightweight Linux distros and bring your old machine back to life. In as much we focus on the old distros, we do have some new releases that do not require many resources that can re-invent your old computers.

      • Clear Linux Working On A New Software Store, User Bundles Arriving Before End Of Year

        Intel developers are still working on some interesting improvements to Clear Linux itself this quarter on top of keeping up to date with the latest upstream software it packages.

        For those users of this Intel-optimized rolling-release Linux distribution, Q4'2019 is set to bring more improvements to its installer, Python 2 should finally be cleared out, the user bundles / third-party support looks like it will be ready, and they are even working on a new alternative to GNOME Software that will be focused on their bundles packaging architecture.

      • New Releases

        • Alpine 3.10.3 released

          The Alpine Linux project is pleased to announce the immediate availability of version 3.10.3 of its Alpine Linux operating system.

      • Screenshots/Screencasts

      • SUSE/OpenSUSE

        • Digital Transformation – it’s dead, Jim?

          However, digital transformation is like life – it’s an ongoing process, not something you just do once and then it’s done and dusted. A large part of digital transformation is your cloud strategy, which I wrote about fairly recently. That is also something that isn’t a one-off task, but is instead an evolving, transformational process. It was interesting to see, after speaking to attendees at the Gartner event in Frankfurt, that a number of them still hadn’t defined their cloud strategy outside of “we need to move everything to the cloud for cost savings and agility”, while some hadn’t even begun writing a cloud strategy. Looking at a chart showing the trends in Google searches for digital transformation in the US (the global trend is the same) over the past 5 years, you can see that while it trends up and then down fairly regularly, it still continues to grow on the whole. So if it’s been around for a while, why does it continue to grow, and is it still relevant?

        • New Security Tools for Application Delivery

          What if you could shut down cybercriminals’ most frequently used method of attack? At SUSE we’ve recently made a move to help you get closer to that goal.

          As you may know, SUSE recently released new versions of our application delivery solutions, SUSE CaaS Platform 4 and SUSE Cloud Application Platform 1.5. The releases contain a number of important updates and features, but the one most exciting in terms of protecting your organization is the addition of Cilium to SUSE CaaS Platform.

      • Arch Family

        • Pacman 5.2 Release

          We have a clear winner. Although I’m sure that at least half of those are in responses to bugs he created! He claims it is a much smaller proportion… And a new contributor in third.

          What has changed in this release? Nothing super exciting as far as I’m concerned, but check out the detailed list here.

          We have completely removed support for delta packages. This was a massively underused feature, usually made updates slower for a slight saving on bandwidth, and had a massive security hole. Essentially, a malicious package database in combination with delta packages could run arbitrary commands on your system. This would be less of an issue if a certain Linux distro signed their package databases… Anyway, on balance I judged it better to remove this feature altogether. We may come back to this in the future with a different implementation, but I would not expect that any time soon. Note a similar vulnerability was found with using XferCommand to download packages, but we plugged that hole instead of removing it!

        • Arch Linux's Pacman 5.2 Released - Drops Support For Delta Packages, Adds Zstd Support

          The Pacman 5.2 package manager for Arch Linux systems is now available with a variety of changes over earlier releases.

          Pacman 5.2 notably drops support for delta packages -- the ability to download what has changed between current and new versions of packages. Delta packages/updates are supposed to yield bandwidth savings and time due to only downloading the "diff" between package versions, but ultimately the current implementation didn't work out well. Pacman's delta package handling yielded minimal bandwidth savings and it turned out to be a security hole.

        • Manjaro Linux 18.1.0 Juhraya Cinnamon - Spicy but sweet

          You know how the popular saying goes. When it rains ... people drive slowly just to annoy you. But as it happens, I received a bunch of emails from people asking me two things: 1) Why have I not recently done any more Cinnamon reviews (other than Mint)? 2) When am I going to review the latest version of Manjaro 18.1 Juhraya?

          The answer to these question is: yes. At the same time! I decided to try Manjaro Cinnamon, not something I've done before, so it should be an interesting, refreshing and hopefully worthwhile exercise. The test box will be the same one I used for the Illyria Xfce test, so we can compare things in earnest - and accurately. This is an eight-book mixed Windows & Linux box, and it comes with UEFI, Intel graphics, 16 sweet partitions, and another instance of Manjaro that we won't touch in this review. Begin to start.

      • Fedora Family

        • Fedora Community Blog: Where are the team’s newcomers?

          I was wondering why, in the QA team, there are various newcomers willing to contribute, but so little interaction in the mailing list.

          If a person would like to join the QA team, like many other Fedora teams, one of the first things they are supposed to do (at least as a good practice, if not as prescribed by the team SOP) is to send an introductory email to the team’s mailing list.

          And it is simple to spot that—after the introduction email and eventually being sponsored into the FAS group—in most cases the newcomers don’t send any other mail in the following times. Why?

          I was wondering: is it ever possible that a newcomer is so skilled that he/she doesn’t need to ask any clarification to other team members? Is it possible that the documentation we have on the wiki or on docs.f.o. is sufficient to teach a newcomer all the tasks he/she is supposed to perform? How things work? No doubts? Any specific curiosity? All the processes, all the tasks, are they so clear? Wow… or… there is something strange.

      • Canonical/Ubuntu Family

        • Ubuntu release could stir the Linux pot with delighted users

          Ubuntu 19.10. Kubernetes at the edge. Integrated AI and machine learning. Those were a few of the top notes bleated out by Canonical, sounding its trumpet on October 17 with its announcement of the Ubuntu 19.10 release.

          What's the big deal? The new release accelerates developer productivity when working on AI/machine learning projects. They said the new release delivered "edge capabilities for MicroK8s." Thirdly, the release delivered "the fastest GNOME desktop performance."

          Elaborating on those top notes, the announcement looked at the Kubernetes environment: "Strict confinement ensures complete isolation and a tightly secured production-grade Kubernetes environment, all in a small footprint ideal for edge gateways. MicroK8s add-ons—including Istio, Knative, CoreDNS, Prometheus, and Jaeger—can now be deployed securely at the edge with a single command."

        • What To Do After Installing Ubuntu 19.10 Eoan Ermine

          In this traditional article special for Ubuntu 19.10 Eoan Ermine you will find my suggestions and recommendations in 3 parts, work (including date/time adjustments, productivity tools), non-work (including extensions, podcasts, RSS, codecs), and system maintenance (including CPU-X, repository setup, auto-backup). I also have suggestion for you wanting Global Menu on this Eoan Ermine OS at the end. Adjust it once and use freely everyday. Finally, I hope Ubuntu 19.10 will be your best tool you could imagine to use without worry. Happy working!

        • Ubuntu 19.10 Is Here With MicroK8s Add-Ons, GNOME 3.34 And Lots More
        • Ubuntu 19.10 Doesn't Ship With AMD Navi / Radeon RX 5700 Support Working, But Easy To Enable

          While last week's release of Ubuntu 19.10 "Eoan Ermine" is new enough for Radeon RX 5700 series support with the Linux 5.3 kernel and Mesa 19.2, it doesn't actually work out-of-the-box for these Navi graphics cards.

          While the principal driver components of the Linux kernel and Mesa3D (for RadeonSI OpenGL and RADV Vulkan) are new enough with Navi support, Ubuntu 19.10's support isn't rounded out because its linux-firmware package isn't new enough for containing the necessary Navi firmware binaries required for the open-source driver usage. So if booting a clean Ubuntu 19.10 install with Radeon RX 5700, you are likely to just see a blank screen.

        • NVIDIA GPU Operator – Simplifying AI/ML Deployments on the Canonical Platform

          Leveraging Kubernetes for AI deployments is becoming increasingly popular. Chances are if your business is involved in AI/ML with Kubernetes you are using tools like Kubeflow to reduce complexity, costs and deployment time. Or, you may be missing out!

          With AI/ML being the tech topics of the world, GPUs play a critical role in the space. NVIDIA, a prominent player in the GPU space is one of the top choices for most stakeholders in the field. Nvidia takes their commitment to the space a step ahead with the launch of the GPU Operator open-source project at Mobile World Congress LA.

        • Ubuntu Weekly Newsletter Issue 601

          Welcome to the Ubuntu Weekly Newsletter, Issue 601 for the week of October 13th – 19th, 2019.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • OmniOS Community Edition r151030y, r151028ay, r151022dw

        OmniOS Community Edition weekly releases for w/c 21st of October 2019 are now available.

      • OmniOS r151030y Brings Microcode Updates For Intel, Zen Topology Updates For AMD

        OmniOS Community Edition remains one of the few successful Illumos/Solaris operating systems outside Oracle. OmniOS CE r151030y was released today along with other older build updates to address the recent sudo vulnerability.

        Besides correcting the recent sudo security vulnerability, OmniOS r151030y has updated its bundled Intel CPU microcode bundle against a newer Intel snapshot, there are improvements to AMD processor topology detection, improved compatibility with Linux's getsockopt() within LX Zones, and other fixes.

      • Events

        • CopyleftConf 2020

          A week before Software Freedom Conservancy had announced the CopyleftConf 2020. The conference is going to take place on 3 February 2020, Monday, in Brussels, Belgium.

          The first edition of CopyleftConf took place in February 2019. One can have a look at the videos here The organizers do plan it after Fosdem.

        • The fight to get home from Oggcamp 2019

          I’d heard that parking in Manchester was not only a nightmare and that you would have to sell your children into slavery to pay the parking fee for a few hours so with that in mind I decided to use the train. Now to get to Manchester by car from my house

          takes around an hour and a half so long as you stick within the speed limit. My train was set to eat two and a half hours from my lifes timeline, but I felt it was a small price to pay given I was only going to do one day of a two-day event.

          My journey to Oggcamp started at 6.55 am the train took me to Birmingham New Street, where I was due to change for the onward train to Manchester, on the way up to Birmingham, we stopped at Wolverhampton train station. My connection was on-time, and I made myself as comfortable as possible in my reserved seat. To my horror, a rather large gentleman poured himself into the seat next to me and mine if truth be told. We set off heading back the way we came and just for the fun of it and to wind me up a little our first stop was, yes, you guessed it, Wolverhampton train station. I could see the next two hours were going to be a bundle of joy as I tried to look at my phone while feeling that I was confined in an invisible straight jacket if only that were the extent of my problems. Mr Creosote decided that after consuming his breakfast which he had brought on board, it was now time to have a little sleep. “What’s wrong with that?” I hear you ask. Mr Creosote promptly started to snore like farmer Giles’s prized Gloucestershire Old Spot pig. Two hours later, frazzled we arrived in Manchester Mr Creosote had been kind enough to wake up in Macclesfield just enough time for my bladder to fill to bursting along with my fit to burst brain after all that snoring. Oh, and I forgot to mention the lad opposite who while sat underneath a sign saying “Please be considerate to those around you” played videos of South Park amongst other things at full volume on his phone. Never heard of headphones arsehole?

        • FOSDEM 2020 IoT Devroom Call for Proposals

          FOSDEM (Free & Open-source Software Developers’ European Meeting) takes place every year in Brussels, Belgium on the first weekend of February.

      • Web Browsers

        • Mozilla

          • Firefox 70 Is Now Available to Download with Fresh New Look, Extended Dark Mode

            Judging by the version number, you would think that Firefox 70 is a massive update to the open-source and cross-platform web browser built by Mozilla, but it's not really a major release. However, it does bring some a fresh new look for its icon, new welcome screen, and an extended dark mode for the built-in pages.

            So the first thing you'll notice after installing Firefox 70, which you can download right now for GNU/Linux, macOS, and Windows systems, it's the new Firefox icon that was unveiled by Mozilla a few months ago. In addition, you'll notice that all of Firefox's built-in pages now follows the system dark mode preference and a new welcome screen will help you setup Firefox faster.

          • Quickly Alter Typography with Firefox Font Editor

            Fonts and typography are at the heart of design on the web. We now have powerful tools to inspect, understand, and design our typography in the browser. For instance, have you ever landed on a web page and wondered what fonts are being used? Then, have you asked yourself where those fonts come from or why a particular font isn’t loading?

            The font editor in Firefox provides answers and insights. You gain the ability to make font changes directly, with a live preview. As for me, I use the editor for understanding variable fonts, how they work, and the options they expose.

          • Nate Weiner, formerly CEO of Pocket, to take expanded role at Mozilla focused on New Markets

            Nate Weiner, founder and CEO of Pocket, has been promoted to SVP of a new product organization, New Markets, at Mozilla. The New Markets organization will be working to expand and scale Mozilla’s product portfolio alongside the Firefox and Emerging Technologies teams. The Pocket and Emerging Markets teams will live within the New Markets organization.

      • SaaS/Back End/Databases

        • Open source database use is a growing trend

          Open source databases are a growing segment of the overall database management system market, but according to a new survey, users are working with multiple databases adapted for specific purposes and not looking at single databases as multi-purpose.

          The Open Source Data Management Software survey was conducted by Percona, a vendor based in Raleigh, N.C. that provides supported versions of multiple open source database platforms including PostgreSQL, MySQL and MongoDB.

          Some 92% of survey respondents saying they are using multiple database technologies, with 89% using more than one open source database platform. The study, conducted earlier this year, also found that cloud deployments are a growing trend, with more than 50% running at least one workload in the public cloud.

          "It's hard for one database to do everything well, so the trend is definitely to use the best database for the job, rather than try and fit into a single technology," said Matt Yonkovit, chief experience officer at Percona.

      • Sourcehut Q3 2019 Financial report

        In summary, Sourcehut is financially healthy, with an operating monthly profit of about $1,038. Slowed growth in Q2 picked back up in Q3, to levels similar to Q1. Though perpetual growth is not a goal of Sourcehut, growth does help us accomplish our goals. One of these goals is to sponsor members of the open-source community to work on self-directed projects - a goal which was met for Q4, when Simon Ser will be joining us. My goals for future growth are:
        Investing in additional hardware and resources
        Marketing & outreach
        Investing in the broader open-source ecosystem
        Thank you for your support in the alpha. I’m looking forward to continuing to serve you.

    • Programming/Development

      • GCC 10 Switches Arm's Scheduling-Pressure Algorithm For Better Performance

        A minor optimization was merged into GCC 10 last week for benefiting those on Arm compiling their code with the GNU Compiler Collection.

        Prominent Arm toolchain developer Wilco Dijkstra of Arm has changed the default scheduling-pressure algorithm used by their back-end with GCC

      • GCC 10 Has C++20 Concepts Support In Order

        Concepts is one of the big features of the forthcoming C++20 that extends the language's templates functionality to add type-checking to templates and other compile-time validation. The existing concepts support in GCC was updated to reflect differences between the years old technical specification and the version being introduced as part of C++20.

        After review, that C++20 concepts support was merged earlier this month for GCC 10 as well as the libstdc++ updates.

      • Qt 3D Will Still Be Improved On Alongside Qt Quick 3D

        While Qt Quick 3D has been talked up a lot recently with The Qt Company's plans for that new 3D module inside the current Qt5 and future Qt6 tool-kits, Qt 3D itself is not going away.

        Qt Quick 3D will offer 3D support to Qt Quick via QML and C++ APIs but the existing Qt 3D support isn't going to be eliminated and in fact will be improved upon as we near the Qt 6.0 release in about one year's time.

      • The Future of Qt 3D

        As you will have read, a new module called Qt Quick 3D will begin offering 3D capabilities to Qt Quick via a QML API (and a planned C++ API for Qt 6). What does this mean for Qt 3D and where will it fit in the Qt ecosystem? Hopefully this blog post and the following one will help answer that question as well as give some insights into what we are working on in Qt 3D. This blog post will focus on the changes coming with Qt 5.x and the following article will details some of the research we are doing to improve Qt 3D on the Qt 6 timescale.

      • Qt 3D: One too many threads

        Qt 3D makes heavy use of threads, as a way to spread work across CPU cores and maximize throughput, but also to minimize the chances of blocking the main thread. Though nice on paper, the last case eventually leads to added complexity. Sometimes, there are just one too many threads.

        In the past, we’ve been guilty of trying to do too much within Qt 3D rather than assuming that some things are the developer’s duty. For instance there was a point in time where we’d compare the raw content of textures internally. The reason behind that was to handle cases where users would load the same textures several times rather than sharing one. This led to code that was hard to maintain and easy to break. Ultimately it provided convenience only for what can be seen as a misuse of Qt 3D, which was not the the original intention.

        We had similar systems in place for Geometries, Shaders… Part of the reason why we made such choices at the time was that the border between what Qt 3D should or shouldn’t be doing was really blurry. Over time we’ve realized that Qt 3D is lower level than what you’d do with QtQuick. A layer on top of Qt 3D would have instead been the right place to do such things. We’ve solved some of these pain points by starting work on Kuesa which provides assets collections.

      • Pylint: Making your Python code consistent

        Pylint is a higher-level Python style enforcer. While flake8 and black will take care of "local" style: where the newlines occur, how comments are formatted, or find issues like commented out code or bad practices in log formatting.

        Pylint is extremely aggressive by default. It will offer strong opinions on everything from checking if declared interfaces are actually implemented to opportunities to refactor duplicate code, which can be a lot to a new user. One way of introducing it gently to a project, or a team, is to start by turning all checkers off, and then enabling checkers one by one. This is especially useful if you already use flake8, black, and mypy: Pylint has quite a few checkers that overlap in functionality.

      • PyDev of the Week: Sophy Wong

        This week we welcome Sophy Wong (@sophywong) as our PyDev of the Week! Sophy is a maker who uses Circuit Python for creating wearables. She is also a writer and speaker at Maker events. You can see some of her creations on her Youtube Channel or her website. Let’s take a few moments to get to know her better!

      • Erik Marsja: Converting HTML to a Jupyter Notebook

        In this short post, we are going to learn how to turn the code from blog posts to Jupyter notebooks.

      • KDevelop 5.4.3 released

        We today provide a stabilization and bugfix release with version 5.4.3. This is a bugfix-only release, which introduces no new features and as such is a safe and recommended update for everyone currently using a previous version of KDevelop 5.4.

        You can find the updated Linux AppImage as well as the source code archives on our download page.

      • Python Script Invalidates Hundreds Of Papers

        This news item is interesting not just because it is a lesson to us all, but because of the way it is being reported as "Bug In Python Script ..." with the suggestion that Python is the cause of the problem. The truth is, in fact, much more interesting.

        The script is about 1000 lines of Python and hence it isn't a small program. It has been in use since 2014 and was created by Patrick Willoughby, Matthew Jansma, and Thomas Hoye to take raw data and calculate NMR shifts. In the journal Nature Protocols the subject is referred to as the "Willoughby-Hoye" scripts.

      • Future-Proof Code

        Y2K was the nerdy disaster that wasn’t. The fear was that the moment 1/1/00 rolled around, some computers would think it was Jan. 1, 1900. What could go wrong? Maybe highly computerized hydroelectric dams would open their floodgates! Or maybe all date math trying to subtract from 00 would end up negative, and suddenly your mortgage would have been paid off dozens of decades ago!

        The world freaked out. Software engineers stayed up late. In the end, Y2K had some terrible real-life consequences, but it also didn’t turn out to be a complete catastrophe that required stockpiling ammunition and MREs. After airplanes didn’t fall out of the sky, everyone breathed a sigh of relief. The problem, as the public learned so well in the run-up to the New Year, was that for decades, software engineers had left out the century to save on space when storing dates. It was as though they had assumed their software would always run in a year that began with 19. For many who were still just getting used to dial-up internet, Y2K was their first exposure to the potential fragility of software.

      • Current qutebrowser roadmap and next crowdfunding

        Now I'm employed around 16h/week at the same place, mainly helping out with the operating systems course (in other words: I spend my time staring at LaTeX/C/Assembler/Python and teaching students).

        Like already mentioned in the earlier mail, this means I now have a lot more time than before for working on open-source projects. I'm in the process of founding my own one-man company and already have some work lined up - but as soon as everything is set up, I plan to spend much more time on qutebrowser. Certainly a lot more than what I've been able to during my studies in the past years.

        However, that means I don't have a lot of recurring income (enough to pay for rent, food and other bills - but not much more than that). This is why I plan to start another qutebrowser fundraising very soon. There will be shirts and stickers available again, as well as some other swag. This time, I'll focus on recurring donations, but I also plan to offer a way to contribute via one-time donations instead.

      • Introduction to PyTorch for Classification

        PyTorch and TensorFlow libraries are two of the most commonly used Python libraries for deep learning. PyTorch is developed by Facebook, while TensorFlow is a Google project. In this article, you will see how the PyTorch library can be used to solve classification problems.

        Classification problems belong to the category of machine learning problems where given a set of features, the task is to predict a discrete value. Predicting whether a tumour is cancerous or not, or whether a student is likely to pass or fail in the exam, are some of the common examples of classification problems.

        In this article, given certain characteristics of a bank customer, we will predict whether or not the customer is likely to leave the bank after 6 months. The phenomena where a customer leaves an organization is also called customer churn. Therefore, our task is to predict customer churn based on various customer characteristics.

      • Arduino With Python: How to Get Started

        Microcontrollers have been around for a long time, and they’re used in everything from complex machinery to common household appliances. However, working with them has traditionally been reserved for those with formal technical training, such as technicians and electrical engineers. The emergence of Arduino has made electronic application design much more accessible to all developers. In this tutorial, you’ll discover how to use Arduino with Python to develop your own electronic projects.

      • Eclipse Vert.x 3.8.1 update for Red Hat Runtimes

        The latest update to Red Hat Runtimes has arrived and now supports Eclipse Vert.x 3.8.1.

        Red Hat Runtimes provides application developers with a variety of application runtimes and enables them to run on the Red Hat OpenShift Container Platform.

      • Robotic process automation (RPA): How it works

        “Do more with less” might be a timeworn excuse for a business mantra, but robotic process automation (RPA) is a tool that could actually help teams do just that in the right circumstances.

        That’s the big selling point of RPA. The phrase itself might sound complicated or scary, but the possible benefits of RPA are pretty simple: Use software to automatically handle repetitive (and often boring) computer-based tasks that previously hogged a person’s time.

        Moreover, the processes that make good fits for RPA usually take up human hours with work that requires minimal (or no) skill or creativity. It’s ultimately about efficiency.

      • How to program with Bash: Logical operators and shell expansions

        Bash is a powerful programming language, one perfectly designed for use on the command line and in shell scripts. This three-part series (which is based on my three-volume Linux self-study course) explores using Bash as a programming language on the command-line interface (CLI).

        The first article explored some simple command-line programming with Bash, including using variables and control operators. This second article looks into the types of file, string, numeric, and miscellaneous logical operators that provide execution-flow control logic and different types of shell expansions in Bash. The third and final article in the series will explore the for, while, and until loops that enable repetitive operations.

        Logical operators are the basis for making decisions in a program and executing different sets of instructions based on those decisions. This is sometimes called flow control.

      • Initializing arrays in Java

        People who have experience programming in languages like C or FORTRAN are familiar with the concept of arrays. They’re basically a contiguous block of memory where each location is a certain type: integers, floating-point numbers, or what-have-you.

        The situation in Java is similar, but with a few extra wrinkles.

      • Python array list’s count method

        In this example, we will use the count method from the Python array list to decide which phrase to return from a function that will accept an array list consists of good and bad ideas.

        In the below example, you need to decide which phrase to return from the array list which consists of good ideas ‘good’ and bad ideas ‘bad’. If there are one or two good ideas, return ‘Publish!’, if there are more than 2 return ‘I smell a series!’. If there are no good ideas, as is often the case, return ‘Fail!’.

      • Jakarta EE: What’s in store for Enterprise JavaBeans?

        Enterprise JavaBeans (EJB) has been very important to the Java EE ecosystem and promoted many robust solutions to enterprise problems. Besides that, in the past when integration techniques were not so advanced, EJB did great work with remote EJB, integrating many Java EE applications. However, remote EJB is not necessary anymore, and we have many techniques and tools that are better for doing that. So, does EJB still have a place in this new cloud-native world?

        Before writing this post, I did an informal survey via Twitter poll to hear what the community thinks about it. In this article, I’ll share the results of the survey as well as some discussion that emerged as part of the poll. Additionally, I’ll share my opinions on the topic.

      • Dirk Eddelbuettel: digest 0.6.22: More goodies!

        digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64, murmur32, and spookyhash algorithms) permitting easy comparison of R language objects. It is a fairly widely-used package (currently listed at 868k monthly downloads) as many tasks may involve caching of objects for which it provides convenient general-purpose hash key generation.

        This release comes pretty much exactly one month after the very nice 0.6.21 release but contains five new pull requests. Matthew de Queljoe did a little bit of refactoring of the vectorised digest function he added in 0.6.21. Ion Suruceanu added a CFB cipher for AES. Bill Denney both corrected and extended sha1. And Jim Hester made the windows-side treatment of filenames UTF-8 compliant.

    • Standards/Consortia

      • Pleasures of Tibetan input and typesetting with TeX

        Many years ago I decided to learn Tibetan (and the necessary Sanskrit), and enrolled in the university studies of Tibetology in Vienna. Since then I have mostly forgotten Tibetan due to absolute absence of any practice, save for regular consultations from a friend on how to typeset Tibetan.

        [...]

        In former times we used ctib to typeset Tibetan, but the only font that was usable with it is a bit clumsy, and there are several much better fonts now available. Furthermore, always using transliterated input instead of the original Tibetan text might be a problem for people outside academics of Tibetan. If we want to use one of these (obviously) ttf/otf fonts, a switch to either XeTeX or LuaTeX is required.

  • Leftovers

    • Health/Nutrition

    • Security (Confidentiality/Integrity/Availabilitiy)

      • Linux Could Open The Door To Serious Attacks Over Wifi Signals [Ed: This FUD came from a Microsoft employee and was initially spread by a site where Microsoft employed convicted people to attack Linux and FOSS. This is false, It’s FUD. Nobody enables P2P mode. Almost nobody.]

        A potentially severe vulnerability in Linux might make it attainable for nearby units to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher mentioned.

        The flaw is situated within the RTLWIFI driver, which is used to help Realtek Wi-Fi chips in Linux gadgets. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is inside the radio and varies from a malicious device. At a minimal, exploits would cause a working-system crash and will possibly permit a hacker to achieve full management of the computer. The flaw dates again to version 3.10.1 of the Linux kernel launched in 2013.

        The vulnerability is tracked as CVE-2019-17666. Linux builders proposed a fix that can doubtless be included in the OS kernel within the coming days or weeks. Only after that can the repair make its means into various Linux distributions.

      • Security updates for Monday

        Security updates have been issued by Debian (aspell, graphite-web, imagemagick, mediawiki, milkytracker, nfs-utils, and openjdk-11), Fedora (kernel, kernel-headers, kernel-tools, mediawiki, and radare2), openSUSE (dhcp, libpcap, lighttpd, and tcpdump), Scientific Linux (java-1.8.0-openjdk), Slackware (python), SUSE (bluez, kernel, and python-xdg), and Ubuntu (aspell).

      • Nostromo web servers exposed by resurrected RCE vulnerability

        A security researcher has disclosed the existence of a remote code execution (RCE) vulnerability in the open source Nostromo web server software.

        On Monday, a threat analyst and bounty hunter with the online handle Sudoka published a technical analysis of the bug, tracked as CVE-2019-16278.

        The vulnerability impacts Nostromo, also known as nhttpd, a niche web server used by some in the Unix and open source community but altogether dwarfed in popularity by Apache.

        In a blog post, Sudoka said the vulnerability stems from shortcomings in how the path of URLs are verified. Inadequate URL checks mean that an unauthenticated attackers is able to force a server to point to a shell file, resulting in the potential execution of arbitrary code.

      • PureBoot Best Practices

        Recently we started offering the PureBoot Bundle–PureBoot installed and configured on your laptop at the factory and bundled with a pre-configured Librem Key so you can detect tampering from the moment you unbox your laptop. It’s been great to see so many customers select the PureBoot Bundle and now that PureBoot is on so many more customer laptops, we felt it was a good time to write up a post to describe some best practices when using PureBoot.

        If you are just getting started with PureBoot and want to know the basics, check out our Getting Started Guide for pointers on what to do when you start up your PureBoot Bundle for the first time. In this post I’ll assume you have already gone through the first boot and first reboot of your laptop and have settled into daily use.

    • Defence/Aggression

    • Transparency/Investigative Reporting

      • The faith of the Fox Nation: belief in opinions trumps hope in news

        A longtime sticking point among Fox News employees is their insistent differentiation between its news division, where employees practice actual journalism, and its opinion division, where employees practice actual nativism, spew misinformation, and have been actively campaigning for Donald Trump’s re-election since 2016. Inside the organization, they claim to believe that the news side is separate from the opinion side, and insist that the audience can tell the difference.

      • Assange Case

        I am trying to write a report of what I saw in Westminster Magistrate’s Court today, but my hands keep shaking with rage, frustration and sadness to the point I can’t type, and my heart keeps going into atrial fibrillation. I have got myself a cheese sandwich and bottle of Irn Bru and still hope to finish it this evening.

      • Julian Assange denied extradition hearing delay

        The full extradition hearing of WikiLeaks founder Julian Assange will go ahead in February 2020 after London judge Vanessa Baraitser declined a request by his lawyers to delay proceedings by three months.

        Assange, 48, faces 18 counts in the US including conspiring to hack government computers and violating an espionage law. He could spend decades in prison if convicted.

      • Extradition of Julian Assange to the United States must not go ahead - Amnesty International Australia

        Ahead of today’s extradition hearing in the Westminster Magistrates’ Court, Massimo Moratti, Amnesty International’s Deputy Director for Europe, said:

        “The British authorities must acknowledge the real risks of serious human rights violations Julian Assange would face if sent to the USA and reject the extradition request. The UK must comply with the commitment it’s already made that he would not be sent anywhere he could face torture or other ill-treatment.

        “The UK must abide by its obligations under international human rights law that forbids the transfer of individuals to another country where they would face serious human rights violations. Were Julian Assange to be extradited or subjected to any other transfer to the USA, Britain would be in breach of these obligations.”

      • Press Release Regarding Julian Assange's Case Management Hearing

        At today’s case management hearing against WikiLeaks publisher Julian Assange, who faces US extradition and 175 years’ imprisonment for publishing classified information revealing war crimes, district magistrate Vanessa Baraitser allowed the defence two extra months to submit new evidence that is emerging in Spanish investigative proceedings.

        The magistrate refused to allow a preliminary hearing to hear arguments that the extradition request for Julian Assange was barred by the 2003 US-U.K. Extradition Treaty, which prohibits political crimes such as Espionage. Assange is charged under the 1917 Espionage Act. (Attached is an information note on today’s submissions from Mr. Assange’s solicitors, Birnberg Peirce and Partners LLP.)

        The second application from the defence was to ask the court postpone the full extradition hearing due for 24th February 2020. The application to postpone was based on two grounds:

        Firstly, Mr. Assange’s conditions in Belmarsh prison, where he is kept in isolation without access to legal papers, a computer or meaningful participation in his case. These conditions obstruct his legal defence in a significant way.

        Secondly, subsequent to the timetable being agreed in June, a Spanish Court has initiated a case with direct impact on Assange’s extradition case in the United Kingdom. The case concerns clandestine operations against Assange, his lawyers and doctors and Assange’s family, including at the Ecuadorean Embassy. The sheer magnitude of the evidence in the Spanish case necessitates that the defence be given more time, argued the defence. The application was refused but will be revisited at the 19 December case management hearing.

    • Environment

    • AstroTurf/Lobbying/Politics

      • Boris Johnson Will Ruin Britain or Cry Trying

        Another day, another drama in the Brexit saga that has consumed the United Kingdom. The past few days have once again left heads spinning around the world as those interested in U.K. politics try to catch up with the events that keep unfurling at neck-breaking speed. On Friday, the Oct. 19 deadline put forward in the Benn Act to either get a Brexit deal passed through Parliament or ask the European Union for an extension past the Oct. 31 deadline loomed. That’s when Prime Minister Boris Johnson miraculously managed to negotiate a deal with the EU—well, I should say, a regurgitated, amended version of his predecessor Theresa May’s deal.

      • The fire next time: California's rolling blackouts are no substitute for serious prevention

        The state legislature and Gov. Gavin Newsom, prompted by the aftermath of the catastrophic fires of 2017 and 2018, devoted an impressive amount of energy to resolving the post-fire question —who pays. Whether or not you agree with their solutions to the question of liability, they grappled with it.

        The same cannot be said of the problem of fire prevention and risk avoidance. The panoply of regulatory, financial and attitudinal problems that prevent proper fuel load management, residential fire resistance, community disaster evacuation planning, and proper land use regulation to prevent new homes from being built in fire hazard zones were barely touched. Controlled burning to reduce fuel load, for example, is precluded in much of the state because air pollution laws restrict voluntary burning, even if it avoids much larger, and health-destroying, wildfires. Air pollution districts, in other words, are penalized for the pollution from fire prevention, but not held responsible for the much greater pollution when a wildfire breaks out.

      • Mark Zuckerberg Has More Than Pete Buttigieg's Ear

        In 2016, Mark Zuckerberg toured America. The cross-country trip was, as BuzzFeed’s Alex Kantrowitz described, “a charm offensive and a focus group.” Zuckerberg visited factories. He held a kitten. Multiple publications questioned whether he was running for president, or simply trying to deflect attention from mounting privacy concerns and accusations that Facebook had allowed Russian interference in the 2016 election.

      • Facebook CEO Mark Zuckerberg made staff recommendations to Pete Buttigieg's presidential campaign

        Zuckerberg reportedly sent multiple emails to Mike Schmuhl, Buttigieg's campaign manager, with names of individuals whom he thought would be a good fit for the team, campign spokesman Chris Meager confirmed to the news outlet. Chan also emailed various recommendations to Schmuhl, according to Meager.

        Ultimately, two of the recommended people were hired. The campaign staffers are Eric Mayefsky, senior digital analytics adviser, and Nina Wornhoff, organizing data manager, according to the news outlet.

      • Tim Cook to serve as chairman at Chinese business school amid Hong Kong outcry

        Apple CEO Tim Cook has been appointed chairman of the advisory board for Tsinghua University’s economics school in Beijing, according to local news reports and a Chinese-language meeting summary noted by Apple Insider.

        Cook will reportedly assume the role for the next three years, and recently acted as chairman for a meeting, as the South China Morning Post notes. Cook has been on the board in the past, as has Facebook CEO Mark Zuckerberg, who recently took on Chinese censorship in a public speech about free expression. Major Chinese government officials have also served on the board, as the Post reports. Cook succeeds Breyer Capital founder Jim Breyer in the role.

      • Tim Cook elected chairman of Chinese business school amidst Hong Kong scrutiny

        Cook said that the next three years will be spent working to promote development of the university, in hopes of building a world-class school of economics and management. Cook succeeds former chairman Breyer Capital founder and CEO Jim Breyer, who held the position from 2016 until this year.

      • In 'Bow to Reality,' Trump Scraps 'Stunningly Corrupt' Decision to Hold G7 at His Doral Resort

        "His reversal does not change how astonishing it was that he ever thought that it was appropriate, or that it was something he could get away with."

      • Trump Was Outraised by Hundreds of Millions in 2016. That Won’t Happen Again in 2020

        While some Democrats are spending more money than they are raising to stand out in a crowded presidential primary, President Donald Trump continues to expand his robust fundraising machine.

    • Privacy/Surveillance

      • U.S. Takes Step to Require DNA Samples From Asylum-Seekers

        The Trump administration is planning to collect DNA samples from asylum-seekers and other migrants detained by immigration officials and will add the information to a massive FBI database used by law enforcement hunting for criminals, a Justice Department official said.

      • Facebook Staff in Contact With Warren Campaign, CEO Tells NBC

        Facebook Inc. Chief Executive Officer Mark Zuckerberg said employees are in touch with Elizabeth Warren’s campaign to address her concerns about the company’s decision to let politicians lie in ads.

    • Freedom of Information / Freedom of the Press

      • Trump says he doesn't want NYT in the White House

        President Trump said Monday that he doesn’t want to have copies of The New York Times in the White House anymore and suggested he would terminate the subscription.

      • Gingrich calls for eliminating White House press corps in wake of Mulvaney briefing

        While speaking to reporters, Mulvaney indicated that Trump withheld military aid from Ukraine in part to get the country to investigate an unproven theory related to the 2016 election. He has since walked back those remarks.

        Questioned on how he would have advised Mulvaney before the briefing, Gingrich said that "there wouldn't be a White House press corps in the White House" if he had the ability to make such a decision.

    • Civil Rights/Policing

    • Internet Policy/Net Neutrality

      • Internet isolation exercises to take place in Russia at least once every year

        Following the passage of a 2019 law allowing Russian Internet traffic to be isolated from the World Wide Web in case of an emergency, the country’s government has arranged to hold exercises to prepare for such a scenario at least once a year.

      • The IndieWeb Movement: Owning Your Data and Being the Change You Want to See in the Web

        The below is a transcript of the talk The IndieWeb Movement: Owning Your Data and Being the Change You Want to See in the Web that I gave this afternoon at OggCamp 2019.

        I've taken the advice given out in DDD East Midlands: Speaker Workshop and decided to write out a transcript of the talk, as a way to drive out the talk's content, as well as give me a good blog post, too! What follows is fairly similar to the words I said live on stage, but includes a bit more detail that I'd not gone into or was a bit rushed to say!

        Thanks again to those who came to the talk, I appreciate it and hope that it helped convince you to investigate the IndieWeb for yourself.

    • Digital Restrictions (DRM)

      • Secured-core PCs offer new defense against firmware attacks

        Microsoft, chipmakers, and several PC makers on Monday announced Secured-core PCs, which use hardware-based defense mechanisms to combat firmware-level security attacks.

      • Microsoft's New Plan to Defend the Code Deep Within PCs

        The idea of secured-core PC is to take firmware out of that equation, eliminating it as a link in the chain that determines what's trustworthy on a system. Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way. Only the chip manufacturers will hold the encryption keys to broker these checks, and they're burned onto the CPUs during manufacturing rather than interacting with the firmware's amorphous, often unreliable code layer.

    • Monopolies



Recent Techrights' Posts

Comparing U.E.F.I. to B.I.O.S. (Bloat and Insecurity to K.I.S.S.)
By Sami Tikkanen
New 'Slides' From Stallman Support (stallmansupport.org) Site
"In celebration of RMS's birthday, we've been playing a bit. We extracted some quotes from the various articles, comments, letters, writings, etc. and put them in the form of a slideshow in the home page."
Thailand: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter
Desktop Operating System Market Share Thailand
António Campinos is Still 'The Fucking President' (in His Own Words) After a Fake 'Election' in 2022 (He Bribed All the Voters to Keep His Seat)
António Campinos and the Administrative Council, whose delegates he clearly bribed with EPO budget in exchange for votes
Adrian von Bidder, homeworking & Debian unexplained deaths
Reprinted with permission from Daniel Pocock
Sainsbury’s Epic Downtime Seems to be Microsoft's Fault and Might Even Constitute a Data Breach (Legal Liability)
one of Britain's largest groceries (and beyond) chains
 
People Don't Just Kill Themselves (Same for Other Animals)
And recent reports about Boeing whistleblower John Barnett
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 18, 2024
IRC logs for Monday, March 18, 2024
Suicide Cluster Cover-up tactics & Debian exposed
Reprinted with permission from Daniel Pocock
Gemini Links 19/03/2024: A Society That Lost Focus and Abandoning Social Control Media
Links for the day
Matthias Kirschner, FSFE: Plagiarism & Child labour in YH4F
Reprinted with permission from Daniel Pocock
Linux Foundation Boasting About Being Connected to Bill Gates
Examples of boasting about the association
Alexandre Oliva's Article on Monstering Cults
"I'm told an earlier draft version of this post got published elsewhere. Please consider this IMHO improved version instead."
[Meme] 'Russian' Elections in Munich (Bavaria, Germany)
fake elections
Sainsbury's to Techrights: Yes, Our Web Site Broke Down, But We Cannot Say Which Part or Why
Windows TCO?
Plagiarism: Axel Beckert (ETH Zurich) & Debian Developer list hacking
Reprinted with permission from Daniel Pocock
Links 18/03/2024: Putin Cements Power
Links for the day
Flashback 2003: Debian has always had a toxic culture
Reprinted with permission from Daniel Pocock
[Meme] You Know You're Winning the Argument When...
EPO management starts cursing at everybody (which is what's happening)
Catspaw With Attitude
The posts "they" complain about merely point out the facts about this harassment and doxing
'Clown Computing' Businesses Are Waning and the Same Will Happen to 'G.A.I.' Businesses (the 'Hey Hi' Fame)
decrease in "HEY HI" (AI) hype
Free Software Needs Watchdogs, Too
Gentle lapdogs prevent self-regulation and transparency
Matthias Kirschner, FSFE analogous to identity fraud
Reprinted with permission from Daniel Pocock
Gemini Links 18/03/2024: LLM Inference and Can We Survive Technology?
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 17, 2024
IRC logs for Sunday, March 17, 2024
Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
Links for the day
Molly Russell suicide & Debian Frans Pop, Lucy Wayland, social media deaths
Reprinted with permission from Daniel Pocock
Our Plans for Spring
Later this year we turn 18 and a few months from now our IRC community turns 16
Open Invention Network (OIN) Fails to Explain If Linux is Safe From Microsoft's Software Patent Royalties (Charges)
Keith Bergelt has not replied to queries on this very important matter
RedHat.com, Brought to You by Microsoft Staff
This is totally normal, right?
USPTO Corruption: People Who Don't Use Microsoft Will Be Penalised ~$400 for Each Patent Filing
Not joking!
The Hobbyists of Mozilla, Where the CEO is a Bigger Liability Than All Liabilities Combined
the hobbyist in chief earns much more than colleagues, to say the least; the number quadrupled in a matter of years
Jim Zemlin Says Linux Foundation Should Combat Fraud Together With the Gates Foundation. Maybe They Should Start With Jim's Wife.
There's a class action lawsuit for securities fraud
Not About Linux at All!
nobody bothers with the site anymore; it's marketing, and now even Linux
Links 17/03/2024: Abuses Against Human Rights, Tesla Settlement (and Crash)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 16, 2024
IRC logs for Saturday, March 16, 2024
Under Taliban, GNU/Linux Share Nearly Doubled in Afghanistan, Windows Sank From About 90% to 68.5%
Suffice to say, we're not meaning to imply Taliban is "good"
Debian aggression: woman asked about her profession
Reprinted with permission from Daniel Pocock
Gemini Links 17/03/2024: Winter Can't Hurt Us Anymore and Playstation Plus
Links for the day