EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.07.19

From Moderate Advice to FUD and Misinformation: The Case of a VPN Vulnerability (CVE-2019-14899)

Posted in FUD, GNU/Linux, Security at 1:16 pm by Dr. Roy Schestowitz

Sometimes it morphes to “Linux” and a false description of what’s happening

VPN fake news

Summary: What should have been a trivial bugfix in a variety of operating systems and bits of software — both proprietary and Free software — somehow became anti-Linux FUD, clickbait and worse

EARLIER in the week I saw a report about CVE-2019-14899. There was nothing exciting about it. I mentioned it briefly and then moved on. But the following day and especially two days later (after the announcement [1]) the press was absolutely flooding with reports, especially from insecurity companies and anti-Linux sites [2-22]. At times even deliberate lies were spread [23] (there are no attacks). See below a roughly chronological list/timeline. The initial report was calm and rational.

“The only shocking thing isn’t the bug but the level of media attention it has received.”When one carefully examines what’s at stake, the patching status (it’s not a zero-day hole), the severity and risk level etc. one begins to wonder what motivated all this attention. Much more severe issues are being discovered each week if not month.

We first mentioned this 2 or 3 days ago, without even filing it as a high-priority Daily Links pick. The only shocking thing isn’t the bug but the level of media attention it has received. This is not the first time such a thing happens. When similar issues affect Windows the media just describes these as “computer issues” or “PC”.

Related/contextual items from the news:

  1. VPN hijacking on Linux (and beyond) systems
    Hi all,
    
    I am reporting a vulnerability that exists on most Linux distros, and
    other  *nix operating systems which allows a network adjacent attacker
    to determine if another user is connected to a VPN, the virtual IP
    address they have been assigned by the VPN server, and whether or not
    there is an active connection to a given website. Additionally, we are
    able to determine the exact seq and ack numbers by counting encrypted
    packets and/or examining their size. This allows us to inject data into
    the TCP stream and hijack connections.
    
    Most of the Linux distributions we tested were vulnerable, especially
    Linux distributions that use a version of systemd pulled after November
    28th of last year which turned reverse path filtering off. However, we
    recently discovered that the attack also works against IPv6, so turning
    reverse path filtering on isn't a reasonable solution, but this was how
    we discovered that the attack worked on Linux.
    
    Adding a prerouting rule to drop packets destined for the client's
    virtual IP address is effective on some systems, but I have only tested
    this on my machines (Manjaro 5.3.12-1, Ubuntu 19.10 5.3.0-23). This
    rule was proposed by Jason Donenfeld, and an analagous rule on the
    output chain was proposed by Ruoyu "Fish" Wang of ASU. We have some
    concerns that inferences can still be made using slightly different
    methods, but this suggestion does prevent this particular attack.
    
    There are other potential solutions being considered by the kernel
    maintainers, but I can't speak to their current status. I will provide
    updates as I receive them.
    
    I have attached the original disclosure I provided to 
    distros@vs.openwall.org and security@kernel.org below, with at least
    one critical correction: I orignally listed CentOS as being vulnerable
    to the attack, but this was incorrect, at least regarding IPv4. We
    didn't know the attack worked against IPv6 at the time we tested
    CentOS, and I haven't been able to test it yet.
    
    
    William J. Tolley
    Beau Kujath
    Jedidiah R. Crandall
    
    Breakpointing Bad &
    University of New Mexico
    
    
    *************************************************
    
    
    **General Disclosure:
    
    We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS,
    iOS, and Android which allows a malicious access point, or an adjacent
    user,  to determine if a connected user is using a VPN, make positive
    inferences about the websites they are visiting, and determine the
    correct sequence and acknowledgement numbers in use, allowing the bad
    actor to inject data into the TCP stream. This provides everything that
    is needed for an attacker to hijack active connections inside the VPN
    tunnel.
    
    This vulnerability works against OpenVPN, WireGuard, and IKEv2/IPSec,
    but has not been thoroughly tested against tor, but we believe it is
    not vulnerable since it operates in a SOCKS layer and includes
    authentication and encryption that happens in userspace. It should be
    noted, however, that the VPN technology used does not seem to matter
    and we are able to make all of our inferences even though the responses
    from the victim are encrypted, using the size of the packets and number
    of packets sent (in the case of challenge ACKs, for example) to
    determine what kind of packets are being sent through the encrypted VPN
    tunnel.
    
    We have already reported a related vulnerability to Android earlier
    this year related to the issue, which resulted in the assignment of
    CVE-2019-9461, however, the CVE strictly applies to the fact that the
    Android devices would respond to unsolicited packets sent to the user’s
    virtual IP address over the wireless interface, but this does not
    address the fundamental issue of the attack and did not result in a
    change of the reverse path settings of Android as of the most recent
    security update.
    
    This attack did not work against any Linux distribution we tested until
    the release of Ubuntu 19.10, and we noticed that the rp_filter settings
    were set to “loose” mode. We see that the default settings in
    sysctl.d/50-default.conf in the systemd repository were changed from
    “strict” to “loose” mode on November 28, 2018, so distributions using a
    version of systemd without modified configurations after this date are
    now vulnerable. Most Linux distributions we tested which use other init
    systems leave the value as 0, the default for the Linux kernel.
    
    We have described the procedure for reproducing the vulnerability with
    Linux and included a section illustrating the differences in
    architecture.
    
    
    
    There are 3 steps to this attack:
    
    1. Determining  the  VPN  client’s virtual IP address
    2. Using the virtual IP address to make inferences about active
    connections
    3. Using the encrypted replies to unsolicited packets to determine the
    sequence and acknowledgment numbers of the active connection to hijack
    the TCP session
    
    
    
    There are 4 components to the reproduction:
    
    1. The Victim Device (connected to AP, 192.168.12.x, 10.8.0.8)
    2. AP (controlled by attacker, 192.168.12.1)
    3. VPN Server (not controlled by attacker, 10.8.0.1)
    4. A Web Server (not controlled by the attacker, public IP in a real-
    world scenario)
    
    The victim device connects to the access point, which for most of our
    testing was a laptop running create_ap. The victim device then
    establishes a connection with their VPN provider.
    
    The access point can then determine the virtual IP of the victim by
    sending SYN-ACK packets to the victim device across the entire virtual
    IP space (the default for OpenVPN is 10.8.0.0/24). When a SYN-ACK is
    sent to the correct virtual IP on the victim device, the device
    responds with a RST; when the SYN-ACK is sent to the incorrect virtual
    IP, nothing is received by the attacker.
    
    To quickly demonstrate this difference, we use the nping commands on
    the AP device running create_ap. The source IP is the gateway of our
    AP, the destination IP is the virtual IP assigned to the tun interface
    by the VPN client, ap0 is the interface create_ap created on the
    attacker device, and the destination MAC is the victim’s wireless MAC
    address.
    
    For example:
    
    The correct address generates a RST from the victim:
    
    nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.8 --
    rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    The incorrect address does not elicit a response from the victim:
    
    nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.9 --
    rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    Similarly, to test if there is an active connection for any given
    website, such as 64.106.46.56, for example, we send SYN or SYN-ACKs
    from 64.106.46.56 on port 80 (or 443) to the virtual IP of the victim
    across the entire ephemeral port space of the victim. The correct four-
    tuple will elicit no more than 2 challenge ACKs per second from the
    victim, whereas the victim will respond to the incorrect four-tuple
    with a RST for each packet sent to it.
    
    To quickly test this, we suggest creating a netcat connection on the
    victim device, such as this:
    
    Netcat 64.106.46.56 80 -p 40404
    
    The correct four-tuple generates challenge ACKs
    
    nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
    10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    The incorrect four-tuple generates a single RST for each packet sent:
    
    nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
    10.8.0.8 -p 40405 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    Finally, once the attacker determined that the user has an active TCP
    connection to an external server,  we will attempt to infer the exact
    next sequence number and in-window acknowledgment number needed to
    inject forged packets into the connection. To find the appropriate
    sequence and ACK numbers, we will trigger responses from the client in
    the encrypted connection found in part 2. The attacker will continually
    spoof reset packets into the inferred connection until it sniffs
    challenge ACKs. The attacker can reliably determine if the packets
    flowing from the client to the VPN server are challenge ACKs by looking
    at the size and timing of the encrypted responses in relation to the
    attacker's spoofed packets. The victim’s device will trigger a TCP
    challenge ACK on each reset it receives that has an in-window sequence
    number for an existing connection. For example, if the client is using
    OpenVPN to exchange encrypted packets with the VPN server, then the
    client will always respond with an SSL packet of length 79 when a
    challenge ACK is triggered.
    
    The attacker must spoof resets to different blocks across the entire
    sequence number space until one triggers an encrypted challenge ACK.
    The size of the spoof block plays a significant role in how long the
    sequence inference takes, but should be conservative as to not skip
    over the receive window of the client. In practice, when the attacker
    thinks it sniffs an encrypted challenge-ACK, it can verify this is true
    by spoofing X packets with the same sequence number. If there were X
    encrypted responses with size 79 triggered, then the attacker knows for
    certain it is triggering challenge ACKs (at most 2 packets of size 79
    per second).
    
    After the attacker has inferred the in-window sequence number for the
    client's connection, they can quickly determine the exact sequence
    number and in-window ACK needed to inject. First, they spoof empty
    push-ACKs with the in-window sequence while guessing in-window ACK
    numbers. Once the spoofed packets trigger another challenge-ACK, an in-
    window ACK number is found. Finally, the attacker continually spoofs
    empty TCP data packets with the in-window ACK and sequence numbers as
    it decrements the sequence number after each send. The victim will
    respond with another challenge ACK once the attacker spoofs the exact
    sequence number minus one. The attacker can now inject arbitrary
    payloads into the ongoing encrypted connection using the inferred ACK
    and next sequence number.
    
    This can be tested by observing the behavior from this sequence of
    commands, continuing with the same four-tuple:
    
    Using the four-tuple from the previous steps, we send RSTs in the
    sequence number range in blocks of 50,000 until we trigger a challenge
    ACK.
    
    nping --tcp --flags R --source-ip 64.106.46.56 -g 80 --dest-ip 10.8.0.8
    -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12 --seq [SEQ
    RANGE]
    
    If the packet lands in-window, the victim will respond with at most 2
    challenge ACKs per second. These packets are still encrypted and
    originate from the virtual interface, unlike with Android, but we can
    still determine the contents of these packets by their size. The
    encrypted challenge ACK packets are larger than the encrypted RST
    packets. You can run tcpdump on the victim machine to accelerate the
    testing of his process by viewing the actual sequence and
    acknowledgement numbers.
    
    After we have found an in-window sequence number, we locate an in-
    window acknowledgement by spoofing empty PSH-ACKs with the in-window
    sequence number and guessing the acknowledgement number by dividing the
    acknowledgement number space into eight blocks. In most instances,
    seven of these blocks will trigger challenge ACKs, but one of them will
    not, which allows us to quickly determine which block falls within the
    acknowledgement window. We are interested in the block that  does not
    respond with a challenge ACK. This behavior can be observed by using an
    in-window sequence number and an acknowledgement number in the block
    containing the correct acknowledgement number.
    
    nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
    10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
    -seq 12345678 --ack [ACK RANGE]
    
    Finally, using the in-window sequence and acknowledgement numbers, we
    spoof empty PSH-ACKs using the same in-windows acknowledgement number
    and decrementing the sequence number until we trigger another challenge
    ACK. This sequence number is one fewer than the next expected sequence
    number. We can then arbitrarily inject data into the active TCP
    connection.
    
    Continuing with our toy example:
    
    nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
    10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
    -seq [EXACT] --ack [IN-WINDOW] --data-string “hello,world.”
    
    
    
    **Operating Systems Affected:
    
    Here is a list of the operating systems we have tested which are
    vulnerable to this attack:
    
    Ubuntu 19.10 (systemd)
    Fedora (systemd)
    Debian 10.2 (systemd)
    Arch 2019.05 (systemd)
    Manjaro 18.1.1 (systemd)
    
    Devuan (sysV init)
    MX Linux 19 (Mepis+antiX)
    Void Linux (runit)
    
    Slackware 14.2 (rc.d) 
    Deepin (rc.d)
    FreeBSD (rc.d) 
    OpenBSD (rc.d) 
    
    This list isn’t exhaustive, and we are continuing to test other
    distributions, but made usere to cover a variety of init systems to
    show this is not limited to systemd.
    
    
    
    **Operating System Variations:
    
    The behavior is slightly different on other operating systems. Here is
    a summary of the differences:
    
    Android: In the first phase of the attack, Android responds with
    unencrypted RSTs to unsolicited SYN-ACKs for the correct port and ICMP
    packets for the incorrect one. For the second phase, it will respond
    with RSTs on the correct four-tuple.
    
    MacOS/iOS: The first phase of the attack does not work as described
    here, but you can use an open port on the Apple machine to determine
    the virtual IP address. We use port 5223, which is used for iCloud,
    iMessage, FaceTime, Game Center, Photo Stream, and push notifications
    etc.
    
    We know the phone will communicate with one of the push notification
    servers on port 5223, and have observed that on MacOS, the port used on
    the victim device is not the same as the port used to connect to the
    VPN server, but is very close (in our testing it has always been within
    10).
    
    nping --tcp --flags SA --source-ip 17.57.144.[84-87] -g 5223 --dest-ip
    10.8.0.8 -p [X] --rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    For iOS devices, it does not follow this convention for choosing the
    client’s source port, but always choose a port between ~48000-50000
    (our testing on iOS 13.1 was between 48162-49555).
    
    FreeBSD: The first two phases work essentially the same as Linux,
    however, for the last phase, the ACK number is not needed at all, so
    that piece of phase three can be skipped.
    
    OpenBSD: OpenBSD responds to spoofed SYN packets to the correct virtual
    IP with unencrypted RST packets, and the incorrect virtual IP elicits
    unencrypted NTP packets or nothing at all for the first part of the
    attack. For the second part, the responses are encrypted, but we can
    still determine which packets are challenge ACKs from the packet size,
    as with Linux. Connections can be reset by sending a RST with the
    correct sequence number.
    
    
    
    **Possible Mitigations:
    
    1. Turning reverse path filtering on
    
    Potential problem: Asynchronous routing not reliable on mobile devices,
    etc. Also, it isn’t clear that this is actually a solution since it
    appears to work in other OSes with different networking stacks. Also,
    even with reverse path filtering on strict mode, the first two parts of
    the attack can be completed, allowing the AP to make inferences about
    active connections, and we believe it may be possible to carry out the
    entire attack, but haven’t accomplished this yet.
    
    2. Bogon filtering
    
    Potential problem: Local network addresses used for vpns and local
    networks, and some nations, including Iran, use the reserved private IP
    space as part of the public space.
    
    3. Encrypted packet size and timing
    
    Since the size and number of packets allows the attacker to bypass the
    encryption provided by the VPN service, perhaps some sort of padding
    could be added to the encrypted packets to make them the same size.
    Also, since the challenge ACK per process limit allows us to determine
    if the encrypted packets are challenge ACKs, allowing the host to
    respond with equivalent-sized packets after exhausting this limit could
    prevent the attacker from making this inference.
    
    
    We have prepared a paper for publication concerning this
    vulnerability and the related implications, but intend to keep it
    embargoed until we have found a satisfactory workaround. Then we will
    report the vulnerability to oss-security@lists.openwall.com. We are
    also reporting this vulnerability to the other services affected, which
    also includes: Systemd, Google, Apple, OpenVPN, and WireGuard, in
    addition to distros@vs.openwall.org for the operating systems affected.
    
    Thanks,
    
    William J. Tolley
    Beau Kujath
    Jedidiah R. Crandall
    
    Breakpointing Bad &
    University of New Mexico
    
  2. New Vulnerability Lets Attackers Hijack VPN Connections on Most UNIX Systems

    Affecting most GNU/Linux distributions, as well as FreeBSD, OpenBSD, Android, iOS and macOS systems, the new security vulnerability could allow a local attacker to determine if another user is connected to a VPN (Virtual Private Network) server and whether or not there’s an active connection to a certain website.

    The vulnerability (CVE-2019-14899) is exploitable with adjacent network access, which requires the attacker to have access to either the broadcast or collision domain of the vulnerable operating system, and lets attackers to hijack connections by injecting data into the TCP (Transmission Control Protocol) stream.

    The vulnerability has been reported to work against various popular VPN solutions, including OpenVPN, IKEv2/IPSec, as well as WireGuard, and it doesn’t matter which VPN technology is being used, thus allowing attacker to determine the type of packets being sent through the encrypted VPN tunnel.

  3. Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

    A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.

    The University of New Mexico team of William Tolley, Beau Kujath, and Jedidiah Crandall this week said they’ve discovered CVE-2019-14899, a security weakness they report to be present in “most” Linux distros, along with Android, iOS, macOS, FreeBSD, and OpenBSD. The upshot is, if exploited, encrypted VPN traffic can be potentially hijacked and disrupted by miscreants on the network.

    To pull off the attack, the US-based posse says, a hacker would need to be “network adjacent” to their target, or control an access point on the victim’s local network. Once the victim connected to their VPN, the spy would be able to, for one thing, tamper with the TCP stream to do things like inject packets into the stream.

  4. New Linux Vulnerability Lets Attackers Hijack VPN Connections

    Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

  5. New Linux Vulnerability Lets Attackers Hijack VPN Connections

    Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

    They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard.

  6. New vulnerability lets attackers sniff or hijack VPN connections

    The vulnerability — tracked as CVE-2019-14899 — resides in the networking stacks of multiple Unix-based operating systems, and more specifically, in how the operating systems reply to unexpected network packet probes.

  7. Hackers Can Hijack VPN Connections Using A New Linux Vulnerability

    Researchers have found a vulnerability on most Linux distros and *NIX devices which allow hackers to hijack the VPN connections and inject malicious data into the TCP stream.

    The security researchers found the vulnerability in most Linux distributions and operating systems such as Linux, FreeBSD, OpenBSD, macOS, iOS, and Android.

  8. Linux security flaw could let VPN connections be hacked

    The Breakpointing Bad cybersecurity research team from the University of New Mexico discovered and reported on a security flaw which could allow malicious actors to hack Virtual Private Network (VPN) connections.

    William J. Tolley, Beau Kujath, and Jedidiah R. Crandall said the flaw impacts Linux, Android, macOS and other Unix-based operating systems and could allow attackers to sniff, hijack and tamper with VPN-tunnelled connections. The vulnerability was named CVE-2019-14899, with the researchers claiming it takes advantage of how operating systems handle unexpected network probes.

  9. Linux Flaw Allows VPN Hijacking

    A number of Linux distributions, including Ubuntu, Fedora, and Debian, contain a newly discovered vulnerability that an attacker could use to determine whether an individual is using a VPN and then potentially hijack that encrypted connection.

    A research team from the University of New Mexico discovered the vulnerability and developed an attack to exploit it. The attack has some specific requirements and relies on some analysis of the traffic going to and from the target device running the VPN client. The attack is confirmed to work against WireGuard and OpenVPN, but the researchers said that the VPN a victim is using doesn’t really matter. The main prerequisite for the attack to work is for the attacker to be able to send unsolicited packets to the victim’s VPN client.

  10. New Linux vulnerability lets attackers to hijack VPN connections

    Three researchers from the University of New Mexico and Breakpointing Bad have identified vulnerability in the way Unix and Linux-based operating systems like the macOS handle the TCIP connections. Researchers believe that vulnerability can specifically affect VPN users by hijacking encrypted traffic.

  11. New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

    A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote ‘network adjacent attackers’ to spy on and tamper with encrypted VPN connections.
    The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams.
    Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed.
    This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim’s network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted.

  12. VPN Bug Affects “Most” Linux Distros

    A team of security researchers from the University of New Mexico has disclosed a new vulnerability that could allow attackers to probe devices and determine various details about the VPN (Virtual Private Network) connection status of a user.

    The security vulnerability (CVE-2019-14899) appears to affect most GNU/Linux distributions, besides FreeBSD, OpenBSD, Android, iOS and macOS systems. William J. Tolley, one of the security researchers, explained in a post that the vulnerability could let attackers to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and also sniff out whether or not there is an active connection to a given website.

  13. OpenBSD devs patch authentication bypass bug

    One of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability.

    OpenBSD allowed people access to its smtpd, ldapd, and radiusd programs – which send mail, allow access to user directories, and allow remote access to the computer system. All an attacker needed to do was enter a specific word prefixed by a hyphen as a username.

    Qualys Research Labs found four bugs in BSD Authentication, which is the code that OpenBSD uses to authenticate users. Three of them were local privilege escalation bugs, while the other, CVE-2019-19521, bypassed the authentication system altogether. According to its security advisory, BSD Authentication supports four authentication styles: password, a one-time password mechanism called S/Key, and Yubico’s YubiKey hardware token.

  14. New Linux vulnerability puts VPN connections at risk of hijacking

    Furthermore, the research team also identified the SEQ and ACK numbers from inspecting the encrypted packet size and number and managed to inject data into the TCP steam, which led to the hijacking of the connection. This means VPN technology was ineffective in preventing the attack since even encrypted packets could be assessed.

    After testing on Manjaro 18.1.1, CentOS, and Ubuntu 19, researchers discovered that the exploit was applicable to both IPv4 and IPv6. Other systems that are vulnerable to exploitation include Void Linux, Debian 10.2, Slackware 14.2, Arch 2019.5, MX Linux 19, Deepin, Fedora, Devuan, FreeBSD, and OpenBSD. They will be testing the effectiveness of the exploit against Tor as well.

  15. Attackers using Linux Vulnerability to Hijack VPN Connections
  16. Linux VPN connections can be hacked

    Insecurity experts at Breakpointing Bad have found aa new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

    The security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android.

    A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

  17. VPN connections could be hacked due to Linux security flaw

    A new vulnerability that could allow potential attackers to hijack VPN connections on affected NIX devices and inject arbitrary data payloads into IPv4 and Ipv6 TCP streams has been discovered by security researchers.

    The researchers disclosed the security flaw they detected, tracked as CVE-2019-14899, to Linux distro makers, the Linux kernel security team and to others that are impacted including systemd, Google, Apple, OpenVPN and WireGuard.

  18. Unix-like Systems Vulnerable to VPN Inferring and Hijacking Attacks

    Three researchers from Breakpointing Bad and the University of New Mexico have discovered a vulnerability that exists in Linux and Unix-like operating systems like Android and macOS. Given the tracking code “CVE-2019-14899”, the flaw resides in the routing table code and the TCP code that is present in these systems. The vulnerability allows an attacker to perform traffic analysis via clever use of encrypted DNS queries in conjunction with error messages, leading to the sniffing of open TCP connection information. The attack was discovered quite a while back, but the researchers disclosed it publicly now, and after they allowed the vendors some time to plug the holes.

  19. Researchers say VPN bug affects Linux, Unix systems
  20. Linux Bug Opens Most VPNs to Hijacking

    In a coffee-shop scenario, attackers can hijack “secure” VPN sessions of those working remotely, injecting data into their TCP streams.

    A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers.

    According to researchers at University of New Mexico and Breakpointing Bad, the bug (CVE-2019-14899), “allows…an attacker to determine if…a user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.”

  21. New vulnerability lets attackers sniff or hijack VPN connections
  22. Researchers find a new Linux vulnerability that allows attackers to sniff or hijack VPN connections

    On Wednesday, security researchers from the University of New Mexico disclosed a vulnerability impacting most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. This Linux vulnerability can be exploited by an attacker to determine if a user is connected to a VPN and to hijack VPN connections.

    The researchers shared that this security flaw tracked as CVE-2019-14899, “allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.” Additionally, attackers can determine the exact sequence and acknowledgment numbers by counting encrypted packets or by examining their size. With this information in hand, they can inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

  23. Hackers Exploit New Linux Vulnerability To Hijack VPN Connections

    The attack has been reported to work against several popular VPN solutions, including OpenVPN, IKEv2/IPSec, and WireGuard.

    However, the researchers are still testing their viability against Tor, as it works in a SOCKS layer and implements authentication and encryption that takes place in userspace.

    “It should be noted, however, that the VPN technology used does not seem to matter and we are able to make all of our inferences even though the responses from the victim are encrypted, using the size of the packets and number of packets sent (in the case of challenge ACKs, for example) to determine what kind of packets are being sent through the encrypted VPN tunnel,” clarifies the research team.

Dangerous Thinker

Posted in Quote at 12:14 pm by Dr. Roy Schestowitz

Writing non-free software is not an ethically legitimate activity, so if people who do this run into trouble, that's good! All businesses based on non-free software ought to fail, and the sooner the better.

Summary: Society oughtn’t be alarmed by people who say unusual things; it should be wary and sceptical of those corporations ever so eager to silence such people

Unitary Patent (UPC) Died Along With the Credibility of Managing IP and the Rest of the UPC Lobby

Posted in Deception, Europe, Patents at 5:55 am by Dr. Roy Schestowitz

August 2019: Managing IP as Team UPC’s Megaphone and Lobbying Front

Managing IP lying

Summary: It is pretty astounding that Team UPC (collective term for people who crafted and lobby for this illegal construct) is still telling us lies, even in the absence of underlying supportive facts, and pressure groups disguised as “news sites” latch onto anything to perpetuate an illusion of progress (even in the face of a growing number of major barriers)

THE European Patent Office (EPO) may seem quiet judging by lack of media coverage (nobody covered the outcome of the strike ballot; the fact is, five out of six voted for a strike). We’re supposed to think that António Campinos magically put an end to the Battistelli era just by virtue of coming to Munich.

EPO examiners are too smart to believe anything substantial changed (and/or for the better). The new guidelines, in effect since last month, compel examiners to grant more illegal software patents while their reward for this ‘production’ is actual reduction in renumeration. Where is the EPO going? “Collaborative Quality Improvements” (CQI), formerly known as “Team Collaboration Project,” shows that the Office isn’t really interested in examiners [1, 2]. They become more like official clerks than scientists. Their pay, their working conditions and employment benefits are accordingly gnawed away. They’re devalued as individuals and as professionals. Ask them. They’ll tell…

“EPO examiners are too smart to believe anything substantial changed (and/or for the better).”The litigation ‘industry’, on the other hand, is rather satisfied. Seeing the ‘growth’ in patents (a meaningless measure in its own right) they foresee lots of lawsuits, even frivolous ones. Seeing that ‘pesky’ courts get in their way, however (dismantling the European Patents), they still hope to remove that ‘annoying’ obstacle. They want a court that they better control with rules that they themselves drafted. That’s the UPC and the UPCA seems like a zombie document. It’s an ‘agreement’ that many people and even nations disagree on/with. Misled and bribed politicians, along with frightened and bribed press, helped Team UPC.

The litigation ‘industry’ and its lobbyists have not given up. They want us to think that UPCA being torpedoes is actually ‘great’! They say it works in their favour or to their benefit — something along the lines of celebrating the flu as a blessing in disguise, “making one stronger.”

AWA’s Niklas Mattsson and Louise Jonshammar (UPC hopefuls, based on the firm’s track record) have just published this piece (“German decision on UPC expected in early 2020″), echoing articles that said something similar about 2018, 2019 and so on. This headline is based solely on an improper telephone ‘interview’ — in a foreign language — with a judge that even the court sought to distance itself from [1, 2, 3]. We’ll come back to this in a moment. One must pay attention to the way Team UPC front group Managing IP squeezes this one ‘interview’ for weeks. They still talk about is every day. Managing IP has just spoken about “[a]n exclusive interview with Justice Huber of the German Federal Constitutional Court and the results of our survey on mental health and wellbeing were among the most read…”

“They lionise Justice Huber and shower him with praises, even fake badges and nonsense like “IP STARS”.”Managing IP is a patent zealots’ front group disguised as a “news” site. Its history when it comes to the UPC is very well documented here. They actively played a role and meddled in various ways. They met and spoke to Battistelli several times over the years. They set up pro-UPC lobbying events for the EPO. They published classic ‘fake news’ about the UPC (false predictions with no underlying source or evidence). We’ve also just noticed that over in Twitter they’re trying to ‘reward’ the judge with ‘honours’, e.g. here (there’s more). They lionise Justice Huber and shower him with praises, even fake badges and nonsense like “IP STARS”. Watch who they give these “crowns” to; it’s rather revealing. Watchtroll has just published “Gene Quinn Named One of the 50 Most Influential People in IP by Managing IP” and their list features Justice Huber (whom they elevate in Twitter). They’re also glorifying Microsoft’s Erich Andersen, who ‘reciprocates’ with a link in Twitter. Patent extortion against GNU/Linux ? Yes, reward! Chris Coons pushing for software patents and against patent justice (and courts)? Quick! Reward and special mention also!

“The people who nowadays publish their ‘reports’ could just go back to ‘uni’ and study how the patent systems actually work instead of just printing whatever law firms (which pay Managing IP) tell them to write.”Managing IP is basically a prank ‘news’ site, composed by people with no qualifications in the said area. As more writers leave (high turnover there) they hired increasingly less experienced people. We don’t want to name names here, but one can check and verify this for oneself. The people who nowadays publish their ‘reports’ could just go back to ‘uni’ and study how the patent systems actually work instead of just printing whatever law firms (which pay Managing IP) tell them to write.

So anyway, going back to AWA’s Niklas Mattsson and Louise Jonshammar, here’s what they say: (the firm apparently promoted this for a fee)

In an interview with IP industry publication Managing IP, Justice Huber of the German Federal Constitutional Court stated that the UK’s decision to leave the EU was of no concern to him and that, depending on the time it takes him and the other judges to deliberate, it is his intention for the Court to issue a decision on the complaint against German ratification of the Unified Patent Court Agreement (UPCA) in early 2020.

However, any decision from the German Federal Constitutional Court may still be delayed as the Justice Ministry previously expressed in a letter that the government will not ratify the UPCA until the implications of Brexit are clear.

Moreover, the court itself distanced itself from this inadequate ‘interview’, made memorable by use of words like “bullshit”. Why did a judge speak to a pressure group? Because he was pressured?

“Germany needs patent reform badly. The German patent litigation system is not just broken: it was ill-conceived and it’s been prone to abuse all along,” argues Florian Müller this month (days ago), stressing in his headline that “it would be unconstitutional in other countries” [1].

“This thing was ‘constructed’ (in a conspiratorial fashion) by law firms from France, Germany, and the UK (some of them have branches in several if not all of these countries).”“UPC will heavily influenced by Germans and their broken patent system, which favour patent trolls and is out of reach for SMEs,” Benjamin Henrion said about this article yesterday, followed by the hashtags #upc #germany and #trolls (seems apt). He has meanwhile also noted: “Unitary Software Patents ratification coming to Brussels Parliament, when do we get an opinion from the Belgian Constitutional Court about making adhoc rules of procedure for a court, which is against ECHR art6, justice made by LAW…”

He mentioned this to me yesterday and I told him that Brussels doesn’t matter to it; nobody expected Brussels (EU) to be the source of resistance, unlike the Spaniards, Czechs, Hungarians, Poles and so on. This thing was ‘constructed’ (in a conspiratorial fashion) by law firms from France, Germany, and the UK (some of them have branches in several if not all of these countries). Brussels is being an extension of EU authorities here, i.e. German/French Eurocrats.

“The EPO is not at all for SMEs!!! Leaks prove otherwise, as do basic sanity checks and scholarly work.”Suffice to say, those law firms don’t know or care about SMEs. They just don’t. They constantly lie about SMEs, as does the EPO. The EPO released several more tweets about “SMEs” this past week, a little #IPforSMEs fluff and then some more about #IPforSMEs (we’ll spare readers the shallow and repetitive content of these “tweets”). We’ve seen this more than once a day an average (used to be once in a couple of days or thereabouts, so it is increasing in frequency). Here’s some more tweeting about “SMEs”: “Up to two-thirds of inventions developed by SMEs & protected by European #patents are commercially exploited – around half exclusively by the SME itself & half with a partner, usually from another European country.”

That’s a rather meaningless and intentionally misleading bit of statistics. One might wrongly interpret that as two-thirds of SMEs being in favour of the status quo. The EPO together with the EUIPO recently released equally ridiculous claims. Causations and correlations get played like fire.

The EPO is not at all for SMEs!!! Leaks prove otherwise, as do basic sanity checks and scholarly work.

Yesterday the EPO tweeted: “Regular searches in #patent databases allow companies to monitor competitors and reveal opportunities for future innovations.”

“These are universal realities when it comes to the patent systems and that’s not unique to Europe.”“That also makes them liable with treble damages (willful infringement),” I responded, “but you leave that inconvenient fact out, don’t you? #IPforSMEs hashtag a total misfit here.”

“Even if you are not obliged to appoint a professional representative when applying for a #patent,” the EPO also tweeted yesterday, “it may still be helpful to consult one.”

“Very expensive and small businesses haven’t in-house ones,” I responded, “so they wind up wasting a fortune on advice from disloyal (external) people…”

These are universal realities when it comes to the patent systems and that’s not unique to Europe. Also check (based on publicly available data) what proportion of patents goes to SMEs.

“Also check (based on publicly available data) what proportion of patents goes to SMEs.”UPC would further damage SMEs, which barely if at all operate outside their home country and thus have a lot more to lose than to gain from multinational litigation.

Over at Kluwer Patent Blog (comments) Richard Gillespie wrote: “I find it surprising that the UPC has attracted so much more attention than the four EPO-related cases before the BVerfG – the result of these cases could have a far greater impact on out profession than the UPC-related case.”

And “Concerned observer” responded:

In my view, the answer to your question is that, in a large part, this is due to complacency that is based upon the assumption that the BVerfG will hesitate to reach a conclusion that could force Germany to exit such a long-established (and deeply embedded) international treaty as the EPC.

There may well be an element of truth in that assumption. However, whilst I do not claim any familiarity with constitutional law in Germany, it appears to me that another possible outcome is that the BVerfG’s ruling requires the German government to negotiate amendments to the EPC … which amendments could have significant effects. For this reason alone, I believe that it would be unwise to assume that none of the complaints in the EPO-related cases will be upheld.

Moreover, we already have examples of the independence of the EPO’s “judiciary” being compromised (in the Corcoran case, twice). Also, the Enlarged Board of Appeal is currently pondering a case (G 3/19) where the eventual ruling will provide direct evidence on the question of whether the EBA remains truly independent of the EPO’s President and Administrative Council. Given the (potential) breaches of the rule of law at the EPO in these cases, it seems to me that the BVerfG could well be justified in upholding at least some of the constitutional complaints relating to the EPO. Whether they will go as far as finding the current structure of the EPO unconstitutional remains to be seen … but it appears that there is no room for complacency on this point.

“Thanks for the reply,” Richard Gillespie later responded, “I think your [sic] right on this.”

“Concerned observer” later added:

I have been waiting years now for a plausible answer to the even more fundamental question of how the UPC can simultaneously meet the requirements of Article 267 TFEU (where preliminary references are only admissible if they are made by a “court or tribunal OF a Member State”) whilst being based upon an Agreement that allegedly establishes an INTERNATIONAL court (which permits the participation of a non-Member State).

Given the speed with which arguments have been generated by the UPC’s proponents on other points of law that threaten the viability of the UPC project, I believe that the long period over which not even a remotely plausible answer to this question has been provided can now be taken as strong evidence of the non-existence of any such answer. However it is evident that even non-compliance with EU law (ie the creation of a court that would destroy the integrity of the EU’s legal order) is no deterrent to those seeking to make the UPC a fait accompli.

My guess is that the proponents of the UPC are envisaging a situation in which the CJEU will keep the show on the road by delivering a judgement that, no matter how unconvincingly, glosses over the fundamental incompatibilities between the Agreement and EU law. Sadly, such a travesty is not as implausible as it ought to be. This is because there is evidence that, where there is enough political will, even immovable legal obstacles can be overcome (think, for example, of the decision of the Supreme Court of the Netherlands which ruled that recourse to ILO AT – which only accepts after the fact complaints from individuals – is an adequate recourse for those seeking to exercise their right to COLLECTIVE bargaining).

With this in mind, perhaps the most important question to answer here is why are the proponents of the UPC so seemingly confident that the political will is there to push their pet project over what should (for the sake of maintaining the integrity of the EU’s legal order) be an insurmountable obstacle? In other words, how can they be so confident that the politicians will support their project no matter what untold damage it might cause?

This is one of those cases where both the articles and all the comments are reasonable. Team UPC is more or less ‘shut out’ of this discussion, so there’s clarity, honesty, and common sense, not blind jingoism and lies (like whatever we see from AWA and Managing IP).

The above was only mentioned and quoted selectively by Team UPC. We supposed they don’t really want people to see it.

“Team UPC is more or less ‘shut out’ of this discussion, so there’s clarity, honesty, and common sense, not blind jingoism and lies (like whatever we see from AWA and Managing IP).”As a side (but nonetheless important) note, Henrion has taken some time off work to fight the UPC or will do so very soon.

They might rename (again) the UPC and retry for the next 10 years. We need to keep watching. “We need to go on campaign mode against to defeat the Unitary Patent monster,” Henrion explained. “Will take some days off to make an urgent plan of attack #swpat #upc #smes”

“Imagine the public reaction if Anthony Joshua claimed that his loss to Andy Ruiz II earlier this year was actually a “good” thing because of the ‘rematch’.”We don’t quite share his alarmist tone. We think that UPC died more than 2 years ago and those who still entertain it are “playing with the corpse” (as the saying goes). Henrion points to this page of feedback on EU policy that reveals patent trolls and their front groups (and law firms, e.g. Team UPC lobbyists). “Full of patent trolls here,” Henrion said, but yes, it’s hardly surprising. This is what we’ve been seeing for years and this is why UPC managed to get as far as it had (until its death). We’re not particularly concerned about the UPC anymore, seeing that its loudest proponents take very early retirement, IAM quit talking about it (almost), and the ringleader Ramsey has the audacity to say that all these setbacks are actually “good” (as if a loss is actually a win). “Failure is success if we learn from it,” Malcolm Forbes said. But what was learned by Team UPC? Nothing. Imagine the public reaction if Anthony Joshua claimed that his loss to Andy Ruiz II earlier this year was actually a “good” thing because of the ‘rematch’.

Related/contextual items from the news:

  1. Injustice is a built-in feature of Germany’s bifurcated patent litigation system — it would be unconstitutional in other countries

    I am presently researching the most appalling miscarriage of justice that ever occurred in a German patent case: dozens of people lost their jobs over a patent–held by a publicly-traded U.S. corporation–that later got invalidated by the Federal Patent Court of Germany (a problem commonly referred to as the “injunction gap”). That patent-in-suit is either (if construed broadly) clearly invalid or (if construed narrowly) not infringed by the accused product, but could not reasonably be held valid and infringed at the same time. The case raises questions not only about the outcome but also about the reasoning and the circumstances that led to it. There’s even a secondary question that reminds me of why Federal Circuit Chief Judge Rader resigned. But as the issues are so very serious, and the fallout from the facts being published might be massive and lasting, I’m making every humanly possible effort to analyze the matter with utmost diligence. That’s why it’s too early to provide names, but when the time is right, I will. The case number contains “39.” Interestingly, the presiding judge of the appellate panel that made the related decision mentioned it in passing last month, in a conspicuously defensive way, and the audience had no idea why he made a reference to a case they hadn’t ever heard of…

    Germany needs patent reform badly. The German patent litigation system is not just broken: it was ill-conceived and it’s been prone to abuse all along, but abuse has become so rampant that the time is ripe for change. The situation is unsustainable, and the system doesn’t really deliver justice.

    Right now there’s only one leading German patent infringement court of first instance that I believe does a stellar job under the circumstances, and that’s the Landgericht Mannheim (Mannheim Regional Court). Many years ago I thought the court was too plaintiff-friendly, but by now it’s my favorite one. To a far greater extent than their counterparts in other German venues, the Mannheim judges–whose understanding of technical issue is unsurpassed–have realized just how irresponsible it is to let patent holders enforce invalid patents all the time. In Mannheim, there are judges who deserve an honorary doctorate in (at least) radio frequency electronics and have the expertise to figure out when a patent is likely invalid as granted, coupled with the backbone to stay such cases (while we’re on this subject, I found out they recently also stayed one Broadcom lawsuit against BMW and one against Daimler, both over non-standard-essential patents). It will be interesting to see how they address the issue of component-level licensing in Nokia’s automotive SEP cases.

IRC Proceedings: Friday, December 06, 2019

Posted in IRC Logs at 2:02 am by Needs Sunlight

GNOME Gedit

GNOME Gedit

#techrights log

#boycottnovell log

GNOME Gedit

GNOME Gedit

#boycottnovell-social log

#techbytes log

Enter the IRC channels now

Links 7/12/2019: Fedora 31 Elections Results, Lots of Media Drama Over VPN Bug

Posted in News Roundup at 12:52 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Goodbye Error 83: You Can Now Stream Disney Plus on Linux Devices

        Prior to Disney+ launching, there was some speculation that the service wouldn’t work on Chromebook or Linux Devices. Those streaming on certain devices during the test in the Netherlands received an Error 83 which meant a “device compatibility issue.” This was a result of how Disney+ handled Widevine DRM and the fact that Disney+ required a higher level of security than other streaming services like Netflix and Hulu.

        While Disney was able to add Chromebook support ahead of launch (which is good because, you get 3 free months when you buy one), some Linux devices still did not support the streaming service. But now, according to many Linux users, earlier this week that changed.

      • Arm Server CPUs: You Can Now Buy Ampere’s eMAG in a Workstation

        Avantek offers the system with three optional graphics cards: AMD FirePro W2100, a Radeon Pro WX 5100, and the NVIDIA Quadro GV100. OS options are variants of Linux: Ubuntu, CentOS, SUSE SLES, and openSUSE.

    • Server

      • When you’re in the release team, you’re family: the Kubernetes 1.16 release interview

        It is a pleasure to co-host the weekly Kubernetes Podcast from Google with Adam Glick. We get to talk to friends old and new from the community, as well as give people a download on the Cloud Native news every week.

        It was also a pleasure to see Lachlan Evenson, the release manager for Kubernetes 1.16, win the CNCF “Top Ambassador” award at KubeCon. We talked with Lachie when 1.16 was released, and as is becoming a tradition, we are delighted to share an abridged version of that interview with the readers of the Kubernetes Blog.

        If you’re paying attention to the release calendar, you’ll see 1.17 is due out soon. Subscribe to our show in your favourite podcast player for another release interview!

      • IBM

        • Containers and Kubernetes can be essential to a hybrid cloud computing strategy

          Hybrid cloud is gaining ground among enterprises that want to expand computing resources with public cloud infrastructure while still using their on-premise, data center environments. Adding public cloud can mean more elasticity, scalability, and even faster time to market. But if you want to improve the chances that your hybrid cloud can deliver on its promise, you need to think about adding containers to the mix.

          Linux containers provide a way to encapsulate application code in a way that makes the code more portable and faster to deploy. More and more organizations are using containers as part of the infrastructure for microservices-based, cloud-native applications.

          Containers can be portable across environments such as Red Hat OpenShift Container Platform and consistent, so they can speed application delivery times and make it easier for teams to collaborate, even if those teams are working in different deployment environments. And they can serve as a bridge between your data center and public cloud environments.

        • Systemd-homed Looks Like It Will Merged Soon For systemd 245

          Announced back in September at the All Systems Go event in Berlin was systemd-homed as a new effort to improve home directory handling. Systemd-homed wants to make it easier to migrate home directories, ensure all user data is self-contained, unify user-password and encryption handling, and provide other modern takes on home/user directory functionality. That code is expected to soon land in systemd.

          Systemd-homed was talked about by Lennart as being ready for versions 244 or 245. Now that systemd 244 shipped at the end of November, systemd-homed is looking like it will soon land in Git.

        • Understanding Red Hat AMQ Streams components for OpenShift and Kubernetes: Part 3

          In the previous articles in this series, we first covered the basics of Red Hat AMQ Streams on OpenShift and then showed how to set up Kafka Connect, a Kafka Bridge, and Kafka Mirror Maker.

        • What personality trait most defines a sysadmin?

          When you think of a system administrator, who do you think of?

          Chances are, most of us have taken a Myers-Briggs Type Indicator (MBTI) test at some point in our careers. For me, my results typically come up as INTJ, and I’ve always thought the traits associated with that type (introversion, intuition, thinking, judging) have aligned with my interest in technology and the kind of work I enjoy.

          But that doesn’t mean that those are the only characteristics that make a good sysadmin. Far from it. A successful team is made up of a diversity of skills, viewpoints, and personal characteristics.

        • How to identify a strong sysadmin job applicant

          When a company looks for new resources with skills in a specific focus area—especially in IT—the challenge is on. Why? Because only a few in the company, if any, have even a vague notion of how to verify the skills they are looking for. The work of a system administrator is a key function, and if it goes wrong, the very existence of the company is at stake (something I’ve been unfortunate to witness when called in on an emergency rescue effort).

    • Audiocasts/Shows

      • 2019-12-06 | Linux Headlines

        The W3C puts forward WebAssembly as an official standard, Azure Sphere gains support for Ubuntu developers, CodeWeek reports back in with this year’s results, and Manjaro has some exciting news for PinePhone backers.

      • Playing “Teeny Titans 2″

        I love “Teen Titans GO,” even if I am a grown up adult human male with teenagers. So, when I saw this in my Play Store suggested list, I could not resist. I mean, come on! So, I downloaded it, installed it, and began playing.

      • Destination Linux 150 – Librem 5, Zorin OS, Private Internet Access, UBports, Fedora, Bitwarden

        Topics covered in this episode:

        ZorinOS Privacy Concerns
        Ubuntu Touch Runs On Raspberry Pi
        Librem 5 Birch Has Shipped
        Fedora Users Concerned GNOME Software Proprietary Software
        Linux Powered Handheld Returns

      • Linux Apps I Use Daily

        In this video, I go over all the Linux distributions and apps that I use every single day. I could not imagine my life without any of this software.

      • 411 DevSecOps: Karthik Gaekwad | Jupiter Extras 37

        Ell and Wes sit down with Karthik Gaekwad to sort through the buzzword bingo and explain what DevSecOps is, what it isn’t, and why security should be part of the full lifecycle of your apps.

      • Imaginary Turkey | User Error 80

        Talking to ourselves, delicious family meals, and the complexities of modern work.

        Plus inexpensive acquisitions, the price we put on security, and popey refusing to answer the simplest of questions.

      • LHS Episode #315: The Weekender XXXVIII

        It’s time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we’re doing. We’d love to hear from you.

    • Kernel Space

      • A General Notification Queue Was Pushed Back From Linux 5.5 Introduction

        Red Hat has been working on a “general notification queue” that is built off the Linux kernel’s pipe code and will notify the user-space of events like key/keyring changes, block layer events like disk errors, USB attach/remove events, and other notifications without user-space having to continually poll kernel interfaces. This general notification queue was proposed for Linux 5.5 but has been pushed back to at least 5.6.

        This Linux kernel general notification queue builds off a standard pipe and allows user-space applications to efficiently become aware of changes to block devices (disks), keys, USB subsystem happenings, and other possible events. The proposed documentation spells out more of the planned functionality and behavior.

      • Graphics Stack

        • NVIDIA presenting a talk at GTC 2020 about Linux drivers and possibly some open source news

          Both AMD and Intel already have their drivers open, with developers paid to work on them and so perhaps NVIDIA will finally follow along? Stranger things have happened, so I wouldn’t completely count NVIDIA out on that, although I’m not expecting them to make such a big shift. What do you think they’re planning?

          GTC is being hosted in San Jose, California and runs from March 23 – 26, 2020. The talk doesn’t seem to have a set time or date yet.

    • Benchmarks

      • RadeonSI NIR Benchmarks Show Great Progress With Mesa 20.0

        With AMD last week having enabled OpenGL 4.6 for their RadeonSI OpenGL Linux driver when enabling the NIR intermediate representation support, you may be wondering how using NIR is stacking up these days compared to the default TGSI route. Here are some benchmarks on Polaris, Vega, and Navi for comparing this driver option that ultimately allows OpenGL 4.6 to be flipped on.

        NIR is the modern intermediate representation used by a majority of Mesa drivers now in some capacity as an alternative to the likes of TGSI as what had been the default IR for Gallium3D drivers. With RadeonSI they have been transitioning to NIR since that has been the growing trend of these open-source drivers for sharing IR optimizations and the like. As well, NIR is being wired up in order to re-use some code-paths used currently by the “RADV” Radeon Vulkan driver to share some of the SPIR-V work that was needed in order for RadeonSI to have OpenGL 4.6 support. Like on the Intel side when they crossed the OpenGL 4.6 milestone recently, the big blocker to GL 4.6 on these drivers was handling SPIR-V ingestion with GL_ARB_gl_spirv / GL_ARB_spirv_extensions.

    • Applications

      • Terminal File Manager nnn Adds Session Management, Rclone Cloud Storage Integration

        nnn is a very fast file manager created to work seamlessly with desktop environments and GUI utilities. The ncurses based keyboard-driven terminal application should run smoothly on the Raspberry Pi, Termux on Android, Linux, macOS, BSD, Cygwin and WSL.

        Besides basic file manager features (with tabs/contexts, bookmarks, search, and so on), the tool also various handy utilities like a disk usage analyzer (block/apparent), a fuzzy application launcher, batch renamer, and more. It’s also extensible via a plugin system, and comes with many built-in plugins. For navigation, nnn supports navigate-as-you-type with directory auto-select. Search-as-you-type is also supported.

        Other features include SSHFS mounts support, support for navigating using the mouse, batch operations on selections, multiple sorting options and a lot more.

      • A 25K commit gift

        The other day we celebrated curl reaching 25,000 commits, and just days later I received the following gift in the mail.

      • curl speaks etag

        That’s a quote from the mozilla ETag documentation. The header is defined in RFC 7232.

        In short, a server can include this header when it responds with a resource, and in subsequent requests when a client wants to get an updated version of that document it sends back the same ETag and says “please give me a new version if it doesn’t match this ETag anymore”. The server will then respond with a 304 if there’s nothing new to return.

        It is a better way than modification time stamp to identify a specific resource version on the server.

    • Instructionals/Technical

    • Wine or Emulation

      • Wine 5.0 Code Freeze To Begin Next Week

        As expected by Wine’s annual release cadence, next week Wine 5.0 will enter its code freeze followed by release candidates until this next stable Wine release is ready to ship around early 2020.

        Wine project leader Alexandre Julliard shared that following next week’s development release will mark the expected code freeze season for Wine 5.0. Wine 4.22 will be out one week from today and the last point by which Wine developers can land any features they want to see in this annual stable release. Following that will be weekly Wine 5.0 release candidates until the 5.0.0 release is ready to ship, likely in January or February.

    • Games

      • Aquiris Game Studio ending support for their online FPS Ballistic Overkill

        Ballistic Overkill, an easy pick up and play first-person shooter from Aquiris Game Studio is now essentially being killed off.

        In an announcement on Steam, the team noted that “supporting a game like this with frequent updates is no easy task, nor is it something cheap, especially for an independent studio like us” and they’re certainly not wrong about that. Keeping a multiplayer game going, with constant updates to keep people interested and fighting against cheaters certainly isn’t easy for a smaller team.

      • Roadwarden, an upcoming illustrated text-based exploration fantasy RPG with a Linux demo

        Roadwarden certainly grabs your attention! A game that blends together features from a ton of different genres to create a mix of an RPG, interactive fiction, adventure, exploration and a lot more. It doesn’t really fit into any clear genre.

        Somehow, I completely missed it being announced with a demo a good few months ago. Thankfully, I did notice it popping up on Steam just recently and they have a new announcement trailer:

      • Gloomy and surreal adventure game Mosaic from Krillbite Studio is out now

        Krillbite Studio, developer of the creepy Among the Sleep have released Mosaic, a dark and surreal adventure game about life in a cold overpopulated and ever-expanding city. Note: Key provided to us by GOG.com.

        I was a big fan of Among the Sleep, the story telling and the atmosphere they made with it was brilliant and to this day the ending still makes me think. With Mosaic, they’ve done quite the opposite in terms of the story. Life is hard, it can often be quite dull and Mosaic is showing it all off with a dystopian near-future setting. This is a game about adult life, how it’s often monotonous as we go through it just trying to survive. Things get a little weird though, as you expected it to with such a game.

      • The Humble Choice game bundle subscription has launched replacing Humble Monthly

        Humble Bundle have today replaced their Humble Monthly subscription service with Humble Choice, offering subscription tiers and more.

      • The Llama of Wall Street has invaded Tropico 6 in a new DLC out now, plus a free update

        Limbic Entertainment and Kalypso Media today released the first expansion to the humurous city building sim Tropico 6, along with a free update for everyone.

        Firstly, the Seguridad Social update is free for everyone who owns Tropico 6 and adds in a new Warehouse building, a sandbox map ‘Rio’, and a community-requested Social Security edict, which helps prevent in-game student and retiree NPCs from going broke. There’s also quite a healthy amount of bug fixing in this update.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Plasma Pass 1.1.0

          Plasma Pass, a Plasma applet for the Pass password manager version 1.1.0 is out.

          There’s only one bugfix, but an important one – the applet now no longer freezes during filtering, so searching for your passwords is faster and more comfortable. The new release also contains new and updated translations.

        • Plasma Mobile: weekly update: part 9-10

          Calindori, the calendar application, now offers a flat event view which allows to show all events in single card list view. The events are sorted by start date.

      • GNOME Desktop/GTK

        • GNOME 3 won’t unlock

          Every couple days something on my RHEL 7 box goes into a swapstorm and uses up all the memory. I think it’s Firefoxe, but I never figured out why, generally I have four different Firefoxes running with four different profiles, so it’s hard to tell which one’s failing (if it even is that). Anyway, sometimes it makes the screen lock crash or something, and I can’t get in, and I can never remember what process you have to kill to get back in, so here it is: gnome-shell. You have to killall -9 gnome-shell, and it lets you back in. Also killall -STOP firefox and killall -STOP “Web Content” are handy if the swapstorm is still under way.

        • LaTeX or ConTeXt for writing documents

          If I wanted to re-implement GNOME LaTeX, it would target the ConTeXt language instead. If there are any ConTeXt user reading this, I would be interested to know what application you use for writing ConTeXt documents, and what features are important to you.

        • GNOME Outreachy 2019

          The Outreachy program provides internship to work in Free and Open Source Software. This year I’ve proposed two projects as part of the GNOME project and we’ve two interns working for three months, so we’ll have a lot of improvements in the following months!

          I’ll be mentoring these interns, so I will need to spend some time helping them to work on the existing codebase, but it worth it, if this makes more people to collaborate in free software development and if this help us to improve some useful apps.

          These two projects are Fractal and the GNOME translation editor. You can take a look to the list of outreachy interns.

        • Barcelona: LAS 2019

          This November I was in Barcelona for the Linux App Summit 2019. It was awesome \o/. I really liked that the conference was a joint event by GNOME and KDE, I met so many cool new people. During the conference I volunteered to show the “time left” signs to speakers, and helped out at the registration desk.

          Aside from normal conference stuff I also managed to do quite a bit of hacking during the week. I made my first contribution to Gnome Initial Setup, and cleaned up Teleport a bit so I can hopefully get a new release out soon.

          I’m bad at taking pictures, so here’s a picture of a tree in the middle of the stairs on the slopes of Mount Montjuic.

        • Open source case prompts patent troll litigation fears

          The Gnome Foundation, an organisation that aims to develop a desktop platform based on free software, announced in October that it was being sued by NPE Rothschild Patent Imaging (RPI) for developing the Shotwell, an application for managing images.

          RPI filed its action in the Northern District of California over US patent number 9,936,086, which is allegedly infringed by Gnome’s product that, among other things, uses an image-capturing device to perform a method.

          Mike Dolan, vice president of strategic programmes at the Linux Foundation, tells Patent Strategy that open software is becoming a larger component of most software projects and is growing every year.

          Recent open source activity such as RPI suing Gnome over an open source project, he says, points to the level of indifference inherent in the litigious NPE business model.

    • Distributions

      • Screenshots/Screencasts

      • SUSE/OpenSUSE

        • openSUSE Tumbleweed – Review of the weeks 2019/48 & 49

          Once again I’m spanning two weeks; besides the normal work on getting you openSUSE Tumbleweed updated and timely delivered, the release team has been working together with the build service team to implement/stabilize the OBS-internal staging workflow. There is (should) not be any real noticeable difference for the contributors – except the new used URLs. The Factory Staging dashboard can now be found at https://build.opensuse.org/staging_workflows/1

          During the last two weeks, we have pushed out 10 Tumbleweed Snapshots (1121, 1122, 1123, 1124, 1126, 1127, 1128, 1202, 1203 and 1204) containing those changes…

      • Fedora Family

        • Fedora 31 Elections Results

          The Fedora 31 election cycle has concluded. Here are the results for each election. Congratulations to the winning candidates, and thank you all candidates for running in this election!

          Council

          One Council seat was open this election. A total of 243 ballots were cast, meaning a candidate could accumulate up to 729 votes (243 * 3).

          # votes Candidate
          520 Dennis Gilmore
          259 Alberto Rodríguez Sánchez
          237 John M. Harris, Jr.

          FESCo

          Five FESCo seats were open this election. A total of 273 ballots were cast, meaning a candidate could accumulate up to 2184 votes (273 * 8).

          # votes Candidate
          1490 Miro Hrončok
          1350 Kevin Fenzi
          1115 Zbigniew Jędrzejewski-Szmek
          879 Fabio Valentini
          877 David Cantrell
          868 Justin Forbes
          813 Randy Barlow
          534 Pete Walter

        • Fedora program update: 2019-49
      • Debian Family

        • Debian Developers Take To Voting Over Init System Diversity

          It’s been five years already since the vote to transition to systemd in Debian over Upstart while now there is the new vote that has just commenced for judging the interest in “init system diversity” and just how much Debian developers care (or not) in supporting alternatives to systemd.

          Due to Debian developers having differing opinions on handling non-systemd bugs in 2019 and the interest/commitment to supporting systemd alternatives in the scope of Debian packaging and various related friction points, they’ve taken to a new general resolution over weighing init system diversity.

      • Canonical/Ubuntu Family

        • Ubuntu Blog: Introducing the Ubuntu AWS Rolling Kernel

          The linux-aws 4.15 based kernel, which is the default kernel in the Ubuntu 18.04 LTS AMIs, is moving to a rolling kernel model.

          [...]

          The Ubuntu rolling kernel model provides the latest upstream bug fixes and performance improvements around task scheduling, I/O scheduling, networking, hypervisor guests and containers to our users. Canonical has been following this model in other cloud environments for some time now, and have found it to be an excellent way to deliver these benefits while continuing to provide LTS level stability.

        • Ubuntu Podcast from the UK LoCo: S12E35 – Feud

          This week we’ve been talking to the BBC about Thinkpads and Ubuntu goes Pro. We round up the news from the Ubuntu community and discuss our picks from the wider tech news.

          It’s Season 12 Episode 35 of the Ubuntu Podcast! Alan Pope and Martin Wimpress are connected and speaking to your brain.

        • The State of Robotics – November 2019

          November, for robotics, was a good month. We’re seeing new things develop, current projects finish and more cute animals in our future. So who can complain? The news we’re covering here are things that have crossed our path and that we’ve found interesting. If you have suggestions for next months post or your own projects you would like us to highlight, don’t hesitate to get in touch. Send an email and a brief summary to robotics.community@canonical.com and we can start the discussion. As ever we want this to be a highlight reel for cool robot stuff because we like cool robot stuff. Happy December everyone.

        • Simplifying hardware management during Linux development

          Every few months we release a Snapcraft update, with improvements to both Linux development, and snap user experience. Last week, we released Snapcraft 3.9, and this blog post will focus on the remote build feature that is now a fully accessible preview.

          Let’s dig deeper into why you need to try remote build, and how you can use it today.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Ardour Digital Audio Workstation Finally Adds Native MP3 Importing Support

        While lossy compression audio formats like MP3 are not recommended for use within professional audio tasks, for those using the open-source Ardour digital audio workstation (DAW) software as of today there is finally native MP3 import support.

        Obviously it’s better working with lossless audio formats as source material for Ardour and other digital audio workstation software suites, but given how common MP3 content is, there certainly is relevance to being able to import MP3s into DAWs. But historically due to licensing/patent issues, MP3 support within Ardour hasn’t been possible — thus leading to common complaints/questions by users over the years.

      • Certbot Leaves Beta with the Release of 1.0

        Earlier this week EFF released Certbot 1.0, the latest version of our free, open source tool that helps websites encrypt their traffic. The release of 1.0 is a significant milestone for the project and is the culmination of the work done over the past few years by EFF and hundreds of open source contributors from around the world.

        Certbot was first released in 2015 to automate the process of configuring and maintaining HTTPS encryption for site administrators by obtaining and deploying certificates from Let’s Encrypt. Since its initial launch, many features have been added, including beta support for Windows, automatic nginx configuration, and support for over a dozen DNS providers for domain validation.

      • Open Repos provides code metrics on open source projects

        GitClear is offering Open Repos as a free product, though it is not open source. GitClear’s paid product offers many of the same insights and more. Long-term plans include allowing projects to embed an Open Repos view of a project in their site, and “improving data quality before adding features.”

      • Productivity Software/LibreOffice/Calligra

        • Improvements in LibreOffice’s PowerPoint presentation support

          LibreOffice’s native file format is OpenDocument, a fully open and standardised format that’s great for sharing documents and long-term data storage. Of course, LibreOffice does its best to open files made by other office software as well, even if they’re stored in pseudo-“standards” with cryptic and obfuscated contents. Compatibility with PowerPoint PPT(X) presentations is therefore a challenge, but developers are working hard on improvements…

          A few months ago, we announced an initiative to improve the support of PPT and PPTX files in LibreOffice. Lots of great work happened since then and the results are collected below!

      • CMS

        • People of WordPress: Jill Binder

          Jill Binder never meant to become an activist. She insists it was an accident.

          Despite that, Jill has led the Diversity Outreach Speaker Training working group in the WordPress Community team since 2017. This group is dedicated to increasing the number of women and other underrepresented groups who are stepping up to become speakers at WordPress Meetups, WordCamps, and events.

          [...]

          The following year her internship advisor, who had become a client, was creating the first ever BuddyCamp for BuddyPress. He asked Jill to be on his organizing team. At that event she also moderated a panel with Matt Mullenweg. Then, Jill was invited to be on the core organizing team for WordCamp Vancouver.

          Part of this role meant reviewing and selecting speakers. From 40 speaker applications the team had to pick only 14 to speak.

      • FSF

        • GNU Projects

          • GNU Guile 2.9.6 (beta) released

            We are delighted to announce GNU Guile 2.9.6, the sixth beta release in preparation for the upcoming 3.0 stable series. See the release announcement for full details and a download link.

            This release fixes bugs caught by users of the previous 2.9.5 prerelease, and adds some optimizations as well as a guile-3 feature for cond-expand.

          • GCC 10′s C++20 “Spaceship Operator” Support Appears To Be In Good Shape

            The C++20 spaceship operator support was merged in early November for GCC 10. The commits this week meanwhile allow the operator to be used with std::pair and std::array, among other related commits in recent weeks.

            See the GCC C++ status page for the state of C++20/C++2A with GCC 10. Most C++20 functionality is already in place even on GCC 8/9 but some pieces remain around atomic compare-and-exchange with padding bits, modules support, coroutines, using enum, and more implicit moves.
            14 Comments

      • Programming/Development

        • A beginner’s guide to using Vagrant

          Vagrant describes itself as “a tool for building and managing virtual machine environments in a single workflow. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases production parity, and makes the ‘works on my machine’ excuse a relic of the past.”

        • Convert CSV to JSON with miller
        • Android’s commitment to Kotlin

          When we announced Kotlin as a supported language for Android, there was a tremendous amount of excitement among developers. Since then, there has been a steady increase in the number of developers using Kotlin. Today, we’re proud to say nearly 60% of the top 1,000 Android apps contain Kotlin code, with more and more Android developers introducing safer and more concise code using Kotlin.

          During this year’s I/O, we announced that Android development will be Kotlin-first, and we’ve stood by that commitment. This is one of the reasons why Android is the gold partner for this year’s KotlinConf.

        • Google Reaffirms Commitment To Kotlin Programming Language For Android

          Google is continuing to embrace Kotlin programming for Android, making more Android APIs accessible by Kotlin, Jetpack Compose as a UI toolkit catered to Kotlin, and Kotlin extensions for more Google libraries. Google is also working to offer more Kotlin + Android learning material, working with JetBrains on improving the Kotlin code compiler, speeding up the build time of Kotlin code, and other improvements.

        • Python

          • New Project, Who Dis? – Building SaaS #38

            In this episode, we started a brand new project! I had some internet troubles so this “stream” is actually a local recording from my computer. We created a new Django project from scratch and set up Heroku to handle deployments.

            In spite of the streaming trouble, we were able to get a bunch done. We started the project from scratch so we made a repository on GitHub with some .gitignore settings tailored for Python projects.

          • RunSnakeRun for Python3 Out

            So I finally pushed out the Python3/wxPython Pheonix compatible release of RunSnakeRun. The Python3 version has to run Python2 in order to load Python2 pstats dumps, and Meliae doesn’t AFAIK support Python3 yet, so I expect I’ll just drop support for it eventually. The code is now living on GitHub rather than Launchpad.

          • Angular 9 CRUD Tutorial: Consume a Python/Django CRUD REST API

            This tutorial is designed for developers that want to use Angular 9 to build front-end apps for their back-end REST APIs. You can either use Python & Django as the backend or use JSON-Server to mock the API if you don’t want to deal with Python. We’ll be showing both ways in this tutorial.

          • Django: Angular 9/8 Tutorial By Example: REST CRUD APIs & HTTP GET Requests with HttpClient

            In this Angular 9 tutorial, we’ll learn to build an Angular 9 CRUD example application going through all the required steps from creating/simulating a REST API, scaffolding a new project, setting up the essential APIs, and finally building and deploying your final application to the cloud.

          • Comparing equivalent Python statements

            While teaching one of my Python classes yesterday I noticed a conditional expression which can be written in several ways. All of these are equivalent in their behavior…

          • Serving Files with Python’s SimpleHTTPServer Module

            Servers are computer software or hardware that processes requests and deliver data to a client over a network. Various types of servers exist, with the most common ones being web servers, database servers, application servers, and transaction servers.

            Widely used web servers such as Apache, Monkey, and Jigsaw are quite time-consuming to set up when testing out simple projects and a developer’s focus is shifted from producing application logic to setting up a server.

            Python’s SimpleHTTPServer module is a useful and straightforward tool that developers can use for a number of use-cases, with the main one being that it is a quick way to serve files from a directory.

            It eliminates the laborious process associated with installing and implementing the available cross-platform web servers.

            Note: While SimpleHTTPServer is a great way to easily serve files from a directory, it shouldn’t be used in a production environment. According to the official Python docs, it “only implements basic security checks.”

      • Standards/Consortia

        • Mint: Late-Stage Adversarial Interoperability Demonstrates What We Had (And What We Lost)

          In 2006, Aaron Patzer founded Mint. Patzer had grown up in the city of Evansville, Indiana—a place he described as “small, without much economic opportunity”—but had created a successful business building websites. He kept up the business through college and grad school and invested his profits in stocks and other assets, leading to a minor obsession with personal finance that saw him devoting hours every Saturday morning to manually tracking every penny he’d spent that week, transcribing his receipts into Microsoft Money and Quicken.

          Patzer was frustrated with the amount of manual work it took to track his finances with these tools, which at the time weren’t smart enough to automatically categorize “Chevron” under fuel or “Safeway” under groceries. So he conceived on an ingenious hack: he wrote a program that would automatically look up every business name he entered into the online version of the Yellow Pages—constraining the search using the area code in the business’s phone number so it would only consider local merchants—and use the Yellow Pages’ own categories to populate the “category” field in his financial tracking tools.

  • Leftovers

    • In memoriam: D. C. Fontana, the creator of Mr. Spock from Star Trek

      Kat readers younger than I will have come to know the original series through broadcast syndication and, later, via internet access. Whatever the medium, for many, one character stood out, Starfleet officer Spock, as portrayed by Leonard Nimoy.

      The son of a human mother and a Vulcan father, Spock embodied the tension between the emotional (his human side) and the analytical (his Vulcan side), a dichotomy that reaches back to the foundations of the Western philosophical tradition, and which sets the tone for the series.

      [...]

      One wonders to what extent her gender influenced the ultimate decision how to credit her contribution. Indeed, her preference for “D.C. Fontana” over “Dorothy” (or “Dorothy Catherine”) might have been a concession to the challenge of being identified as a woman. Also, in the third season, she worked as a freelance scriptwriter and was credited as Michael Richards.

      Fontana went on to have a distinguished career as a script writer in several genres (including westerns), as well as a producer and novelist. In the words of her husband—
      She was a very, very tough lady. She carried a phaser with her right to the end.
      But it was for her work on Star Trek and the development of the Spock character that she will likely be best remembered. In doing so, as The New York Times reported, Fontana realized only later to what extent-
      she had gone where no woman had gone before.

    • Health/Nutrition

      • The Big Deal in Warren’s Prescription Drug Plan

        Earlier this month, Senator Warren put out a set of steps that she would put forward as president as part of a transition to Medicare for All. The items that got the most attention were including everyone over age 50 and under age 18 in Medicare, and providing people of all ages with the option to buy into the program. This buy-in would include large subsidies, and people with incomes of less than 200 percent of the poverty level would be able to enter the Medicare program at no cost.

      • Donald Trump, the US Private Health Giant, and Top NHS Officials—Special Relationships?

        In the UK, we have a simple take on the US healthcare system as a for-profit, private system that fleeces its customers and fails the poor.But here’s the secret: the US has its own ‘mini NHS’. Smaller than the UK’s system, but still a government funded, (mostly) publicly-run system that serves people according to their need.

      • Catholic Ban on Contraception Is Driving Doctors to Fabricate Diagnoses

        “I don’t know how else to put it, except that people lied all the time.”

      • As Abortion Access Dwindles, App Offers Safe and Discreet Options

        Each year, 25 million unsafe abortions are performed around the world. The rate of unsafe abortions is higher where access to skilled providers and effective contraception is limited or unavailable, or where sexual education is lacking.

      • Avicii Tribute Concert to Be Streamed to Raise Mental Health Awareness

        The Avicii tribute concert was live-streamed on YouTube, Facebook, and Instagram. Tickets to the concert sold out instantly, and proceeds will go to raising mental health awareness.

      • Don’t Look, Don’t See: Time for Honest Media Reporting on Impacts of Pesticides

        The UK-based Independent online newspaper recently published an article about a potential link between air pollution from vehicles and glaucoma. It stated that according to a new study air pollution is linked to the eye condition that causes blindness.

      • Trump Administration Considering Reduction in Biologics Exclusivity Period

        On Monday, The Wall Street Journal reported that the Trump administration is considering reducing the 12-year data exclusivity period for biologic drugs set forth in the Biologics Price Competition and Innovation Act (BPCIA) to ten years. According to The Wall Street Journal, the Trump administration is considering the change in order to persuade Democrats to support the U.S.-Mexico-Canada Agreement (USMCA), a replacement for the North American Free Trade Agreement (NAFTA), that the administration negotiated last year. The USMCA would establish at least a 10-year data exclusivity period for biologic drugs, which would double the exclusivity period in Mexico and increase the exclusivity period in Canada by two years.

    • Integrity/Availability

      • Proprietary

        • Former Oracle product manager says he was forced out for refusing to deceive customers. Now he’s suing the biz

          A former Oracle employee filed a lawsuit against the database giant on Tuesday claiming that he was forced out for refusing to lie about the functionality of the company’s software.

          The civil complaint [PDF], filed on behalf of plaintiff Tayo Daramola in US District Court in San Francisco, contends that Oracle violated whistleblower protections under the Sarbanes-Oxley Act and the Dodd-Frank Act, the RICO Act, and the California Labor Code.

          According to the court filing, Daramola, a resident of Montreal, Canada, worked for Oracle’s NetSuite division from November 30, 2016 through October 13, 2017. He served as a project manager for an Oracle cloud service known as the Cloud Campus BookStore initiative and dealt with US customers. Campus bookstores, along with ad agencies, and apparel companies are among the market segments targeted by Oracle and NetSuite.

          Daramola’s clients are said to have included the University of Washington, the University of Oregon, the University of Texas at Austin, Brigham Young University and the University of Southern California.

          The problem, according to the complaint, is that Oracle was asking Daramola to sell vaporware – a charge the company denies.

          “Daramola gradually became aware that a large percentage of the major projects to which he was assigned were in ‘escalation’ status with customers because Oracle had sold his customers software products it could not deliver, and that were not functional,” the complaint says.

        • Canonical makes Ubuntu for Windows SubSystem for Linux a priority [Ed: GNU/Linux volunteers worked hard to make an alternative to Windows and now comes Ubuntu helping Microsoft make it just an “app” or a “feature” of Windows, with Windows-only “extensions”]

          Ubuntu was the first Linux supported by WSL on Windows 10. Since then, many other Linux distros have appeared on WSL. These include Debian, Fedora, Kali, openSUSE, and SUSE Linux Enterprise Server (SLES), and the WSL-specific distribution, PengWin. Now, from a recent Canonical job advertisement, we know Ubuntu’s founding company wants to be the leading WSL Linux.

        • Still in preview, but look! You can now develop Azure Sphere apps in Linux – if you dare [Ed: Several Microsoft lies packed into one article, even the feature image, and they help googlebomb "Linux" to sell proprietary software of Microsoft]

          Ominously, Microsoft warns that “your success using different distributions may vary”, so Ubuntu it is then. This is preview stuff after all.

        • OAS Expands Its Platform Compatibility with Runtime Support for Linux

          Open Automation Software, a well-established IoT Automation Company, has further expanded its platform compatibility with runtime support for Linux. With this recent development, the company aims to offer superior services to customers who have mixed platform environments. Over the years, Open Automation Software has set a benchmark in the field of industrial automation. Now, the company has expanded its platform compatibility for the enterprises that have both Windows and Linux OS servers.

        • Security

          • Hackers Can Hijack VPN Connections Using A New Linux Vulnerability

            Researchers have found a vulnerability on most Linux distros and *NIX devices which allow hackers to hijack the VPN connections and inject malicious data into the TCP stream.

            The security researchers found the vulnerability in most Linux distributions and operating systems such as Linux, FreeBSD, OpenBSD, macOS, iOS, and Android.

          • Linux security flaw could let VPN connections be hacked

            The Breakpointing Bad cybersecurity research team from the University of New Mexico discovered and reported on a security flaw which could allow malicious actors to hack Virtual Private Network (VPN) connections.

            William J. Tolley, Beau Kujath, and Jedidiah R. Crandall said the flaw impacts Linux, Android, macOS and other Unix-based operating systems and could allow attackers to sniff, hijack and tamper with VPN-tunnelled connections. The vulnerability was named CVE-2019-14899, with the researchers claiming it takes advantage of how operating systems handle unexpected network probes.

          • OpenBSD devs patch authentication bypass bug

            One of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability.

            OpenBSD allowed people access to its smtpd, ldapd, and radiusd programs – which send mail, allow access to user directories, and allow remote access to the computer system. All an attacker needed to do was enter a specific word prefixed by a hyphen as a username.

            Qualys Research Labs found four bugs in BSD Authentication, which is the code that OpenBSD uses to authenticate users. Three of them were local privilege escalation bugs, while the other, CVE-2019-19521, bypassed the authentication system altogether. According to its security advisory, BSD Authentication supports four authentication styles: password, a one-time password mechanism called S/Key, and Yubico’s YubiKey hardware token.

          • Linux Flaw Allows VPN Hijacking

            A number of Linux distributions, including Ubuntu, Fedora, and Debian, contain a newly discovered vulnerability that an attacker could use to determine whether an individual is using a VPN and then potentially hijack that encrypted connection.

            A research team from the University of New Mexico discovered the vulnerability and developed an attack to exploit it. The attack has some specific requirements and relies on some analysis of the traffic going to and from the target device running the VPN client. The attack is confirmed to work against WireGuard and OpenVPN, but the researchers said that the VPN a victim is using doesn’t really matter. The main prerequisite for the attack to work is for the attacker to be able to send unsolicited packets to the victim’s VPN client.

          • New Linux vulnerability lets attackers to hijack VPN connections

            Three researchers from the University of New Mexico and Breakpointing Bad have identified vulnerability in the way Unix and Linux-based operating systems like the macOS handle the TCIP connections. Researchers believe that vulnerability can specifically affect VPN users by hijacking encrypted traffic.

          • New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

            A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote ‘network adjacent attackers’ to spy on and tamper with encrypted VPN connections.
            The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams.
            Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed.
            This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim’s network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted.

          • VPN Bug Affects “Most” Linux Distros

            A team of security researchers from the University of New Mexico has disclosed a new vulnerability that could allow attackers to probe devices and determine various details about the VPN (Virtual Private Network) connection status of a user.

            The security vulnerability (CVE-2019-14899) appears to affect most GNU/Linux distributions, besides FreeBSD, OpenBSD, Android, iOS and macOS systems. William J. Tolley, one of the security researchers, explained in a post that the vulnerability could let attackers to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and also sniff out whether or not there is an active connection to a given website.

          • VPN hijacking on Linux (and beyond) systems
            Hi all,
            
            I am reporting a vulnerability that exists on most Linux distros, and
            other  *nix operating systems which allows a network adjacent attacker
            to determine if another user is connected to a VPN, the virtual IP
            address they have been assigned by the VPN server, and whether or not
            there is an active connection to a given website. Additionally, we are
            able to determine the exact seq and ack numbers by counting encrypted
            packets and/or examining their size. This allows us to inject data into
            the TCP stream and hijack connections.
            
            Most of the Linux distributions we tested were vulnerable, especially
            Linux distributions that use a version of systemd pulled after November
            28th of last year which turned reverse path filtering off. However, we
            recently discovered that the attack also works against IPv6, so turning
            reverse path filtering on isn't a reasonable solution, but this was how
            we discovered that the attack worked on Linux.
            
            Adding a prerouting rule to drop packets destined for the client's
            virtual IP address is effective on some systems, but I have only tested
            this on my machines (Manjaro 5.3.12-1, Ubuntu 19.10 5.3.0-23). This
            rule was proposed by Jason Donenfeld, and an analagous rule on the
            output chain was proposed by Ruoyu "Fish" Wang of ASU. We have some
            concerns that inferences can still be made using slightly different
            methods, but this suggestion does prevent this particular attack.
            
            There are other potential solutions being considered by the kernel
            maintainers, but I can't speak to their current status. I will provide
            updates as I receive them.
            
            I have attached the original disclosure I provided to 
            distros@vs.openwall.org and security@kernel.org below, with at least
            one critical correction: I orignally listed CentOS as being vulnerable
            to the attack, but this was incorrect, at least regarding IPv4. We
            didn't know the attack worked against IPv6 at the time we tested
            CentOS, and I haven't been able to test it yet.
            
            
            William J. Tolley
            Beau Kujath
            Jedidiah R. Crandall
            
            Breakpointing Bad &
            University of New Mexico
            
            
            *************************************************
            
            
            **General Disclosure:
            
            We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS,
            iOS, and Android which allows a malicious access point, or an adjacent
            user,  to determine if a connected user is using a VPN, make positive
            inferences about the websites they are visiting, and determine the
            correct sequence and acknowledgement numbers in use, allowing the bad
            actor to inject data into the TCP stream. This provides everything that
            is needed for an attacker to hijack active connections inside the VPN
            tunnel.
            
            This vulnerability works against OpenVPN, WireGuard, and IKEv2/IPSec,
            but has not been thoroughly tested against tor, but we believe it is
            not vulnerable since it operates in a SOCKS layer and includes
            authentication and encryption that happens in userspace. It should be
            noted, however, that the VPN technology used does not seem to matter
            and we are able to make all of our inferences even though the responses
            from the victim are encrypted, using the size of the packets and number
            of packets sent (in the case of challenge ACKs, for example) to
            determine what kind of packets are being sent through the encrypted VPN
            tunnel.
            
            We have already reported a related vulnerability to Android earlier
            this year related to the issue, which resulted in the assignment of
            CVE-2019-9461, however, the CVE strictly applies to the fact that the
            Android devices would respond to unsolicited packets sent to the user’s
            virtual IP address over the wireless interface, but this does not
            address the fundamental issue of the attack and did not result in a
            change of the reverse path settings of Android as of the most recent
            security update.
            
            This attack did not work against any Linux distribution we tested until
            the release of Ubuntu 19.10, and we noticed that the rp_filter settings
            were set to “loose” mode. We see that the default settings in
            sysctl.d/50-default.conf in the systemd repository were changed from
            “strict” to “loose” mode on November 28, 2018, so distributions using a
            version of systemd without modified configurations after this date are
            now vulnerable. Most Linux distributions we tested which use other init
            systems leave the value as 0, the default for the Linux kernel.
            
            We have described the procedure for reproducing the vulnerability with
            Linux and included a section illustrating the differences in
            architecture.
            
            
            
            There are 3 steps to this attack:
            
            1. Determining  the  VPN  client’s virtual IP address
            2. Using the virtual IP address to make inferences about active
            connections
            3. Using the encrypted replies to unsolicited packets to determine the
            sequence and acknowledgment numbers of the active connection to hijack
            the TCP session
            
            
            
            There are 4 components to the reproduction:
            
            1. The Victim Device (connected to AP, 192.168.12.x, 10.8.0.8)
            2. AP (controlled by attacker, 192.168.12.1)
            3. VPN Server (not controlled by attacker, 10.8.0.1)
            4. A Web Server (not controlled by the attacker, public IP in a real-
            world scenario)
            
            The victim device connects to the access point, which for most of our
            testing was a laptop running create_ap. The victim device then
            establishes a connection with their VPN provider.
            
            The access point can then determine the virtual IP of the victim by
            sending SYN-ACK packets to the victim device across the entire virtual
            IP space (the default for OpenVPN is 10.8.0.0/24). When a SYN-ACK is
            sent to the correct virtual IP on the victim device, the device
            responds with a RST; when the SYN-ACK is sent to the incorrect virtual
            IP, nothing is received by the attacker.
            
            To quickly demonstrate this difference, we use the nping commands on
            the AP device running create_ap. The source IP is the gateway of our
            AP, the destination IP is the virtual IP assigned to the tun interface
            by the VPN client, ap0 is the interface create_ap created on the
            attacker device, and the destination MAC is the victim’s wireless MAC
            address.
            
            For example:
            
            The correct address generates a RST from the victim:
            
            nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.8 --
            rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            The incorrect address does not elicit a response from the victim:
            
            nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.9 --
            rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            Similarly, to test if there is an active connection for any given
            website, such as 64.106.46.56, for example, we send SYN or SYN-ACKs
            from 64.106.46.56 on port 80 (or 443) to the virtual IP of the victim
            across the entire ephemeral port space of the victim. The correct four-
            tuple will elicit no more than 2 challenge ACKs per second from the
            victim, whereas the victim will respond to the incorrect four-tuple
            with a RST for each packet sent to it.
            
            To quickly test this, we suggest creating a netcat connection on the
            victim device, such as this:
            
            Netcat 64.106.46.56 80 -p 40404
            
            The correct four-tuple generates challenge ACKs
            
            nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
            10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            The incorrect four-tuple generates a single RST for each packet sent:
            
            nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
            10.8.0.8 -p 40405 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            Finally, once the attacker determined that the user has an active TCP
            connection to an external server,  we will attempt to infer the exact
            next sequence number and in-window acknowledgment number needed to
            inject forged packets into the connection. To find the appropriate
            sequence and ACK numbers, we will trigger responses from the client in
            the encrypted connection found in part 2. The attacker will continually
            spoof reset packets into the inferred connection until it sniffs
            challenge ACKs. The attacker can reliably determine if the packets
            flowing from the client to the VPN server are challenge ACKs by looking
            at the size and timing of the encrypted responses in relation to the
            attacker's spoofed packets. The victim’s device will trigger a TCP
            challenge ACK on each reset it receives that has an in-window sequence
            number for an existing connection. For example, if the client is using
            OpenVPN to exchange encrypted packets with the VPN server, then the
            client will always respond with an SSL packet of length 79 when a
            challenge ACK is triggered.
            
            The attacker must spoof resets to different blocks across the entire
            sequence number space until one triggers an encrypted challenge ACK.
            The size of the spoof block plays a significant role in how long the
            sequence inference takes, but should be conservative as to not skip
            over the receive window of the client. In practice, when the attacker
            thinks it sniffs an encrypted challenge-ACK, it can verify this is true
            by spoofing X packets with the same sequence number. If there were X
            encrypted responses with size 79 triggered, then the attacker knows for
            certain it is triggering challenge ACKs (at most 2 packets of size 79
            per second).
            
            After the attacker has inferred the in-window sequence number for the
            client's connection, they can quickly determine the exact sequence
            number and in-window ACK needed to inject. First, they spoof empty
            push-ACKs with the in-window sequence while guessing in-window ACK
            numbers. Once the spoofed packets trigger another challenge-ACK, an in-
            window ACK number is found. Finally, the attacker continually spoofs
            empty TCP data packets with the in-window ACK and sequence numbers as
            it decrements the sequence number after each send. The victim will
            respond with another challenge ACK once the attacker spoofs the exact
            sequence number minus one. The attacker can now inject arbitrary
            payloads into the ongoing encrypted connection using the inferred ACK
            and next sequence number.
            
            This can be tested by observing the behavior from this sequence of
            commands, continuing with the same four-tuple:
            
            Using the four-tuple from the previous steps, we send RSTs in the
            sequence number range in blocks of 50,000 until we trigger a challenge
            ACK.
            
            nping --tcp --flags R --source-ip 64.106.46.56 -g 80 --dest-ip 10.8.0.8
            -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12 --seq [SEQ
            RANGE]
            
            If the packet lands in-window, the victim will respond with at most 2
            challenge ACKs per second. These packets are still encrypted and
            originate from the virtual interface, unlike with Android, but we can
            still determine the contents of these packets by their size. The
            encrypted challenge ACK packets are larger than the encrypted RST
            packets. You can run tcpdump on the victim machine to accelerate the
            testing of his process by viewing the actual sequence and
            acknowledgement numbers.
            
            After we have found an in-window sequence number, we locate an in-
            window acknowledgement by spoofing empty PSH-ACKs with the in-window
            sequence number and guessing the acknowledgement number by dividing the
            acknowledgement number space into eight blocks. In most instances,
            seven of these blocks will trigger challenge ACKs, but one of them will
            not, which allows us to quickly determine which block falls within the
            acknowledgement window. We are interested in the block that  does not
            respond with a challenge ACK. This behavior can be observed by using an
            in-window sequence number and an acknowledgement number in the block
            containing the correct acknowledgement number.
            
            nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
            10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
            -seq 12345678 --ack [ACK RANGE]
            
            Finally, using the in-window sequence and acknowledgement numbers, we
            spoof empty PSH-ACKs using the same in-windows acknowledgement number
            and decrementing the sequence number until we trigger another challenge
            ACK. This sequence number is one fewer than the next expected sequence
            number. We can then arbitrarily inject data into the active TCP
            connection.
            
            Continuing with our toy example:
            
            nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
            10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
            -seq [EXACT] --ack [IN-WINDOW] --data-string “hello,world.”
            
            
            
            **Operating Systems Affected:
            
            Here is a list of the operating systems we have tested which are
            vulnerable to this attack:
            
            Ubuntu 19.10 (systemd)
            Fedora (systemd)
            Debian 10.2 (systemd)
            Arch 2019.05 (systemd)
            Manjaro 18.1.1 (systemd)
            
            Devuan (sysV init)
            MX Linux 19 (Mepis+antiX)
            Void Linux (runit)
            
            Slackware 14.2 (rc.d) 
            Deepin (rc.d)
            FreeBSD (rc.d) 
            OpenBSD (rc.d) 
            
            This list isn’t exhaustive, and we are continuing to test other
            distributions, but made usere to cover a variety of init systems to
            show this is not limited to systemd.
            
            
            
            **Operating System Variations:
            
            The behavior is slightly different on other operating systems. Here is
            a summary of the differences:
            
            Android: In the first phase of the attack, Android responds with
            unencrypted RSTs to unsolicited SYN-ACKs for the correct port and ICMP
            packets for the incorrect one. For the second phase, it will respond
            with RSTs on the correct four-tuple.
            
            MacOS/iOS: The first phase of the attack does not work as described
            here, but you can use an open port on the Apple machine to determine
            the virtual IP address. We use port 5223, which is used for iCloud,
            iMessage, FaceTime, Game Center, Photo Stream, and push notifications
            etc.
            
            We know the phone will communicate with one of the push notification
            servers on port 5223, and have observed that on MacOS, the port used on
            the victim device is not the same as the port used to connect to the
            VPN server, but is very close (in our testing it has always been within
            10).
            
            nping --tcp --flags SA --source-ip 17.57.144.[84-87] -g 5223 --dest-ip
            10.8.0.8 -p [X] --rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            For iOS devices, it does not follow this convention for choosing the
            client’s source port, but always choose a port between ~48000-50000
            (our testing on iOS 13.1 was between 48162-49555).
            
            FreeBSD: The first two phases work essentially the same as Linux,
            however, for the last phase, the ACK number is not needed at all, so
            that piece of phase three can be skipped.
            
            OpenBSD: OpenBSD responds to spoofed SYN packets to the correct virtual
            IP with unencrypted RST packets, and the incorrect virtual IP elicits
            unencrypted NTP packets or nothing at all for the first part of the
            attack. For the second part, the responses are encrypted, but we can
            still determine which packets are challenge ACKs from the packet size,
            as with Linux. Connections can be reset by sending a RST with the
            correct sequence number.
            
            
            
            **Possible Mitigations:
            
            1. Turning reverse path filtering on
            
            Potential problem: Asynchronous routing not reliable on mobile devices,
            etc. Also, it isn’t clear that this is actually a solution since it
            appears to work in other OSes with different networking stacks. Also,
            even with reverse path filtering on strict mode, the first two parts of
            the attack can be completed, allowing the AP to make inferences about
            active connections, and we believe it may be possible to carry out the
            entire attack, but haven’t accomplished this yet.
            
            2. Bogon filtering
            
            Potential problem: Local network addresses used for vpns and local
            networks, and some nations, including Iran, use the reserved private IP
            space as part of the public space.
            
            3. Encrypted packet size and timing
            
            Since the size and number of packets allows the attacker to bypass the
            encryption provided by the VPN service, perhaps some sort of padding
            could be added to the encrypted packets to make them the same size.
            Also, since the challenge ACK per process limit allows us to determine
            if the encrypted packets are challenge ACKs, allowing the host to
            respond with equivalent-sized packets after exhausting this limit could
            prevent the attacker from making this inference.
            
            
            We have prepared a paper for publication concerning this
            vulnerability and the related implications, but intend to keep it
            embargoed until we have found a satisfactory workaround. Then we will
            report the vulnerability to oss-security@lists.openwall.com. We are
            also reporting this vulnerability to the other services affected, which
            also includes: Systemd, Google, Apple, OpenVPN, and WireGuard, in
            addition to distros@vs.openwall.org for the operating systems affected.
            
            Thanks,
            
            William J. Tolley
            Beau Kujath
            Jedidiah R. Crandall
            
            Breakpointing Bad &
            University of New Mexico
            
          • New Linux vulnerability puts VPN connections at risk of hijacking

            Furthermore, the research team also identified the SEQ and ACK numbers from inspecting the encrypted packet size and number and managed to inject data into the TCP steam, which led to the hijacking of the connection. This means VPN technology was ineffective in preventing the attack since even encrypted packets could be assessed.

            After testing on Manjaro 18.1.1, CentOS, and Ubuntu 19, researchers discovered that the exploit was applicable to both IPv4 and IPv6. Other systems that are vulnerable to exploitation include Void Linux, Debian 10.2, Slackware 14.2, Arch 2019.5, MX Linux 19, Deepin, Fedora, Devuan, FreeBSD, and OpenBSD. They will be testing the effectiveness of the exploit against Tor as well.

          • Attackers using Linux Vulnerability to Hijack VPN Connections
          • Linux VPN connections can be hacked

            Insecurity experts at Breakpointing Bad have found aa new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

            The security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android.

            A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

          • VPN connections could be hacked due to Linux security flaw

            A new vulnerability that could allow potential attackers to hijack VPN connections on affected NIX devices and inject arbitrary data payloads into IPv4 and Ipv6 TCP streams has been discovered by security researchers.

            The researchers disclosed the security flaw they detected, tracked as CVE-2019-14899, to Linux distro makers, the Linux kernel security team and to others that are impacted including systemd, Google, Apple, OpenVPN and WireGuard.

          • Unix-like Systems Vulnerable to VPN Inferring and Hijacking Attacks

            Three researchers from Breakpointing Bad and the University of New Mexico have discovered a vulnerability that exists in Linux and Unix-like operating systems like Android and macOS. Given the tracking code “CVE-2019-14899”, the flaw resides in the routing table code and the TCP code that is present in these systems. The vulnerability allows an attacker to perform traffic analysis via clever use of encrypted DNS queries in conjunction with error messages, leading to the sniffing of open TCP connection information. The attack was discovered quite a while back, but the researchers disclosed it publicly now, and after they allowed the vendors some time to plug the holes.

          • Researchers say VPN bug affects Linux, Unix systems
          • Linux Bug Opens Most VPNs to Hijacking

            In a coffee-shop scenario, attackers can hijack “secure” VPN sessions of those working remotely, injecting data into their TCP streams.

            A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers.

            According to researchers at University of New Mexico and Breakpointing Bad, the bug (CVE-2019-14899), “allows…an attacker to determine if…a user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.”

          • New vulnerability lets attackers sniff or hijack VPN connections
          • Researchers find a new Linux vulnerability that allows attackers to sniff or hijack VPN connections

            On Wednesday, security researchers from the University of New Mexico disclosed a vulnerability impacting most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. This Linux vulnerability can be exploited by an attacker to determine if a user is connected to a VPN and to hijack VPN connections.

            The researchers shared that this security flaw tracked as CVE-2019-14899, “allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.” Additionally, attackers can determine the exact sequence and acknowledgment numbers by counting encrypted packets or by examining their size. With this information in hand, they can inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

          • Cyber Security Today – An email gift card scam, please stop re-using passwords and more open data found on Amazon storage

            Welcome to Cyber Security Today. It’s Friday December 6th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

          • NetworkManager Adds Support For Enhanced Open / Opportunistic Wireless Encryption

            Opportunistic Wireless Encryption (OWE) provides a means of encrypting wireless data transfers without having any secret/key. Opportunistic Wireless Encryption is advertised as Wi-Fi Certified Enhanced Open.

            This OWE / “Enhanced Open” standard is now supported by NetworkManager for allowing supported devices connecting to Linux systems to make use of this means of opportunistic encryption. The Wi-Fi CERTIFIED Enhanced Open has been around just since summer of 2018 to better secure open WiFi networks. More details on the standard can be found via Wi-Fi.org.

          • Security updates for Friday

            Security updates have been issued by Debian (libav), Fedora (kernel, libuv, and nodejs), Oracle (firefox), Red Hat (firefox and java-1.7.1-ibm), SUSE (clamav, cloud-init, dnsmasq, dpdk, ffmpeg, munge, opencv, and permissions), and Ubuntu (librabbitmq).

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Hackers Exploit New Linux Vulnerability To Hijack VPN Connections [Ed: Techworm misreporting, as usual. There are no known attacks]

              The attack has been reported to work against several popular VPN solutions, including OpenVPN, IKEv2/IPSec, and WireGuard.

              However, the researchers are still testing their viability against Tor, as it works in a SOCKS layer and implements authentication and encryption that takes place in userspace.

              “It should be noted, however, that the VPN technology used does not seem to matter and we are able to make all of our inferences even though the responses from the victim are encrypted, using the size of the packets and number of packets sent (in the case of challenge ACKs, for example) to determine what kind of packets are being sent through the encrypted VPN tunnel,” clarifies the research team.

          • Privacy/Surveillance

    • Defence/Aggression

      • Envisioning a United World

        Let’s bomb Iowa! Or maybe Texas or Michigan or Nebraska . . .

      • The Hillsborough Soccer Tragedy: Who is Responsible?

        Who was responsible for the deaths of 96 people and the hundreds injured in the collapse of stands at a soccer match in England in 1989? A jury at the Preston Crown Court in England last week exonerated David Duckenfield for responsibility for the Hillsborough tragedy. A 1991 inquiry said it was accidental and not caused by the rush of Liverpool fans; a 2016 inquest said it was disorganization and negligence by the police who ordered one of the exit gates to be opened, and David Duckenfield, the match commander for the local police, was judged not guilty.

      • As Impeachment Looms, 350 Mental Health Professionals Warn Congress That Nuclear-Armed Trump ‘A Threat to Safety of Our Nation’

        “We are convinced that, as the time of possible impeachment approaches, Donald Trump has the real potential to become ever more dangerous.”

      • Today’s Republican Party Preserves US Legacy of Slavery and Imperialism

        On the Thursday of the second week of the House Intelligence Committee’s impeachment hearings, former U.S. Attorney Preet Bharara had a special guest on his weekly podcast, Carl Bernstein. It was Bernstein, with fellow Washington Post journalist Bob Woodward, whose reporting broke open the story of how the Committee to Re-elect the President burglarized Democratic Party headquarters at the Watergate office building in Washington, D.C. That reporting and the impeachment hearings that followed eventually forced President Richard Nixon to resign in disgrace in 1974. Bharara wanted to hear about what differences Bernstein sees between the Nixon impeachment proceedings and Donald Trump’s today.

      • ICC Holds Hearing on Afghanistan War Crimes, Including US Torture

        The International Criminal Court (ICC) opened a three-day hearing in the The Hague, Netherlands on Wednesday at which prosecutors and Afghan torture victims are attempting to convince the court to overturn a previous decision to refuse to investigate war crimes committed by Taliban, Afghan government and US forces.

      • U.S. Considers Sending Several Thousand More Troops to Mideast

        The Pentagon is considering sending several thousand additional troops to the Middle East to help deter Iranian aggression, amid reports of escalating violence in Iran and continued meddling by Tehran in Iraq, Syria and other parts of the region.

      • ‘This Isn’t How You End the Endless War’: Trump Weighs Plan to Send 14,000 More US Troops to Middle East

        “Trump ran on ending these endless wars. But he’s sending more troops to the Middle East, making yet another war there more likely.”

      • Everyone Should Watch The Report. Take It From a Guantánamo Bay Lawyer

        Here’s a quiz question: how many famous songs, or films, can you name that address the serious contemporary issues of torture and rendition? There aren’t many. When I think of music in connection with our US secret prisons, it is the kind blasted at prisoners at deafening volume, all day and night.

    • Environment

    • Finance

      • ‘Victory for the People’: Michigan Court Rejects Nestlé’s Claim That Privatizing Local Town’s Water Provides ‘Essential Service’

        “Allowing a corporation to bottle our water just to sell it back to us is hardly an ‘essential service.’”

      • The U-Turn That Made America Staggeringly Unequal

        Wealth in America has concentrated — and dramatically so — over the past four decades. Since 1980, note wealth researchers Emmanuel Saez and Gabriel Zucman, the top 0.1 percent share of the nation’s total wealth has more than doubled, from under 10 percent in 1980 to over 20 percent today. In a nation of over 125 million households, just one ten-thousandth of those households — some 12,500 — now control over 10 percent of our wealth.

      • Big Rallies and Big Differences in Germany

        Looking out my window at the wide Karl Marx Allee boulevard below, I have seen many a big May Day parade march by in the old GDR days, and many a passing bicycle race or Marathon. Recently, for the first time, I saw a slow, endless column of green or yellow tractors. I learned later that 5600 of them, after blocking traffic while driving in from North, South, East and West Germany, had converged at the Brandenburg Gate, parked in orderly rows and then voiced their demands: “Fewer or better pesticides, OK! Less or better fertilizers, also OK! We too want to save our planet. But not without consulting with us, who are fighting a bitter battle against monopoly agriculture giants and monopoly retailing giants which are threatening the survival of us family farmers.”

      • Sweden Offers Free Higher Ed, Universal Health Care, Daycare — Why Can’t the US?

        Medicare for All and tuition-free universities have been at the core of the 2020 Democratic presidential campaigns, creating a stark division between progressive candidates and their centrist counterparts. Senators Bernie Sanders and Elizabeth Warren have proposed to make Medicare for All and public universities cost-free by taxing massive corporations and the super wealthy, and earlier this year, Sanders introduced legislation that would cancel student loan debt. His plan would be paid for with a new tax on Wall Street, he says. It would also make public universities and community colleges free — a key pillar of Sanders’s 2020 education platform. These proposals are not radical ideas in Sweden, a country that has built one of the world’s most extensive social welfare systems. In Sweden, healthcare costs are largely subsided by the state. Daycare and preschool programs are mostly free. College and university are free. Public transportation is subsidized for many users. To explain how Sweden does it, we speak with Mikael Törnwall, Swedish author and journalist focusing on economic issues at Svenska Dagbladet, a Stockholm daily newspaper. His most recent book is titled Who Should Pay for Welfare?

      • Denouncing Macron’s Neoliberal Pension Reforms, Hundreds of Thousands of Striking Workers Bring France to a Halt

        “We have one of the best pension systems in the world, if not the best. Yet the president has decided, purely out of ideology, to wipe it out.”

      • ‘Flat-Out Corruption’: DeVos Accused of Scheming to Stop Next President From Canceling Student Loan Debt

        “Normally the rich are moderately more subtle about rigging the system in their favor. They’re scared.”

      • Trump’s SNAP Cuts
    • AstroTurf/Lobbying/Politics

      • Investigation Uncovers Israel-Based Group Behind Bigoted Facebook Smear Campaign Aimed at US Muslim Congresswomen

        “The goal of these anti-Muslim hate campaigns is clear—they put Muslim lives here and around the world at risk and undermine our country’s commitment to religious pluralism.”

      • Inside the Battle for Another World

        A succession of social upheavals over the last decade has radically realigned political power throughout the world. As a result of these tectonic shifts, what had once been on the furthest fringes of the right has now moved toward the center while the left has been pushed to the margins. “Things fall apart; the centre cannot hold,” poet William Yeats wrote…

      • Protocols of the Elders of the Republican Party

        How do the horrific events of Charlottesville, the shooting at the Tree of Life Synagogue in Pittsburgh, and a similar hate crime in California directly relate to the eye-rolling pronouncements by Devin Nunes, Rudy Giuliani, and other Republicans in defense of President Donald Trump?

      • “It’s On”: Pelosi Officially Asks Nadler to Prepare Articles of Impeachment

        “The president leaves us no choice but to act.”

      • The Most Important Election in British History

        Democracy in Britain has never been particularly strong or vibrant. Yet, for the first time in decades, the British people face a real choice at the ballot box in December. It wasn’t long ago that any possibility of radical change was excluded from the outset.

      • Bernie Sanders Tops New California Poll—But You Wouldn’t Have Known It By Reading This LA Times Headline

        In latest #BernieBlackout example, Sanders’ deputy campaign manager notes it took major newspaper “three paragraphs to mention who is leading.”

      • Kerry Endorses Biden as Ad Cites NATO Leaders Mocking Trump

        John Kerry, the former secretary of state and 2004 Democratic presidential nominee, endorsed Joe Biden for president on Thursday, buoying the former vice president’s argument that his international experience should be a deciding factor for voters in 2020.

      • New York’s Other Hopelessly Corrupt Candidate

        For better or worse, New York City has produced some of the biggest names in contemporary U.S. politics. From President Donald Trump and his conspirator-in-corruption Rudy Giuliani, all the way to Rep. Alexandria Ocasio-Cortez and Sen. Bernie Sanders (the latter has spent most of his life in Vermont, of course, but is a New Yorker to the core), politicians from across the political aisle have hailed from the Big Apple.

      • A Playboy Misrules Pakistan

        Unlike Western press practices, Pakistan’s privacy traditions constrain a robust discussion of the private lives of celebrities in electronic or print media. However, hush-hush gossip, group text messages, and social media in Pakistan are as brutal as anywhere else in the world. As such private lives of political leaders, such as Prime Minister Imran Khan (IK), remain shrouded in an unsortable mixture of fabrications and truths. For the most part, the Pakistani public ignores the private lives of favored leaders, including IK.

      • Biden Campaign’s “World Is Laughing at Donald Trump” Video Wins Viral Moment

        “They see him for what he really is: dangerously incompetent and incapable of world leadership.”

      • Burundi: Elections ‘Levy’ Opens Door to Abuse

        Local officials and members of the widely feared youth wing of Burundi’s ruling party have extorted donations for the upcoming 2020 elections, in many cases with threats or force.

      • The Mad Activist Impeaches Western Culture
      • Look Out for the Drift

        In the mid-nineties, after receiving a BA in psychology, psychopathology was on my mind daily. I worked at a group home for psychiatrically diagnosed teens in Queens, New York; later as a psychiatric rehab counselor for adults transitioning from group homes to independent living in the South Bronx. My experiences were disturbing enough to make me leave that counselor career path and drift from one job to another—finally end up as a poet, with society and politics being main interests. How could they not be: my family is from Puerto Rico. If government is, indeed, now just a big business, the tiny defenseless island of Puerto Rico has received a brutally raw deal since its occupation in 1898. It’s difficult to see your mother raped by someone you are supposed to trust—a neighbor you were taught was moral and good.

      • Impeachment of Trump Appears Inevitable in the House

        The House Judiciary Committee convened Wednesday for eight and a half hours of testimony to discuss what the Constitution requires for impeachment. It was an exercise that didn’t reveal any new information on the investigation, but rather laid out the legal justification for Trump’s potential impeachment. The hearing underscored that any eventual impeachment will most likely be partisan. Judiciary Committee Republicans continued the House GOP’s approach of raising procedural complaints and bad-faith attacks on the Democratic witnesses, while the Republican witness argued there isn’t sufficient evidence to justify impeaching Trump. But Democrats made a strong case for the obligation Congress has to impeach, given Trump’s conduct. The three Democratic witnesses all argued that Trump has not only committed impeachable offenses, but that the gravity of the president’s abuse of power made impeachment utterly necessary.

    • Censorship/Free Speech

      • Gen Z and Free Speech

        The Knight Foundation released a study that details the attitudes surrounding free speech in our precious young people today. Generational tension is on the rise as young people confront the richer and more conservative “Boomer” generation. Among the many divides is the attitude towards free speech.

      • TikTok Secretly Hid Content From Fat, Queer, and Disabled Users

        TikTok has admitted it adopted a set of policies to suppress the content of ‘vulnerable’ creators. TikTok says the policy was to prevent cyberbullying but hints at censorship.

      • Russian lawmakers adopt legislation imposing massively higher fines on violations by ‘foreign agent’ news media

        The State Duma has adopted the third and final draft of legislation that imposes fines as high as 5 million rubles ($78,300) for repeated violations of Russia’s media laws pertaining to “foreign agents.” 

      • Russia’s Council of Judges advocates new protections for the judiciary against ‘biased journalists’

        Russia’s Council of Judges has developed a new draft concept for the judicial system’s information policies in the next decade, says the newspaper Vedomosti, citing the document. Among other things, the federal agency wants to impose legal liability on mass media outlets and journalists for “pressuring” courts through “negative content published for money.” The council argues that Russia’s judges need additional protection from “biased publications.”

      • [Reposted, different site] We Need To Save .ORG From Arbitrary Censorship By Halting the Private Equity Buy-Out

        The .ORG top-level domain and all of the nonprofit organizations that depend on it are at risk if a private equity firm is allowed to buy control of it. EFF has joined with over 250 respected nonprofits to oppose the sale of Public Interest Registry, the (currently) nonprofit entity that operates the .ORG domain, to Ethos Capital. Internet pioneers including Esther Dyson and Tim Berners-Lee have spoken out against this secretive deal. And 12,000 Internet users and counting have added their voices to the opposition.

        What’s the harm in this $1.135 billion deal? In short, it would give Ethos Capital the power to censor the speech of nonprofit organizations (NGOs) to advance commercial interests, and to extract ever-growing monopoly rents from those same nonprofits. Ethos Capital has a financial incentive to engage in censorship—and, of course, in price increases. And the contracts that .ORG operates under don’t create enough accountability or limits on Ethos’s conduct.

      • ‘Let’s look in the mirror’ A young Russian YouTuber who faces four years in prison for ‘extremism’ delivers a powerful courtroom speech

        On December 4, Moscow’s Kuntsevsky District Court continued hearing the case against 21-year-old Higher School of Economics (HSE) student and libertarian YouTube personality Egor Zhukov. Zhukov stands accused of issuing public calls for extremism: Prosecutors have argued that his videos on nonviolent resistance were motivated by “political hatred and enmity to the constitutional structure extant in the Russian Federation” as well as a desire to destabilize the country’s social and political order.

      • Devin Nunes’ Virginia SLAPP Suits Causing Virginia Legislators To Consider A New Anti-SLAPP Law

        We’ve been covering all the various SLAPP suits filed by Devin Nunes against his critics, journalists, political operatives, and (most famously) a satirical internet cow. As we’ve noted, despite Nunes being a Representative from California, and despite the fact that many of the people and companies he’s targeting are California-based, he’s filed most of the suits in Virginia state court. The reasons for this seemed fairly obvious to many commentators. Virginia has a very weak anti-SLAPP law. California has a very robust one.

      • Kyrgyzstan: Blogger Faces Incitement Charges

        A blogger in Kyrgyzstan who wrote about corruption on social media is facing charges of inter-regional incitement, Human Rights Watch said today. The blogger, Aftandil Zhorobekov, was detained on November 24, 2019 by Kyrgyzstan’s State Committee for National Security (GKNB) and held in pretrial detention until being placed under house arrest on December 5, with the charges against him still standing.

      • IP and the controversial “Hate Speech Bill” in Nigeria

        As some readers may be aware, many Nigerians are vehemently opposed to the National Commission for the Prohibition of Hate Speeches Bill, 2019 (SB. 154) (the “Hate Speech Bill”), which recently passed second reading in the Nigerian Senate. There have been complaints that the offences created under the Bill seek to silence criticism and free speech and that the establishment of a Commission to curb hate speech under the Bill is a waste of resources.

        [...]

        IPRs holders may be imprisoned for life or punished with death by hanging where they produce (see section 3 of the Bill for all the verbs) written or visual material that is threatening, abusive or insulting and intended to stir up ethnic hatred against any person or person from an ethnic group in Nigeria. [Death by hanging only applies to where the hate speech leads to the death of another person]. The Bill offers no guidance on how a court may determine what constitutes “threatening, abusive or insulting” material and/or how intention to stir up ethnic hatred may be determined. As opined here, proving the commission of a crime requires that the prosecution show that the accused person(s) is responsible for the actus reus (physical act) and had the mens rea (guilty mind or intention). Proving the intention to stir up ethnic hatred may not be so straightforward. Nigeria has over 250 ethnic groups: would/should the court be invited to consider history of inter-ethnic relations to decide subjects that would stir up ethnic hatred?

        [...]

        However, the powers of the Commission in the case of receiving contravention complaints may in some sense be quasi-judicial. Persons who are directly aggrieved or who claim that the Bill has been contravened may lodge a complaint with the Commission. See sections 37 and 38 of the Bill. The Commission may decline to entertain complaints that are frivolous or lacking in substance or, that may be more appropriately dealt with by the court. See section 39. Under section 45, the Commission must ensure that it attempts conciliation regarding complaints lodged with it. After hearing the representation of the parties to a complaint, the Commission may issue a compliance notice under section 50 of the Bill. Where parties fail to comply with the compliance notice, the Commission needs an order of the Magistrate’s court or other court to compel such compliance. See section 52 of the Bill.

        Given these circumstances, it may be apt to argue the establishment of the Commission is a waste of resources. By and large, the Hate Speech Bill is still going through the legislative process and nothing is cast in stone (yet).

    • Freedom of Information / Freedom of the Press

      • Spying on Assange: the Spanish Case Takes a Turn

        Judge José de la Mata of Spain’s High Court, the Audiencia Nacional, had been facing a good deal of stonewalling on the part of his British colleagues. He is overseeing an investigation into the surveillance activities of a Spanish security firm aimed at WikiLeaks founder, Julian Assange, during his stay at the Ecuadorean embassy in London.

    • Civil Rights/Policing

      • ‘Make America 36th Out of 41 Developed Nations Again’: Social Justice Index of Developed Nations Puts US Near Bottom

        Meanwhile, the democratic-socialist Nordic countries of Iceland, Norway, Denmark, Finland, and Sweden enjoy the top spots in detailed survey of OECD nations.

      • The Activists Guiding Us Through These Dark Days

        Over 1,000 people packed into the historic Cirkus Arena in downtown Stockholm Wednesday night. It wasn’t for the building’s original purpose, an actual circus, or for a rock concert, which is one of the contemporary uses of the building. What drew this remarkable cross section of Swedish society, as well as people from around the world? Activism. Courage. Passion.

      • US Official Threatens Communities That Don’t ‘Respect’ Police

        On Tuesday, Attorney General of the United States William Barr warned that if Americans don’t give more “support and respect” to police, “they might find themselves without the police protection they need.”

      • Indonesia Arrests Yet More Indigenous Papuans

        The list of political prisoners in Indonesia’s West Papua and Papua provinces is growing higher, as at least 110 people were arrested for raising the Papuan national flag over the weekend.

      • Edward Snowden: In the US, I Would Likely Die in Prison for Telling the Truth

        The Right Livelihood Awards celebrated their 40th anniversary Wednesday at the historic Cirkus Arena in Stockholm, Sweden, where more than a thousand people gathered to celebrate this year’s four laureates: Swedish climate activist Greta Thunberg; Chinese women’s rights lawyer Guo Jianmei, Brazilian indigenous leader Davi Kopenawa and the organization he co-founded, the Yanomami Hutukara Association; and Sahrawi human rights leader Aminatou Haidar, who has challenged the Moroccan occupation of Western Sahara for decades. The Right Livelihood Award is known as the “Alternative Nobel Prize.” Over the past four decades, it’s been given to grassroots leaders and activists around the globe — among them the world-famous NSA whistleblower Edward Snowden. At Wednesday’s gala, Amy Goodman interviewed Snowden in front of the award ceremony’s live audience via video link from Moscow, where he has lived in exile since leaking a trove of secret documents revealing the U.S. government’s had built an unprecedented mass surveillance system to spy on Americans and people around the world. After sharing the documents with reporters in 2013, Snowden was charged in the U.S. for violating the Espionage Act and other laws. As he attempted to flee from Hong Kong to Latin America, Snowden was stranded in Russia after the U.S. revoked his passport, and he has lived there ever since. Edward Snowden won the Right Livelihood Award in 2014, and accepted the award from Moscow.

      • No Free Pass for North Korea’s Abuses

        The United Nations Security Council has an opportunity this month to refocus attention on North Korea’s abysmal human rights record after giving it a pass last year.

      • Inside the Cell Where a Sick 16-Year-Old Boy Died in Border Patrol Care

        Carlos Gregorio Hernandez Vasquez, a 16-year-old Guatemalan migrant, was seriously ill when immigration agents put him in a small South Texas holding cell with another sick boy on the afternoon of May 19.

      • These Cops are Supposed to Protect Rural Villages. They’re in the Suburbs Instead.

        WASILLA, Alaska — The man appeared around dinnertime in the parking lot of the city Police Department, asking to see a cop. Another fight with his wife. Nothing violent, he said, but she threatened to carve a word in the paint of his luxury pickup: CHEATER.

        Maybe an officer could go talk to her? A routine request on a routine night for the Police Department of this small suburban city, made famous by former Mayor Sarah Palin. (She lives up the road.)

      • R. Kelly Accused of Bribing a Public Official to Marry Aaliyah at Age 15

        R&B singer R. Kelly is now facing bribery charges for the fake ID he used to marry Aaliyah. The charges were revealed in an unsealed indictment this afternoon.

      • Professor Turley Is Dead Wrong on Impeachment and Here’s Why

        In his opening statement emphasizing the importance of legal standards, George Washington University constitutional law professor Jonathan Turley claimed that impeaching, “a president on this record would expose every future president to the same type of inchoate impeachment” and warned, “I hope you will consider what you will do when the wind blows again…”

      • The Twenty-First-Century Legacies of America’s Twin Sins

        On the Thursday of the second week of the House Intelligence Committee’s impeachment hearings, former U.S. Attorney Preet Bharara had a special guest on his weekly podcast, Carl Bernstein. It was Bernstein, with fellow Washington Post journalist Bob Woodward, whose reporting broke open the story of how the Committee to Re-elect the President burglarized Democratic Party headquarters at the Watergate office building in Washington, D.C.  That reporting and the impeachment hearings that followed eventually forced President Richard Nixon to resign in disgrace in 1974. Bharara wanted to hear about what differences Bernstein sees between the Nixon impeachment proceedings and Donald Trump’s today.

      • Be Best, My Ass

        OK, we are now and truly done with the con man and his vile hooker squatting in the White House. Having stayed silent through endless atrocities – rapes, lies, cruelty, racism, bullying, leaving families hungry, caging 70,000 children and killing six…

      • ‘Impeach Trump for This’: Video Shows Final Hours of Teen’s Horrible Death in US Immigration Detention Center

        Contrary to claims by Border Patrol, “they didn’t take him to the hospital. They didn’t release him. They didn’t even seem to check on him as he was dying on the floor of his cell.”

      • Video Shows Teen’s Horrible Death in U.S. Immigration Detention Center

        Footage from an immigrant detention center in Texas obtained by Pro Publica and published online Thursday shows the final hours of 16-year-old Carlos Gregorio Hernandez Vasquez—who died from complications of the flu while in custody—but also strongly indicates the border patrol agents responsible for his care lied about what happened that night.

      • Mexican Immigration Officials Destroy Asylum Seekers’ Tents

        Mexican immigration officials arrived at a refugee camp in Matamoros, Mexico early Tuesday morning bearing machetes used to destroy unoccupied tents left behind by Mexican asylum seekers, according to multiple camp residents who witnessed the event.

      • France Drops Plan to Give Boats to Libya

        France’s decision last week to withdraw its offer of six boats to the Libyan Coast Guard is good news, as Libya could have used this “gift” to subject even more migrants and refugees to serious abuses in Libya.

      • Fred Hampton: “Peace To You…If You’re Willing to Fight For It

        It was 50 years ago that Chicago cops executed Black Panther Chairman Fred Hampton as he slept, firing over 90 shots into his apartment for the crimes of feeding hungry kids, opening medical clinics, forming a Rainbow Coalition and championing black self-determination. Targeted by the FBI as a danger who could “electrify the masses,” Hampton vowed to fight racism with

      • NYPD Finally Releases A Body Camera Policy That Gives The Department Plenty Of Ways To Withhold Footage

        The NYPD has finally finalized its body-worn camera footage release policy. It’s not much better than its initial public offering, which sought public input and then ignored every bit of the public’s input to craft an officer-friendly deployment policy that left the act of recording to officer discretion.

      • This Judge Is Married to the Sheriff. Ethics Complaints Have Piled Up.

        Two years ago, the Chester County Sheriff’s Office in South Carolina accused a pair of lower-court judges of unfairly blocking the sheriff’s requests for criminal warrants.

        A top deputy planned to file a complaint with the chief magistrate and the local state senator, who controls the county’s judicial appointments. But before doing so, the deputy turned to an unlikely ally to help craft his appeal: Magistrate Angel Underwood.

      • American WeChat Users Getting Banned For Celebrating Hong Kong Election Results

        The recent election in Hong Kong may have scored some wins for pro-democracy candidates, but supporters of protesters and newly-elected candidates still aren’t able to do much celebrating on social media. WeChat, the massively popular messaging app owned by China’s Tencent, is apparently censoring posts and shutting down pro-democracy accounts.

      • ALEC-Crafted Laws Could Send Me to Prison for a Decade for My Activism

        This week, corporate executives and legislators from around the country are gathering in Scottsdale, Arizona, for the American Legislative Exchange Council’s (ALEC) annual States and Nation Policy Summit, where they will craft policies to introduce into state legislatures. More than a dozen groups have protested outside the meeting. ALEC is a shadowy group — meeting in secret, hiding its membership, and prohibiting journalists and the public from observing its activities. Various watchdogs have increasingly exposed ALEC’s undemocratic nature. What has received less attention, however, are the policies that emerge from ALEC.

      • Black Back Room Deals Must Not Stifle Right To Die With Dignity: Philip Nitschke

        Culture is crucial to Indigenous Australia, but it doesn’t give a handful of black leaders the right to scuttle laws to assist everyone the right to die with dignity, writes Dr Philip Nitschke.

    • Internet Policy/Net Neutrality

      • AT&T Says The Real Problem With The Internet Is We Pay Too Much Attention To Giant ISPs

        As Silicon Valley giants like Google and Facebook face all manner of (justified) regulatory scrutiny, telecom has been able to somehow remove itself from the conversation, despite engaging in many of the same (if not worse) behaviors over the years. While Congress obsesses about new ways to regulate “big tech,” the US government has oddly been busy neutering all oversight of “big telecom”. That’s at least partially by design; giants like AT&T and Comcast have spent years pushing for the hyper regulation of companies telecom increasingly competes with in the online ad space.

    • Monopolies

      • CJEU rules that “aceto” and “balsamico” are not individually protectable components of PGI “Aceto Balsamico di Modena”

        Yesterday, the Court of Justice of the EU (CJEU) issued its decision in Case C-432/18, Consorzio Tutela Aceto Balsamico di Modena v Balema GmbH [here]. The decision sets important limitations on the scope of protection of the Protected Geographical Indication (PGI) “Aceto Balsamico di Modena” and for PGI’s registered in a similar manner, because the Court held that individual components of this PGI are not protected.

        Background to the case

        Balema is a German producer of balsamic vinegar and markets its products as “Balsamico” or “Deutscher Balsamico”. The consortium of producers of Modena balsamic vinegar hold the PGI for “Aceto Balsamico di Modena (PGI)”, which enjoys protection under Regulation 1151/2012 (the Agricultural Foodstuff Regulation). It was registered under its predecessor and, as is common practice for European geographical indications, on the conditions set forth in the granting regulation, 583/2009. The consortium sued Balema in Germany and the Federal Supreme Court asked the CJEU whether the protection for “Aceto Balsamico di Modena” extends to the use of individual, non-geographical components of this term.

      • One-minute survey: Does judicial recruitment need a shake-up?

        The England and Wales High Court is in need of IP specialist judges. But with the courts facing a wider recruitment issue, filling the gap is not easy.

        Factors including pay and changes to pension arrangements mean there is a lack of candidates who want to become a judge. The UK’s Ministry of Justice has itself cited “very strong evidence” for recruitment difficulties in the High Court.

      • Mandatory mediation in Greece: Odysseus reaches Ithaca

        We have previously reported on Greece’s legislative initiative to introduce mandatory mediation in certain civil and commercial disputes, including trademark infringement disputes.

        The respective law, 4512/2018, had been enacted, but its entry into force was postponed, following reactions of lawyers and bar associations. As a result, the drafting of a new law was commenced. After the conclusion of the public consultation, a final draft was submitted to Parliament, and it was approved by the Plenary on November 28, 2019.

        Published the following day, on November 29, 2019, it is now law no 4640/2019 “Mediation on civil and commercial disputes – Further harmonization of Greek legislation with Directive 2008/52/EC of the European parliament and of the council of 21 May 2008 and other provisions” (the Law).

      • Patents

        • As 9th Circuit Prepares For Argument, Korean Fine Against Qualcomm Upheld

          Qualcomm’s appeal of the FTC’s success in district court continues to move forward, with the second set of amicus briefs (including CCIA’s) filed the week of Thanksgiving. Qualcomm’s reply brief is due by Friday, December 13th, and oral argument is scheduled for February 13th, 2020. Judge Koh found that Qualcomm had abused its dominant position in baseband modems, harming consumers and competitors alike.

          On appeal, Qualcomm has in essence argued that competition law shouldn’t apply to it because of its importance to cellular standards. Many amici, from technology firms to auto companies to former heads of the FTC, repudiated the argument that maintaining Qualcomm’s position in 5G is more important than ensuring healthy competition. We’ll see if that argument flies in the United States—given the strength of the factual determinations and the evidence in the district court, it shouldn’t—but in the meantime, Qualcomm has been handed another setback.

        • Nokia outmaneuvering Daimler with settlement effort that has zero credibility–but Mannheim court confirms hearing date

          One week ago, Reuters’ Foo Yun Chee (who’s been covering EU competition matters for more than a decade and whom I regard very highly) reported on a statement by Nokia according to which “the Finnish telecoms equipment maker had submitted a proposal for resolving the patent licensing fee row.” This relates to the situation between Nokia and Daimler as well as Daimler’s suppliers. Nokia brought ten German standard-essential patent (SEP) infringement actions against Daimler earlier this year–several months after Daimler had lodged an antitrust complaint with the European Commission’s Directorate-General for Competition (DG COMP) over Nokia’s refusal to extend exhaustive SEP licenses on FRAND terms to Daimler’s suppliers. At around the same time, four suppliers (Continental, Valeo, Gemalto, and BURY Technologies) also filed complaints against Nokia with DG COMP.

        • Supreme Court Hears Appealability Appeal

          The section 315(b) time bar prohibits institution of a petition “filed more than 1 year after the date on which the petitioner … is served with a complaint alleging infringement of the patent.” Years ago (well before the 1-year date) the patentee Click-to-Call sued Thryv’s predecessor-in-interest for infringement and served the complaint as required under § 315(b). That lawsuit, however, was voluntarily dismissed without prejudice. When the defendant later filed its IPR petition, the PTAB found that the dismissal without prejudice effectively nullified the original lawsuit and, as such, did not raise the time-bar. The PTAB then invalidated the claims. On appeal, the Federal Circuit rejected PTAB’s approach — holding that the statute does not allow for any exception to the time-bar for cases dismissed without prejudice. In its petition to the Supreme Court, Thryv asked the court to review both whether (1) the issue is appealable; and (2) the time-bar still applies after a dismissal without prejudice. The Supreme Court granted certiorari, but only as to question 1 – whether the issue is appealable.

        • Another German FRAND Ruling – OLG Karlsruhe, Judgment of 30 October 2019, 6 U 183/16 (Philips v Wiko)

          In its latest ruling on FRAND and the Art. 102 TFEU defense, the OLG (Higher Regional Court) Karlsruhe put an emphasis on the ‘fairness’ of the licensing negotiation procedure and thus on the ‘F’ prong of FRAND. To allow fair and expedient licensing negotiations and avoid a finding of abuse of dominance, the owner of a standard essential patent (SEP) has to explain and substantiate vis-à-vis the willing licensee why its license offer is FRAND in such a way that the implementer can assess the offer and respond with a counter-offer in a meaningful way. Even though both the SEP holder and the implementer may still comply with their ‘negotiation duties’ after filing the complaint, undue pressure by the threat of an injunction has to be avoided, e.g. by suspending the proceedings.

          The case concerned a patent essential for the LTE standard. The OLG Karlsruhe, appeal instance to the Mannheim Regional Court, confirmed patent infringement by defendant’s LTE compatible mobile phones, resulting in a declaration on damages and full claims for information and accounting. However, the defendant’s FRAND/Art. 102 TFEU defense was successful and the court rejected the requests for an injunction, recall and destruction as currently unfounded.

          With this decision, the Karlsruhe court tackles questions on the implementation of the negotiation framework as set out in the landmark decision Huawei v ZTE of the CJEU (case C-170/13) from yet a different angle than the appeal courts in Duesseldorf (with an emphasis on the ‘non-discriminatory’ assessment of the content of the SEP holder’s license offer and stricter requirements on the provision of third party licenses) and the UK (with a focus on the ‘fair and reasonable’ prong of FRAND and a more flexible application of the CJEU negotiation framework; see previous posts here and here). The Karlsruhe court also came to a different conclusion than the Court of Appeal The Hague in the parallel proceedings between the same parties earlier this year. According to public comments, the Dutch court held that the plaintiff was entitled to an injunction as the defendant was not a ‘willing licensee’ prior to the proceedings and had not met its burden to show that the plaintiff’s later license offer was non-compliant with FRAND. In contrast, the OLG Karlsruhe found that the plaintiff had not met its burden to substantiate the FRANDness of its license offer to the defendant. This failure to meet its information and negotiation duties amounts to an abuse of the plaintiff’s dominant position acc. to Art. 102 TFEU.

        • TCL v Ericsson overturned on appeal in US; will go to jury trial

          Readers will remember the news of Christmas 2017: Judge Selna in the Central District of California determined the FRAND royalties that TCL should pay to Ericsson. The decision attracted comment because the rates were very much lower than the findings that Mr Justice Birss had made in relation to Ericsson’s portfolio in Unwired Planet, despite similar evidence

          Today the Court of Appeals of the Federal Circuit overturned that decision.

          Ericsson appealed on two grounds: that it had been deprived of its right to a jury trial, and that Judge Selna’s calculations contained many errors. Happily for Ericsson, but disappointingly for followers of FRAND, the CAFC agreed with the first of those grounds. That means it did not need to look at the second.

      • Trademarks

        • Fraudulent Trademarks: How They Undermine the Trademark System and Harm American Consumers and Businesses

          Congress is moving on Trademark Legislation with a number of different potential proposals circling.

        • Counterfeit Goods Seizure Act of 2019

          Copyright, trademark, and “trade name” violations are already listed in the statute; patents and trade secrets are not listed. The basic idea here is that it is pretty easy for CPB to stack design patents atop their current system that looks at copyright and trademark. The hope here is that a layman (e.g., CPB official) can quickly and easily determine design patent infringement at a relatively high level of accuracy. This would be much more difficult for utility patents, and wouldn’t work for trade secrets without disclosing the secret to CPB.

        • AG Campos advises CJEU to rule that Amazon might be potentially liable for trade mark infringement

          Subsequently Coty requested Amazon to provide all perfumes stocked on behalf of the seller. 11 of the 30 perfumes delivered by Amazon to Coty had been stocked on behalf of another seller, whose identity Amazon was not able to confirm.

          Coty sued Amazon for trade mark infringement in Germany, but without success. In fact, both at first instance and on appeal, the German courts found that Amazon had not directly used the trade mark or stocked the goods to sell them; rather, it had just stocked them on behalf of third parties and was unaware that the trade mark rights had not been exhausted.

          On appeal to Germany’s Federal Court of Justice (BGH), a question arose: Does a person who, on behalf of a third party, stores goods which infringe trade mark rights, without having knowledge of that infringement, stock those goods for the purpose of offering them or putting them on the market under Article 9(3)(b) EUTMR, if it is not that person himself but rather the third party alone which intends to offer the goods or put them on the market?

          The BGH was unsure, though it was inclined to answer in the negative in light of what happens in Germany in the patent field. The court also excluded that Amazon’s behaviour would amount to a ‘use’ of the trade mark within the meaning of Article 9(2) EUTMR.

          Despite all this, a referral was made to the CJEU.

      • Copyrights

        • When you own an artwork, you don’t own the copyright: Danish artist wins injunction against watchmakers planning to cut up painting

          With thanks to Hanne Kirk and her team at Gorrissen Federspiel (Denmark) for this fascinating post regarding the outer limits of copyright in an artwork:

          On Monday, 2 December 2019, the Danish Maritime and Commercial High Court issued a ruling in a case which explores the fine line between destruction and alteration of existing artwork. The conclusion? Cutting up an existing artwork to repurpose the individual pieces as wristwatch faces constitutes reproduction of the work in an amended form – not destruction followed by the creation of a new, original work.

          [...]

          In its 2 December 2019 ruling, the Danish Maritime and Commercial High Court found in favour of Tal R on all claims, confirming expressly that the insertion of pieces of a painting into wristwatches was, in the view of the Court, not a destruction of the work, but rather a reproduction of the work in an amended form.

          In support of this conclusion, the Court noted that Kanske had itself explained that the very idea of the project was to transform Tal R’s artwork, and had further asked on its website “what happens when you take an original artwork and turn it into something else?” It made no difference in this regard that the artwork, once incorporated into the wristwatches, would no longer be recognizable.

          (This GuestKat finds the last-mentioned statement somehow surprising, given that similarity is a prerequisite for an infringement, and given that similarity calls for a certain recognizability of the original work.)

          The Court further ruled that the project would indeed, as claimed by Tal R, constitute an alteration and making available to the public of Tal R’s artwork “in a manner or in a context which is prejudicial to the author’s literary or artistic reputation or individuality,” thereby violating section 3(2) of the Danish Copyright Act.

          Finally, the Court also agreed that Kanske had violated sections 3(1) and 22(1) of the Danish Marketing Practices Act by marketing and offering for sale the wristwatches, including by making unauthorized use of the “Tal R” brand.

          Overall, the Court dismissed Kanske’s defense that the project was art and should benefit from the protections granted to expressions of artistic freedom.

        • Creative Commons Receives an AWS Imagine Grant to Improve CC Search

          With that in mind, we’re excited and proud to announce that we’ve been awarded an Amazon Web Services (AWS) Imagine Grant—a public grant for non-profit organizations that are “using technology to solve the world’s most pressing challenges.”

        • The Pirate Bay Moves to a Brand New Onion Domain

          The most famous torrent site in the world, The Pirate Bay, has ditched its old and mostly unreadable Onion domain for something more recognizable and potentially more permanent. The switch was reported to TorrentFreak after Pirate Bay proxy sites noticed extended downtime on the old domain.

        • IPTV Service Easily Circumvents First Canadian Piracy Blockade

          Through the Federal Court, Bell, Rogers, and Groupe TVA recently obtained the first Canadian pirate ‘site’ blocking order. The companies argued that ISP blockades are an effective way to deal with copyright infringing sites and services. While that may be true to a certain degree, the targeted GoldTV service simply switched to a new domain and continues to offer its services.

        • Meet the Guy Behind the Libgen Torrent Seeding Movement

          Libgen and Sci-Hub, regularly referred to as the ‘Pirate Bay of Science’, are continually under fire. However, if all of the important data is decentralized, almost any eventuality can be dealt with. Today we meet the guy leading a new movement to ensure that Libgen’s archives are distributed via the highest quality torrent swarms possible.

        • Why Won’t Creative Future’s Members Comment About This Hollywood Front Group Smearing A Well Respected Law Professor?

          If you look in the dictionary, the word “projection” has many different definitions. I find it particularly amusing that in Merriam Webster’s dictionary, the following two are right next to each other: the attribution of one’s own ideas, feelings, or attitudes to other people or to objects; especially : the externalization of blame, guilt, or responsibility as a defense against anxiety the display of motion pictures by projecting an image from them upon a screen This is a story that kind of involves both of those definitions, because it’s all about a front group, created and funded by Hollywood, very much “projecting” its own blame, guilt and responsibility onto one of the most respected and thoughtful copyright law professors. And… almost no one wants to comment on the organization’s shameful tactics. Perhaps some of you might help in my ongoing efforts to get literally any of Creative Future’s members to explain why it still supports the organization after its shameful smear campaign over the past few weeks and months.

12.06.19

Links 6/12/2019: DRM in GNU/Linux and Sparky Bonsai

Posted in News Roundup at 6:32 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Linux For All Shines on LXDE Desktop

      Linux For All very well could be a unifying Linux distribution that provides a common computing platform.

      LFA is a distro developed by Sweden-based software engineer Arne Exton of Exton Linux, the same developer who distributes ExTix Linux. The Swedish Linux Society hosts 16 Exton distributions.

      The Exton Linux inventory of distributions is a fertile repository of custom distros you will not find elsewhere. Among Exton Linux releases are an assortment of customized Linux distros based on a wide family of options such as Arch, Debian, Ubuntu, Puppy and Slackware. Multiple versions of these distros offer an even wider range of desktops.

      The ExTix distro, which I recently reviewed, is perhaps one of the best known of Exton’s Linux platforms. That is in part due to its multiple desktop offerings.

      Linux For All comes in just one flavor, the LXDE environment. However, LXDE is an inviting option that eliminates confusion and complexity in favor of a powerful desktop that is lightweight enough to run on low-powered aging hardware.

    • Server

      • [Older] Making sense of a multi-cloud, hybrid world at KubeCon

        More than 12,000 attendees gathered this week in San Diego to discuss all things containers, Kubernetes and cloud-native at KubeCon.

        Kubernetes, the container orchestration tool, turned five this year, and the technology appears to be reaching a maturity phase where it accelerates beyond early adopters to reach a more mainstream group of larger business users.

        That’s not to say that there isn’t plenty of work to be done, or that most enterprise companies have completely bought in, but it’s clearly reached a point where containerization is on the table. If you think about it, the whole cloud-native ethos makes sense for the current state of computing and how large companies tend to operate.

      • [Older] ‘Kubernetes’ Is the Future of Computing. What You Should Know About the New Trend.

        Nearly all major technology companies are saying the same thing. Kubernetes is the next big thing in computing.

        The Greek word for helmsman or pilot, Kubernetes is accelerating the transition away for legacy client-server technology by making cloud-native software development easier, better and faster.

        Last week, more than 12,000 developers and executives gathered in San Diego at the largest annual Kubernetes conference called KubeCon. That’s up from just 550 attendees four years ago. The conference goers are all looking for ways to take advantage of Kubernetes and its ability to automatically deploy, manage, and scale software workloads in the cloud.

        To understand the trend, let’s start with the changing dynamics of software in the cloud. Cloud apps increasingly run in aptly-named containers. The containers hold an application, its settings, and other related instructions. The trick is that these containers aren’t tied down to one piece of hardware and can run nearly anywhere—across different servers and clouds. It’s how Google manages to scale Gmail and Google Maps across a billion-plus users.

        Alphabet’s (ticker: GOOGL) Google long ago developed software called Borg to orchestrate its in-house containers—spinning them up and down as needed. In 2014, the search giant opted to make a version of Borg open source, calling it Kubernetes. Today, the major cloud providers all offer a Kubernetes option to customers.

      • IBM

        • Understanding Red Hat AMQ Streams components for OpenShift and Kubernetes: Part 2
        • Red Hat announces beta access to the Red Hat migration analytics service

          Do you know where your workloads are, their current state and what it would take to modernize them? The answer is likely no. That’s why Red Hat is unveiling the Red Hat migration analytics service, currently in beta. Here’s what the service offers, and how it can help you with inventory, migration suggestions and more.

        • Red Hat Enterprise Linux 8.1 Debuts With Added Developer Tools, Security & Automation

          Red Hat, Inc. today announced the general availability of Red Hat Enterprise Linux 8.1, the latest version of the world’s leading enterprise Linux platform. The first minor release of the Red Hat Enterprise Linux 8 platform, Red Hat Enterprise Linux 8.1 enhances the manageability, security and performance of the operating system underpinning the open hybrid cloud while also adding new capabilities to drive developer innovation.

          Red Hat Enterprise Linux is the foundation of Red Hat’s open hybrid cloud portfolio, providing the underlying engine that allows complex workloads to be developed and deployed across physical, virtual, private and public cloud environments with greater confidence and control. As the backbone of the hybrid cloud, the world’s leading enterprise Linux platform provides a consistent user experience across on premise deployments and all major public cloud infrastructures. At the same time, it supports key production workloads like Microsoft SQL Server and SAP HANA while also enabling new workloads like artificial intelligence (AI) and machine-learning (ML).

    • Audiocasts/Shows

      • 2019-12-05 | Linux Headlines

        Mozilla speeds up its open source speech-to-text engine, Disney+ is now available on Linux, and Amazon has a new AI-powered service for automated code review.

    • Kernel Space

      • Linux 5.5 Lands Broadcom BCM2711 / Raspberry Pi 4 Bits

        Following last week’s Arm architecture updates for Linux 5.5, sent in via four pull requests on Thursday was all the new and improved hardware enablement for the SoCs and single-board computer platforms.

        The prominent ARM hardware support change with Linux 5.5 is mainlining the Broadcom BCM2711 SoC that is notably used by the Raspberry Pi 4 and also integrating the various RPi4 device tree additions. It’s great seeing the Linux kernel finally beginning to get into shape for the modern Raspberry Pi 4.

      • Graphics Stack

        • Nvidia Is Preparing An Unexpected Surprise For Linux Users In 2020

          Each year Nvidia hosts the GPU Technology Conference, a global gathering of AI developers, data scientists, graphic artists, and pretty much anyone in the technology industry working with GPUs in their chosen fields. The event packs in keynotes with roadmaps and reveals, face-time with Nvidia engineers, and hundreds of sessions to participate in. GTC 2020, though, looks to include a special surprise for Linux users and open source enthusiasts.

          Supporting Nouveau eh? That’s the open source Linux driver used to drive Nvidia graphics cards (Nvidia also supplies a proprietary driver for Linux), and Nvidia’s historical lack of contributions is what led Linus Torvalds to famously flip Nvidia the bird and utter words I can’t print here. (I can link to them though. . .)

          The community of developers working on the Nouveau driver have experienced several roadblocks throughout the years. Paramount among them is the inability to achieve normal GPU clock speeds due to Nvidia’s locked down firmware on many models of graphics cards. This leads to undesirable performance and a multitude of potential video display issues across many Linux distributions.

    • Applications

      • Gammy – Adaptive screen brightness utility for Linux

        All technology enthusiasts heartily greeted smartphones when they came around. Not only because it was all futuristic and attractive, but also because now you could do things that you could only do on your desktop or laptop.

        E-mailing, text messaging, sharing files, all became much easier. Even though it seems like smartphones are given features based on those possessed by notebooks, they have a world of their own. Now, even the computer world is learning things from smartphones.

        One such feature of smartphones that we all find helpful is automatic brightness adjustment. Having that on our Linux systems will be great, especially for those who move around with their laptops a lot. We present a program just for that task, Gammy.

      • Migrating the MAAS UI from AngularJS to React

        MAAS (metal as a service), is a Canonical product which allows for very fast server provisioning and data centre management. Around 2014, work began to build a rich UI for MAAS, primarily using the AngularJS JavaScript framework from Google. AngularJS today is in long term support (LTS) and due to reach end-of-life in 2021. This year we began the work of transitioning away from AngularJS in anticipation of this impending EOL to more contemporary tooling.

        Evaluating Angular vs React

        Google’s recommended upgrade path for applications built in AngularJS is to transition to the Angular framework. Despite the similarity in naming, Angular is very different from AngularJS architecturally, and the migration process is non-trivial. While components (allowing for the now ubiquitous uni-directional data architectural pattern) were later backported from Angular to AngularJS, most of MAAS UI predated this and consequently migration to Angular would require significant app-wide refactoring.

        Since the inception of the MAAS UI, a number of other products had been built at Canonical using React. As we had developed significant experience using React, and tooling in the surrounding ecosystem, ultimately it made more sense to invest in transitioning the MAAS UI to React rather than Angular. This choice conferred additional benefits, such as standardising our build and testing infrastructure, and allows for component reuse across products. We also just generally enjoy working with React, and feel that the most significant developments in web UI technology are happening within the React ecosystem (hooks, concurrent mode, suspense, CRA).

      • 6 Best Free Linux Speed Reading Tools

        The idea of speed reading was invented by an American schoolteacher named Evelyn Wood.

        There’s a few different approaches when it comes to speed reading. Spritz technology is based on the notion that much of the time spent in reading text is taken by the eye’s focus moving between words and across the page. According to Spritz, spritzing is defined as reading content one word at a time with the optimal recognition point (ORP) positioned inside of their custom “redicle”. After your eyes find the ORP, your brain starts to process the meaning of the word that you’re viewing. The concept of speed reading in this context is simple: slice a text into individual short segments, like a word.

        The software featured in this group test is based on spritzing. Read text without moving your eyes, and therefore rapidly increase your reading speed. Unlike other reading techniques, you don’t need to rewire your brain to work more efficiently.

    • Instructionals/Technical

    • Games

      • Offering up some intense multiplayer mayhem, Tank Maniacs is out now

        GAMELAB today released Tank Maniacs, a very intense multiplayer party game for up to four players. Your task is simple: eliminate the competition in any way possible and it’s really quite hilarious.

        A game for when you want things to be a little less serious perhaps? Tank Maniacs would certainly slot into your gaming schedule nicely there I think. You don’t need to have other players with you, thankfully, as the AI can be quite menacing I found during my time playing it. If you livestream games on Twitch, they also have a fancy Extension you can try which helps viewers get involved.

      • Beyond a Steel Sky, the sequel to the classic Beneath a Steel Sky is coming to Linux next year

        Revolution Software today put out an announcement about Beyond a Steel Sky, the sequel to Beneath a Steel Sky, to give an update on the release date.

        Beyond a Steel Sky is a dramatic, humorous, cyberpunk thriller in which engaging puzzles drive a fast-paced narrative set in a dynamic game-world that responds to – and is subverted by – the player’s actions. It was quite a surprise when writing about it back in September as it popped up on Steam with Linux system requirements. We didn’t manage to get full confirmation from the developer, until today! They confirmed to us on Twitter that Linux support is happening—awesome!

      • Kickstarting a new edition of Steve Jackson Games’s Car Wars

        Now, Steve Jackson Games (previously) is kickstarting a sixth edition of Car Wars, set in a fallen USA in 2069, dominated by “wilderness lawlessness, banditry, regional dictators, and of the men and women who combat them.” The sixth edition includes rules, detailed miniature plastic model cars, player dashboards, and card-decks for internal damage. Stretch goals include custom six sided dice (a set of 20!), extra tokens, a new collision system and a 36″x36″ playspace — at higher levels, they’re going to add more minis and extra rules.

      • Stylish 2D action adventure Alwa’s Legacy is successfully funded and coming to Linux

        Great news for fans of colourful retro-inspired action adventures, as Alwa’s Legacy (the successor to Alwa’s Awakening) has managed to get funding.

        After launching on Kickstarter last month, Elden Pixels managed to raise a total of around SEK 290,369 (approx £23,332). Just like the previous game, they’re planning for full Linux support. Since it has been successful, it’s another listed on our dedicated Crowdfunding Page.

      • New Steam Client Beta upgrades the Linux Steam Runtime Container and Remote Play Together

        Valve have another freshly brewed Beta available for the Steam Client that was released yesterday ready for more testing.

        For Linux gamers, this Beta brings with it some upgrades to the Linux Steam Runtime and the Linux Steam Runtime Container with “improved graphics drivers diagnostics”. Don’t know what we mean by Container? Recently Steam gained a new feature to enable you to run Linux games inside a special Linux Runtime Container. I have some high hopes that this container feature will reduce further any QA testing issues game developers have when deploying for Linux.

      • Creator of WebRTC now working on Google Stadia, Darksiders Genesis out plus more Stadia news

        We have more interesting news to share this morning about updates surrounding Google Stadia, the game streaming service.

        Firstly, engineer Justin Uberti who helped to created WebRTC and Google Duo has announced they’ve moved onto leading the Google Stadia engineering team. Google certainly need all the help they can get building their gaming platform, after such a rough launch. Uberti also mentioned that they will be hiring for Stadia in in Seattle/Kirkland (USA) so get in touch if working on cloud gaming sounds like your thing.

        Google have also finally put the Stadia store online in the browser, it’s no longer totally locked to the mobile app. This was one of the pain points of the early launch, although you likely still need to actually have a Stadia account and a Chromium-based browser to even access it.

    • Desktop Environments/WMs

      • Pekwm: A lightweight Linux desktop

        Let’s say you want a lightweight desktop environment, with just enough to get graphics on the screen, move some windows around, and not much else. You find traditional desktops get in your way, with their notifications and taskbars and system trays. You want to live your life primarily from a terminal, but you also want the luxury of launching graphical applications. If that sounds like you, then Pekwm may be what you’ve been looking for all along.

        Pekwm is, presumably, inspired by the likes of Window Maker and Fluxbox. It provides an application menu, window decoration, and not a whole lot more. It’s ideal for minimalists—users who want to conserve resources and users who prefer to work from a terminal.

      • K Desktop Environment/KDE SC/Qt

        • Krita Weekly #6

          I will just run through what are the folks did over the week. Dmitry is working on fixing the rendering of vector shapes. I gave it a try last day, though there are a few snitches here and there, but overall it was much faster than the current one. He also worked with a new contributor Fredrik and fixed the transform tool crash bug.

          Kai Uwe Broulik fixed almost year old regression which made the layer filter menu too narrow with the breeze theme. Tiar fixed a couple of bugs related to onion skins and selections along with her work on the implement tagging of resources in the new system. Also Wolthera can be seen working on the UI and resource models for the same. Ivan has finished his patch to accurately draw 1px lines. Amidst exams even I patched one of the bugs related to text tool, although I was the one who introduced that in the first place.

    • Distributions

      • Screenshots/Screencasts

      • SUSE/OpenSUSE

        • New Local Build Environment Features

          We have just created osc 0.167 release which focuses on the local build functionality. It is way easier now to deal with VM builds (eg. inside of KVM) and also building for foreign hardware architecture becomes way easier now.

        • Highlights of YaST Development Sprint 90

          As usual, during this sprint we have been working on a wide range of topics. The release of the next (open)SUSE versions is approaching and we need to pay attention to important changes like the new installation media or the /usr/etc and /etc split.

      • DRM

        • Disney+ Now Works in Linux After DRM Tweak

          Linux users can now stream shows and movies from the Disney+ streaming service after Disney lowering the level of their DRM requirements.

          When Disney+ was first launched, Linux users who attempted to watch shows and movies were shown an error stating “Something went wrong. Please try again. If the problem persists, visit the Disney+ Help Center (Error Code 83).”

        • Disney+ finally works on Linux!

          A little more than three weeks after the new Disney+ movie streaming service went officially live, the Disney company has added Linux support to their Widevine DRM protection. No more “Error 83”. No more need to install the Windows version of Chrome in Wine. Watching your favorite movies is now possible in the native Linux browsers – both Mozilla and Google based. Firefox will download the Widevine CDM (content delivery module) automatically, Chrome has the support built-in and for my Chromium package and other Chromium-based browsers you;ll have to install my chromium-widevine-plugin package.

      • Fedora Family

        • 5 cool terminal pagers in Fedora

          Large files like logs or source code can run into the thousands of lines. That makes navigating them difficult, particularly from the terminal. Additionally, most terminal emulators have a scrollback buffer of only a few hundred lines. That can make it impossible to browse large files in the terminal using utilities which print to standard output like cat, head and tail. In the early days of computing, programmers solved these problems by developing utilities for displaying text in the form of virtual “pages” — utilities imaginatively described as pagers.

          Pagers offer a number of features which make text file navigation much simpler, including scrolling, search functions, and the ability to feature as part of a pipeline of commands. In contrast to most text editors, some terminal pagers do not require loading the entire file for viewing, which makes them faster, especially for very large files.

      • Debian Family

        • Debian Installer Bullseye Alpha 1 Released

          Debian 11 “Bullseye” isn’t expected to be released until well into 2021 but out today is the first alpha release of the Debian Installer that will ultimately power that next major Debian GNU/Linux release.

          This is just the first of many alpha releases today of the Debian Installer and not of the Debian Bullseye itself. Bullseye continues to serve as the Debian testing and many changes have been landing in the months since the Debian 10 “Buster” release.

        • Sparky Bonsai – a portable edition of SparkyLinux

          Sparky Bonsai is a GNU/Linux distribution based on Debian/Sparkylinux in a portable form. Taking advantage of the experience of portable distros such as Slax, Porteus, Puppy and DebianDog, we made a remix of our favor Debian-based distro SparkyLinux. The idea was to make a portable version of the linux distro having already installed at home, in cases we can’t, don’t need or wish to install it properly…

          …Sparky Bonsai lives in a USB flash 4GB minimum and run with 512 MB of RAM on x86 processors. At the moment it’s only available in 64bit version. It fits on a DVD or CD optical disk and runs in ext2/3/4, fat32, xfs, exFAT file systems. In order to load it to RAM, 1GB is recommended.

          It is a minimal Debian Buster file system using Debian linux kernel v. 4.19.0.6 with the BusterDog’s modules for porteus boot, live-boot-3x and aufs support. Kernel updates are not available the way they are on a properly installed linux system. As you may know, BusterDog uses the Antix Linux init system. Sparky Bonsai uses systemd as pure Debian and Sparky Linux. If you don’t wish to use systemd, check the BusterDog (based on Antix) or Beowolf (based on Devuan).

          Sparky Bonsai use PCmanFM as file/desktop manager and JWM as windows manager. JWM’s menu construction is based on xdgmenumaker. It comes with Pale Moon as the default web browser, Mousepad as the default text editor and LXterminal as default terminal emulator. All DebianDog’s module and remaster scripts are included as well.

      • Canonical/Ubuntu Family

        • Linux Mint 19.3 Will be Released by Christmas

          Just in time for the holidays, the developers behind Linux Mint have announced that version 19.3 (Tricia) will be released by December 25. The beta for the upcoming iteration has already been made available (download from one of the official mirrors here) for the public to test.

          The latest iteration of Linux Mint contains a number of new features. One such features is the System Reports tool. This new tool detects potential issues on your computer (such as a missing language pack, multimedia codec, new firmware drivers, etc.).

        • Linux Mint 19.3 “Tricia” Beta Available To Download

          For the past many releases I have been covering Linux mint and in each release, the team has delivered what it had promised. Now the new release is getting closer, Mint users should know what’s going to be delivered in the coming release Linux Mint 19.3 “Tricia”.

          Yesterday Linux Mint 19.3 codenamed “Tricia” was released. It is a big milestone for developers to reach since this release reflects what the team has been working for. After reading the release note and also using it, it looks like the team is on its way to deliver another user-friendly, stable, and feature-rich OS.

          So let’s see what’s new in Linux Mint 19.3 “Tricia” Beta.

          [...]

          Cinnamon 4.4 is more lightweight than its predecessors. Cinnamon 4.4 uses 28mb less memory than 4.2 and 4.3.

          In Linux mint 19.3, there are a few tweaks in the desktop environment. The system panel’s font & icons sizes can be adjusted differently. Uses can change the font & icon size of left of panel, center of the panel, and right of the panel separately.

        • Some Of The Possible Changes Coming For The Desktop With Ubuntu 20.04 LTS

          While we aren’t even half-way through the Ubuntu 20.04 LTS development cycle yet, Ubuntu’s Trello board provides a look at some of the changes and new features being at least considered for this next Ubuntu long-term support release.

          With Ubuntu 20.04 LTS, the Focal Fossa, we’ve known about some items like working to drop Python 2 and never-ending GNOME performance work and continuing the great ZFS/Zsys integration introduced as experimental in Ubuntu 19.10. But there’s also more coming to this next Ubuntu release due out in April.

        • Web application development with Juju charms: an interview with Marc André Audet from Absolunet

          Targeting the web platform is increasingly complex. Tim McNamara, Developer Advocate in the Juju team at Canonical, recently interviewed Marc André Audet, Security Expert at Absolunet to discuss how Juju charms can be used for web application development. In the interview, you’ll learn about how to use Juju for web apps.

          [...]

          Absolutely. Right now we have 2 clients in production using Juju, but we have spun up many sites for development, testing and sales purposes.

          I’ve automated everything so much that we only have to deploy a bundle and we get a ready-to-use environment from scratch in under 20 minutes on the AWS cloud. And for any version of Magento. As long as Magento retains backwards compatibility, no changes are needed.

          In the near future, we have plans to make it possible for anyone to spin up a new site with a single click, regardless of the intended use. With this, we expect to see an important increase in Juju usage and adoption at Absolunet.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Haiku almost-monthly activity report – October and November 2019

        The last two months have been quite busy for me and I had no time to write up a report. Remember that everyone is welcome to contribute to the website and if you wand to write the report from time to time, this would be much appreciated, by me because I wouldn’t need to do it, and by others because they will enjoy reading things written with a different style and perspective.

        Anyway, let’s look at what’s going on!

        Let’s start with the non-technical side of things. The months of october and november are traditionally quite active in Haiku (matching with our autumn-themed logo, of course). There was no BeGeistert this year, but I attended Alchimie and Capitole du Libre with mmu_man, while Korli, scottmc and Hy Che went to the GSoC mentor summit, which was in Germany this year.

        These events are an opportunity to advertise Haiku a bit, share ideas and projects with other alternative operating systems such as MorphOS, ReactOS, FreeBSD, or RTEMS, and overall meet other people working on open source software.

        All while managing this, we also had to get ready for Google Code-In, which is celebrating its 10th year. We are the only project with enough contributors and ideas to be able to participate every year since the contest was established, and look forward to what our contestants will accomplish this year. The first patches are already getting to our Gerrit code review.

      • BeOS-Inspired Haiku Continues Working On 64-bit ARM, Other Hardware Improvements

        The open-source Haiku operating system project working off inspirations from BeOS continued to be quite active over the past two months in adding various modern features and fixes to their platform.

        Some of the Haiku work tackled over October and November included:

        - Continued preparations around 64-bit ARM (AArch64) support for Haiku. Related is making the Haiku EFI code more platform agnostic to work both on x86_64 and ARM64.

      • How I Switched To Plan 9

        Hi, I’m SL. You may remember me from my classic appearances in contentious 9fans threads, or maybe you’ve read one of my books.

        I’m a veteran UNIX admin of 20+ years. I produced a bunch of multimedia stuff on a Macbook in the mid-2000s. I ran 9front on all my production servers and on my personal laptop (my main personal computer) almost exclusively from 2011 to 2017. In early 2017 I moved to a new job that involved a lot of traveling and infrequent access to WiFi. It also turned out that carrying a second laptop (besides my work laptop) added too much bulk/weight to all the stuff I already had to carry everywhere I went. I bought one of those early iPad Pros equipped with an LTE connection and did most of my necessarily mobile computing via that device for the better part of two years. I was able to rig up a command line connection to 9front using a native iOS SSH client and drawterm -G. I explained how this was accomplished in a previous blog post. Infrequently, I carried a ThinkPad X230 Tablet, and later a ThinkPad X250 along with me, piggybacking off the iPad’s WiFi tethering.

        The experience sucked. Replacing a general purpose computer with a jacked-up surveillance sensor package is not my idea of solving the problem of mobile computing. Lugging around extra pounds put a lot of strain on my already compromised back. Something had to give.

        No pun intended.

        Recently, I acquired a used ThinkPad X1 Tablet (1st Gen). This thing is small enough to fit in my bag, works well with both OpenBSD and 9front, and weighs almost as little as my iPad Pro with it’s folding keyboard cover. Finally, I’m back in business.

      • What motivates people to contribute to open source?

        Knowing what motivates people is a smart way to recruit contributors to an open source project—and to keep them contributing once they’ve joined.

        For his book How Open Source Ate Software, Red Hat’s Gordon Haff did a lot of research on the topic of motivation, and he shared some of it in his Lightning Talk at All Things Open 2019, “Why do we contribute to open source?”

        Watch Gordon’s Lightning Talk to learn about the three main types of motivation—extrinsic, intrinsic, and internalized extrinsic—what they are, and how they relate to open source communities.

      • Events

        • Jakub Steiner: Conferences

          This year I haven’t done any drone-related travelling. The sponsorship deal fell through and Rotorama didn’t participate in DCL. I admit I haven’t been practicing as much as I would need to to do any better in the local races either.

          So at least I got the world of FOSS to get out of the couch.

      • Web Browsers

        • Mozilla

          • Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks

            Patting itself on the back for blocking more than one trillion web tracking requests through its Enhanced Tracking Protection tech, Mozilla on Tuesday continued its privacy push with a further test of its Firefox Private Network service, an update to Firefox Preview Beta for Android, and the debut of its latest desktop browser, Firefox 71.

            Back in September, Mozilla began testing its Firefox Private Network (FPN), a virtual private network (VPN) service for browser traffic, enabled through a Firefox extension (add-on), and soon for protecting all applications on devices at the operating system level.

            That FPN beta test has now reached its next stage. Mozilla is inviting US users of the Firefox desktop browser with Firefox Accounts to try FPN out, for free, for up to 12 hours per month.

            “With the holidays around the corner, the FPN couldn’t come at a more convenient time,” said Marissa Wood, VP of product at Mozilla, in a blog post. “We know people are traveling and might have to rely on an unsecured public Wi-Fi network, like the one at the airport, at your local coffee shop, or even at your doctor’s office.”

            FPN creates a secure tunnel from the user’s browser or device to the internet, protecting any data passing through a Wi-Fi hotspot – if you must log into a public WiFi hotspot, you should use a VPN. Instead of providing the user’s IP address, it presents its own IP address, which makes tracking more difficult.

      • Funding

      • FSF

        • Librem 5 on the Free Software Foundation’s Ethical Tech Gift Giving Guide

          The Ethical Tech Gift Giving guide is a list of gifts approved by the FSF for our loved ones this festive season. It prioritizes devices that respect the freedoms of our friends and families over the latest gadget from Facebook, Amazon, Apple, Google, and countless other companies because “freedom is the gift that keeps on giving”. Big Tech require our complete trust in their proprietary exploitative systems, whether using a free email account, buying a heavily subsidized phone or tablet and even using a search engine. We pay for them by giving up the freedom over our lives and give them control to exploit us and our loved ones to increase shareholder value.

      • Public Services/Government

        • A Major Step for Open Source in Europe

          As long-time supporters of Open Source, we had high expectations of last week’s European Commission ambitious workshop ‘Open Source Beyond 2020’. These expectations were exceeded. The event gathered an impressive group of representatives of the relevant stakeholder groups, spanning industry, research, advocacy, and policy-making. But what was particularly encouraging was the way the Commission actively sought fresh ideas on how the Open Source opportunity for Europe could be maximised.

          It was helpful that DG CNECT and DIGIT jointly hosted the event, bringing together their experiences and initiatives. Two intensive days of insightful panels and discussions with practitioners from around Europe gave a strong feeling of pragmatism rather than rhetoric.

          Contributing to the Workshop CEO Sachiko Muto spoke on the role of Open Source as innovation enabler and the role of Standards in Open Source, and our research director Sivan Pätsch shared his insights on digital skills for Open Source. But it was particularly pleasing to see many of the OpenForum Academy Fellows giving expert opinion.

          Open Source has reached global ubiquity within software development so it is fundamental that Europe understands how to maximise the potential impact for economic development, business and citizens. The European Commission employed a proactive approach when it came to listening to the broad community in planning and delivering the workshop. This holds high hopes for the future of digital openness in Europe and possibilities of cross-industry and cross-institutional cooperation. But to date much of the success has come from bottom up initiatives. Just what are the policy and leadership measures that the Commission could take that would positively affect the outcome? Are there any? Are they really needed?

      • Programming/Development

        • Python

          • Interactive (Touch) Musical Christmas Tree

            In this video I should how to build a capacitive touch Christmas tree that allows you to play music just by touching the ornaments. All it takes is a little bit of Python code, a Raspberry Pi, and a Bare Conductive Pi Cap.

          • How Machine Learning Will Generate up to $2 Trillion in Value for the Manufacturing Industry

            Open-Source Technologies Provide Innovative Solutions

            With the right skill set, data scientists in the manufacturing industry can provide a strategic advantage by implementing the use cases discussed here using Python and cutting edge open-source libraries like TensorFlow, scikit-learn, and scikit-image. For this reason, many manufacturing organizations would realize greater value from an enterprise machine learning platform that incorporates open-source libraries and tools rather than a point solution designed for a single use case.

          • Significant changes for some error messages in Python 3.8

            As I work on including more exceptions in Friendly-traceback, I am mostly pleasantly surprised by generally more precise error messages. For example, in Python 3.7, the following

            __debug__ = 1

            would yield “SyntaxError: assignment to keyword” which likely would baffle almost everyone looking up the list of Python keywords. In Python 3.8, that message has been replaced by the more precise: “SyntaxError: cannot assign to __debug__”. Much better, in my opinion, even though one may be surprised to learn about this constant.

          • SunPy Receives NASA Grant, Helps Generate Parker Solar Probe Results

            The one-year proposal, entitled “Supporting and extending SunPy for the heliophysics community,” will create a spectral datatype and provide more coordinate systems in SunPy. In addition, code snippets demonstrating the use of SunPy and other heliophysics-focused Python packages will also be created. Finally, an extensive analysis of the codebase will be performed in order to improve SunPy’s long-term maintainability. The PI is Jack Ireland (NASA GSFC), and the co-I is Andy Terrel (NumFOCUS). In addition, two SunPy affiliated packages were selected for funding from the same NASA program.

            [...]

            A co-author on one of the results papers, David Stansby, previously published a short paper called “Predicting Large-scale Coronal Structure for Parker Solar Probe Using Open Source Software.” That short paper provided a completely open toolkit (pfsspy), built on the NumFOCUS stack, to make predictions of the Sun’s magnetic field structure. One of the key results presented in the new Nature paper grew directly out of this work, which relies heavily on SunPy, NumPy, SciPy, and Matplotlib.

        • Shell/Bash/Zsh/Ksh

          • Another surprising AWK trick

            So why is AWK ignoring everything but the numbers in returning “626″? Because “Strings are converted to numbers and numbers are converted to strings, if the context of the awk program demands it”. In this case AWK is told to subtract field 3 from field 2. Subtraction being a numbers operation, AWK treats the strings in the fields as numbers, and since ” lid” and “)” aren’t numbers, they’re ignored.

      • Standards/Consortia

        • Google to stop indexing Flash for search

          Adobe laid out Flash’s demise two years ago when it disclosed that it would stop updating and distributing Flash Player at the end of 2020. At the same time, browser makers revealed how they were going to sunset the player software and thus put an end to the multimedia format.

          [...]

          Shutting down Flash indexing will impact only a fraction of all websites: According to technology survey site W3Techs, only 3% of sites now utilize Flash code. That number climbs when more popular sites are polled; 8.4% of the top-1,000 sites, said W3Techs, contain Flash code.

  • Leftovers

    • Science

      • The anti-vax movement causes an epidemic in Samoa

        Measles has spread so rapidly in Samoa because only a small proportion of children has been vaccinated. The World Health Organisation estimates that just 31% of infants received the vaccine in 2018, down from 90% in 2013. Distrust of the health system was fuelled by the death last year of two babies who had mistakenly been administered a muscle relaxant along with the vaccine. In response, the government put measles vaccinations on hold. Anti-vax activists spread false rumours that hospitals were using faulty or expired vaccines and, as in other countries, repeated the debunked claim that immunisation is linked to autism.

      • Measles deaths ‘staggering and tragic’

        In short, not enough children are being vaccinated.

        In order to stop measles spreading, 95% of children need to get the two doses of the vaccine.

        But the figures have been stubbornly stuck for years at around 86% for the first jab, and 69% for the second.

        Why enough children are not being vaccinated is more complicated – and the reasons are not the same in every country.

    • Integrity/Availability

      • Proprietary

        • The 20 Best Ride Sharing Apps for Android Device in 2019

          Using a ride sharing app on your Android device now becomes very common. With the blessing, we call PlayStore, life in this era, has become easier than before. Those taxi apps for Android devices are such an issue that vanishes all the hassles of hiring a vehicle in a familiar and even in an unfamiliar place. However, PlayStore contains thousands of taxi apps. But all of them may not work well for you. Moreover, all those apps are not available everywhere. This is why I suggest you have an idea about some best ride sharing apps for Android before giving a try on some.

        • New Vivaldi for Android Beta Adds More UI Improvements, Chromebook Support

          Vivaldi Technologies have released a new beta of their upcoming Vivaldi for Android web browser, which brings support for Chromebooks and many refinements to the user interface.
          After the great feedback on the first beta release, Vivaldi Technologies have been working hard to improve their Vivaldi for Android web browser, adding lots of goodies requested by the community, starting with new settings to allow users to swipe to close tabs and view scrollbars on internal pages.

          Another new setting added in Vivaldi for Android beta 2 is called “Always Show Desktop Site,” which will display the desktop version of the current website when enabled. The UI has been refreshed as well to get rid of Bookmarks and Notes with a single tap using the new “Empty Trash” button at the bottom of the screen.

          “We want Vivaldi to be a great experience for our users on their mobile devices,” says Vivaldi CEO Jon von Tetzchner. “And we are working towards packing more functionality into it based on their invaluable feedback.”

        • Pseudo-Open Source

          • Openwashing

            • Intel Publishes oneAPI Level 0 Specification

              Back at SC19 Intel released a beta of their oneAPI Base Toolkit for software developers to work on performance-optimized, cross-device software. Complementing that initial software beta is now the oneAPI Level 0 Specification.

              The oneAPI Level 0 Specification is self-described as “The objective of the ‘One API’ Level-Zero API is to provide direct-to-metal interfaces to offload accelerator devices. It is a programming interface that can be published at a cadence that better matches Intel hardware releases and can be tailored to any device needs. It can be adapted to support broader set of languages features, such as function pointers, virtual functions, unified memory, and I/O capabilities.”

              [...]

              While catering to Intel hardware releases, the specification itself is under the Creative Commons and the actual implementation of it under an MIT license, thus the ability for other ISVs and IHVs to embrace the oneAPI specification. Similarly, we’ve already heard of Codeplay working on oneAPI support for NVIDIA GPUs to be released in 2020.

        • Security

          • VPN Vulnerability (CVE-2019-14899)

            • New Vulnerability Lets Attackers Hijack VPN Connections on Most UNIX Systems

              Affecting most GNU/Linux distributions, as well as FreeBSD, OpenBSD, Android, iOS and macOS systems, the new security vulnerability could allow a local attacker to determine if another user is connected to a VPN (Virtual Private Network) server and whether or not there’s an active connection to a certain website.

              The vulnerability (CVE-2019-14899) is exploitable with adjacent network access, which requires the attacker to have access to either the broadcast or collision domain of the vulnerable operating system, and lets attackers to hijack connections by injecting data into the TCP (Transmission Control Protocol) stream.

              The vulnerability has been reported to work against various popular VPN solutions, including OpenVPN, IKEv2/IPSec, as well as WireGuard, and it doesn’t matter which VPN technology is being used, thus allowing attacker to determine the type of packets being sent through the encrypted VPN tunnel.

            • Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

              A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.

              The University of New Mexico team of William Tolley, Beau Kujath, and Jedidiah Crandall this week said they’ve discovered CVE-2019-14899, a security weakness they report to be present in “most” Linux distros, along with Android, iOS, macOS, FreeBSD, and OpenBSD. The upshot is, if exploited, encrypted VPN traffic can be potentially hijacked and disrupted by miscreants on the network.

              To pull off the attack, the US-based posse says, a hacker would need to be “network adjacent” to their target, or control an access point on the victim’s local network. Once the victim connected to their VPN, the spy would be able to, for one thing, tamper with the TCP stream to do things like inject packets into the stream.

            • New Linux Vulnerability Lets Attackers Hijack VPN Connections

              Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

            • New Linux Vulnerability Lets Attackers Hijack VPN Connections

              Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

              They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard.

            • New vulnerability lets attackers sniff or hijack VPN connections

              The vulnerability — tracked as CVE-2019-14899 — resides in the networking stacks of multiple Unix-based operating systems, and more specifically, in how the operating systems reply to unexpected network packet probes.

          • Privacy/Surveillance

            • Stop Saying Driverless Cars Will Help Old People

              Research finds that the types of accidents seniors are most likely to get into are ones caused by “inadequate surveillance.” In other words, they either didn’t look for hazards, or they did look but didn’t see them. It’s also true that drivers’ reaction times decrease as they get older. Which means that the situations where driverless cars need humans to intervene happen to be the very ones that older drivers struggle with the most. Last year, a study from Newcastle University found that drivers over the age of 60 took 8.3 seconds to take control back from the car when they needed to, while younger drivers took 7 seconds. “At 60mph that means our older drivers would have needed an extra 35m warning distance—that’s equivalent to the length of 10 cars,” said the study’s author, Shuo Li, in a press release.

            • DNS over HTTP may be harmful?

              Right now my current domestic broadband provider is providing inconsistent service as it is. Having requests to a variety of known-good sites mysteriously timeout and crash is not unheard of. Having sites become mysteriously inaccessible is not unheard of either. I’m not living anywhere drastic either as this is just northeast Ohio about fifty miles outside Cleveland. It should not provide me with a performance boost when I disable this feature in Firefox.

              Unfortunately I get such a performance boost. I don’t think it is something wrong with my machine or my in-house LAN. I’ve looked at the maps of the concept and frankly there are spots where this paradigm breaks down hard if viewed from a Red Team perspective.

            • The iPhone 11 Pro’s Location Data Puzzler

              One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

              The privacy policy available from the iPhone’s Location Services screen says, “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.”

              The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching “Location Services” to “off”). When one does this, the location services indicator — a small diagonal upward arrow to the left of the battery icon — no longer appears unless Location Services is re-enabled.

            • U.S. Rule Forcing Visa Applicants to Provide Social-Media Info Targeted by Lawsuit

              The Trump administration was accused of imposing a form of unconstitutional surveillance by requiring most U.S. visa applicants to provide information on social-media accounts, according to a lawsuit filed on Thursday—the latest legal test of the president’s campaign to more tightly control entry…

            • Confidentiality

              • Python libraries imitating ‘dateutil’ and ‘jellyfish’ caught stealing SSH and GPG keys

                Both of the malicious libraries were discovered earlier this month by Lukas Martini, a German software developer. The libraries were removed the same day as Martini notified the Python security team.

                Fortunately, thanks to Martini’s quick observation, the python3-dateutil library was only live for two days. jeIlyfish, however, was live for almost a year (since December 11, 2018).

    • Environment

      • The environmental impact of a PlayStation 4

        Gold and tin are classified as “conflict minerals” by US legislation, a term that refers to resources originating from Congo and its neighboring countries. This region has faced ongoing violence for the past 30 years, funded in part, and amid many other complex factors, by its colossal mineral wealth, which is estimated at $24 trillion. Since 2010, publicly listed US companies have been required to check their supply chains for such minerals, their origins, and any risks associated with their extraction. We can’t be sure whether any of the tin or gold in the PlayStation 4 originated from this African region because Sony doesn’t publish its supply chain — unlike, say, Apple — but there’s cause for concern.

      • High Tide Bulletin: Winter 2019

        The rising and falling of the sea is a phenomenon upon which we can always depend. Tides are the regular rise and fall of the sea surface caused by the gravitational pull of the moon and sun and their position relative to the earth. There are some factors that cause the tides to be higher than what is “normally” seen from day to day. This bulletin tells you when you may experience higher than normal high tides for the period of time between December 2019 and February 2020.

        We also publish annual high tide flooding reports that present a broad outlook of what to expect for a given year in terms of high tide flooding, as well as a summary of high tide flooding events for the previous calendar year.

      • Wildlife/Nature

        • Corals Week 2019

          Corals are popular as souvenirs, for home decor and in costume jewelry, yet corals are living animals that eat, grow, and reproduce. It takes corals decades or longer to create reef structures, so leave corals and other marine life on the reef.

          [...]

          Coral reefs are under intense pressure from climate change, pollution, and unsustainable use. So what can we do about it? To answer that question, we need to better understand the main threat to our reefs. Humans.

    • Finance

      • EU agrees tough line on digital currencies like Facebook’s Libra

        Private digital currencies like Facebook’s Libra should not be allowed in the European Union until the risks they could pose are clearly addressed, EU finance ministers agreed on Thursday.

        [...]

        The EU commission is already working on this new regulation, EU finance commissioner Valdis Dombrovskis told finance ministers in a public session of their meeting in Brussels.

      • EU Agrees Tough Line on Digital Currencies Like Facebook’s Libra

        Ministers also praised the European Central Bank’s work on a public digital currency, which could represent an alternative to private initiatives.

        In a document presented to finance ministers, the ECB said a public digital currency could be necessary if payments within Europe remained too expensive.

        Its possible adoption would be accelerated by signs of lower cash usage, the ECB said, warning however that the impact of such an initiative on the financial system could be very large, and therefore would need to be assessed carefully.

      • We will ‘react as one’, EU tells US over French digital tax dispute

        The European Commission wants to settle the latest trade dispute with the US over the French digital tax “amicably” but warned that the bloc will “react as one” if Washington slaps tariffs on Paris.

        A Commission spokesperson said on Tuesday (3 December) that the EU will seek “immediate discussions to solve this issue amicably” to prevent a dispute at the World Trade Organisation.

        But if talks fail, the differences between the two largest trading partners over the French levy should be addressed at the organisation. “It is the place to settle a trade dispute,” the spokesperson added.

    • AstroTurf/Lobbying/Politics

      • ‘Giuliani Did All the Wrong Things on That Day’
      • Dare call it treason?

        Pause and consider what we have become. The government will not tell the public how a hostile foreign power interferes with the democratic process. Threats to British democracy have become official secrets. Perhaps Boris Johnson worried about offending Donald Trump. Maybe the report included evidence from the same sources which revealed Russia’s interest in the president’s election campaign, and his fondness for Vladimir Putin. If this is true, the government was censoring Parliament on behalf of not one but two foreign powers.

      • Robert Reich: If Impeached by the House, Trump is Literally Unpardonable

        Not even overwhelming evidence that Trump sought to bribe a foreign power to dig up dirt on his leading political opponent in 2020—and did so with American taxpayer dollars, while compromising American foreign policy—will cause Trump to be removed from office.

        That’s because there’s zero chance that 20 Republican senators—the number needed to convict Trump, if every Democratic senator votes to do so—have enough integrity to do what the Constitution requires them to do.

        These Republican senators will put their jobs and their political party ahead of the Constitution and the country. They will tell themselves that 88 percent of Republican voters still support Trump, and that their duty is to them.

      • Thierry Breton: High-speed commissioner

        Thierry Breton was having dinner with his wife when his phone rang. It was Emmanuel Macron.

        ?I am always called when there is a fire,? Breton said, recalling the moment when the French president asked him to quit his job as CEO of one of the country?s most prominent tech companies and become a European commissioner.

        The Frenchman talked to POLITICO at his temporary office in Strasbourg, just a few hours after the European Parliament voted to approve him and the 25 other members of Ursula von der Leyen?s top team.

        [...]

        “Europe is at a crossroads: faced with major technological and societal challenges, including in terms of culture and media,” Breton said. “I am concerned about the economic situation as well,” he added. “That’s also why I said yes.”

        At a time of heightened tensions between the world’s biggest economic powers, Breton’s portfolio is at the heart of today’s thorniest policy issues, including how the EU should deal with state-backed economies such as China, and his past stances on creating European champions and boosting the bloc’s technological sovereignty are bound to make waves.

        [...]

        Breton, tasked with laying out a new industrial strategy for the EU and overseeing key digital files, will have to coordinate closely with fellow members of the College, including Executive Vice President for the Green Deal Frans Timmermans.

        What will actually be in the new industrial strategy, and whether this will include a reform of EU competition rules, is one of the most fraught issues in Brussels.

        While Breton has been a strong advocate for such a move, his new boss Margrethe Vestager, the Commission’s executive vice president for digital and EU competition chief, pushed back against the idea. He was in favor of the proposed merger of French and German engineering companies Alstom and Siemens that was blocked by the Dane under the previous mandate.

    • Censorship/Free Speech

      • We need to save .ORG from arbitrary censorship by halting the private equity buy-out

        The .ORG top-level domain and all of the nonprofit organizations that depend on it are at risk if a private equity firm is allowed to buy control of it. EFF has joined with over 250 respected nonprofits to oppose the sale of Public Interest Registry, the (currently) nonprofit entity that operates the .ORG domain, to Ethos Capital. Internet pioneers including Esther Dyson and Tim Berners-Lee have spoken out against this secretive deal. And 12,000 Internet users and counting have added their voices to the opposition.

    • Civil Rights/Policing

      • Dissenter Weekly Update: Whistleblower Deported To Honduras, Walmart Whistleblower Exposes Tax Dodging

        This week’s “Dissenter Weekly Update” episode features a story involving a whistleblower, who was deported to Honduras after a hotel collapsed in New Orleans.

        Delmer Joel Ramirez Palma alleged “dangerous lapses in construction safety to his supervisors” at a Hard Rock hotel site in development. The hotel collapsed on October 12, killing three people and injuring dozens. Palmera spoke out after the collapse and subsequently found himself targeted by Immigration and Customs Enforcement (ICE).

      • ‘It’s This Culture of Secrecy That’s Pervading the Courts’
      • Woman whose vulva was probed by Burbank TSA “officers” who ignored her refusal sues

        Last September, Jessica Lundquist passed through a body-scanner at Burbank airport and was told by a TSA screener that they wanted to conduct a “groin search” on her.

        Lundquist refused to allow the screener to touch her vulva, whereupon the screener summoned two colleagues. The “officers” (the TSA styles its employees as “officers” even though they do not have any law-enforcement powers) told Lundquist that if she did not allow them to touch her genitals, they would use physical force to perform the search, and also told her she was not allowed to leave. They also refused to allow her to make a video-record of the search.

        All of this conduct was illegal. The TSA is not allowed to detain travelers who wish to abandon their trips. The TSA is required to allow passengers to record their searches. The TSA is absolutely not allowed to use physical force to effect searches when passengers object to them.

      • Hyderabad case: Police kill suspects in Indian vet’s rape and murder

        But Mr Singh said it was too early to say if the incident was an extrajudicial killing – known popularly in India as an “encounter killing”.

    • Monopolies

      • Uber’s first ever safety report discloses 3,045 sexual assaults and nine murders in the US last year

        Of the 3,045 reported sexual assault cases in 2018 (up from 2,936 in 2017), Uber says 235 were rapes and the remainder were varying levels of assault. A vast majority involved unwanted kissing or groping, Uber says, and it broke down such assaults into 21 categories. Drivers are reporting assaults at roughly the same rate as riders, the report specifies, including across the five most serious forms of sexual assault.

        However, those numbers may be far higher in reality, given sexual assault often goes unreported. Uber’s only provided contextual data point in a blog post announcing the safety report findings is that “nearly 44% of women in the US have been a victim of sexual violence in their lifetime.”

      • Patents

        • Nokia says working to end patent licensing row with Daimler, others

          Nokia (NOKIA.HE) said on Friday it was working to end a row with Germany’s Daimler (DAIGn.DE) and other firms which have complained to the EU antitrust regulators about the level of fees charged for technology patents from the Finnish company.

          Sources familiar with the matter told Reuters the Finnish telecoms equipment maker had submitted a proposal for resolving the patent licensing fee row, but did not give details.

          The offer could pre-empt any move by the European Commission to open an investigation and remove the threat of fines if the firm was found to be abusing its position. One source said the commission has indicated in October it could launch a probe.

        • Excel-Eucan Limited v Source Vagabond Systems Limited – the importance of “the clever bit” in the doctrine of equivalents

          The leading Supreme Court case of Actavis v Eli Lilly [2017] UKSC 48 introduced a doctrine of equivalents into UK patent law for the first time in many years. Since then, the Court of Appeal has given further guidance on this doctrine in Icescape Limited v Ice-World International BV & Ors [2018] EWCA Civ 2219 and there have been several cases post Icescape from the High Court which have applied the new approach. In November 2019, the Patents Court handed down another judgment, Excel-Eucan Limited v Source Vagabond Systems Limited [2019] EWHC 3175 (Pat) in which infringement was found under this doctrine.

          Excel developed an ammunition bag for holding linked rounds of ammunition, known as the “Link-Tail”, which was protected by a patent, GB 2 489 116 (GB 116). Source developed its own bag – the “2017 bag” – and sought a declaration of non-infringement of GB 116. As validity of GB 116 was already being challenged in the UK IPO, the parties asked the court to assume the validity of GB 116 for the purpose of these proceedings.

          An “openable closure”, namely a zip, was an integer of all independent claims of GB 116. The 2017 bag did not feature a zip, or any form of “openable closure”. Excel accepted that the 2017 bag did not fall within the claims as a matter of normal interpretation, but argued that the 2017 bag constituted an immaterial variation of, or was equivalent to, the invention disclosed by GB 116. Accordingly, the doctrine of equivalents was engaged.

        • Car makers don’t want to pay the likes of Qualcomm wireless patent royalties on leather seats: FTC v. Qualcomm amicus briefs

          Earlier this year it became known that Qualcomm used to charge (and maybe still does, depending on the terms of the recent settlement) Apple a 5% wireless patent royalty on iPhone repairs. That’s bad enough, but imagine what would happen if all of us had to indirectly pay wireless patent royalties on vehicle repairs? Or on leather seats? The latter is an issue that two automotive industry bodies have raised in a filing with the United States Court of Appeals for the Ninth Circuit.

          For a list of previous posts on amicus curiae briefs in FTC v. Qualcomm, and on the order scheduling the oral hearing for February 13, 2020, let me refer you to this post. I will now, finally, comment on the remaining two amicus briefs supporting the FTC.

          [...]

          That just perfectly illustrates the importance of the royalty base.

          What makes the refusal to extend exhaustive FRAND licenses to component makers even harder to justify in the automotive industry is that the telematics control units (TCUs) sold by Tier 1 suppliers (the ones that directly sell to the car makers) come with pretty much the same functionality as a phone, apart from the screen.

        • Injustice is a built-in feature of Germany’s bifurcated patent litigation system — it would be unconstitutional in other countries

          I am presently researching the most appalling miscarriage of justice that ever occurred in a German patent case: dozens of people lost their jobs over a patent–held by a publicly-traded U.S. corporation–that later got invalidated by the Federal Patent Court of Germany (a problem commonly referred to as the “injunction gap”). That patent-in-suit is either (if construed broadly) clearly invalid or (if construed narrowly) not infringed by the accused product, but could not reasonably be held valid and infringed at the same time. The case raises questions not only about the outcome but also about the reasoning and the circumstances that led to it. There’s even a secondary question that reminds me of why Federal Circuit Chief Judge Rader resigned. But as the issues are so very serious, and the fallout from the facts being published might be massive and lasting, I’m making every humanly possible effort to analyze the matter with utmost diligence. That’s why it’s too early to provide names, but when the time is right, I will. The case number contains “39.” Interestingly, the presiding judge of the appellate panel that made the related decision mentioned it in passing last month, in a conspicuously defensive way, and the audience had no idea why he made a reference to a case they hadn’t ever heard of…

          Germany needs patent reform badly. The German patent litigation system is not just broken: it was ill-conceived and it’s been prone to abuse all along, but abuse has become so rampant that the time is ripe for change. The situation is unsustainable, and the system doesn’t really deliver justice.

          Right now there’s only one leading German patent infringement court of first instance that I believe does a stellar job under the circumstances, and that’s the Landgericht Mannheim (Mannheim Regional Court). Many years ago I thought the court was too plaintiff-friendly, but by now it’s my favorite one. To a far greater extent than their counterparts in other German venues, the Mannheim judges–whose understanding of technical issue is unsurpassed–have realized just how irresponsible it is to let patent holders enforce invalid patents all the time. In Mannheim, there are judges who deserve an honorary doctorate in (at least) radio frequency electronics and have the expertise to figure out when a patent is likely invalid as granted, coupled with the backbone to stay such cases (while we’re on this subject, I found out they recently also stayed one Broadcom lawsuit against BMW and one against Daimler, both over non-standard-essential patents). It will be interesting to see how they address the issue of component-level licensing in Nokia’s automotive SEP cases.

The EPO Rejects Innovation

Posted in Courtroom, Europe, Patents at 6:17 am by Dr. Roy Schestowitz

Litigation, litigation, litigation, litigation, even frivolous litigation

Innovation vs Litigation = waste of time and money

Summary: The EPO ceased caring about the needs of scientists whose work involves invention; instead, EPO management crafts increasingly lenient guidelines that yield illegal European Patents (not compatible with the EPC) that heavily-besieged EPO judges are unable to stop

THE European Patent Office (EPO) is led not by a scientist; several consecutive presidents, including António Campinos, had no background in science, so it’s hardly surprising they deem lawyers — not scientists — as those to be served. And they even use terms such as “Clients” or “Customers” (as if the EPO is a private, for-profit corporation whose sole goal is maximising revenue).

“How about databases on the network? Oh, blockchains? Yes, let’s just overcomplicate things.”This very simple (albeit not shallow) observation could not be avoided or overlooked by EPO staff, notably examiners. Who are they even led or managed by? A nonscientific, law-breaking cabal often younger than the examiners themselves? People who choose buzzwords over substance? Mere marketing lingo which they can’t even explain, let alone understand? Earlier this week we saw the EPO promoting software patents in Europe again — patents that are illegal and can only be excused using hype waves few people can grasp. How about databases on the network? Oh, blockchains? Yes, let’s just overcomplicate things.

“A year ago,” the EPO tweeted, “experts in #blockchain discussed its possible impact on the #patent system.”

The EPO has since then distorted its guidelines to permit if not encourage patents on “hey hi” (AI) and stuff like “blockchain” (most algorithms that depend on some database can be spun or twisted that way). Got some data? Got some logic (loops and conditional statements)? Give it to some attorney who can spin that as some “hey hi on the blockchain…”

“X on a car”

“Y on a mobile”

“Z over the Internet”

Remember all those “on a computer” patents?

That fashion is back in Europe, having been borrowed from the US.

“The EPO has since then distorted its guidelines to permit if not encourage patents on “hey hi” (AI) and stuff like “blockchain” (most algorithms that depend on some database can be spun or twisted that way).”Hey, it’s not like examiners can refuse, right? With new guidelines in effect and with growing risk of dismissal, it’s a lot safer for them to swiftly grant these bogus patents. “Patentees Need to Act Fast as the EPO Opposition Timeline Tightens” is the title of what Watchtroll posted yesterday. Watchtroll is a close ally of the EPO and it shares its attacks on judges with EPO management. They’re fantastical patent zealots and this article was of course composed by litigation people, Katherine Green & Emily Hayes (first article in Watchtroll). Taking EPO advice from Watchtroll would seem suitable to EPO management, but not anybody else. Watchtroll is a radical site, which says (this week) that “Now is the Time to Put the PTAB [the court itself] on Trial” (article by Gene Quinn, the founder). Maybe they’ll also call for assassination of patent judges one day (revenge for ‘killing’ patents).

What’s it all about? It’s about PTAB applying the law, 35 U.S.C. § 101, to invalidate patents wrongly granted by the USPTO. So Watchtroll wants the judges themselves to be put on trial! Perfectly normal, right?

In EPOnia the attack on judges has been normalised, as was the attack on the media. The EPO sent threats to journalists and bribed a lot of them as well. So now we’re left with no objective coverage (if any) about EPO scandals. Even past EPO critics (publications) seem to have sacked good writers, replacing them with ‘docile’ corporate writers. Check out this new EPO puff piece from World Intellectual Property Review (WIPR), composed by Rory O’Neill who ended up copy-pasting quotes from the EPO’s press release while offering nothing new, no insights. Is this what qualifies as “journalism” nowadays? Maybe they should also frame every Donald Trump “tweet” as fact and present that as “journalism”.

“In EPOnia the attack on judges has been normalised, as was the attack on the media.”The EPO has meanwhile published this latest nonsense (warning: epo.org link) about a “Working Party”; it used to present “Working Party” for patent quality (obviously a publicity stunt), but this one is for “Guidelines” because the latest EPO guidelines likely violate the EPC in a lot of ways. To quote the press release:

Members of the SACEPO Working Party on Guidelines and the EPO met on 27 November to discuss the annual revision of the Guidelines for Examination in the EPO and the Guidelines for Search and Examination at the EPO as PCT Authority.

[...]

The meeting formed a part of the EPO’s efforts to involve users in the revision of the Guidelines, a goal expressed in the Strategic Plan 2023 that was adopted by the EPO’s Administrative Council in June. During the meeting a move to broaden the spectrum of external involvement through a public online consultation on the Guidelines was unanimously embraced by the participants. The meeting was also used by the Working Party members and the EPO to discuss the details of the planned consultation which should start in March next year.

What next, EPO? Working Party on staff relations? Working Party on transparency? Working Party on workers’ welfare? Working Party on googlebombing the Web with misinformation about a topic of concern?

Now sit back expect the likes of IAM and WIPR to parrot the above (in days to come). This is what “journalism” in the area of patents has been reduced to. The litigation lobby hijacked everything in circulation (even anonymous comments get deleted!) — a mundane lobbying/coup facilitated by threats and bribes.

Startpage CEO Robert Beens in ‘Damage Control’ Mode, Trying to Get Startpage Relisted After Selling to a Massive Surveillance Company

Posted in Deception, Search at 4:26 am by Dr. Roy Schestowitz

“Hard to believe that privacy advocates are giving a pass to System1, but money talks.”

Robert BeensSummary: PrivacytoolsIO is being lobbied by the CEO of Startpage to relist Startpage, based on no actual refutations at all

THE SAGA continues. System1 is starting to realise that its ‘investment’ in (i.e. purchase of) Startpage may have scared away otherwise-privacy-conscious users.

We’ve been tracking their steps, expecting something to be done in addition to lies and deception.

It didn’t take long.

According to Crunchbase, “Robert is CEO of StartPage/Ixquick and oversees all company aspects including operations, product development, technology and finance. He has a special interest in consumer Privacy. He earned his Master’s degree in Corporate, Social & Economic Dutch Law from the University of Utrecht in the Netherlands.”

“We’ve been tracking their steps, expecting something to be done in addition to lies and deception.”Well, he may be going by the title of “CEO” (still), but his bosses are “an independent marketplace for keyword pay-per-click advertising. Its platform analyzes billions of consumer attributes and uses “pre-targeting” algorithms to unlock and fulfill consumer intent across channels including social, native, email, search, market research, and lead generation.”

Nice, isn’t it?

Why would PrivacytoolsIO even consider listing Startpage as a recommendation now? A cynic might think that something was offered in exchange for relisting. Just verbally maybe?

“A cynic might think that something was offered in exchange for relisting.”“Hard to believe that privacy advocates are giving a pass to System1,” a reader of ours said, “but money talks.”

“PrivacytoolsIO de-listed Startpage and is now discussing re-listing at GitHub” (conversation here).

Putting aside the disturbing fact that PrivacytoolsIO uses the privacy-violating GitHub, what does this whole thing say?

One of them said, “I recommend re-listing, maybe we a add a flag about ownership w/ a link to their support page.”

“Does Startpage respect privacy? Based on what?”This hogwash? Seriously? The surveillance company is talking about itself. It’s not even an outside audit.

Does Startpage respect privacy? Based on what? And watch the reply: “Thank you Jonah and Dan for starting the conversation to re-list Startpage on PrivacyTools. As you can see from the information we provided, we are committed to being transparent about our business and privacy practices.”

Nonsense. What transparency? The only thing they want ‘transparent’ (spied on) is the users. As we covered before (see Startpage wiki page), they’re secretive, misleading and incredibly facetious. Relisting Startpage, giving all that is known, would merely discredit PrivacytoolsIO as an authority on privacy. If they relist, it’ll bode rather badly for PrivacytoolsIO itself.

“What transparency? The only thing they want ‘transparent’ (spied on) is the users.”JonahAragon said: “the unsourced quotes in this post were from a letter shared with @danarel and myself from the Startpage CEO.”

That also said (same page): “I dislike how this information was not communicated from the start, but ever since I have had no trouble communicating with them regarding these issues. I would probably be fine with relisting them as a search engine provider at this time.”

“But hey, if that’s good enough for PrivacytoolsIO, then I’ve had enough of PrivacytoolsIO.”“From another reply, we know that Privacy One Group is a majority shareholder (51%+),” they noted. Well, that can be 99% or more. They refuse to say how much.

But hey, if that’s good enough for PrivacytoolsIO, then I’ve had enough of PrivacytoolsIO.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts