Server

• Analysts Say Kubernetes Is a Services-Building Opportunity for the Channel

• KubeCon Showed Kubernetes Is Big, but Is It a Unicorn?

• IBM

  • Oracle, Red Hat See the Value of Kubernetes for Channel Partners

  • IBM ships out two new open-source tools for Kubernetes developers

    Taking center stage at the Kubecon + CloudNativeCon co-located events in San Diego today, IBM Corp. announced two new open-source tools for the Kubernetes ecosystem, as well as updates to two of its existing projects.

    The new tools include Kui, which is meant to ease the oftentimes “chunky experience” developers have to deal with when working with hybrid or multicloud application deployments. There’s also Iter8, which is a tool for collecting data and telemetry generated by the open-source software service mesh Istio.

  • Red Hat: Platform For E2E Processes And Digital Excellence

    For many years, Linux was the only open source component in the SAP community. Now Red Hat is launching a complete open source platform. Peter M. Faerbinger spoke to Jochen Glaser about this unique solution.

  • Red Hat: The Goal Is Digital Excellence

    SAP is building the intelligent enterprise. Red Hat stands fully behind this strategy. The upcoming modernization will involve drastic changes. They relate to the migration to Hana and the migration of existing SAP applications, including custom code, to S/4.

  • Digital transformation: 3 people pain points

    Considering the insatiable customer appetite for better and more efficient service, digital transformation is now a bit of an arms race: Companies that resist it risk being left behind by their competitors and customers.

    During my long tenure as an IT leader, I’ve found that the biggest challenges in any company change always boils down to people. In today’s world, where the modus operandi is to get things done as quickly as possible, it can be easy to lose sight of the things that will help a project go well.

Kernel Space

• Linux 5.5 Block Changes Include NVMe Temperature Monitoring, Optimizations

  As outlined before, the NVMe HWMON support is here with Linux 5.5. This allows reading the NVMe solid-state drive temperatures via sysfs/hwmon just as you can normally do with the other hardware monitoring sensors on Linux systems. Up until now you needed the NVMe user-space utilities installed and generally had to run it as root in order to see drive temperatures. Now with Linux 5.5 you don’t need to install anything extra and the drive temperatures are reported via sysfs/hwmon for easy integration with various Linux system monitoring programs. I tried it out on a few boxes so far and is working well — though the Ubuntu Mainline Kernel PPA isn’t yet shipping their builds with CONFIG_NVME_HWMON set yet, so be aware if that is normally where you fetch your Git kernel builds.

• VMs Can Finally Hibernate Under Microsoft Hyper-V With Linux 5.5

  It seems like the feature would have been wired up long ago, but with the Linux 5.5 kernel guest virtual machines running on Microsoft Hyper-V should be able to successfully hibernate.

  Microsoft engineers have wired in the hibernation support to the various Hyper-V kernel drivers for allowing the functionality to successfully work on Linux 5.5. Changes to their storage, video, network, memory balloon, HID, and other driver components were needed for allowing hibernation of Linux VMs on Hyper-V.

Benchmarks

• Video: 100+ Daily Performance Tests For Clear Linux + Intel’s Other Full-Stack Optimizations

  A month ago at the Open-Source Summit Europe 2019 in Lyon, France, Intel’s Kelly Hammond who serves as the company’s Senior Director of System Platform Software talked up their open-source contributions with a particular emphasis on performance. The video from that keynote was recently published for those curious about Intel’s open-source work in the name of performance, including Clear Linux.

  Kelly talked up their open-source contributions across the board from the Linux kernel to the other areas of the stack but also with their emphasis on performance. As part of that, she also made some interesting remarks on Clear Linux and their automated development model for this performance-optimized rolling-release distribution. She covered how they manage 5,000+ packages yet are largely automated-driven model and carry out more than 100 performance tests per day in validating each release.

Instructionals/Technical

• Linux Terminal and Console Explained

• Installing the redmine_agile plugin package on Debian stretch

• How to set up a firewall using FirewallD on OpenSUSE Linux

• How to Remove PPAs on Ubuntu & Related Distros

• Googler 4.0 Released, Google Search from Command Line

• How to Copy Files Between Host and Docker Container

• How to compile and install PHP 7.4 as PHP-FPM & FastCGI for ISPConfig 3 on Ubuntu 18.04 LTS

• Run Raspberry Pi 4 Cooler with a New Firmware & One Easy Trick

• Using Slack on Linux – Setup guide | 2020

Desktop Environments/WMs

• K Desktop Environment/KDE SC/Qt

  • This week in KDE: GTK CSD support and more!

    I’ve got big news today. Something major landed: full support for the GTK_FRAME_EXTENTS_ protocol, which hugely improves the user experience for running GTK apps that use client-side decoration headerbars! This includes GNOME apps and an increasing number of 3rd-party GTK apps too. In particular, these apps now display window shadows and have proper resize areas without needing to use a thick border.

  • KDE Now Deals With GTK CSD Headerbars – Improving GNOME App Integration On Plasma

    There is an exciting improvement to the GTK client side decoration handling ahead of the KDE Plasma 5.18 LTS release due out in February.

    Some of the KDE improvements ending out November include:

    - KDE now better supports GTK applications relying upon client-side decoration headerbars. In particular, GTK_FRAME_EXTENTS protocol support and this should yield more GTK/GNOME applications looking quite well integrated with the KDE desktop.

    - The background frame is configurable now for all KDE Plasma widgets.

  • The Road Towards KF6 & SPDX License Identifiers

    With KF6, I want to see SPDX license identifiers being introduced into KDE frameworks in order to ease the framework re-use in other projects. This follows the same approach e.g. the Linux Kernel took over the last years.

    The problem that the SPDX markers address is the following: When publishing source code under an open source license, each source code file shall explicitly state the license it is released with. The usual way this is done is that a developer copies a license header text from the KDE licensing policies wiki, from another source file, or from somewhere else from the internet and puts it at the top of their newly created source code file. Thus the result is that today we have many slightly different license headers all over our frameworks source files (even if they only differ in formatting). Yet, these small differences make it very hard to introduce automatic checks for the source code licenses in terms of static analysis. This problem becomes even more urgent when one wants to check that a library, which consists of several source files with different licenses, does only contain compatible licenses.

    The SPDX headers solve this problem by introducing a standardized language that annotates every source code file with license information in the SPDX syntax. This syntax is rich enough to express all of our existing license information and it can also cover more complicated cases like e.g. dual-licensed source files.

  • Skrooge 2.21.0 released

    The Skrooge Team announces the release 2.21.0 version of its popular Personal Finances Manager based on KDE Frameworks.

Distributions

• SUSE/OpenSUSE

  • openSUSE Leap 15.0 Reached End of Life, Upgrade to openSUSE Leap 15.1 Now

    The openSUSE Leap 15.0 operating system release has reached end of life on November 30th, 2019, which was the last day when it received software updates and security patches.
    openSUSE Leap 15.0 was released 18 months ago, on May 25th, 2018, and it was based on the SUSE Enterprise Linux 15 operating system series. It was the first OpenSuSE Leap release to adopt a new versioning scheme that’s in sync with upstream SUSE Enterprise Linux (SLE) releases.

    As of November 30th, 2019, openSUSE Leap 15.0 will no longer receive software updates and security patches for its core components or apps. Therefore, users are encouraged upgrade their computers as soon as possible to the latest version, openSUSE Leap 15.1, which will be supported with software updates and security patches until November 2020.

    “openSUSE Leap 15.0 will receive no further maintenance or security updates after that date. It is recommended for openSUSE Leap users to upgrade to the current release openSUSE Leap 15.1. The next release, openSUSE Leap 15.2, is planned for May 2020.” said Marcus Meissner, SUSE Security and openSUSE Maintenance.

• Debian Developers

  • Migrated to G.fast 500 Mbit DSL with Turris Omnia and SFP

    I then discovered that there are a range of SFPs available for G.fast and as the Turris Omnia has an SFP port, this appears to be a compact solution. MVMTel were kind enough to send me a sample of their EFS-02 SFP to evaluate.

    I disconnected my existing VDSL modem, turned off the Turris Omnia, inserted the SFP and turned on the Turris Omnia again. When an SFP is inserted, it takes over the existing configuration of the ethernet WAN port where the VDSL modem was connected. In this case, that meant no changes to the configuration were necessary, it was completely plug and play and started working immediately.

  • Videos of my recent talks about reSIProcate development

    Here is my introductory talk at Kamailio World 2018

  • Utkarsh Gupta: Debian Activities for November 2019

    Here’s my (second) monthly update about the activities I’ve done in Debian this November.

  • Jonathan Carter: Free Software Activities (2019-11)

    TL;DR: Mostly a bunch of package sponsoring this month.

Devices/Embedded

• Orange Pi 4 Launches With RK3399 Board And 4GB RAM At $50

  Both the SBCs come with 4GB of LPDDR4 memory and have an ARM Mali-T860 MP4 GPU. They are both an optional 16GB eMMC flash and a microSD card. The new Orange Pi models measure 91 x 56 mm and weigh 48 grams.

  Orange Pi 4 has one USB 3.0 port, two USB 2.0 host ports, and one USB 3.0 type C port. But, Orange Pi 4B has two USB 2.0 host ports and only one USB 3.0 type C port. This is because the Orange Pi 4B’s NPU connects to the RK3399 via USB 3.0.

  Both have dual MIPI-CSI camera headers and dual LCD/MIPI-DSI connectors. They also have a serial debug interface, a mic, and a 3.5mm audio output jack for headphones. Additionally, they have a 24-pin connector, and a 40-pin GPIO (General-purpose input / output) connector.

• Open Hardware/Modding

  • OpenGradeSIM is an open source incline simulator for indoor bike trainers

    Although he would probably rather be outdoors, after an injury Matt Ockendon had a lot more time to ride his Tacx Neo indoor trainer and tinker. He decided he wanted his rig to be able to simulate the grade of hills, but as commercially available units with this capability are quite expensive, he instead devised his own solution dubbed “OpenGradeSIM.”

    [...]

    With this data in hand, the Nano controls a linear actuator using an L298N-based driver board to raise or lower the bike’s front end. The derived bike angle is sensed via the Nano’s built-in IMU, providing an elegant closed-loop system. Additionally, the incline is shown on a 1.3″ I2C OLED display that serves as a mini dashboard while Ockendon cycles.

  • [Reposted] U.S.-Based Chip-Tech Group Moving to Switzerland Over Trade Curb Fears

  • RISC-V moves to neutral Switzerland over trade disruption

    The nonprofit RISC-V Foundation is relocating to Switzerland over concerns about the impact of U.S. trade policies.

    Foundation CEO Calista Redmond told Reuters that its members are “concerned about possible geopolitical disruption.” The foundation’s board approved the move unanimously after hearing members around the globe say that they would be “a lot more comfortable… if the incorporation were not in the U.S.,” she added.

    RISC-V is a young organization, founded in 2015 and located in Delaware, to set standards for chip architectures that are allowed to use the RISC-V trademark on its products. RISC-V is a reduced instruction set architecture that is open source technology that anyone can use to design, make or sell RISC-V chips and software for electronics.

Free, Libre, and Open Source Software

• Mastodon announces Pixelfed, an open-source alternative to Instagram

  Mastodon’s quest to federate the Internet continues with the imminent launch of a photo-sharing platform which promises to be more privacy-focussed and to give more power to netizens

  Mastodon is not done making headlines. One November 26, the open-source and federated platform announced, via Twitter, that they would be launching Pixelfed, “a fediverse alternative to Instagram and other photo sharing platforms.” Tacked on the end of the tweet is the hashtag #TheFutureIsFederated.

  The tweet is a quote-tweet from the Pixelfed The only form of explanation comes in a teaser video. “What is the fediverse? It’s magic. A platform for the people. And we mean everyone. We’ll be arriving soon! Power to the people. Pixelfed.org,” says the video.

• LibreTorrent removed from Google Play because it looks too similar to its malicious clones

  Google’s history of draconian and arbitrary decisions regarding developer infractions on the Play Store is extensively documented. In this latest episode, the open-source torrent client LibreTorrent has been removed from the Play Store due to “spam,” with Google claiming that the app is a low-quality duplicate of several others on the Play Store. The twist this time is that LibreTorrent is actually the original app, and it’s the others that are the ad-filled “spam” clones.

• Open-source software on the rise in Africa

  The market for programmers is growing faster in Africa than in any other continent. Open-source code is popular, because anyone can see and modify it for their own purposes.

• Microservices-Based Cloud Native Modernization of OSS/BSS with Open Source

  Market forces and changes in subscriber needs and expectations are leading Communications Service Providers (CSPs) to transform their entire service delivery and management infrastructure. At the forefront of this transformation is the modernization of the systems that enable the management of network services, the operations support systems (OSS) and systems for managing the customer and the overall business operations, the business support systems (BSS). Current systems were built for a business paradigm that is increasingly outdated; they are rigid, siloed, rely on extensive human involvement and often require esoteric skills. Modernization of these systems enables CSPs to address requirements for becoming the Digital Service Providers (DSPs) of the future: business agility, elastic scale and capacity, service velocity and the ability to continuously reinvent themselves.

• How open source changed everything – again

  Open source was making headlines prior to 2010, of course, but much of the open source news back then was “free software” vs. “open source” religious wars and lawsuits against Linux. To run open source software, you were still calling IT to provision servers (or using a spare that just happened to be sitting under your desk). The cloud changed all that. Suddenly developers did not need to get a hall pass from IT to run their open source code. Just as open source freed developers from Purchasing/Legal approval, so too did the cloud shake developers free of the friction inherent in hardware.

  [...]

  Git was not born in in the last decade, but like cloud, it did not really boom until the 2010s.

  [...]

  Everything? Well, yes, at least for enterprise application development, and not because it is some cool new way to think about virtualisation. As Gordon Haff explains, “pre-Docker/Kubernetes containers were just another partitioning technique.” The real magic started when Docker nailed the developer experience, and from there, he goes on, “things snowballed,” leading to complete reinvention of the CI/CD pipeline and more. A decade ago, no one had heard of Docker and Kubernetes. Last month, more than 13,000 people showed up at KubeCon 2019 to explore this modern application world that Docker helped to create.

• SaaS/Back End/Databases

  • Altibase Celebrates Its 20th Birthday as an Enterprise Grade Open Source Database

    “We have built that client base, in part, by competing head-to-head with such juggernauts as Oracle, IBM and MS – and winning. Simply put, Altibase is a viable alternative to mega legacy database,” he adds.

    “But being just an attractive alternative no longer suffices. To continue our success, we are adapting to two major changes currently taking place in the database market,” Paul says.

• CMS

  • Duke University Introduces an Open Source Tool as an Alternative to a Monolithic LMS

    Developed by Duke’s Learning Innovation and the Office of Information Technology, Kits – now released as an alpha version – evolved from a home-grown group management solution and it was developed outside the LMS. “It brings together the centralized student access points of the LMS with the flexibility and power of an app-based system.”

    Currently, eight applications are included on Kits, and three more are expected to arrive this year. Learning analytics are in the roadmap, too. The integration was done via LTI standard or API. In addition, Kits comes with a “custom link” option that allows both instructors and students to add any share-by-link application.

• BSD

  • A Look at PureDarwin – an OS based on the open source core of macOS [Ed: OSNews says: “The problem with Darwin is that you’re always confined to Apple’s whim; the company has a history of delaying Darwin code dumps after new macOS releases for a long time, not including any ARM/iOS code for almost a decade”]

    PureDarwin Xmas is a ‘complete’ operating system featuring a desktop environment and various GUI applications. However, as it is just a developer preview, some features such as networking and hardware support are quite limited.

• Public Services/Government

  • Council group plans for open source revenues and benefits

    In this project, the councils are initially aiming to test the hypothesis that an in-house open source system could be developed and to show some of the cross-authority benefits.

    Another piece of work is looking at whether an open source componentised IT solution is feasible and scalable.

• Programming/Development

  • GDB Adds Multi-Threaded Symbol Loading For Faster Debugging Performance

    GDB can now handle multi-threaded symbol loading to yield better performance on today’s multi-core systems. This feature is still in development/testing so for now is disabled by default but can be done by setting worker-threads to “unlimited” rather than the default value of 0. The worker-threads tunable controls the number of worker threads that can be used by GDB and is currently used for demangling the names of linker symbols.

  • What Eats Your Programming Time

    ActiveState has published the results of its 2019 Developer Survey with the title “Open Source Runtime Pains”. It provides interesting insights into the challenges faced by coders when working with open source runtimes.

    “Coder” used here embraces a wide spectrum of IT jobs such as developers, engineers, data scientists, Q&A, etc. Specifically out of the 1250 survey takers, 65.4% were professional developers, 15.3% were hobbyists, 10.2% students with 9.1% being “others”.

  • Python

    • Data Science and Star Science

      I recently got a review copy of Statistics, Data Mining, and Machine Learning in Astronomy. I’m sure the book is especially useful to astronomers, but those of us who are not astronomers use it as a survey of data analysis techniques, especially using Python tools, where all the examples happen to come from astronomy. It covers a lot of ground and is pleasant to read.

    • The 30 Best Python Courses and Certifications in 2019

      Python is one of the most popular programming languages in our modern time. With a deep observation, you will find out that the number of Python developers exceeds the number of other developers by a difference of millions. Due to its rapid growth, many online platforms are offering both free and paid Python online courses. If you are lately thinking of learning python or you are someone who wants to extend your skillset of python, you are just in luck.

    • Tryton News: Newsletter December 2019

      When the shipment tolerance is exceeded, in the error message we now show the quantities involved so that the user understands the reason for the error and can then adjust them as required.

      The asset depreciation per year now uses a fixed year of 365 days. This prevents odd calculations when leap years are involved.

    • #100DaysOfCode, Day 011 – Quick and Dirty Web Page Download

      Watched another Corey Schafer video on how to scrape web pages.
      Thought that would be handy in my image from a web page download project.
      Corey’s an awesome teacher. The video was fun and it taught me lots.

      Then started hacking away at my little project.
      And then realised that the site has rss feeds.
      I could just process them instead of scraping a page.
      Went looking for a quick way to do that.
      Found the Universal Feed Parser.

Integrity/Availability

• Proprietary

  • Pseudo-Open Source

    • Openwashing

      • Lush develops open-source software for its point-of-sale system to boost growth

        Other retailers have experienced negative backlash for when a POS system is hacked and customer data that was stored, is stolen.

      • Karma Reveals 1100 HP Open-Source SC2 Electric Supercar Concept

        Tesla Cybertruck. Lotus Evija. Ford Mustang Mach-E. Mercedes-Benz EQC. Such is the state of the electric car industry that a sexy, slinky, and all-electric GT coupe packing 1100 horsepower and capable of rocketing from 0 to 60 MPH | 96 km/h in less than two seconds built by one of the early innovators of electrification barely causes a blip in the automotive press. That’s too bad, because the all-new Karma SC2 Concept GT coupe deserves much, much better.

      • IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds

        IBM has announced Cloud Pak for Security, featuring innovations to connect with any security tool, cloud or on-premise system, without moving data from its original source. The new platform includes open source technology for hunting threats, automation capabilities to help speed response to cyberattacks, and the ability to run in any environment.

        According to IBM, Cloud Pak for Security is the first platform to leverage new open source technology pioneered by IBM, which can search and translate security data from a variety of sources, bringing together critical security insights from across a company’s multicloud IT environment. The platform is extensible, so that additional tools and applications can be added over time.

      • The Rise Of Partner Marketing And The Role Of Open Source

      • Top 5 things to know about open source and the cloud [Ed: As usual, calling 'the cloud' something like "Open" is a great scam which devalues that brand, associating "Open" with prison]

        Open source software has revolutionized how companies work, but cloud software like AWS has been making it harder for open source software companies to make money. When you can get cloud services based on open source software, there’s no need to pay a company for the services around that software. Here are five things to know about open source and the cloud.

    • Privatisation/Privateering

      • Linux Foundation

        • AI Foundation delivers third Acumos AI software release, which includes work with ONAP and O-RAN

          The LF AI Foundation has delivered its third software release for its Acumos AI Project, which includes integration with ONAP and O-RAN. The third release, which is called “Clio,” includes features that were designed to more easily onboard AI models, as well as design and manage support for pluggable frameworks and enable federation with ONAP and O-RAN.

          The LF AI Foundation, which was previously known as LF the Deep Learning Foundation, was launched last year to spur innovation across artificial intelligence, machine learning and deep learning not just in the telecom industry, but across other industries as well.

        • LF AI Delivers Acumos AI Clio Release

          The LF AI Foundation, the organization building an open AI community to drive open source innovation in artificial intelligence (AI), machine learning (ML) and deep learning (DL), today announced the third software release of the Acumos AI Project, codenamed Clio. Clio is focused on improving the experience with users for “first hand” feature requests like how to easily on board AI models, how to design and manage support for pluggable frameworks, how to more easily handle federation with ONAP and O-RAN, license management, and more.

        • Fujitsu is the Latest OpenChain 2.0 Conformant Company

          The OpenChain Project is delighted to announce that Fujitsu, a Platinum Member of the OpenChain Project, is the latest OpenChain 2.0 Conformant company. This activity is a continuation of Fujitsu’s long-standing commitment to excellence in open source governance and represents one of the larger OpenChain conformant programs. Fujitsu is the first company in Japan and the eighth globally to achieve OpenChain 2.0 conformance.

          The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.

    • Entrapment (Microsoft GitHub)

      • SD Times Open-Source Project of the Week: Codidact [Ed: "In order to get involved, users can jump onto the forum, head to GitHub or use Discord to discuss ideas." So to participate in 'open' you must adopt malicious software that is proprietary.]

      • Tencent Open-Sources High-Performance Graph Computing Framework ‘Plato’ [Ed: Tencent puts its code in proprietary software of Microsoft as if it doesn't know how unwise that is]

      • Alibaba Cloud opens source code for machine-learning platform Alink [Ed: This only makes sense if one considers Microsoft's collaboration with the Chinese government spying on a lot of people]

      • Alibaba Makes Its Artificial Intelligence Platform Open Source [Ed: Alibaba gives its code to proprietary software of Microsoft where developers are censored and spied on]

        The move to GitHub will make lives easier for big data specialists in the machine learning sector, and no doubt provide some useful ecosystem links to the Chinese giant.

        Alibaba Cloud has made the core codes of its Alink data processing platform open-source to help widen the development opportunities for artificial intelligence and machine learning.

        The algorithm platform has been made available on Microsoft-owned GitHub, the world’s largest developer community. The platform offers a broad range of algorithm libraries that support both batch and stream processing, which is critical for machine learning tasks.

        Data analysts and software developers can access the codes on GitHub to build their own software, facilitating tasks such as statistics analysis, machine learning, real-time prediction, personalised recommendation and abnormality detection.

  • Security

    • Kaspersky uncovers open-source VNC vulnerabilities

      Kaspersky has presented analysis of open source Virtual Network Computing (VNC), which uncovered memory corruption vulnerabilities that have existed in a substantial number of projects for a very long time.
      The exploitation of some detected vulnerabilities could lead to remote code execution affecting the users of VNC systems, which amount to over 600 000 servers accessible from the global network alone, according to shodan.io.

    • Kaspersky Uncovers 37 Vulnerabilities in Open-Source VNC Systems

      Kaspersky researchers studied some the most popular VNC systems: LibVNC, UltraVNC, TightVNC1.X and TurboVNC.

      Although these VNC projects were analyzed previously by other researchers, it turned out not all vulnerabilities were then uncovered and patched. As a result, of the analysis by Kaspersky researchers, 37 CVE records marking various vulnerabilities were created. Vulnerabilities were found not only on the client, but also on the server-side of the system. Some of them can allow remote code execution, which in turn could allow a malicious actor to make arbitrary changes on the attacked systems. On a more positive note, many server-side vulnerabilities could only be exploited after password authentification and some servers do not allow to set up password-free access.

    • Security Researchers Uncover 37 Vulnerabilities In Open-source VNC Systems

      Security researchers revealed memory corruption vulnerabilities in open-source Virtual Network Computing (VNC) systems and warned that the exploitation of these vulnerabilities could lead to remote code execution affecting the users. As per shodan.io, Virtual Network Computing systems amount to more than 600,000 servers accessible from the global network. However, the real number of VNC installations is multi-fold considering that devices are only accessible within local networks.

      VNC systems provide remote access to one device from the other, courtesy of a remote frame buffer (RFB) protocol. According to researchers at cybersecurity firm Kaspersky, VNC systems have become some of the most popular desktop sharing tools to date due to their multiple-platform availability and multiple open-source versions. Approximately 32 per cent of industrial network computers have some form of remote administration tools including VNC and they are actively used in automated industrial facilities enabling remote control of systems.

    • How Agencies Can Use Open Source Intelligence to Close Cybersecurity Loopholes: Open source intelligence isn’t just for spies.

      A few OSINT programs I examined specialized in specific aspects of intelligence gathering. For example, Shodan looks at the Internet of Things as well as operational technology devices found in places like power plants and the utilities industry. Metagoofil is optimized to pull hidden metadata from public documents. Simply point it at PDFs, Word files, PowerPoint slides, Excel spreadsheets or almost any document repository, and it will ferret out things like the names of authors and editors who worked on them, even if that information was not specifically disclosed.

    • Designing security for an open-source, containerized, cloud-native world

      Sysdig is the original creator of Falco, which Degioanni described as an open-source Cloud Native Computing Foundation phased anomaly detection system that’s based on collecting high granular data from a running Kubernetes environment.

    • 5 Best Free Password Managers

      Password managers are fantastic privacy tools, but they are even better when they are free! In this article, we list the five best free password managers.

    • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

      • No free puppy: How D2iQ helps customers navigate open-source journey in cloud-native world [Ed: As if proprietary software has no operational and maintenance costs (usually very high, licensing and renewals aside)]

        What do free goldfish, puppies, and open-source software have in common? When the gifts come home, there’s actually a lot of time and expense that goes into keeping them all alive and thriving.

      • Which Programming Language has the Most Vulnerabilities? [Ed: It's clear that Microsoft Nick is still doing Microsoft propaganda a decade plus down the line. Now an amplifier of Microsoft 'proxy' White Source (they co-author FUD)]

    • Privacy/Surveillance

      • Criptext is a free encrypted email service with open source apps for Windows, Linux, macOS, Android and iOS

        Criptext is a free encrypted email service for Windows, Linux, macOS, Android and iOS. It has been around for a while, but I thought it may be worth looking into.

        [...]

        There is something you should know about Criptext. It is not cloud-based like Gmail or Outlook; Criptext emails are not stored on servers permanently, they are only stored on your device using end-to-end encryption. It uses the Signal Protocol for this.

Monopolies

• Patents

  • In filing with Ninth Circuit, Intel draws analogy between Qualcomm’s business model and Dr. Frankenstein’s monster

    There’s significant overlap between the briefs, but also unique elements to each of them. Every such filing serves a purpose, even the one that George Soros funded–as the latter makes, apart from some far-fetched theories and overregulatory ideology, a number of surprisingly reasonable points (like a limited dose of a poisonous substance potentially serving a medical purpose) and may appeal to any ultraliberal(s) on the panel (a political inclination the Ninth Circuit has a reputation for, though President Trump–the most profilic nominator of federal judges in history–has already brought some balance to that bench).

    A strong showing by amici curiae was definitely needed here as Qualcomm technically has “the United States [Government]” on its side, though Antitrust AAG Makan “Macomm” Delrahim is simply a former (and presumably future) Qualcomm lawyer shamelessly–and often absurdly–acting against overall U.S. economic and national security interests in this context. That he has gotten away with this for such a long time is all the more astounding considering that his boss, Attorney General William Barr, once testified against Qualcomm and its business practices.

    As I just said, each of those many pro-FTC submissions serves a purpose. For an example, the Computer & Communications Industry Association’s brief, in addition to the CCIA having some members that are not involved with the three other industry bodies who made such filings, is a pretty good primer on the case (especially together with Professor Jorge Contreras’s brief), while the Fair Standard Alliance brief presupposes a certain level of understanding–and ACT | The App Association made a particularly forceful submission that warns against the consequences of an acquittal.

Desktop/Laptop

• Ask Slashdot: Is Your Company Using Linux Desktops?

  I bet Slashdot’s readers have stories to tell, with enlightening experiences in corporate workplaces over the years gone by. So feel free to share your thoughts, opinions, and anecdotes in the comments.

  And is your company using Linux desktops?

Kernel Space

• KVM Virtualization Updates For Linux 5.5 Are Particularly Busy On The AMD/Intel Side

  The Kernel-based Virtual Machine (KVM) improvements were sent in earlier this week for the Linux 5.5 kernel and they appear to be busier than usual on the x86 (Intel / AMD) side for the open-source virtualization stack.

Benchmarks

• Threadripper 3970X Performing Better On Windows Relative To Linux – Thanks To Microsoft Or Zen 2?

  With the AMD Ryzen Threadripper 3970X benchmarks on Windows 10 and Linux, Ubuntu 19.10 and other common distributions were just ~2% faster than the Microsoft OS and Clear Linux was just ~10% faster, based on 80+ benchmarks carried out. Those margins are much closer than we have seen with past iterations of Threadripper, but is that due to the Zen 2 microarchitecture and the improved topology of the new Threadripper CPUs or due to Microsoft’s scheduler changes and other software improvements made in Windows 10 November 2019 Update? Here are some benchmarks.

Applications

• 4 best Slack alternatives on Linux

  Slack is a chat app for the workplace. It is used to organize teams, discuss projects, and communicate with co-workers. Overall, Slack is an excellent product and has many useful features. However, not everyone on Linux appreciates Slack. So, in this list, we will discuss the 4 best Slack alternatives on Linux.

• 4 best Android emulators on Linux

  Are you looking to emulate Android apps on Linux? Tried out a few apps in the past but not sure what ones are good to use? We can help! Here are the 4 best Android emulators to use on Linux!

Instructionals/Technical

• How to install OpenSUSE

• How to install DaVinci Resolve on Ubuntu

• How to Install Let’s Encrypt with Apache on CentOS 7

• How To Compare Two Git Branches

• himblick host-setup

• Configure Git Server with HTTP on CentOS 8

• Installing Lenovo Firmware Packaged as a .exe on a Linux Machine

• 40 Things to do After Installing Ubuntu

Desktop Environments/WMs

• K Desktop Environment/KDE SC/Qt

  • KF6 Sprint in Berlin

    Last week I arrived on a rainy Thursday evening in Berlin to attend the KDE Frameworks Kickoff sprint. The next three days were spent with discussions and ideas about the future of the libraries that are the base of most of the software of the KDE Community.

    After arriving at MBition GmbH on Friday we started with reviewing the policies that were in place the last few years for KDE Frameworks 5. This includes for example the release model or on which Qt version to depend. After lunch David Edmundson and Eike Hein gave talks about the KDE community in general and about the advantages using KDE Frameworks libraries can bring to the employees at MBition. In the afternoon that the discussion switched from the past to the future and our goals and design principles that we have in mind for KDE Frameworks 6. Later we already outlined problems with specific frameworks and how our goals will impact them.

    After a needed dose of sleep Saturday started right where Friday left off. We split in small groups to investigate how our design goals (further simplification of dependencies, seperation of UI and logic and seperation of framework and implementation) would influence each library and what has to be done to achieve those goals. To this end each group discussed a single library at a time and after eight libraries in total the results were presented to the whole group. For this we started with the Tier 3 Frameworks which have the most complicated dependencies (Tier 1 Frameworks only depend on Qt).

Distributions

• Windows 10 Clone On The Menu As Hackers’ Favorite Hacking Tool Gets Update

  The feature itself is officially known as Kali Undercover, a theme that can be applied to make the Kali user interface appear to be plain vanilla Windows 10 instead if you don’t look too closely. This theme is part of the fourth, and final, Kali Linux release of 2019 that went public November 26. This update was a big one and has received a mixed reception from the hacking Twitterati who either love the new “Xfce” desktop environment which moves away from the previous Gnome default which is described as coming with “overhead that is not useful for a distribution like Kali,” in the release blog. The new Xfce desktop “does only what it’s needed for, and nothing else,” and is best described as a lightweight yet performance-boosting environment. Offensive Security, the penetration testing and security training company that maintains and funds Kali Linux development, knows the new user interface (UI) won’t be for everyone. “UI can be a bit like religion,” Offensive Security said, “if you don’t want to leave Gnome don’t worry.” That’s because there’s still a Gnome build available, although over time it is expected to morph into something closer to the Xfce user experience regardless.

• Devuan Family

  • The File /var/lib/dbus/machine-id Matters For Your Privacy (and Devuan Fixed It)

    A few days ago Devuan ASCII 2.1 was announced and one update has been overlooked by most media outlets: our dbus patch to re-generate machine-id at every boot.

    This patch matters for everyone’s privacy and I hope more distributions will follow our example, let alone Debian. We are dealing with important privacy implications: non-consensual user tracking is illegal in many countries and is not even mentioned in the machine-id documentation so far.

• Debian Family

  • Sam Hartman: The Case for Proposal B

    This is my personal opinion, not that of the project leader. Tomorrow,
    I'll write an essay trying to discuss the various options in with as
    little bias as I can manage (although even that will be Sam's opinion).
    Several people have asked me why I included Proposal B.
    This is my answer.
    
    
    While I was talking to people about systemd and init systems, people
    seemed to inherently assume that being uncomfortable with systemd meant
    that you were in favor of sysvinit, or at least init-script based
    solutions. At least, people who were heavily involved in the issue made
    that assumption. That didn't resonate with me.
    
    
    Several concerns commonly raised with systemd resonate with me:
    
    
    It combines a bunch of things in one project; as an example how you
    start daemons ends up being tied to how you configure the network.
    
    This combination seems like it might reduce innovation at least
    outside of the systemd ecosystem, because interfaces are coupled.
    
    It is Linux specific
    
    
    Of these, the biggest concern for me is the idea that systemd might
    stifle innovation by becoming one point of control.
    
    And yet, in my opinion, systemd is vastly superior to the current
    alternatives. I'd far rather be writing service units than init
    scripts. They are more declarative. Dependencies that I care about are
    easier to express. There are better security isolation facilities. In
    non-Debian work I've found that I depend heavily on systemd because it
    is easier and more pleasurable to code to than the alternatives.
    Declarative syntax for managing users is useful. I haven't personally
    seen the huge joy of socket activation, but if I were writing somewhat
    different things, perhaps I would. Given
    the options today, I would pick systemd hands down and not look back.
    
    
    But what about tomorrow? For me, one of the great things about Debian
    has been that it's possible to integrate new technologies and to try
    things out. Debian has been the OS where I and many others could try
    out new technologies and figure out what it was like to fully integrate
    them into the operating system. Systemd is the best we've got now, but
    I'm reluctant to step away from Debian as a platform for innovation and
    experimentation.
    
    
    Yet I don't think focusing on sysvinit or other init-script based
    solutions actually has anything to do with the kind of innovation I'm
    talking about. I understand that for people who value sysvinit (or
    something like runit) above systemd, that work is valuable. My
    experience is that for my needs, systemd is a better fit. I wanted a
    proposal that allowed us to maintain Debian as a platform for innovation
    without focusing on the legacy of init scripts. I think that if there
    is going to be something that some day replaces systemd, it will support
    service units (or a significant subset) not init scripts. I suspect it
    will have a way to handle socket activation and so on. And I cannot
    imagine a future systemd replacement that does not have advanced
    security isolation features.
    

  • Steinar H. Gunderson: More about the DDR arcade CDs

    I’m continuing my journey throughout the world of the Dance Dance Revolution arcade CDs; it would be interesting to see how moddable they are, even though I don’t have a machine myself (obviously, MAME is absolutely essential here).

    One key fact that I didn’t know about last time, but was eventually alerted to after looking at others’ work, is that the software in flash runs off of a virtual filesystem (VFS). This makes things incredibly much easier than mucking around with offsets everywhere. It’s sort of a strange hybrid, though; read on for more.

    The System 573 mainboard has 16 MB (or 128 Mbit, if you wish) of onboard flash, spread over a few banks, and for the newer digital mixes, this is augmented with a 32 MB PCMCIA flash card (I believe the system can technically address 64 MB, but no software uses it, to the best of my knowledge). When installing the software from CD-ROM, it blits a file called GAME.DAT into the onboard flash and CARD.DAT into the PCMCIA card (plus sets up some checksums at 0xfe0000). Except for a few hard-coded items, they seem to largely be treated equivalently, simply as different backing stores for a single VFS.

    When booting up regularly (SW4 set to booting from flash), it jumps to an address very early in the flash, which contains the bootloader (called boot/psx.bin in the VFS; but the VFS has a too short size for it, so if you trust the size when extracting it, it gets too short!). The bootloader reads the (encrypted) configuration file from 0xFE2000 (addressed as “/.raw=0x1fc4,0×2000” in the VFS, probably partially related ot that the flash is mapped up at 0x1f000000), which contains information about how to address the two flash devices and a bit more. It also reads the file table for the VFS at 0xFE4000, and from there, it’s mostly filesystem time: The bootloader then loads the game itself from soft/s573/aout.exe and boots it.

  • Paul Wise: FLOSS Activities November 2019

  • Chris Lamb: Free software activities in November 2019

  • Sylvain Beucler: Debian LTS and ELTS – November 2019

    Sylvain Beucler: Debian LTS and ELTS – November 2019Here is my transparent report for my work on the Debian Long Term Support (LTS) and Debian Extended Long Term Support (ELTS), which extend the security support for past Debian releases, as a paid contributor.

    In November, the monthly sponsored hours were split evenly among contributors depending on their max availability – I was assigned 24.5h for LTS (out of 30 max) and 20h for ELTS (max).

    Multiple vulnerabilities come from in-process fuzzing (library fuzzing with compiler instrumentation, as opposed to fuzzing a user executable). This is an interesting technique, though those are harder to reproduce, especially with older versions or (even worse) forks. A significant portion of such vulnerabilities comes from google’s OSS-117Fuzz infrastructure.

  • Sparky news 2019/11

    The 11th monthly report of the 2019 of the Sparky project:

    • waterfox package changed its name to waterfox-classic-kpe
    • Sparky 2019.11 Special Editions: GameOver, Multimedia & Rescue released
    • Sparky 2019.11.1 MinimalGUI released to fix: GNOME Shell and KDE Plasma fresh installation; and removing some packages from live
    • added new locales to Sparky tools: Greek provided by jidan; and updated Italian and Japanese locales as well; thank’s a lot for translations
    • Linux kernel updated up to version 5.4.1 & 5.3.14
    • CDE desktop updated up to 2.3.1 (stable & testing lines)
    • added to repos: Videomass

Devices/Embedded

• The 20 Best Raspberry Pi Alternatives Available in 2019

  As a single board computer, Raspberry Pi has already earned the reputation of being the prominent one over its competitors. It contains loads of options that include CPU, GPU, Memory, USB ports, Video outputs: HDMI, Network, and so on. But the number of Raspberry Pi alternatives is increasing day by day. The best choice from Raspberry Pi alternatives depends on your goal you are trying to accomplish. For example, while a Pi Zero can complete all the modest tasks, it might not be a good fit for powerful processing. OS, number of ports, supported devices should also be considered while choosing an alternative SBC over Raspberry Pi.

• Raspberry Pi 4 Thermal Performance Is Improving With New Firmware

  When the Raspberry Pi 4 launched earlier this year it was quickly realized active cooling was almost required if wanting to run the quad-core Cortex-A72 SoC at full performance without thermal throttling. Fortunately, the latest Raspberry Pi 4 firmware has improved the thermal/power behavior to lessen the need for extra cooling although it’s still recommended for achieving peak performance potential out of this popular low-cost ARM SBC.

  Tuning of the Raspberry Pi 4 firmware has resulted in cutting around a half Watt of power consumption at idle and approaching 1.0 Watt under load. When updating the Raspberry Pi software stack users should see the lower performance and better thermal performance. There should be much less thermal throttling now especially for those running without any extra heatsinks.

• Mobile Systems/Mobile Applications

  • Best smartphone Black Friday deals with iPhone and Android price cuts

  • 5 reasons the AirPods Pro are good for Android

  • Galaxy Note10 receives third Android 10 One UI 2.0 beta update with audio, screen, and thermal fixes

  • LG G8 ThinQ is receiving Android 10 update

  • BREAKING: LG G8 ThinQ Android 10 stable update goes live in Korea

  • LG G8 ThinQ starts receiving Android 10, but when is the update coming to the US?

  • These Samsung Galaxy smartphones will not get Android 10 update

  • 5 Android apps you shouldn’t miss this week

  • Android news as your smartphone could look massively outdated this week

  • Convenience: Android comes with something the iPhone doesn’t

  • Android’s Ambient Mode will soon come to ‘select devices’

  • Pocophone F1/Poco F1 Android 10 update in the works, head of POCOPHONE Global confirms

  • ZTE’s unveils and details MiFavor 10 OS, based on Android 10

  • 5 best train simulator games for Android!

  • 11 new and notable Android apps from the last two weeks including Facebook Viewpoints, Milkshake — Website Builder, and Breaker—The social podcast app (11/16/19 – 11/30/19)

  • Best note-taking apps for Android in 2020

  • How to download movies from Google Play on your Android, iPhone, or iPad

  • LG’s latest Android skin kinda looks like Samsung’s One UI

  • Apple TV Plus should be available on Android and SMART TVs

  • Samsung indirectly confirms Galaxy S8 and Note 8 won’t get Android 10

  • LG G8 ThinQ receiving stable Android 10 update

  • New Android Text Messaging Update ‘Exposes Most Users To Hacking’

  • MobiKin Assistant for Android: All in one Android Device Management Software

  • Pop quiz: Match the feature to the Android version

  • This week’s top stories: Pixel 4 re-reviewed, Android 10 for OnePlus 6, Moment fisheye lens, more

  • Librem 5 phones finally finding homes

    As we reported in our article, the Librem 5 Birch phone is the first smartphone to focus on privacy and security since it neither exploits nor tracks the user’s digital footprint. It’s hardware kill switches, layered security protection, decentralized and IP-native communication, user-controlled sourced code, and hardware encryption aids in this effort.

    One early recipient reporting into interested users at reddit.com was impressed that his phone came with a hand-written thank you noted and noted that the build quality of the Librem 5 Birch phone was much more excellent than anticipated. Also pointed out by the user was the aesthetics of the screen.

Free, Libre, and Open Source Software

• Genode OS

  • Genode OS Framework release 19.11

    Block-device encryption is a feature often requested by users of our Sculpt OS. Until now, we deliberately left this topic unaddressed because we felt that a profound answer was beyond our expertise. However, during the past year, we dived deep into it. The result is the prototype for a new block encrypter that encrypts data but also protects integrity and freshness. For us, the implementation of the encrypter is especially intriguing because – with about 7000 lines of code – it is Genode’s first non-trivial component written in the SPARK programming language.

    The second major addition is a new virtual machine monitor (VMM) for 64-bit ARM platforms such as the NXP i.MX8. It leverages the proof of concept we developed in 2015 for ARMv7, which we pursued as a technology exploration. In contrast, our aspiration with the new VMM is a product-quality solution.

    In our road map for 2019, we stated the “bridging of worlds” as our overall theme for this year. On that account, the current release moves the project forward on two levels. First, by successively increasing the scope of POSIX compatibility, we reduce the friction when porting existing application software to Genode. We managed to bridge several gaps in our POSIX support that we considered as impossible to cover some years ago. In particular, we identified ways to emulate certain POSIX signals, ioctl calls, and fork/execve semantics. This way, popular software such as bash, coreutils, or Vim can now be executed as regular Genode components with no additional runtime environment (like Noux or a VMM) required.

  • Genode OS Framework 19.11 Brings Initial Block Device Encryption Code

    It’s been nearly a decade now that we have been tracking Genode as an interesting open-source operating system framework.

    Genode employs a micro-kernel abstraction layer and various other components written from scratch and not derived from Unix/Linux but offering good POSIX compatibility and continuing to allow more open-source software to build for this platform focused on security.

• SaaS/Back End/Databases

  • Building FHIR Applications with MongoDB Atlas

    After a vigorous competition, the team at Asymmetrik was awarded winner of the reference implementation of a secure open source FHIR server based on MongoDB. For a deeper dive, the source code is available for developers and architects under the MIT license.

• Programming/Development

  • A beginner’s guide to C++ Ranges and Views.

    C++ Ranges are one of the major new things in C++20 and “views” are a big part of ranges. This article is a short introduction for programmers that are new to C++ Ranges.

  • Keith Packard: picolibc-float

    Smaller embedded processors may have no FPU, or may have an FPU that only supports single-precision mode. In either case, applications may well want to be able to avoid any double precision arithmetic as that will drag in a pile of software support code. Getting picolibc to cooperate so that it doesn’t bring in double-precision code was today’s exercise.

  • First Stack Buffer Overflow to modify Variable

  • Perl / Raku

    • Advent Calendar – December 1, 2019

      For the purpose of testing the programs below, the words.txt file is located in my current directory. Obviously, when we will be reading the list, we will need to keep only the words having the same length as the two input words.

      This task is much more complicated than the other task of this week challenge (and than most previous challenges). In fact, my first reaction when reading the problem was, “Gosh, I’ve got no idea how I’m going to solve that”. In such case, it is often a good idea to try to break up the problem into smaller ones.

      The first thing that we must be able to do is to figure out whether one word can be transformed into another with just one letter change. It would probably be also very useful to know whether this can be done with two letter changes, three letter changes, etc. For this, we may want to use a well-known CS string metric named the Levenshtein distance or Levenshtein edit distance, which is the smallest number of single-character edits (insertions, deletions or substitutions) required to change one word into the other. In the case of this challenge, however, we probably don’t need to consider insertions and deletions, but are interested only in substitutions.

      Once we have a routine to compute the Levenshtein distance, we might try to use brute force with backtracking to test all possibilities, or an optimized version thereof able to remove non optimal paths relatively early in the process, or a branch and bound algorithm, or implement some form of Dijstra’s algorithm for shortest paths.

  • Python

    • Test and Code: 95: Data Science Pipeline Testing with Great Expectations – Abe Gong

      Data science and machine learning are affecting more of our lives every day. Decisions based on data science and machine learning are heavily dependent on the quality of the data, and the quality of the data pipeline.

      Some of the software in the pipeline can be tested to some extent with traditional testing tools, like pytest.

      But what about the data? The data entering the pipeline, and at various stages along the pipeline, should be validated.

      That’s where pipeline tests come in.

      Pipeline tests are applied to data. Pipeline tests help you guard against upstream data changes and monitor data quality.

      Abe Gong and Superconductive are building an open source project called Great Expectations. It’s a tool to help you build pipeline tests.

      This is quite an interesting idea, and I hope it gains traction and takes off.

    • PyOpenGL 3.1.4 is Out

      So I just went ahead and pulled the trigger on getting PyOpenGL and PyOpenGL Accelerate 3.1.4 out the door. Really, there is little that has changed in PyOpenGL, save that I’m actually doing a final (non alpha/beta/rc) release. The last final release having been about 5.5 years ago if PyPI history is to be believed(!)

    • Weekly Python StackOverflow Report: (ccv) stackoverflow python report

• Standards/Consortia

  • AMIA encourages NIH to fund FHIR for interoperability and clinical research

    While the FHIR standard is not a cure-all for interoperability challenges, the protocol has seen big momentum in recent years, and is seen as an important bridge between newer mobile devices and hospital networks.

    As a web-based spec that has seen a significant amount of buy-in, the standard could have a large impact on the ability of researchers to access better data.

  • AMIA: FHIR is not suitable for research, needs NIH R&D funding

    According to AMIA, it is critical that NIH assume a leadership position to coordinate a research and development strategy for using FHIR for research and that the agency devote “substantial resources” to the effort.

    Specifically, AMIA recommended that NIH directly fund FHIR research and development through grants; indirectly fund FHIR through special emphasis notices and project requirements that prioritize projects that will use FHIR; and educate the research community and help represent it in activities supported by HL7, the Office of the National Coordinator for Health IT and other standards developing organizations that have an interest in FHIR.

Indian IT 4.0: Upping the ante on innovation

India is home to more than half a billion internet subscribers, making it one of the largest and fastest-growing markets for digital consumers. According to a Mckinsey Report, by 2025 widespread digital adoption has the potential to create significant value in all sectors of the economy – for example, E-commerce and digital supply chain have the potential to create $35billion worth value by 2025.

Also, India is ranked third in the global startup index. According to the Economic Survey, the Indian startup ecosystem witnessed a funding of $7.5 billion in 2018 as compared to $4.3 billion in 2017. As per industry-wide distribution of recognized startups, IT Services accounted for around 15 percent, followed by Healthcare and Life Sciences at around nine percent, and education at eight percent. Start-ups like Byju’s, Swiggy, Oyo Rooms, PayTM, Zomato are all based on technology and they have transformed the face of their respective sectors dramatically.

Integrity/Availability

• Proprietary

  • Security

    • Privacy/Surveillance

      • Microsoft Funds Facial Recognition Technology Secretly Tested on Palestinians

        If you’ve been paying attention, it should come as no surprise that the latest in facial recognition technology is already being weaponized by governments and corporations. Most recently, AnyVision, an Israeli facial recognition tech company funded by Microsoft, has been wielding its software to help enforce Israel’s military occupation, using the occupied West Bank to field-test technology it plans to export around the world.

      • Corporate Spies Are Watching Organized Labor

        Google’s computers are spying on its workers.

      • Google’s “smart city” in Toronto: what it wanted, what it will now get – and why it’s still problematic for privacy

        Earlier this year, Privacy News Online wrote about the latest news concerning plans to create a model “smart city” on Toronto’s waterfront. The company involved, Sidewalk Labs, is part of the Alphabet stable, along with Google. In an attempt to quell fears about privacy and other aspects of the plan, Sidewalk Labs released 1500 pages of documentation spelling out what it wanted to do in Toronto.

      • Whatsapp India reports first profit of Rs 57.18 lakh for FY 2019

        Facebook-owned Whatsapp might have begun commercialising its messaging platform in India just two years ago, but recent disclosures with the Registrar of Companies (RoC) show that Whatsapp India has gone from nil revenue in the 2017-18 financial year (FY18) to actually turning a profit in FY19.

        According to the RoC documents, the unit’s revenues have been derived from its IT-enabled business process and outsourcing services. The messaging platform, which has rapidly become the most preferred messaging service in India, had launched its first business offering for entrepreneurs and corporates in January last year with the roll out Whatsapp Business.

Defence/Aggression

• Iraqi Crowds Erupt in Joyous Celebrations as PM, Elected Under Bush Constitution, Offers to Resign

  AFP Arabic reports that Iraqi Prime Minister Adel Abdulmahdi said Friday he would tender his resignation this weekend after five weeks of massive protests throughout Iraq.

• What’s Next for Bolivia After Military Coup?

  In 2005, I sat in a lounge off the Senate chamber in La Paz, Bolivia, waiting for an interview. I was wearing my best coat and tie. With my thinning hair and grey mustache, I could pass for a Bolivian of European descent. In fact, numerous people smiled and said “buenos días,” as if I was a familiar face.The senators were mostly white men, reflecting the makeup of Bolivia’s

• Focus on Early Release of Terror Convict in London Stabbings

  Usman Khan was convicted on terrorism charges but let out of prison early. He attended a “Learning Together” conference for ex-offenders, and used the event to launch a bloody attack, stabbing two people to death and wounding three others.

• 80 years ago: First day of the Winter War

  In a 1930′s case of “fake news”, Soviet state radio claimed Finnish reports of the air raids were false and that the Soviet Air Force had merely been dropping bread to the starving masses of Helsinki.

Transparency/Investigative Reporting

• Free the Truth – A Short Speech

  This is the speech I came down to London to give.

Environment

• Energy

  • Texas Petroleum Chemical Plant Explosion, And Our Petrochemical “Collective Suicide”

    Although it was clear that many residents had left, it wasn’t hard to find people who remained. I photographed homes within a half-mile of the plant and chatted with residents who were out on the street sharing holiday greetings with their neighbors. They were talking about damage to their homes and the size and the direction of the plume. 

  • Thousands of Activists Stage Protests at Three German Coal Mines to Demand Bolder Climate Policies

    “We’re at a critical moment—the window of opportunity to stop the climate crisis is closing rapidly.”

  • Saudi, UAE Discuss $70B Crude Refinery Project in India

    Saudi Arabia and the United Arab Emirates discussed a planned refinery in the western Indian state of Maharashtra that will cost at least $70 billion, a figure that exceeds the initial $44 billion estimate previously announced.

• Wildlife/Nature

  • Show Mercy for Animals

    Two tragedies just happened in Romania and Australia that have left this hardened war correspondent shaken and horrified. At least 14,000 of the terrified sheep drowned in the icy waters and darkness of the overturned death ship.

Finance

• A Corporate Tax Even Republicans Should Love

  I moved away from my hometown of Litchfield, Minnesota, several decades ago, and since that time, my politics have veered to the left as those in my hometown have veered to the right. Donald Trump won my family’s western Minnesota congressional district by over 30 percentage points.

• NHS Staff to Lead Protest Against Trump During His Trip to the UK Amid Rising Privatization Concerns

  The demonstration plans come as new research reveals that nearly £15 billion in health service contracts have been given to private firms since 2015, casting doubt on Tories’ claims that NHS isn’t “up for sale.”

• Why Are Students Angry? Is Conflict Over Public-Funded Higher Education Only Reason?

  No one in India asked these ­questions when tanks rolled into Tiananmen Square in 1989, after ­student-led protests brought million-­strong crowds into that iconic venue in central Beijing, defying China’s ­authoritarian one-party rule and seeking various freedoms. No one asked this when American students protested against the Vietnam War five decades ago, forcing the Nixon ­administration to blink. Or when the Soweto uprising by Black students in 1976 set in motion a chain of events that turned history’s page on the world’s last legally racist regime. Or when students without count became the lifeblood of India’s freedom movement—joining Gandhi, or sundry revolutionary movements, filling up jails. It’s only the ruling elite in each instance that asked the question. It’s only after freedom that dissenting students again became a troubling bogey, with the Naxalite movement. Or Assam. Or the protests against Indira Gandhi’s authoritarianism. A whole galaxy of mainstream politicians—from the recently dec­eased Arun Jaitley to the jailed Laloo Prasad Yadav to Nitish Kumar and Union minister Ravi Shankar Prasad—found their life’s calling as protesting ­students before or around the Emergency. In world history or in India’s, student politics has been so deeply constitutive of politics that the question “why” can only come from those utterly innocent of history.

AstroTurf/Lobbying/Politics

• Impeachment’s Influence Hazy as Issue in Congressional Races

  Republicans aim to use the House drive toward impeaching President Donald Trump to whittle down Democrats’ majority by dislodging vulnerable incumbents from swing districts loaded with moderate voters.

• WTO Shutdown: This Is What Democracy Looked Like

  WTO Shutdown 20-Year Anniversary Series:The Shutdown WTO Organizers History Project and Common Dreams have produced this series of ten people’s history accounts and forward-looking lessons from organizers who were in the streets of Seattle in 1999—at the very end of last century…

• Many Evangelicals Excuse Anything Trump Does — Because He’s the “Chosen One”

  Energy Secretary Rick Perry is the latest Trump official or acolyte to prostrate himself, using cult-like terms, before the president. Trump is, in Perry’s worldview, a man tagged by God to occupy his leadership role. In this, the energy secretary is echoing Secretary of State Mike Pompeo – who has averred Trump may have been chosen by God to defend Israel against Iran – and Sarah Huckabee Sanders, Trump’s erstwhile press secretary, who also argued that God had played a role in Trump’s election. Perry is also mimicking ex-Congresswoman Michele Bachmann, who has argued that Trump is the most “godly, Biblical president” in her lifetime. He is following in the footsteps of Jerry Falwell Jr.’s Liberty University, which produced a movie in 2018 titled The Trump Prophecy that likewise argued President Trump had been chosen by God.

• Biden Heads to Iowa Looking for a Rebound in Key State

  Joe Biden’s eight-day bus tour across Iowa comes with a message: Reports of his demise in the nation’s first presidential caucus state have been greatly exaggerated.

• Apple taking ‘deeper look’ at disputed borders for its Maps

  Apple, which showed the controversial annexed Crimean peninsula as part of the Russian territory on its location-based apps, has changed how Crimea is displayed in its Maps and Weather apps and will take a “deeper look” at how disputed borders are shown.

Civil Rights/Policing

• Preparing Native Youth to Steward Ancestral Lands

  It had been more than a 100 years since the Nimíipuu (Nez Perce) people launched a carved canoe in eastern Oregon’s Wallowa Lake. And now in this place, beloved by Chief Joseph and his people, crews from several tribal canoes had gathered and joined in song—songs sung in their language and not heard on that water in generations. Tiyana Casey recalls the power of the occasion…

• The Last Volunteers On An Island Paradise

  NGOs and volunteers assisting with the migration crisis on Chios, in the Greek Isles, are being forced to pick up the slack from the failed efforts of government and EU authorities. But not only are they being penalised for it, local opposition and resentment continues to swell. Gemma Clarke reports.

• “Why I Can’t Feel Safe In Bharat”: Woman Sits On Solo Protest Outside Parliament, Detained

  A woman, in her mid 20s, sat on a pavement near parliament on Saturday morning protesting over crimes against women, police said.

  The woman identified as Anu Dubey was holding a placard with a slogan “why I can’t feel safe in my own Bharat” while sitting on the pavement near Parliament gate number 2-3, they said.

  She was asked to go to Jantar Mantar to continue her protest, but when she refused, she was taken to the Parliament Street Police Station in a police vehicle and was seen sobbing, a senior officer said.

• Sindh govt to grant paternity leave to fathers

  Officials in the provincial government said the finance ministry had written to the authorities in the Sindh Secretariat and other related departments to allow for the 10-day paternity leave for its employees.

Monopolies

• Patents

  • Antitrust think tanks urge Ninth Circuit to affirm Judge Koh’s FTC v. Qualcomm ruling

    As of Saturday morning, 14 (!) amicus curiae briefs supporting the FTC against Qualcomm before the Ninth Circuit have been filed. The previous post discussed Professor Jorge Contreras’s submission as well as a brief signed by 40 law and economics professors. It’ll take a few more posts before I’m done with that flood of filings…

    The American Antitrust Institute (AAI) and Public Knowledge (PK)–the latter is, as the name suggests, more IP-focused, while the former is all about competition enforcement and has more than 130 antitrust lawyers, professors, economists and executives on its advisory board–made a joint submission (this post continues below the document):

  • Former Secretary of Homeland Security, former FTC chairman, and conservative think tank dismiss Qualcomm’s and DOJ’s “national security” arguments

    In its answering brief to Qualcomm’s Ninth Circuit antitrust appeal, the FTC says Qualcomm simply “abandoned” its national security argument before the district court and can’t revive it now. Nevertheless, many of the (by now) 14 amicus curiae briefs supporting the FTC address the topic to some extent–and the one filed by the R Street Institute (a think tank close to the GOP) even focuses entirely on why any “national security” concerns over Judge Lucy H. Koh’s ruling are unfounded because, if anything, Qualcomm’s monopoly poses a threat to national security (this post continues below the document):

  • Four IT industry bodies support FTC against Qualcomm’s appeal: once again, The Industry v. Qualcomm

    In the January 2019 trial, Qualcomm’s #1 problem was that virtually the entire mobile device industry testified against it (apart from a very few companies who, like Qualcomm, refuse to license chipset makers, though a couple of them once lodged their own antitrust complaints against Qualcomm for that reason). In terms of amicus briefs filed with the Ninth Circuit, it’s pretty much the same picture again: companies who failed in the mobile phone business and trolls support Qualcomm (as does Makan “Macomm” Delrahim, the Antitrust Assistant Attorney General who used to work for Qualcomm), while the rest of the industry presents a united front and supports the FTC.

    The collective membership of the four high-tech industry bodies who filed amicus curiae briefs in support of the FTC goes far beyond the ones whose testimony mattered to the district court. That’s because those organizations have many members who care about standards but don’t necessarily implement the cellular standards at issue in this particular case.

    The groups who have now made filings for the FTC and against Qualcomm cound companies like Amazon, Apple, Google, Facebook, Microsoft (those five are sometimes collectively referred to as “GAFAM”) among them, but also the likes of Intel, Cisco, eBay, Salesforce, Uber, and major carriers like Sprint, T-Mobile, and Verizon.

    That’s basically the most vibrant part of the U.S. economy. (We’ll also talk about a couple of briefs filed by automotive industry groups, but not in this post.) And as the briefs note, those companies invest huge amounts in R&D and hold vast numbers of patents.

• Copyrights

  • SET TV Operator and Manager Must Pay Millions in Piracy Damages

    Amazon, Netflix, and several Hollywood studios have added another victory to their legal track record. A federal court in California has granted a default judgment which orders the owner and an employee of the IPTV service Set-TV to pay over $7 million in piracy damages.