Is Water Wet?

Posted in Europe, Patents at 11:29 pm by Dr. Roy Schestowitz

The EPO's President du jour. Buzzword. Is this a software patent?

Summary: The criteria for patent eligibility reduced only to this question: will allowing these patents increase ‘production’ (number of patent grants)?

The EPO’s President Admits He’s Illegally Granting Software Patents (CII, 4IR, IoT, AI and Blockchain Mean Software Patents at the EPO)

Posted in Europe, Patents at 11:15 pm by Dr. Roy Schestowitz

EPO on blockchains

Summary: The EPO’s chief liar is openly and proudly promoting software patents using buzzwords and hype waves (and mysterious acronyms that are rather meaningless but spread by the media in exchange for money received from the EPO)

THIS OLD video of European Patent Office (EPO) President António Campinos is awesome for a lot of reasons. He’s so shamelessly promoting software patents in Europe and admitting so in public. It’s illegal, but what does he care about the law? He had only been at the Office for a few months at that point, approximately a year after a scandal at his previous employer.

“…he’s not a programmer but a liar and he still pushes the lie of 3 examiners being involved (this has long not been the case; see CQI for instance).”So the President speaks of “inventors and programmers” (yes, programmers), citing “changes and trends” (because it’s all about buzzwords and hype waves), admitting that “blockchain inventions are computer-implemented inventions” (see above; this is what EPO calls software patents), and reassuring about 300 people in the audience (the patent microcosm) that they’re pressuring examiners to grant (“competencies”) these illegal patents in violation of the EPC. It is a pretty damning video; he’s not a programmer but a liar and he still pushes the lie of 3 examiners being involved (this has long not been the case; see CQI for instance).

He is meanwhile meddling (i.e. pressuring judges) in a Board of Appeals case regarding the matter.

Tone Policing and the Linux Foundation

Posted in GNU/Linux, Kernel at 10:32 pm by Dr. Roy Schestowitz

Summary: A timely example of situations where the Linux Foundation can seemingly ‘cancel’ people (using the Code of Conduct) for political opinions

IT was almost a month back that the Linux Foundation brewed its own scandal by publicly banning someone from an event, citing its controversial Code of Conduct (CoC). We wrote about this. Bryan Lunduke made the above video and then wrote the following text to accompany that:

On November 6th, The Linux Foundation made a public statement that it had banned an individual from one of their upcoming events (KubeCon) — the banning was based on that individuals public tweets (including a picture with a red “Make America Great Again” hat) and statements, unrelated to KubeCon, that were determined to violate the Linux Foundation Events Code of Conduct.


Since we are focusing, in this article, on the banning of the individual from an event — we are going to start with the initial (to my knowledge) and primary public complaint posted by Kim Crayton and directed to the organizers of the conference (KubeCon).


It is unclear if Kim Crayton plans to attend any Linux Foundation events, or what the Linux Foundations reaction might be on if these Tweets do, or do not, violate any portion of the Code of Conduct.

During all of this, The Linux Foundation made public statements about the actions it was taking (banning Wood after receiving the Tweeted complaint) but have not provided enough details or context to fully evaluate how well the Code of Conduct, or the actions based on it, functioned.

After these events, Robert Martin published an open letter to the Linux Foundation in protest of the banning of Charles Wood. Followed by an article from Cher Scarlett praising the decision to ban Wood from the event. Both have distinct viewpoints on what has transpired, but both contain significant details for those looking to gain more insight on what transpired (with additional sources and Tweets beyond the scope of this article). They are also worth reading as examples of how these events are being interpreted by differing parts of the broader Tech community — and what impact all of this is having.

As a reminder to our readers, the Linux Foundation also 'canceled' a lady who had spoken out against the Linux Foundation. This is becoming rather cult-like. A corporate cult. Looking for excuses to remove people for things they said a long time ago.

“Software is like sex: it’s better when it’s free.”

Linus Torvalds

It EEEsn’t Just a Microsoft Thing Anymore

Posted in Google, Microsoft at 12:27 pm by Dr. Roy Schestowitz

Am I The Only One Around Here That wants to destroy Python from the  inside? No, Microsoft We are also trying to coerce it and it's easier with the Benevolent Dictator in retirement

Summary: The EEErosion of Python’s independence is a known problem and Microsoft is not the sole culprit

Links 1/12/2019: KDE’s GTK CSD Support, Skrooge 2.21.0

Posted in News Roundup at 11:41 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Server

    • Kernel Space

      • Linux 5.5 Block Changes Include NVMe Temperature Monitoring, Optimizations

        As outlined before, the NVMe HWMON support is here with Linux 5.5. This allows reading the NVMe solid-state drive temperatures via sysfs/hwmon just as you can normally do with the other hardware monitoring sensors on Linux systems. Up until now you needed the NVMe user-space utilities installed and generally had to run it as root in order to see drive temperatures. Now with Linux 5.5 you don’t need to install anything extra and the drive temperatures are reported via sysfs/hwmon for easy integration with various Linux system monitoring programs. I tried it out on a few boxes so far and is working well — though the Ubuntu Mainline Kernel PPA isn’t yet shipping their builds with CONFIG_NVME_HWMON set yet, so be aware if that is normally where you fetch your Git kernel builds.

      • VMs Can Finally Hibernate Under Microsoft Hyper-V With Linux 5.5

        It seems like the feature would have been wired up long ago, but with the Linux 5.5 kernel guest virtual machines running on Microsoft Hyper-V should be able to successfully hibernate.

        Microsoft engineers have wired in the hibernation support to the various Hyper-V kernel drivers for allowing the functionality to successfully work on Linux 5.5. Changes to their storage, video, network, memory balloon, HID, and other driver components were needed for allowing hibernation of Linux VMs on Hyper-V.

    • Benchmarks

      • Video: 100+ Daily Performance Tests For Clear Linux + Intel’s Other Full-Stack Optimizations

        A month ago at the Open-Source Summit Europe 2019 in Lyon, France, Intel’s Kelly Hammond who serves as the company’s Senior Director of System Platform Software talked up their open-source contributions with a particular emphasis on performance. The video from that keynote was recently published for those curious about Intel’s open-source work in the name of performance, including Clear Linux.

        Kelly talked up their open-source contributions across the board from the Linux kernel to the other areas of the stack but also with their emphasis on performance. As part of that, she also made some interesting remarks on Clear Linux and their automated development model for this performance-optimized rolling-release distribution. She covered how they manage 5,000+ packages yet are largely automated-driven model and carry out more than 100 performance tests per day in validating each release.

    • Instructionals/Technical

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • This week in KDE: GTK CSD support and more!

          I’ve got big news today. Something major landed: full support for the GTK_FRAME_EXTENTS_ protocol, which hugely improves the user experience for running GTK apps that use client-side decoration headerbars! This includes GNOME apps and an increasing number of 3rd-party GTK apps too. In particular, these apps now display window shadows and have proper resize areas without needing to use a thick border.

        • KDE Now Deals With GTK CSD Headerbars – Improving GNOME App Integration On Plasma

          There is an exciting improvement to the GTK client side decoration handling ahead of the KDE Plasma 5.18 LTS release due out in February.

          Some of the KDE improvements ending out November include:

          - KDE now better supports GTK applications relying upon client-side decoration headerbars. In particular, GTK_FRAME_EXTENTS protocol support and this should yield more GTK/GNOME applications looking quite well integrated with the KDE desktop.

          - The background frame is configurable now for all KDE Plasma widgets.

        • The Road Towards KF6 & SPDX License Identifiers

          With KF6, I want to see SPDX license identifiers being introduced into KDE frameworks in order to ease the framework re-use in other projects. This follows the same approach e.g. the Linux Kernel took over the last years.

          The problem that the SPDX markers address is the following: When publishing source code under an open source license, each source code file shall explicitly state the license it is released with. The usual way this is done is that a developer copies a license header text from the KDE licensing policies wiki, from another source file, or from somewhere else from the internet and puts it at the top of their newly created source code file. Thus the result is that today we have many slightly different license headers all over our frameworks source files (even if they only differ in formatting). Yet, these small differences make it very hard to introduce automatic checks for the source code licenses in terms of static analysis. This problem becomes even more urgent when one wants to check that a library, which consists of several source files with different licenses, does only contain compatible licenses.

          The SPDX headers solve this problem by introducing a standardized language that annotates every source code file with license information in the SPDX syntax. This syntax is rich enough to express all of our existing license information and it can also cover more complicated cases like e.g. dual-licensed source files.

        • Skrooge 2.21.0 released

          The Skrooge Team announces the release 2.21.0 version of its popular Personal Finances Manager based on KDE Frameworks.

    • Distributions

      • SUSE/OpenSUSE

        • openSUSE Leap 15.0 Reached End of Life, Upgrade to openSUSE Leap 15.1 Now

          The openSUSE Leap 15.0 operating system release has reached end of life on November 30th, 2019, which was the last day when it received software updates and security patches.
          openSUSE Leap 15.0 was released 18 months ago, on May 25th, 2018, and it was based on the SUSE Enterprise Linux 15 operating system series. It was the first OpenSuSE Leap release to adopt a new versioning scheme that’s in sync with upstream SUSE Enterprise Linux (SLE) releases.

          As of November 30th, 2019, openSUSE Leap 15.0 will no longer receive software updates and security patches for its core components or apps. Therefore, users are encouraged upgrade their computers as soon as possible to the latest version, openSUSE Leap 15.1, which will be supported with software updates and security patches until November 2020.

          “openSUSE Leap 15.0 will receive no further maintenance or security updates after that date. It is recommended for openSUSE Leap users to upgrade to the current release openSUSE Leap 15.1. The next release, openSUSE Leap 15.2, is planned for May 2020.” said Marcus Meissner, SUSE Security and openSUSE Maintenance.

      • Debian Developers

    • Devices/Embedded

      • Orange Pi 4 Launches With RK3399 Board And 4GB RAM At $50

        Both the SBCs come with 4GB of LPDDR4 memory and have an ARM Mali-T860 MP4 GPU. They are both an optional 16GB eMMC flash and a microSD card. The new Orange Pi models measure 91 x 56 mm and weigh 48 grams.

        Orange Pi 4 has one USB 3.0 port, two USB 2.0 host ports, and one USB 3.0 type C port. But, Orange Pi 4B has two USB 2.0 host ports and only one USB 3.0 type C port. This is because the Orange Pi 4B’s NPU connects to the RK3399 via USB 3.0.

        Both have dual MIPI-CSI camera headers and dual LCD/MIPI-DSI connectors. They also have a serial debug interface, a mic, and a 3.5mm audio output jack for headphones. Additionally, they have a 24-pin connector, and a 40-pin GPIO (General-purpose input / output) connector.

      • Open Hardware/Modding

        • OpenGradeSIM is an open source incline simulator for indoor bike trainers

          Although he would probably rather be outdoors, after an injury Matt Ockendon had a lot more time to ride his Tacx Neo indoor trainer and tinker. He decided he wanted his rig to be able to simulate the grade of hills, but as commercially available units with this capability are quite expensive, he instead devised his own solution dubbed “OpenGradeSIM.”


          With this data in hand, the Nano controls a linear actuator using an L298N-based driver board to raise or lower the bike’s front end. The derived bike angle is sensed via the Nano’s built-in IMU, providing an elegant closed-loop system. Additionally, the incline is shown on a 1.3″ I2C OLED display that serves as a mini dashboard while Ockendon cycles.

        • [Reposted] U.S.-Based Chip-Tech Group Moving to Switzerland Over Trade Curb Fears
        • RISC-V moves to neutral Switzerland over trade disruption

          The nonprofit RISC-V Foundation is relocating to Switzerland over concerns about the impact of U.S. trade policies.

          Foundation CEO Calista Redmond told Reuters that its members are “concerned about possible geopolitical disruption.” The foundation’s board approved the move unanimously after hearing members around the globe say that they would be “a lot more comfortable… if the incorporation were not in the U.S.,” she added.

          RISC-V is a young organization, founded in 2015 and located in Delaware, to set standards for chip architectures that are allowed to use the RISC-V trademark on its products. RISC-V is a reduced instruction set architecture that is open source technology that anyone can use to design, make or sell RISC-V chips and software for electronics.

    • Free, Libre, and Open Source Software

      • Mastodon announces Pixelfed, an open-source alternative to Instagram

        Mastodon’s quest to federate the Internet continues with the imminent launch of a photo-sharing platform which promises to be more privacy-focussed and to give more power to netizens

        Mastodon is not done making headlines. One November 26, the open-source and federated platform announced, via Twitter, that they would be launching Pixelfed, “a fediverse alternative to Instagram and other photo sharing platforms.” Tacked on the end of the tweet is the hashtag #TheFutureIsFederated.

        The tweet is a quote-tweet from the Pixelfed The only form of explanation comes in a teaser video. “What is the fediverse? It’s magic. A platform for the people. And we mean everyone. We’ll be arriving soon! Power to the people. Pixelfed.org,” says the video.

      • LibreTorrent removed from Google Play because it looks too similar to its malicious clones

        Google’s history of draconian and arbitrary decisions regarding developer infractions on the Play Store is extensively documented. In this latest episode, the open-source torrent client LibreTorrent has been removed from the Play Store due to “spam,” with Google claiming that the app is a low-quality duplicate of several others on the Play Store. The twist this time is that LibreTorrent is actually the original app, and it’s the others that are the ad-filled “spam” clones.

      • Open-source software on the rise in Africa

        The market for programmers is growing faster in Africa than in any other continent. Open-source code is popular, because anyone can see and modify it for their own purposes.

      • Microservices-Based Cloud Native Modernization of OSS/BSS with Open Source

        Market forces and changes in subscriber needs and expectations are leading Communications Service Providers (CSPs) to transform their entire service delivery and management infrastructure. At the forefront of this transformation is the modernization of the systems that enable the management of network services, the operations support systems (OSS) and systems for managing the customer and the overall business operations, the business support systems (BSS). Current systems were built for a business paradigm that is increasingly outdated; they are rigid, siloed, rely on extensive human involvement and often require esoteric skills. Modernization of these systems enables CSPs to address requirements for becoming the Digital Service Providers (DSPs) of the future: business agility, elastic scale and capacity, service velocity and the ability to continuously reinvent themselves.

      • How open source changed everything – again

        Open source was making headlines prior to 2010, of course, but much of the open source news back then was “free software” vs. “open source” religious wars and lawsuits against Linux. To run open source software, you were still calling IT to provision servers (or using a spare that just happened to be sitting under your desk). The cloud changed all that. Suddenly developers did not need to get a hall pass from IT to run their open source code. Just as open source freed developers from Purchasing/Legal approval, so too did the cloud shake developers free of the friction inherent in hardware.


        Git was not born in in the last decade, but like cloud, it did not really boom until the 2010s.


        Everything? Well, yes, at least for enterprise application development, and not because it is some cool new way to think about virtualisation. As Gordon Haff explains, “pre-Docker/Kubernetes containers were just another partitioning technique.” The real magic started when Docker nailed the developer experience, and from there, he goes on, “things snowballed,” leading to complete reinvention of the CI/CD pipeline and more. A decade ago, no one had heard of Docker and Kubernetes. Last month, more than 13,000 people showed up at KubeCon 2019 to explore this modern application world that Docker helped to create.

      • SaaS/Back End/Databases

        • Altibase Celebrates Its 20th Birthday as an Enterprise Grade Open Source Database

          “We have built that client base, in part, by competing head-to-head with such juggernauts as Oracle, IBM and MS – and winning. Simply put, Altibase is a viable alternative to mega legacy database,” he adds.

          “But being just an attractive alternative no longer suffices. To continue our success, we are adapting to two major changes currently taking place in the database market,” Paul says.

      • CMS

        • Duke University Introduces an Open Source Tool as an Alternative to a Monolithic LMS

          Developed by Duke’s Learning Innovation and the Office of Information Technology, Kits – now released as an alpha version – evolved from a home-grown group management solution and it was developed outside the LMS. “It brings together the centralized student access points of the LMS with the flexibility and power of an app-based system.”

          Currently, eight applications are included on Kits, and three more are expected to arrive this year. Learning analytics are in the roadmap, too. The integration was done via LTI standard or API. In addition, Kits comes with a “custom link” option that allows both instructors and students to add any share-by-link application.

      • BSD

        • A Look at PureDarwin – an OS based on the open source core of macOS [Ed: OSNews says: “The problem with Darwin is that you’re always confined to Apple’s whim; the company has a history of delaying Darwin code dumps after new macOS releases for a long time, not including any ARM/iOS code for almost a decade”]

          PureDarwin Xmas is a ‘complete’ operating system featuring a desktop environment and various GUI applications. However, as it is just a developer preview, some features such as networking and hardware support are quite limited.

      • Public Services/Government

        • Council group plans for open source revenues and benefits

          In this project, the councils are initially aiming to test the hypothesis that an in-house open source system could be developed and to show some of the cross-authority benefits.

          Another piece of work is looking at whether an open source componentised IT solution is feasible and scalable.

      • Programming/Development

        • GDB Adds Multi-Threaded Symbol Loading For Faster Debugging Performance

          GDB can now handle multi-threaded symbol loading to yield better performance on today’s multi-core systems. This feature is still in development/testing so for now is disabled by default but can be done by setting worker-threads to “unlimited” rather than the default value of 0. The worker-threads tunable controls the number of worker threads that can be used by GDB and is currently used for demangling the names of linker symbols.

        • What Eats Your Programming Time

          ActiveState has published the results of its 2019 Developer Survey with the title “Open Source Runtime Pains”. It provides interesting insights into the challenges faced by coders when working with open source runtimes.

          “Coder” used here embraces a wide spectrum of IT jobs such as developers, engineers, data scientists, Q&A, etc. Specifically out of the 1250 survey takers, 65.4% were professional developers, 15.3% were hobbyists, 10.2% students with 9.1% being “others”.

        • Python

          • Data Science and Star Science

            I recently got a review copy of Statistics, Data Mining, and Machine Learning in Astronomy. I’m sure the book is especially useful to astronomers, but those of us who are not astronomers use it as a survey of data analysis techniques, especially using Python tools, where all the examples happen to come from astronomy. It covers a lot of ground and is pleasant to read.

          • The 30 Best Python Courses and Certifications in 2019

            Python is one of the most popular programming languages in our modern time. With a deep observation, you will find out that the number of Python developers exceeds the number of other developers by a difference of millions. Due to its rapid growth, many online platforms are offering both free and paid Python online courses. If you are lately thinking of learning python or you are someone who wants to extend your skillset of python, you are just in luck.

          • Tryton News: Newsletter December 2019

            When the shipment tolerance is exceeded, in the error message we now show the quantities involved so that the user understands the reason for the error and can then adjust them as required.

            The asset depreciation per year now uses a fixed year of 365 days. This prevents odd calculations when leap years are involved.

          • #100DaysOfCode, Day 011 – Quick and Dirty Web Page Download

            Watched another Corey Schafer video on how to scrape web pages.
            Thought that would be handy in my image from a web page download project.
            Corey’s an awesome teacher. The video was fun and it taught me lots.

            Then started hacking away at my little project.
            And then realised that the site has rss feeds.
            I could just process them instead of scraping a page.
            Went looking for a quick way to do that.
            Found the Universal Feed Parser.

  • Leftovers

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

          • Openwashing

            • Lush develops open-source software for its point-of-sale system to boost growth

              Other retailers have experienced negative backlash for when a POS system is hacked and customer data that was stored, is stolen.

            • Karma Reveals 1100 HP Open-Source SC2 Electric Supercar Concept

              Tesla Cybertruck. Lotus Evija. Ford Mustang Mach-E. Mercedes-Benz EQC. Such is the state of the electric car industry that a sexy, slinky, and all-electric GT coupe packing 1100 horsepower and capable of rocketing from 0 to 60 MPH | 96 km/h in less than two seconds built by one of the early innovators of electrification barely causes a blip in the automotive press. That’s too bad, because the all-new Karma SC2 Concept GT coupe deserves much, much better.

            • IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds

              IBM has announced Cloud Pak for Security, featuring innovations to connect with any security tool, cloud or on-premise system, without moving data from its original source. The new platform includes open source technology for hunting threats, automation capabilities to help speed response to cyberattacks, and the ability to run in any environment.

              According to IBM, Cloud Pak for Security is the first platform to leverage new open source technology pioneered by IBM, which can search and translate security data from a variety of sources, bringing together critical security insights from across a company’s multicloud IT environment. The platform is extensible, so that additional tools and applications can be added over time.

            • The Rise Of Partner Marketing And The Role Of Open Source
            • Top 5 things to know about open source and the cloud [Ed: As usual, calling 'the cloud' something like "Open" is a great scam which devalues that brand, associating "Open" with prison]

              Open source software has revolutionized how companies work, but cloud software like AWS has been making it harder for open source software companies to make money. When you can get cloud services based on open source software, there’s no need to pay a company for the services around that software. Here are five things to know about open source and the cloud.

          • Privatisation/Privateering

            • Linux Foundation

              • AI Foundation delivers third Acumos AI software release, which includes work with ONAP and O-RAN

                The LF AI Foundation has delivered its third software release for its Acumos AI Project, which includes integration with ONAP and O-RAN. The third release, which is called “Clio,” includes features that were designed to more easily onboard AI models, as well as design and manage support for pluggable frameworks and enable federation with ONAP and O-RAN.

                The LF AI Foundation, which was previously known as LF the Deep Learning Foundation, was launched last year to spur innovation across artificial intelligence, machine learning and deep learning not just in the telecom industry, but across other industries as well.

              • LF AI Delivers Acumos AI Clio Release

                The LF AI Foundation, the organization building an open AI community to drive open source innovation in artificial intelligence (AI), machine learning (ML) and deep learning (DL), today announced the third software release of the Acumos AI Project, codenamed Clio. Clio is focused on improving the experience with users for “first hand” feature requests like how to easily on board AI models, how to design and manage support for pluggable frameworks, how to more easily handle federation with ONAP and O-RAN, license management, and more.

              • Fujitsu is the Latest OpenChain 2.0 Conformant Company

                The OpenChain Project is delighted to announce that Fujitsu, a Platinum Member of the OpenChain Project, is the latest OpenChain 2.0 Conformant company. This activity is a continuation of Fujitsu’s long-standing commitment to excellence in open source governance and represents one of the larger OpenChain conformant programs. Fujitsu is the first company in Japan and the eighth globally to achieve OpenChain 2.0 conformance.

                The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.

          • Entrapment (Microsoft GitHub)

            • SD Times Open-Source Project of the Week: Codidact [Ed: "In order to get involved, users can jump onto the forum, head to GitHub or use Discord to discuss ideas." So to participate in 'open' you must adopt malicious software that is proprietary.]
            • Tencent Open-Sources High-Performance Graph Computing Framework ‘Plato’ [Ed: Tencent puts its code in proprietary software of Microsoft as if it doesn't know how unwise that is]
            • Alibaba Cloud opens source code for machine-learning platform Alink [Ed: This only makes sense if one considers Microsoft's collaboration with the Chinese government spying on a lot of people]
            • Alibaba Makes Its Artificial Intelligence Platform Open Source [Ed: Alibaba gives its code to proprietary software of Microsoft where developers are censored and spied on]

              The move to GitHub will make lives easier for big data specialists in the machine learning sector, and no doubt provide some useful ecosystem links to the Chinese giant.

              Alibaba Cloud has made the core codes of its Alink data processing platform open-source to help widen the development opportunities for artificial intelligence and machine learning.

              The algorithm platform has been made available on Microsoft-owned GitHub, the world’s largest developer community. The platform offers a broad range of algorithm libraries that support both batch and stream processing, which is critical for machine learning tasks.

              Data analysts and software developers can access the codes on GitHub to build their own software, facilitating tasks such as statistics analysis, machine learning, real-time prediction, personalised recommendation and abnormality detection.

        • Security

          • Kaspersky uncovers open-source VNC vulnerabilities

            Kaspersky has presented analysis of open source Virtual Network Computing (VNC), which uncovered memory corruption vulnerabilities that have existed in a substantial number of projects for a very long time.
            The exploitation of some detected vulnerabilities could lead to remote code execution affecting the users of VNC systems, which amount to over 600 000 servers accessible from the global network alone, according to shodan.io.

          • Kaspersky Uncovers 37 Vulnerabilities in Open-Source VNC Systems

            Kaspersky researchers studied some the most popular VNC systems: LibVNC, UltraVNC, TightVNC1.X and TurboVNC.

            Although these VNC projects were analyzed previously by other researchers, it turned out not all vulnerabilities were then uncovered and patched. As a result, of the analysis by Kaspersky researchers, 37 CVE records marking various vulnerabilities were created. Vulnerabilities were found not only on the client, but also on the server-side of the system. Some of them can allow remote code execution, which in turn could allow a malicious actor to make arbitrary changes on the attacked systems. On a more positive note, many server-side vulnerabilities could only be exploited after password authentification and some servers do not allow to set up password-free access.

          • Security Researchers Uncover 37 Vulnerabilities In Open-source VNC Systems

            Security researchers revealed memory corruption vulnerabilities in open-source Virtual Network Computing (VNC) systems and warned that the exploitation of these vulnerabilities could lead to remote code execution affecting the users. As per shodan.io, Virtual Network Computing systems amount to more than 600,000 servers accessible from the global network. However, the real number of VNC installations is multi-fold considering that devices are only accessible within local networks.

            VNC systems provide remote access to one device from the other, courtesy of a remote frame buffer (RFB) protocol. According to researchers at cybersecurity firm Kaspersky, VNC systems have become some of the most popular desktop sharing tools to date due to their multiple-platform availability and multiple open-source versions. Approximately 32 per cent of industrial network computers have some form of remote administration tools including VNC and they are actively used in automated industrial facilities enabling remote control of systems.

          • How Agencies Can Use Open Source Intelligence to Close Cybersecurity Loopholes: Open source intelligence isn’t just for spies.

            A few OSINT programs I examined specialized in specific aspects of intelligence gathering. For example, Shodan looks at the Internet of Things as well as operational technology devices found in places like power plants and the utilities industry. Metagoofil is optimized to pull hidden metadata from public documents. Simply point it at PDFs, Word files, PowerPoint slides, Excel spreadsheets or almost any document repository, and it will ferret out things like the names of authors and editors who worked on them, even if that information was not specifically disclosed.

          • Designing security for an open-source, containerized, cloud-native world

            Sysdig is the original creator of Falco, which Degioanni described as an open-source Cloud Native Computing Foundation phased anomaly detection system that’s based on collecting high granular data from a running Kubernetes environment.

          • 5 Best Free Password Managers

            Password managers are fantastic privacy tools, but they are even better when they are free! In this article, we list the five best free password managers.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

          • Privacy/Surveillance

    • Monopolies

      • Patents

        • In filing with Ninth Circuit, Intel draws analogy between Qualcomm’s business model and Dr. Frankenstein’s monster

          There’s significant overlap between the briefs, but also unique elements to each of them. Every such filing serves a purpose, even the one that George Soros funded–as the latter makes, apart from some far-fetched theories and overregulatory ideology, a number of surprisingly reasonable points (like a limited dose of a poisonous substance potentially serving a medical purpose) and may appeal to any ultraliberal(s) on the panel (a political inclination the Ninth Circuit has a reputation for, though President Trump–the most profilic nominator of federal judges in history–has already brought some balance to that bench).

          A strong showing by amici curiae was definitely needed here as Qualcomm technically has “the United States [Government]” on its side, though Antitrust AAG Makan “Macomm” Delrahim is simply a former (and presumably future) Qualcomm lawyer shamelessly–and often absurdly–acting against overall U.S. economic and national security interests in this context. That he has gotten away with this for such a long time is all the more astounding considering that his boss, Attorney General William Barr, once testified against Qualcomm and its business practices.

          As I just said, each of those many pro-FTC submissions serves a purpose. For an example, the Computer & Communications Industry Association’s brief, in addition to the CCIA having some members that are not involved with the three other industry bodies who made such filings, is a pretty good primer on the case (especially together with Professor Jorge Contreras’s brief), while the Fair Standard Alliance brief presupposes a certain level of understanding–and ACT | The App Association made a particularly forceful submission that warns against the consequences of an acquittal.

Links 1/12/2019: Genode OS 19.11 Release, Sam Hartman (DPL) Speaks Out on SystemD

Posted in News Roundup at 3:52 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Ask Slashdot: Is Your Company Using Linux Desktops?

        I bet Slashdot’s readers have stories to tell, with enlightening experiences in corporate workplaces over the years gone by. So feel free to share your thoughts, opinions, and anecdotes in the comments.

        And is your company using Linux desktops?

    • Kernel Space

    • Benchmarks

      • Threadripper 3970X Performing Better On Windows Relative To Linux – Thanks To Microsoft Or Zen 2?

        With the AMD Ryzen Threadripper 3970X benchmarks on Windows 10 and Linux, Ubuntu 19.10 and other common distributions were just ~2% faster than the Microsoft OS and Clear Linux was just ~10% faster, based on 80+ benchmarks carried out. Those margins are much closer than we have seen with past iterations of Threadripper, but is that due to the Zen 2 microarchitecture and the improved topology of the new Threadripper CPUs or due to Microsoft’s scheduler changes and other software improvements made in Windows 10 November 2019 Update? Here are some benchmarks.

    • Applications

      • 4 best Slack alternatives on Linux

        Slack is a chat app for the workplace. It is used to organize teams, discuss projects, and communicate with co-workers. Overall, Slack is an excellent product and has many useful features. However, not everyone on Linux appreciates Slack. So, in this list, we will discuss the 4 best Slack alternatives on Linux.

      • 4 best Android emulators on Linux

        Are you looking to emulate Android apps on Linux? Tried out a few apps in the past but not sure what ones are good to use? We can help! Here are the 4 best Android emulators to use on Linux!

    • Instructionals/Technical

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KF6 Sprint in Berlin

          Last week I arrived on a rainy Thursday evening in Berlin to attend the KDE Frameworks Kickoff sprint. The next three days were spent with discussions and ideas about the future of the libraries that are the base of most of the software of the KDE Community.

          After arriving at MBition GmbH on Friday we started with reviewing the policies that were in place the last few years for KDE Frameworks 5. This includes for example the release model or on which Qt version to depend. After lunch David Edmundson and Eike Hein gave talks about the KDE community in general and about the advantages using KDE Frameworks libraries can bring to the employees at MBition. In the afternoon that the discussion switched from the past to the future and our goals and design principles that we have in mind for KDE Frameworks 6. Later we already outlined problems with specific frameworks and how our goals will impact them.

          After a needed dose of sleep Saturday started right where Friday left off. We split in small groups to investigate how our design goals (further simplification of dependencies, seperation of UI and logic and seperation of framework and implementation) would influence each library and what has to be done to achieve those goals. To this end each group discussed a single library at a time and after eight libraries in total the results were presented to the whole group. For this we started with the Tier 3 Frameworks which have the most complicated dependencies (Tier 1 Frameworks only depend on Qt).

    • Distributions

      • Windows 10 Clone On The Menu As Hackers’ Favorite Hacking Tool Gets Update

        The feature itself is officially known as Kali Undercover, a theme that can be applied to make the Kali user interface appear to be plain vanilla Windows 10 instead if you don’t look too closely. This theme is part of the fourth, and final, Kali Linux release of 2019 that went public November 26. This update was a big one and has received a mixed reception from the hacking Twitterati who either love the new “Xfce” desktop environment which moves away from the previous Gnome default which is described as coming with “overhead that is not useful for a distribution like Kali,” in the release blog. The new Xfce desktop “does only what it’s needed for, and nothing else,” and is best described as a lightweight yet performance-boosting environment. Offensive Security, the penetration testing and security training company that maintains and funds Kali Linux development, knows the new user interface (UI) won’t be for everyone. “UI can be a bit like religion,” Offensive Security said, “if you don’t want to leave Gnome don’t worry.” That’s because there’s still a Gnome build available, although over time it is expected to morph into something closer to the Xfce user experience regardless.

      • Devuan Family

        • The File /var/lib/dbus/machine-id Matters For Your Privacy (and Devuan Fixed It)

          A few days ago Devuan ASCII 2.1 was announced and one update has been overlooked by most media outlets: our dbus patch to re-generate machine-id at every boot.

          This patch matters for everyone’s privacy and I hope more distributions will follow our example, let alone Debian. We are dealing with important privacy implications: non-consensual user tracking is illegal in many countries and is not even mentioned in the machine-id documentation so far.

      • Debian Family

        • Sam Hartman: The Case for Proposal B
          This is my personal opinion, not that of the project leader. Tomorrow,
          I'll write an essay trying to discuss the various options in with as
          little bias as I can manage (although even that will be Sam's opinion).
          Several people have asked me why I included Proposal B.
          This is my answer.
          While I was talking to people about systemd and init systems, people
          seemed to inherently assume that being uncomfortable with systemd meant
          that you were in favor of sysvinit, or at least init-script based
          solutions. At least, people who were heavily involved in the issue made
          that assumption. That didn't resonate with me.
          Several concerns commonly raised with systemd resonate with me:
          It combines a bunch of things in one project; as an example how you
          start daemons ends up being tied to how you configure the network.
          This combination seems like it might reduce innovation at least
          outside of the systemd ecosystem, because interfaces are coupled.
          It is Linux specific
          Of these, the biggest concern for me is the idea that systemd might
          stifle innovation by becoming one point of control.
          And yet, in my opinion, systemd is vastly superior to the current
          alternatives. I'd far rather be writing service units than init
          scripts. They are more declarative. Dependencies that I care about are
          easier to express. There are better security isolation facilities. In
          non-Debian work I've found that I depend heavily on systemd because it
          is easier and more pleasurable to code to than the alternatives.
          Declarative syntax for managing users is useful. I haven't personally
          seen the huge joy of socket activation, but if I were writing somewhat
          different things, perhaps I would. Given
          the options today, I would pick systemd hands down and not look back.
          But what about tomorrow? For me, one of the great things about Debian
          has been that it's possible to integrate new technologies and to try
          things out. Debian has been the OS where I and many others could try
          out new technologies and figure out what it was like to fully integrate
          them into the operating system. Systemd is the best we've got now, but
          I'm reluctant to step away from Debian as a platform for innovation and
          Yet I don't think focusing on sysvinit or other init-script based
          solutions actually has anything to do with the kind of innovation I'm
          talking about. I understand that for people who value sysvinit (or
          something like runit) above systemd, that work is valuable. My
          experience is that for my needs, systemd is a better fit. I wanted a
          proposal that allowed us to maintain Debian as a platform for innovation
          without focusing on the legacy of init scripts. I think that if there
          is going to be something that some day replaces systemd, it will support
          service units (or a significant subset) not init scripts. I suspect it
          will have a way to handle socket activation and so on. And I cannot
          imagine a future systemd replacement that does not have advanced
          security isolation features.
        • Steinar H. Gunderson: More about the DDR arcade CDs

          I’m continuing my journey throughout the world of the Dance Dance Revolution arcade CDs; it would be interesting to see how moddable they are, even though I don’t have a machine myself (obviously, MAME is absolutely essential here).

          One key fact that I didn’t know about last time, but was eventually alerted to after looking at others’ work, is that the software in flash runs off of a virtual filesystem (VFS). This makes things incredibly much easier than mucking around with offsets everywhere. It’s sort of a strange hybrid, though; read on for more.

          The System 573 mainboard has 16 MB (or 128 Mbit, if you wish) of onboard flash, spread over a few banks, and for the newer digital mixes, this is augmented with a 32 MB PCMCIA flash card (I believe the system can technically address 64 MB, but no software uses it, to the best of my knowledge). When installing the software from CD-ROM, it blits a file called GAME.DAT into the onboard flash and CARD.DAT into the PCMCIA card (plus sets up some checksums at 0xfe0000). Except for a few hard-coded items, they seem to largely be treated equivalently, simply as different backing stores for a single VFS.

          When booting up regularly (SW4 set to booting from flash), it jumps to an address very early in the flash, which contains the bootloader (called boot/psx.bin in the VFS; but the VFS has a too short size for it, so if you trust the size when extracting it, it gets too short!). The bootloader reads the (encrypted) configuration file from 0xFE2000 (addressed as “/.raw=0x1fc4,0×2000” in the VFS, probably partially related ot that the flash is mapped up at 0x1f000000), which contains information about how to address the two flash devices and a bit more. It also reads the file table for the VFS at 0xFE4000, and from there, it’s mostly filesystem time: The bootloader then loads the game itself from soft/s573/aout.exe and boots it.

        • Paul Wise: FLOSS Activities November 2019
        • Chris Lamb: Free software activities in November 2019
        • Sylvain Beucler: Debian LTS and ELTS – November 2019

          Sylvain Beucler: Debian LTS and ELTS – November 2019Here is my transparent report for my work on the Debian Long Term Support (LTS) and Debian Extended Long Term Support (ELTS), which extend the security support for past Debian releases, as a paid contributor.

          In November, the monthly sponsored hours were split evenly among contributors depending on their max availability – I was assigned 24.5h for LTS (out of 30 max) and 20h for ELTS (max).

          Multiple vulnerabilities come from in-process fuzzing (library fuzzing with compiler instrumentation, as opposed to fuzzing a user executable). This is an interesting technique, though those are harder to reproduce, especially with older versions or (even worse) forks. A significant portion of such vulnerabilities comes from google’s OSS-117Fuzz infrastructure.

        • Sparky news 2019/11

          The 11th monthly report of the 2019 of the Sparky project:

          • waterfox package changed its name to waterfox-classic-kpe
          • Sparky 2019.11 Special Editions: GameOver, Multimedia & Rescue released
          • Sparky 2019.11.1 MinimalGUI released to fix: GNOME Shell and KDE Plasma fresh installation; and removing some packages from live
          • added new locales to Sparky tools: Greek provided by jidan; and updated Italian and Japanese locales as well; thank’s a lot for translations
          • Linux kernel updated up to version 5.4.1 & 5.3.14
          • CDE desktop updated up to 2.3.1 (stable & testing lines)
          • added to repos: Videomass

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Genode OS

        • Genode OS Framework release 19.11

          Block-device encryption is a feature often requested by users of our Sculpt OS. Until now, we deliberately left this topic unaddressed because we felt that a profound answer was beyond our expertise. However, during the past year, we dived deep into it. The result is the prototype for a new block encrypter that encrypts data but also protects integrity and freshness. For us, the implementation of the encrypter is especially intriguing because – with about 7000 lines of code – it is Genode’s first non-trivial component written in the SPARK programming language.

          The second major addition is a new virtual machine monitor (VMM) for 64-bit ARM platforms such as the NXP i.MX8. It leverages the proof of concept we developed in 2015 for ARMv7, which we pursued as a technology exploration. In contrast, our aspiration with the new VMM is a product-quality solution.

          In our road map for 2019, we stated the “bridging of worlds” as our overall theme for this year. On that account, the current release moves the project forward on two levels. First, by successively increasing the scope of POSIX compatibility, we reduce the friction when porting existing application software to Genode. We managed to bridge several gaps in our POSIX support that we considered as impossible to cover some years ago. In particular, we identified ways to emulate certain POSIX signals, ioctl calls, and fork/execve semantics. This way, popular software such as bash, coreutils, or Vim can now be executed as regular Genode components with no additional runtime environment (like Noux or a VMM) required.

        • Genode OS Framework 19.11 Brings Initial Block Device Encryption Code

          It’s been nearly a decade now that we have been tracking Genode as an interesting open-source operating system framework.

          Genode employs a micro-kernel abstraction layer and various other components written from scratch and not derived from Unix/Linux but offering good POSIX compatibility and continuing to allow more open-source software to build for this platform focused on security.

      • SaaS/Back End/Databases

        • Building FHIR Applications with MongoDB Atlas

          After a vigorous competition, the team at Asymmetrik was awarded winner of the reference implementation of a secure open source FHIR server based on MongoDB. For a deeper dive, the source code is available for developers and architects under the MIT license.

      • Programming/Development

        • A beginner’s guide to C++ Ranges and Views.

          C++ Ranges are one of the major new things in C++20 and “views” are a big part of ranges. This article is a short introduction for programmers that are new to C++ Ranges.

        • Keith Packard: picolibc-float

          Smaller embedded processors may have no FPU, or may have an FPU that only supports single-precision mode. In either case, applications may well want to be able to avoid any double precision arithmetic as that will drag in a pile of software support code. Getting picolibc to cooperate so that it doesn’t bring in double-precision code was today’s exercise.

        • First Stack Buffer Overflow to modify Variable
        • Perl / Raku

          • Advent Calendar – December 1, 2019

            For the purpose of testing the programs below, the words.txt file is located in my current directory. Obviously, when we will be reading the list, we will need to keep only the words having the same length as the two input words.

            This task is much more complicated than the other task of this week challenge (and than most previous challenges). In fact, my first reaction when reading the problem was, “Gosh, I’ve got no idea how I’m going to solve that”. In such case, it is often a good idea to try to break up the problem into smaller ones.

            The first thing that we must be able to do is to figure out whether one word can be transformed into another with just one letter change. It would probably be also very useful to know whether this can be done with two letter changes, three letter changes, etc. For this, we may want to use a well-known CS string metric named the Levenshtein distance or Levenshtein edit distance, which is the smallest number of single-character edits (insertions, deletions or substitutions) required to change one word into the other. In the case of this challenge, however, we probably don’t need to consider insertions and deletions, but are interested only in substitutions.

            Once we have a routine to compute the Levenshtein distance, we might try to use brute force with backtracking to test all possibilities, or an optimized version thereof able to remove non optimal paths relatively early in the process, or a branch and bound algorithm, or implement some form of Dijstra’s algorithm for shortest paths.

        • Python

          • Test and Code: 95: Data Science Pipeline Testing with Great Expectations – Abe Gong

            Data science and machine learning are affecting more of our lives every day. Decisions based on data science and machine learning are heavily dependent on the quality of the data, and the quality of the data pipeline.

            Some of the software in the pipeline can be tested to some extent with traditional testing tools, like pytest.

            But what about the data? The data entering the pipeline, and at various stages along the pipeline, should be validated.

            That’s where pipeline tests come in.

            Pipeline tests are applied to data. Pipeline tests help you guard against upstream data changes and monitor data quality.

            Abe Gong and Superconductive are building an open source project called Great Expectations. It’s a tool to help you build pipeline tests.

            This is quite an interesting idea, and I hope it gains traction and takes off.

          • PyOpenGL 3.1.4 is Out

            So I just went ahead and pulled the trigger on getting PyOpenGL and PyOpenGL Accelerate 3.1.4 out the door. Really, there is little that has changed in PyOpenGL, save that I’m actually doing a final (non alpha/beta/rc) release. The last final release having been about 5.5 years ago if PyPI history is to be believed(!)

          • Weekly Python StackOverflow Report: (ccv) stackoverflow python report
      • Standards/Consortia

        • AMIA encourages NIH to fund FHIR for interoperability and clinical research

          While the FHIR standard is not a cure-all for interoperability challenges, the protocol has seen big momentum in recent years, and is seen as an important bridge between newer mobile devices and hospital networks.

          As a web-based spec that has seen a significant amount of buy-in, the standard could have a large impact on the ability of researchers to access better data.

        • AMIA: FHIR is not suitable for research, needs NIH R&D funding

          According to AMIA, it is critical that NIH assume a leadership position to coordinate a research and development strategy for using FHIR for research and that the agency devote “substantial resources” to the effort.

          Specifically, AMIA recommended that NIH directly fund FHIR research and development through grants; indirectly fund FHIR through special emphasis notices and project requirements that prioritize projects that will use FHIR; and educate the research community and help represent it in activities supported by HL7, the Office of the National Coordinator for Health IT and other standards developing organizations that have an interest in FHIR.

  • Leftovers

    • Indian IT 4.0: Upping the ante on innovation

      India is home to more than half a billion internet subscribers, making it one of the largest and fastest-growing markets for digital consumers. According to a Mckinsey Report, by 2025 widespread digital adoption has the potential to create significant value in all sectors of the economy – for example, E-commerce and digital supply chain have the potential to create $35billion worth value by 2025.

      Also, India is ranked third in the global startup index. According to the Economic Survey, the Indian startup ecosystem witnessed a funding of $7.5 billion in 2018 as compared to $4.3 billion in 2017. As per industry-wide distribution of recognized startups, IT Services accounted for around 15 percent, followed by Healthcare and Life Sciences at around nine percent, and education at eight percent. Start-ups like Byju’s, Swiggy, Oyo Rooms, PayTM, Zomato are all based on technology and they have transformed the face of their respective sectors dramatically.

    • Integrity/Availability

      • Proprietary

        • Security

          • Privacy/Surveillance

            • Microsoft Funds Facial Recognition Technology Secretly Tested on Palestinians

              If you’ve been paying attention, it should come as no surprise that the latest in facial recognition technology is already being weaponized by governments and corporations. Most recently, AnyVision, an Israeli facial recognition tech company funded by Microsoft, has been wielding its software to help enforce Israel’s military occupation, using the occupied West Bank to field-test technology it plans to export around the world.

            • Corporate Spies Are Watching Organized Labor

              Google’s computers are spying on its workers.

            • Google’s “smart city” in Toronto: what it wanted, what it will now get – and why it’s still problematic for privacy

              Earlier this year, Privacy News Online wrote about the latest news concerning plans to create a model “smart city” on Toronto’s waterfront. The company involved, Sidewalk Labs, is part of the Alphabet stable, along with Google. In an attempt to quell fears about privacy and other aspects of the plan, Sidewalk Labs released 1500 pages of documentation spelling out what it wanted to do in Toronto.

            • Whatsapp India reports first profit of Rs 57.18 lakh for FY 2019

              Facebook-owned Whatsapp might have begun commercialising its messaging platform in India just two years ago, but recent disclosures with the Registrar of Companies (RoC) show that Whatsapp India has gone from nil revenue in the 2017-18 financial year (FY18) to actually turning a profit in FY19.

              According to the RoC documents, the unit’s revenues have been derived from its IT-enabled business process and outsourcing services. The messaging platform, which has rapidly become the most preferred messaging service in India, had launched its first business offering for entrepreneurs and corporates in January last year with the roll out Whatsapp Business.

    • Defence/Aggression

      • Iraqi Crowds Erupt in Joyous Celebrations as PM, Elected Under Bush Constitution, Offers to Resign

        AFP Arabic reports that Iraqi Prime Minister Adel Abdulmahdi said Friday he would tender his resignation this weekend after five weeks of massive protests throughout Iraq.

      • What’s Next for Bolivia After Military Coup?

        In 2005, I sat in a lounge off the Senate chamber in La Paz, Bolivia, waiting for an interview. I was wearing my best coat and tie. With my thinning hair and grey mustache, I could pass for a Bolivian of European descent. In fact, numerous people smiled and said “buenos días,” as if I was a familiar face.The senators were mostly white men, reflecting the makeup of Bolivia’s

      • Focus on Early Release of Terror Convict in London Stabbings

        Usman Khan was convicted on terrorism charges but let out of prison early. He attended a “Learning Together” conference for ex-offenders, and used the event to launch a bloody attack, stabbing two people to death and wounding three others.

      • 80 years ago: First day of the Winter War

        In a 1930′s case of “fake news”, Soviet state radio claimed Finnish reports of the air raids were false and that the Soviet Air Force had merely been dropping bread to the starving masses of Helsinki.

    • Transparency/Investigative Reporting

    • Environment

    • Finance

      • A Corporate Tax Even Republicans Should Love

        I moved away from my hometown of Litchfield, Minnesota, several decades ago, and since that time, my politics have veered to the left as those in my hometown have veered to the right. Donald Trump won my family’s western Minnesota congressional district by over 30 percentage points.

      • NHS Staff to Lead Protest Against Trump During His Trip to the UK Amid Rising Privatization Concerns

        The demonstration plans come as new research reveals that nearly £15 billion in health service contracts have been given to private firms since 2015, casting doubt on Tories’ claims that NHS isn’t “up for sale.”

      • Why Are Students Angry? Is Conflict Over Public-Funded Higher Education Only Reason?

        No one in India asked these ­questions when tanks rolled into Tiananmen Square in 1989, after ­student-led protests brought million-­strong crowds into that iconic venue in central Beijing, defying China’s ­authoritarian one-party rule and seeking various freedoms. No one asked this when American students protested against the Vietnam War five decades ago, forcing the Nixon ­administration to blink. Or when the Soweto uprising by Black students in 1976 set in motion a chain of events that turned history’s page on the world’s last legally racist regime. Or when students without count became the lifeblood of India’s freedom movement—joining Gandhi, or sundry revolutionary movements, filling up jails. It’s only the ruling elite in each instance that asked the question. It’s only after freedom that dissenting students again became a troubling bogey, with the Naxalite movement. Or Assam. Or the protests against Indira Gandhi’s authoritarianism. A whole galaxy of mainstream politicians—from the recently dec­eased Arun Jaitley to the jailed Laloo Prasad Yadav to Nitish Kumar and Union minister Ravi Shankar Prasad—found their life’s calling as protesting ­students before or around the Emergency. In world history or in India’s, student politics has been so deeply constitutive of politics that the question “why” can only come from those utterly innocent of history.

    • AstroTurf/Lobbying/Politics

      • Impeachment’s Influence Hazy as Issue in Congressional Races

        Republicans aim to use the House drive toward impeaching President Donald Trump to whittle down Democrats’ majority by dislodging vulnerable incumbents from swing districts loaded with moderate voters.

      • WTO Shutdown: This Is What Democracy Looked Like

        WTO Shutdown 20-Year Anniversary Series:The Shutdown WTO Organizers History Project and Common Dreams have produced this series of ten people’s history accounts and forward-looking lessons from organizers who were in the streets of Seattle in 1999—at the very end of last century…

      • Many Evangelicals Excuse Anything Trump Does — Because He’s the “Chosen One”

        Energy Secretary Rick Perry is the latest Trump official or acolyte to prostrate himself, using cult-like terms, before the president. Trump is, in Perry’s worldview, a man tagged by God to occupy his leadership role. In this, the energy secretary is echoing Secretary of State Mike Pompeo – who has averred Trump may have been chosen by God to defend Israel against Iran – and Sarah Huckabee Sanders, Trump’s erstwhile press secretary, who also argued that God had played a role in Trump’s election. Perry is also mimicking ex-Congresswoman Michele Bachmann, who has argued that Trump is the most “godly, Biblical president” in her lifetime. He is following in the footsteps of Jerry Falwell Jr.’s Liberty University, which produced a movie in 2018 titled The Trump Prophecy that likewise argued President Trump had been chosen by God.

      • Biden Heads to Iowa Looking for a Rebound in Key State

        Joe Biden’s eight-day bus tour across Iowa comes with a message: Reports of his demise in the nation’s first presidential caucus state have been greatly exaggerated.

      • Apple taking ‘deeper look’ at disputed borders for its Maps

        Apple, which showed the controversial annexed Crimean peninsula as part of the Russian territory on its location-based apps, has changed how Crimea is displayed in its Maps and Weather apps and will take a “deeper look” at how disputed borders are shown.

    • Civil Rights/Policing

      • Preparing Native Youth to Steward Ancestral Lands

        It had been more than a 100 years since the Nimíipuu (Nez Perce) people launched a carved canoe in eastern Oregon’s Wallowa Lake. And now in this place, beloved by Chief Joseph and his people, crews from several tribal canoes had gathered and joined in song—songs sung in their language and not heard on that water in generations. Tiyana Casey recalls the power of the occasion…

      • The Last Volunteers On An Island Paradise

        NGOs and volunteers assisting with the migration crisis on Chios, in the Greek Isles, are being forced to pick up the slack from the failed efforts of government and EU authorities. But not only are they being penalised for it, local opposition and resentment continues to swell. Gemma Clarke reports.

      • “Why I Can’t Feel Safe In Bharat”: Woman Sits On Solo Protest Outside Parliament, Detained

        A woman, in her mid 20s, sat on a pavement near parliament on Saturday morning protesting over crimes against women, police said.

        The woman identified as Anu Dubey was holding a placard with a slogan “why I can’t feel safe in my own Bharat” while sitting on the pavement near Parliament gate number 2-3, they said.

        She was asked to go to Jantar Mantar to continue her protest, but when she refused, she was taken to the Parliament Street Police Station in a police vehicle and was seen sobbing, a senior officer said.

      • Sindh govt to grant paternity leave to fathers

        Officials in the provincial government said the finance ministry had written to the authorities in the Sindh Secretariat and other related departments to allow for the 10-day paternity leave for its employees.

    • Monopolies

      • Patents

        • Antitrust think tanks urge Ninth Circuit to affirm Judge Koh’s FTC v. Qualcomm ruling

          As of Saturday morning, 14 (!) amicus curiae briefs supporting the FTC against Qualcomm before the Ninth Circuit have been filed. The previous post discussed Professor Jorge Contreras’s submission as well as a brief signed by 40 law and economics professors. It’ll take a few more posts before I’m done with that flood of filings…

          The American Antitrust Institute (AAI) and Public Knowledge (PK)–the latter is, as the name suggests, more IP-focused, while the former is all about competition enforcement and has more than 130 antitrust lawyers, professors, economists and executives on its advisory board–made a joint submission (this post continues below the document):

        • Former Secretary of Homeland Security, former FTC chairman, and conservative think tank dismiss Qualcomm’s and DOJ’s “national security” arguments

          In its answering brief to Qualcomm’s Ninth Circuit antitrust appeal, the FTC says Qualcomm simply “abandoned” its national security argument before the district court and can’t revive it now. Nevertheless, many of the (by now) 14 amicus curiae briefs supporting the FTC address the topic to some extent–and the one filed by the R Street Institute (a think tank close to the GOP) even focuses entirely on why any “national security” concerns over Judge Lucy H. Koh’s ruling are unfounded because, if anything, Qualcomm’s monopoly poses a threat to national security (this post continues below the document):

        • Four IT industry bodies support FTC against Qualcomm’s appeal: once again, The Industry v. Qualcomm

          In the January 2019 trial, Qualcomm’s #1 problem was that virtually the entire mobile device industry testified against it (apart from a very few companies who, like Qualcomm, refuse to license chipset makers, though a couple of them once lodged their own antitrust complaints against Qualcomm for that reason). In terms of amicus briefs filed with the Ninth Circuit, it’s pretty much the same picture again: companies who failed in the mobile phone business and trolls support Qualcomm (as does Makan “Macomm” Delrahim, the Antitrust Assistant Attorney General who used to work for Qualcomm), while the rest of the industry presents a united front and supports the FTC.

          The collective membership of the four high-tech industry bodies who filed amicus curiae briefs in support of the FTC goes far beyond the ones whose testimony mattered to the district court. That’s because those organizations have many members who care about standards but don’t necessarily implement the cellular standards at issue in this particular case.

          The groups who have now made filings for the FTC and against Qualcomm cound companies like Amazon, Apple, Google, Facebook, Microsoft (those five are sometimes collectively referred to as “GAFAM”) among them, but also the likes of Intel, Cisco, eBay, Salesforce, Uber, and major carriers like Sprint, T-Mobile, and Verizon.

          That’s basically the most vibrant part of the U.S. economy. (We’ll also talk about a couple of briefs filed by automotive industry groups, but not in this post.) And as the briefs note, those companies invest huge amounts in R&D and hold vast numbers of patents.

      • Copyrights

        • SET TV Operator and Manager Must Pay Millions in Piracy Damages

          Amazon, Netflix, and several Hollywood studios have added another victory to their legal track record. A federal court in California has granted a default judgment which orders the owner and an employee of the IPTV service Set-TV to pay over $7 million in piracy damages.

Maximalists Cherry-Picking the So-Called ‘Corbyn’ ‘Leak’ for Their Patent Agenda While the US Lobbies Britain for Software Patents and Worse

Posted in America, Europe, Law, Patents at 3:30 am by Dr. Roy Schestowitz

Not Jeremy Corbyn’s and not a leak, either

Some buzzwords for algorithms
Let’s examine the originals. And more importantly, let’s look at the right part (about a dozen pages out of nearly 500 pages) and what it tells us about software patents in Europe as seen by the US, where 35 U.S.C. § 101 restricts the USPTO like the EPC is supposed to restrict the EPO (they use buzzwords as loopholes and workarounds)

Summary: A quick look at what last week’s media coverage may have missed and what patent maximalists don’t want to tell us about confidential trade-related documents

THE European Patent Office and US Patent and Trademark Office are both interested in software patents. What’s not to like? More income!!! António Campinos (like Battistelli) continues to undermine the EPC and the EPO nowadays brags about getting the US to adopt software patents using a bunch of nonsense like “hey hi” (they both use the same tactics, as we’ve shown here many times before).

The ‘leaks’ often attributed (in last week’s media reports) to Corbyn were not actually his or his party’s. They had been posted to Reddit weeks ago. They were published under the title “Great Britain is practically standing on her knees working on a trade agreement with the US” (seems apt).

We’ve made local copies of these files for longterm preservation purposes. There are six PDF files in a compressed archive.

Here’s the relevant stuff:

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

UK-US policy leak

Points 25-26 in page 124 are of much relevance. Is the US pushing for software patents and patents on life/nature in the UK and Europe as a whole? It certainly seems so. Those parts deal mostly with patent scope. USTR is pushing corporate agenda of Big Pharma and other large multinational monopolists.

“The ‘leaks’ often attributed (in last week’s media reports) to Corbyn were not actually his or his party’s.”Let’s look at what patent maximalists and UPC boosters like AstraZenecaKat aren’t telling us. As we said last week, the United States found itself baffled by UPC moves of the British government and the issue was raised days later by AstraZenecaKat, only to attract a bunch of interesting comments that we quoted here yesterday. Revocator wrote:

I’ve read the papers (well, the IP-relevant bits), and there was one tidbit regarding the US position on the grace period that intrigued me hugely. Namely, the US negotiators appear to have noted that SOME EPO member states do have such a grace period. The British seem to have essentially retorted that those countries may be small and irrelevant enough to get away with that, but that the UK would jeopardize its position within the EPC if it did the same. Now, does anyone know which EPC countries do that (if any)?
On another, entirely different subject, left unmentioned by the IPKat, it comes as no surprise that the US negotiators were particularly insistent in registering their displeasure with the EU’s PGI system…

“Revocator,” MaxDrei replied, “could it be that the USA is eying the 10 year term petty patent/utility model GBM system in Germany, with its 6 month grace period? After all, in the USA they call Registered Design rights “Design Patent” rights so it’a easy for them to suppose that GBM’s are utility patents with a grace period and the EURD is a 25 year patent with a grace period.”

“In summary, the US ‘bullies’ an already-embattled Britain (due to that controversial referendum) into granting the US corporations endless powers, protectionism and codified monopolies.”I’ve quickly read all the above. There’s no need to rephrase things. It’s pretty clear as it is. In summary, the US ‘bullies’ an already-embattled Britain (due to that controversial referendum) into granting the US corporations endless powers, protectionism and codified monopolies. They’re bargain-hunting. This is what happens when one negotiates out of position of considerable weakness. As the old saying goes (or hashtag), “Well Done Brexiters…”

Donald Trump lobbied for Brexit (before and after becoming President, before and after the referendum as well) and now he’s eager to pocket the UK. Media has mostly focused on the US-centric privatisation of the NHS, casting aside almost everything else.

IRC Proceedings: Saturday, November 30, 2019

Posted in IRC Logs at 2:44 am by Needs Sunlight



#techrights log

#boycottnovell log



#boycottnovell-social log

#techbytes log

Enter the IRC channels now

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts