EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.07.19

Fake European Patents (on Algorithms) Leading to Fake Embargoes

Posted in Courtroom, Europe, Patents at 11:21 pm by Dr. Roy Schestowitz

35 U.S.C. § 101 would void corresponding USPTO patents

A dreamworld corporate

Summary: Law firms have gotten their way in Germany; instead of supporting the productive workers the patent system is nowadays promoting the litigation ‘industry’ and it ought to be corrected

CITING Sueddeutsche Zeitung (SZ), which used to cover European Patent Office (EPO) scandals, my online friend said that “BlackBerry wins German patent injunctions against Facebook, WhatsApp, Instagram over four (most likely invalid!) software patents” (he pinged Facebook and pinged “Ip2Innovate” about it).

“The Munich I Regional Court ordered a #patent injunction against #Facebook, #WhatsApp, #Instagram,” he said in another tweet. “It’s feature-specific but still, those are simply #softwarepatents that shouldn’t even be allowed in Europe. Germany needs patent reform badly! #BlackBerry is a troll.”

“It doesn’t matter if the software we developed is proprietary or Free software. It doesn’t even matter if we develop software or merely use it.”We’ve said that for years and we hope he will help us (Techrights, FFII etc.) fight back against fake software patents in Europe — an urgent and growing problem!

“I am stunned that the court didn’t stay all five cases over serious doubts concerning the validity of those patents,” he wrote. “When I looked at the claims of the patents-in-suit earlier this year, I quickly concluded that they’d all be highly likely to be annulled…”

This is a pretty decent article about a serious problem. It’s a good article about fake European Patents on software. If the Office grants invalid patents (IPs) that are abstract and incompatible with the EPC, we all suffer as a result. It doesn’t matter if the software we developed is proprietary or Free software. It doesn’t even matter if we develop software or merely use it.

“..they want lenient courts that accept — i.e. presume to be valid in a great rush — invalid patents and then grant injunctions for quick settlements (embargoes/sanctions can be ruinous enough to lead to it, irrespective of justice/truth).”Citing 5 European Patents, he names the following accused functionalities: showing two chat histories in parallel, automatically identifying user profiles containing partly identical data, sharing messages from the chat history, displaying chat history while text is being edited, chatting during gameplay.

There are actually European Patents on those things! Not only are these abstract; they are also trivial and there’s likely ample prior art.

From his post:

Sueddeutsche Zeitung (SZ), a Munich-based newspaper, reported yesterday evening on a set of Germany-wide patent injunctions that BlackBerry–once a smartphone maker, now basically a patent troll–just obtained against Facebook and its WhatsApp and Instagram subsidiaries over a total of four different patents covering chat features.

The injunction is provisionally enforceable. If BlackBerry posts a bond or makes a deposit, it can enforce the injunctions at this stage, though Facebook can appeal to the Munich Higher Regional Court and is, in parallel, challenging the validity of those patents before the Federal Patent Court of Germany. But Facebook has already told the media that the affected services–Facebook Messenger, WhatsApp, Instagram–wouldn’t go out of service in Germany: workarounds have been prepared, so the related features would have to be removed.

BlackBerry sued Facebook (with a focus on Facebook Messenger rather than the social media stream) and those two subsidiaries over five different patents, which I listed earlier this year and will list again further below.

[...]

I am stunned that the court didn’t stay all five cases over serious doubts concerning the validity of those patents. When I looked at the claims of the patents-in-suit earlier this year, I quickly concluded that they’d all be highly likely to be annulled by the Federal Patent Court of Germany (which also happens to be based in Munich, which is sort of the Capital of the Patent Movement, at least for Europe). That’s partly because software as such isn’t patent-eligible in Europe. While the courts rarely ever invalidate a patent as a whole on that basis, they do exclude any non-technical features from their novelty and non-obviousness analysis–and it’s hard to see how anything novel or inventive could be found in those patent claims that isn’t just software stuff without a technical effect. I already operated a chat service (as part of an online gaming network) in the 1990s and wrote an IRC client in 2000, so I know a lot of the prior art from hands-on experience.

What I have been able to find out is that BlackBerry, represented by Quinn Emanuel (a great firm that has not so great clients at times), had to narrow multiple patent claims-in-suit during the infringement proceedings just to address the court’s concerns over non-novelty. There are two problem with German patent infringement courts in the context to grant or deny a stay pending a nullity action. First, they apply an unreasonably high standard (and the “guru” from the Dusseldorf appeals court who has been promoting that high standard for many years more aggressively and fanatically than anyone else recently made dozens of employees of a small company lose their jobs–with Quinn Emanuel again on the enforcing side–over a patent subsequently held invalid). Second–though in many cases that’s even more important than the standard–they take only non-novelty (anticipation) arguments seriously and largely refuse to consider obviousness contentions (lack of inventive step) for no good reason (if they can rule on infringement without appointing expert witnesses, they certainly could also assess the existence of absence of an inventive step, but they just don’t want to).

Patent zealots from Mannheim, Düsseldorf and Munich (where António Campinos succeeded Battistelli) want us to think that everything is OK and even thriving. For the litigation ‘industry’? Sure. They don’t seem to care too much about the validity of granted patents; moreover, they want lenient courts that accept — i.e. presume to be valid in a great rush — invalid patents and then grant injunctions for quick settlements (embargoes/sanctions can be ruinous enough to lead to it, irrespective of justice/truth).

From Moderate Advice to FUD and Misinformation: The Case of a VPN Vulnerability (CVE-2019-14899)

Posted in FUD, GNU/Linux, Security at 1:16 pm by Dr. Roy Schestowitz

Sometimes it morphes to “Linux” and a false description of what’s happening

VPN fake news

Summary: What should have been a trivial bugfix in a variety of operating systems and bits of software — both proprietary and Free software — somehow became anti-Linux FUD, clickbait and worse

EARLIER in the week I saw a report about CVE-2019-14899. There was nothing exciting about it. I mentioned it briefly and then moved on. But the following day and especially two days later (after the announcement [1]) the press was absolutely flooding with reports, especially from insecurity companies and anti-Linux sites [2-22]. At times even deliberate lies were spread [23] (there are no attacks). See below a roughly chronological list/timeline. The initial report was calm and rational.

“The only shocking thing isn’t the bug but the level of media attention it has received.”When one carefully examines what’s at stake, the patching status (it’s not a zero-day hole), the severity and risk level etc. one begins to wonder what motivated all this attention. Much more severe issues are being discovered each week if not month.

We first mentioned this 2 or 3 days ago, without even filing it as a high-priority Daily Links pick. The only shocking thing isn’t the bug but the level of media attention it has received. This is not the first time such a thing happens. When similar issues affect Windows the media just describes these as “computer issues” or “PC”.

Related/contextual items from the news:

  1. VPN hijacking on Linux (and beyond) systems
    Hi all,
    
    I am reporting a vulnerability that exists on most Linux distros, and
    other  *nix operating systems which allows a network adjacent attacker
    to determine if another user is connected to a VPN, the virtual IP
    address they have been assigned by the VPN server, and whether or not
    there is an active connection to a given website. Additionally, we are
    able to determine the exact seq and ack numbers by counting encrypted
    packets and/or examining their size. This allows us to inject data into
    the TCP stream and hijack connections.
    
    Most of the Linux distributions we tested were vulnerable, especially
    Linux distributions that use a version of systemd pulled after November
    28th of last year which turned reverse path filtering off. However, we
    recently discovered that the attack also works against IPv6, so turning
    reverse path filtering on isn't a reasonable solution, but this was how
    we discovered that the attack worked on Linux.
    
    Adding a prerouting rule to drop packets destined for the client's
    virtual IP address is effective on some systems, but I have only tested
    this on my machines (Manjaro 5.3.12-1, Ubuntu 19.10 5.3.0-23). This
    rule was proposed by Jason Donenfeld, and an analagous rule on the
    output chain was proposed by Ruoyu "Fish" Wang of ASU. We have some
    concerns that inferences can still be made using slightly different
    methods, but this suggestion does prevent this particular attack.
    
    There are other potential solutions being considered by the kernel
    maintainers, but I can't speak to their current status. I will provide
    updates as I receive them.
    
    I have attached the original disclosure I provided to 
    distros@vs.openwall.org and security@kernel.org below, with at least
    one critical correction: I orignally listed CentOS as being vulnerable
    to the attack, but this was incorrect, at least regarding IPv4. We
    didn't know the attack worked against IPv6 at the time we tested
    CentOS, and I haven't been able to test it yet.
    
    
    William J. Tolley
    Beau Kujath
    Jedidiah R. Crandall
    
    Breakpointing Bad &
    University of New Mexico
    
    
    *************************************************
    
    
    **General Disclosure:
    
    We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS,
    iOS, and Android which allows a malicious access point, or an adjacent
    user,  to determine if a connected user is using a VPN, make positive
    inferences about the websites they are visiting, and determine the
    correct sequence and acknowledgement numbers in use, allowing the bad
    actor to inject data into the TCP stream. This provides everything that
    is needed for an attacker to hijack active connections inside the VPN
    tunnel.
    
    This vulnerability works against OpenVPN, WireGuard, and IKEv2/IPSec,
    but has not been thoroughly tested against tor, but we believe it is
    not vulnerable since it operates in a SOCKS layer and includes
    authentication and encryption that happens in userspace. It should be
    noted, however, that the VPN technology used does not seem to matter
    and we are able to make all of our inferences even though the responses
    from the victim are encrypted, using the size of the packets and number
    of packets sent (in the case of challenge ACKs, for example) to
    determine what kind of packets are being sent through the encrypted VPN
    tunnel.
    
    We have already reported a related vulnerability to Android earlier
    this year related to the issue, which resulted in the assignment of
    CVE-2019-9461, however, the CVE strictly applies to the fact that the
    Android devices would respond to unsolicited packets sent to the user’s
    virtual IP address over the wireless interface, but this does not
    address the fundamental issue of the attack and did not result in a
    change of the reverse path settings of Android as of the most recent
    security update.
    
    This attack did not work against any Linux distribution we tested until
    the release of Ubuntu 19.10, and we noticed that the rp_filter settings
    were set to “loose” mode. We see that the default settings in
    sysctl.d/50-default.conf in the systemd repository were changed from
    “strict” to “loose” mode on November 28, 2018, so distributions using a
    version of systemd without modified configurations after this date are
    now vulnerable. Most Linux distributions we tested which use other init
    systems leave the value as 0, the default for the Linux kernel.
    
    We have described the procedure for reproducing the vulnerability with
    Linux and included a section illustrating the differences in
    architecture.
    
    
    
    There are 3 steps to this attack:
    
    1. Determining  the  VPN  client’s virtual IP address
    2. Using the virtual IP address to make inferences about active
    connections
    3. Using the encrypted replies to unsolicited packets to determine the
    sequence and acknowledgment numbers of the active connection to hijack
    the TCP session
    
    
    
    There are 4 components to the reproduction:
    
    1. The Victim Device (connected to AP, 192.168.12.x, 10.8.0.8)
    2. AP (controlled by attacker, 192.168.12.1)
    3. VPN Server (not controlled by attacker, 10.8.0.1)
    4. A Web Server (not controlled by the attacker, public IP in a real-
    world scenario)
    
    The victim device connects to the access point, which for most of our
    testing was a laptop running create_ap. The victim device then
    establishes a connection with their VPN provider.
    
    The access point can then determine the virtual IP of the victim by
    sending SYN-ACK packets to the victim device across the entire virtual
    IP space (the default for OpenVPN is 10.8.0.0/24). When a SYN-ACK is
    sent to the correct virtual IP on the victim device, the device
    responds with a RST; when the SYN-ACK is sent to the incorrect virtual
    IP, nothing is received by the attacker.
    
    To quickly demonstrate this difference, we use the nping commands on
    the AP device running create_ap. The source IP is the gateway of our
    AP, the destination IP is the virtual IP assigned to the tun interface
    by the VPN client, ap0 is the interface create_ap created on the
    attacker device, and the destination MAC is the victim’s wireless MAC
    address.
    
    For example:
    
    The correct address generates a RST from the victim:
    
    nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.8 --
    rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    The incorrect address does not elicit a response from the victim:
    
    nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.9 --
    rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    Similarly, to test if there is an active connection for any given
    website, such as 64.106.46.56, for example, we send SYN or SYN-ACKs
    from 64.106.46.56 on port 80 (or 443) to the virtual IP of the victim
    across the entire ephemeral port space of the victim. The correct four-
    tuple will elicit no more than 2 challenge ACKs per second from the
    victim, whereas the victim will respond to the incorrect four-tuple
    with a RST for each packet sent to it.
    
    To quickly test this, we suggest creating a netcat connection on the
    victim device, such as this:
    
    Netcat 64.106.46.56 80 -p 40404
    
    The correct four-tuple generates challenge ACKs
    
    nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
    10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    The incorrect four-tuple generates a single RST for each packet sent:
    
    nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
    10.8.0.8 -p 40405 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    Finally, once the attacker determined that the user has an active TCP
    connection to an external server,  we will attempt to infer the exact
    next sequence number and in-window acknowledgment number needed to
    inject forged packets into the connection. To find the appropriate
    sequence and ACK numbers, we will trigger responses from the client in
    the encrypted connection found in part 2. The attacker will continually
    spoof reset packets into the inferred connection until it sniffs
    challenge ACKs. The attacker can reliably determine if the packets
    flowing from the client to the VPN server are challenge ACKs by looking
    at the size and timing of the encrypted responses in relation to the
    attacker's spoofed packets. The victim’s device will trigger a TCP
    challenge ACK on each reset it receives that has an in-window sequence
    number for an existing connection. For example, if the client is using
    OpenVPN to exchange encrypted packets with the VPN server, then the
    client will always respond with an SSL packet of length 79 when a
    challenge ACK is triggered.
    
    The attacker must spoof resets to different blocks across the entire
    sequence number space until one triggers an encrypted challenge ACK.
    The size of the spoof block plays a significant role in how long the
    sequence inference takes, but should be conservative as to not skip
    over the receive window of the client. In practice, when the attacker
    thinks it sniffs an encrypted challenge-ACK, it can verify this is true
    by spoofing X packets with the same sequence number. If there were X
    encrypted responses with size 79 triggered, then the attacker knows for
    certain it is triggering challenge ACKs (at most 2 packets of size 79
    per second).
    
    After the attacker has inferred the in-window sequence number for the
    client's connection, they can quickly determine the exact sequence
    number and in-window ACK needed to inject. First, they spoof empty
    push-ACKs with the in-window sequence while guessing in-window ACK
    numbers. Once the spoofed packets trigger another challenge-ACK, an in-
    window ACK number is found. Finally, the attacker continually spoofs
    empty TCP data packets with the in-window ACK and sequence numbers as
    it decrements the sequence number after each send. The victim will
    respond with another challenge ACK once the attacker spoofs the exact
    sequence number minus one. The attacker can now inject arbitrary
    payloads into the ongoing encrypted connection using the inferred ACK
    and next sequence number.
    
    This can be tested by observing the behavior from this sequence of
    commands, continuing with the same four-tuple:
    
    Using the four-tuple from the previous steps, we send RSTs in the
    sequence number range in blocks of 50,000 until we trigger a challenge
    ACK.
    
    nping --tcp --flags R --source-ip 64.106.46.56 -g 80 --dest-ip 10.8.0.8
    -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12 --seq [SEQ
    RANGE]
    
    If the packet lands in-window, the victim will respond with at most 2
    challenge ACKs per second. These packets are still encrypted and
    originate from the virtual interface, unlike with Android, but we can
    still determine the contents of these packets by their size. The
    encrypted challenge ACK packets are larger than the encrypted RST
    packets. You can run tcpdump on the victim machine to accelerate the
    testing of his process by viewing the actual sequence and
    acknowledgement numbers.
    
    After we have found an in-window sequence number, we locate an in-
    window acknowledgement by spoofing empty PSH-ACKs with the in-window
    sequence number and guessing the acknowledgement number by dividing the
    acknowledgement number space into eight blocks. In most instances,
    seven of these blocks will trigger challenge ACKs, but one of them will
    not, which allows us to quickly determine which block falls within the
    acknowledgement window. We are interested in the block that  does not
    respond with a challenge ACK. This behavior can be observed by using an
    in-window sequence number and an acknowledgement number in the block
    containing the correct acknowledgement number.
    
    nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
    10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
    -seq 12345678 --ack [ACK RANGE]
    
    Finally, using the in-window sequence and acknowledgement numbers, we
    spoof empty PSH-ACKs using the same in-windows acknowledgement number
    and decrementing the sequence number until we trigger another challenge
    ACK. This sequence number is one fewer than the next expected sequence
    number. We can then arbitrarily inject data into the active TCP
    connection.
    
    Continuing with our toy example:
    
    nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
    10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
    -seq [EXACT] --ack [IN-WINDOW] --data-string “hello,world.”
    
    
    
    **Operating Systems Affected:
    
    Here is a list of the operating systems we have tested which are
    vulnerable to this attack:
    
    Ubuntu 19.10 (systemd)
    Fedora (systemd)
    Debian 10.2 (systemd)
    Arch 2019.05 (systemd)
    Manjaro 18.1.1 (systemd)
    
    Devuan (sysV init)
    MX Linux 19 (Mepis+antiX)
    Void Linux (runit)
    
    Slackware 14.2 (rc.d) 
    Deepin (rc.d)
    FreeBSD (rc.d) 
    OpenBSD (rc.d) 
    
    This list isn’t exhaustive, and we are continuing to test other
    distributions, but made usere to cover a variety of init systems to
    show this is not limited to systemd.
    
    
    
    **Operating System Variations:
    
    The behavior is slightly different on other operating systems. Here is
    a summary of the differences:
    
    Android: In the first phase of the attack, Android responds with
    unencrypted RSTs to unsolicited SYN-ACKs for the correct port and ICMP
    packets for the incorrect one. For the second phase, it will respond
    with RSTs on the correct four-tuple.
    
    MacOS/iOS: The first phase of the attack does not work as described
    here, but you can use an open port on the Apple machine to determine
    the virtual IP address. We use port 5223, which is used for iCloud,
    iMessage, FaceTime, Game Center, Photo Stream, and push notifications
    etc.
    
    We know the phone will communicate with one of the push notification
    servers on port 5223, and have observed that on MacOS, the port used on
    the victim device is not the same as the port used to connect to the
    VPN server, but is very close (in our testing it has always been within
    10).
    
    nping --tcp --flags SA --source-ip 17.57.144.[84-87] -g 5223 --dest-ip
    10.8.0.8 -p [X] --rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
    
    For iOS devices, it does not follow this convention for choosing the
    client’s source port, but always choose a port between ~48000-50000
    (our testing on iOS 13.1 was between 48162-49555).
    
    FreeBSD: The first two phases work essentially the same as Linux,
    however, for the last phase, the ACK number is not needed at all, so
    that piece of phase three can be skipped.
    
    OpenBSD: OpenBSD responds to spoofed SYN packets to the correct virtual
    IP with unencrypted RST packets, and the incorrect virtual IP elicits
    unencrypted NTP packets or nothing at all for the first part of the
    attack. For the second part, the responses are encrypted, but we can
    still determine which packets are challenge ACKs from the packet size,
    as with Linux. Connections can be reset by sending a RST with the
    correct sequence number.
    
    
    
    **Possible Mitigations:
    
    1. Turning reverse path filtering on
    
    Potential problem: Asynchronous routing not reliable on mobile devices,
    etc. Also, it isn’t clear that this is actually a solution since it
    appears to work in other OSes with different networking stacks. Also,
    even with reverse path filtering on strict mode, the first two parts of
    the attack can be completed, allowing the AP to make inferences about
    active connections, and we believe it may be possible to carry out the
    entire attack, but haven’t accomplished this yet.
    
    2. Bogon filtering
    
    Potential problem: Local network addresses used for vpns and local
    networks, and some nations, including Iran, use the reserved private IP
    space as part of the public space.
    
    3. Encrypted packet size and timing
    
    Since the size and number of packets allows the attacker to bypass the
    encryption provided by the VPN service, perhaps some sort of padding
    could be added to the encrypted packets to make them the same size.
    Also, since the challenge ACK per process limit allows us to determine
    if the encrypted packets are challenge ACKs, allowing the host to
    respond with equivalent-sized packets after exhausting this limit could
    prevent the attacker from making this inference.
    
    
    We have prepared a paper for publication concerning this
    vulnerability and the related implications, but intend to keep it
    embargoed until we have found a satisfactory workaround. Then we will
    report the vulnerability to oss-security@lists.openwall.com. We are
    also reporting this vulnerability to the other services affected, which
    also includes: Systemd, Google, Apple, OpenVPN, and WireGuard, in
    addition to distros@vs.openwall.org for the operating systems affected.
    
    Thanks,
    
    William J. Tolley
    Beau Kujath
    Jedidiah R. Crandall
    
    Breakpointing Bad &
    University of New Mexico
    
  2. New Vulnerability Lets Attackers Hijack VPN Connections on Most UNIX Systems

    Affecting most GNU/Linux distributions, as well as FreeBSD, OpenBSD, Android, iOS and macOS systems, the new security vulnerability could allow a local attacker to determine if another user is connected to a VPN (Virtual Private Network) server and whether or not there’s an active connection to a certain website.

    The vulnerability (CVE-2019-14899) is exploitable with adjacent network access, which requires the attacker to have access to either the broadcast or collision domain of the vulnerable operating system, and lets attackers to hijack connections by injecting data into the TCP (Transmission Control Protocol) stream.

    The vulnerability has been reported to work against various popular VPN solutions, including OpenVPN, IKEv2/IPSec, as well as WireGuard, and it doesn’t matter which VPN technology is being used, thus allowing attacker to determine the type of packets being sent through the encrypted VPN tunnel.

  3. Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

    A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.

    The University of New Mexico team of William Tolley, Beau Kujath, and Jedidiah Crandall this week said they’ve discovered CVE-2019-14899, a security weakness they report to be present in “most” Linux distros, along with Android, iOS, macOS, FreeBSD, and OpenBSD. The upshot is, if exploited, encrypted VPN traffic can be potentially hijacked and disrupted by miscreants on the network.

    To pull off the attack, the US-based posse says, a hacker would need to be “network adjacent” to their target, or control an access point on the victim’s local network. Once the victim connected to their VPN, the spy would be able to, for one thing, tamper with the TCP stream to do things like inject packets into the stream.

  4. New Linux Vulnerability Lets Attackers Hijack VPN Connections

    Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

  5. New Linux Vulnerability Lets Attackers Hijack VPN Connections

    Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

    They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard.

  6. New vulnerability lets attackers sniff or hijack VPN connections

    The vulnerability — tracked as CVE-2019-14899 — resides in the networking stacks of multiple Unix-based operating systems, and more specifically, in how the operating systems reply to unexpected network packet probes.

  7. Hackers Can Hijack VPN Connections Using A New Linux Vulnerability

    Researchers have found a vulnerability on most Linux distros and *NIX devices which allow hackers to hijack the VPN connections and inject malicious data into the TCP stream.

    The security researchers found the vulnerability in most Linux distributions and operating systems such as Linux, FreeBSD, OpenBSD, macOS, iOS, and Android.

  8. Linux security flaw could let VPN connections be hacked

    The Breakpointing Bad cybersecurity research team from the University of New Mexico discovered and reported on a security flaw which could allow malicious actors to hack Virtual Private Network (VPN) connections.

    William J. Tolley, Beau Kujath, and Jedidiah R. Crandall said the flaw impacts Linux, Android, macOS and other Unix-based operating systems and could allow attackers to sniff, hijack and tamper with VPN-tunnelled connections. The vulnerability was named CVE-2019-14899, with the researchers claiming it takes advantage of how operating systems handle unexpected network probes.

  9. Linux Flaw Allows VPN Hijacking

    A number of Linux distributions, including Ubuntu, Fedora, and Debian, contain a newly discovered vulnerability that an attacker could use to determine whether an individual is using a VPN and then potentially hijack that encrypted connection.

    A research team from the University of New Mexico discovered the vulnerability and developed an attack to exploit it. The attack has some specific requirements and relies on some analysis of the traffic going to and from the target device running the VPN client. The attack is confirmed to work against WireGuard and OpenVPN, but the researchers said that the VPN a victim is using doesn’t really matter. The main prerequisite for the attack to work is for the attacker to be able to send unsolicited packets to the victim’s VPN client.

  10. New Linux vulnerability lets attackers to hijack VPN connections

    Three researchers from the University of New Mexico and Breakpointing Bad have identified vulnerability in the way Unix and Linux-based operating systems like the macOS handle the TCIP connections. Researchers believe that vulnerability can specifically affect VPN users by hijacking encrypted traffic.

  11. New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

    A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote ‘network adjacent attackers’ to spy on and tamper with encrypted VPN connections.
    The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams.
    Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed.
    This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim’s network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted.

  12. VPN Bug Affects “Most” Linux Distros

    A team of security researchers from the University of New Mexico has disclosed a new vulnerability that could allow attackers to probe devices and determine various details about the VPN (Virtual Private Network) connection status of a user.

    The security vulnerability (CVE-2019-14899) appears to affect most GNU/Linux distributions, besides FreeBSD, OpenBSD, Android, iOS and macOS systems. William J. Tolley, one of the security researchers, explained in a post that the vulnerability could let attackers to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and also sniff out whether or not there is an active connection to a given website.

  13. OpenBSD devs patch authentication bypass bug

    One of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability.

    OpenBSD allowed people access to its smtpd, ldapd, and radiusd programs – which send mail, allow access to user directories, and allow remote access to the computer system. All an attacker needed to do was enter a specific word prefixed by a hyphen as a username.

    Qualys Research Labs found four bugs in BSD Authentication, which is the code that OpenBSD uses to authenticate users. Three of them were local privilege escalation bugs, while the other, CVE-2019-19521, bypassed the authentication system altogether. According to its security advisory, BSD Authentication supports four authentication styles: password, a one-time password mechanism called S/Key, and Yubico’s YubiKey hardware token.

  14. New Linux vulnerability puts VPN connections at risk of hijacking

    Furthermore, the research team also identified the SEQ and ACK numbers from inspecting the encrypted packet size and number and managed to inject data into the TCP steam, which led to the hijacking of the connection. This means VPN technology was ineffective in preventing the attack since even encrypted packets could be assessed.

    After testing on Manjaro 18.1.1, CentOS, and Ubuntu 19, researchers discovered that the exploit was applicable to both IPv4 and IPv6. Other systems that are vulnerable to exploitation include Void Linux, Debian 10.2, Slackware 14.2, Arch 2019.5, MX Linux 19, Deepin, Fedora, Devuan, FreeBSD, and OpenBSD. They will be testing the effectiveness of the exploit against Tor as well.

  15. Attackers using Linux Vulnerability to Hijack VPN Connections
  16. Linux VPN connections can be hacked

    Insecurity experts at Breakpointing Bad have found aa new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

    The security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android.

    A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

  17. VPN connections could be hacked due to Linux security flaw

    A new vulnerability that could allow potential attackers to hijack VPN connections on affected NIX devices and inject arbitrary data payloads into IPv4 and Ipv6 TCP streams has been discovered by security researchers.

    The researchers disclosed the security flaw they detected, tracked as CVE-2019-14899, to Linux distro makers, the Linux kernel security team and to others that are impacted including systemd, Google, Apple, OpenVPN and WireGuard.

  18. Unix-like Systems Vulnerable to VPN Inferring and Hijacking Attacks

    Three researchers from Breakpointing Bad and the University of New Mexico have discovered a vulnerability that exists in Linux and Unix-like operating systems like Android and macOS. Given the tracking code “CVE-2019-14899”, the flaw resides in the routing table code and the TCP code that is present in these systems. The vulnerability allows an attacker to perform traffic analysis via clever use of encrypted DNS queries in conjunction with error messages, leading to the sniffing of open TCP connection information. The attack was discovered quite a while back, but the researchers disclosed it publicly now, and after they allowed the vendors some time to plug the holes.

  19. Researchers say VPN bug affects Linux, Unix systems
  20. Linux Bug Opens Most VPNs to Hijacking

    In a coffee-shop scenario, attackers can hijack “secure” VPN sessions of those working remotely, injecting data into their TCP streams.

    A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers.

    According to researchers at University of New Mexico and Breakpointing Bad, the bug (CVE-2019-14899), “allows…an attacker to determine if…a user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.”

  21. New vulnerability lets attackers sniff or hijack VPN connections
  22. Researchers find a new Linux vulnerability that allows attackers to sniff or hijack VPN connections

    On Wednesday, security researchers from the University of New Mexico disclosed a vulnerability impacting most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. This Linux vulnerability can be exploited by an attacker to determine if a user is connected to a VPN and to hijack VPN connections.

    The researchers shared that this security flaw tracked as CVE-2019-14899, “allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.” Additionally, attackers can determine the exact sequence and acknowledgment numbers by counting encrypted packets or by examining their size. With this information in hand, they can inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

  23. Hackers Exploit New Linux Vulnerability To Hijack VPN Connections

    The attack has been reported to work against several popular VPN solutions, including OpenVPN, IKEv2/IPSec, and WireGuard.

    However, the researchers are still testing their viability against Tor, as it works in a SOCKS layer and implements authentication and encryption that takes place in userspace.

    “It should be noted, however, that the VPN technology used does not seem to matter and we are able to make all of our inferences even though the responses from the victim are encrypted, using the size of the packets and number of packets sent (in the case of challenge ACKs, for example) to determine what kind of packets are being sent through the encrypted VPN tunnel,” clarifies the research team.

Dangerous Thinker

Posted in Quote at 12:14 pm by Dr. Roy Schestowitz

Writing non-free software is not an ethically legitimate activity, so if people who do this run into trouble, that's good! All businesses based on non-free software ought to fail, and the sooner the better.

Summary: Society oughtn’t be alarmed by people who say unusual things; it should be wary and sceptical of those corporations ever so eager to silence such people

Unitary Patent (UPC) Died Along With the Credibility of Managing IP and the Rest of the UPC Lobby

Posted in Deception, Europe, Patents at 5:55 am by Dr. Roy Schestowitz

August 2019: Managing IP as Team UPC’s Megaphone and Lobbying Front

Managing IP lying

Summary: It is pretty astounding that Team UPC (collective term for people who crafted and lobby for this illegal construct) is still telling us lies, even in the absence of underlying supportive facts, and pressure groups disguised as “news sites” latch onto anything to perpetuate an illusion of progress (even in the face of a growing number of major barriers)

THE European Patent Office (EPO) may seem quiet judging by lack of media coverage (nobody covered the outcome of the strike ballot; the fact is, five out of six voted for a strike). We’re supposed to think that António Campinos magically put an end to the Battistelli era just by virtue of coming to Munich.

EPO examiners are too smart to believe anything substantial changed (and/or for the better). The new guidelines, in effect since last month, compel examiners to grant more illegal software patents while their reward for this ‘production’ is actual reduction in renumeration. Where is the EPO going? “Collaborative Quality Improvements” (CQI), formerly known as “Team Collaboration Project,” shows that the Office isn’t really interested in examiners [1, 2]. They become more like official clerks than scientists. Their pay, their working conditions and employment benefits are accordingly gnawed away. They’re devalued as individuals and as professionals. Ask them. They’ll tell…

“EPO examiners are too smart to believe anything substantial changed (and/or for the better).”The litigation ‘industry’, on the other hand, is rather satisfied. Seeing the ‘growth’ in patents (a meaningless measure in its own right) they foresee lots of lawsuits, even frivolous ones. Seeing that ‘pesky’ courts get in their way, however (dismantling the European Patents), they still hope to remove that ‘annoying’ obstacle. They want a court that they better control with rules that they themselves drafted. That’s the UPC and the UPCA seems like a zombie document. It’s an ‘agreement’ that many people and even nations disagree on/with. Misled and bribed politicians, along with frightened and bribed press, helped Team UPC.

The litigation ‘industry’ and its lobbyists have not given up. They want us to think that UPCA being torpedoes is actually ‘great’! They say it works in their favour or to their benefit — something along the lines of celebrating the flu as a blessing in disguise, “making one stronger.”

AWA’s Niklas Mattsson and Louise Jonshammar (UPC hopefuls, based on the firm’s track record) have just published this piece (“German decision on UPC expected in early 2020″), echoing articles that said something similar about 2018, 2019 and so on. This headline is based solely on an improper telephone ‘interview’ — in a foreign language — with a judge that even the court sought to distance itself from [1, 2, 3]. We’ll come back to this in a moment. One must pay attention to the way Team UPC front group Managing IP squeezes this one ‘interview’ for weeks. They still talk about is every day. Managing IP has just spoken about “[a]n exclusive interview with Justice Huber of the German Federal Constitutional Court and the results of our survey on mental health and wellbeing were among the most read…”

“They lionise Justice Huber and shower him with praises, even fake badges and nonsense like “IP STARS”.”Managing IP is a patent zealots’ front group disguised as a “news” site. Its history when it comes to the UPC is very well documented here. They actively played a role and meddled in various ways. They met and spoke to Battistelli several times over the years. They set up pro-UPC lobbying events for the EPO. They published classic ‘fake news’ about the UPC (false predictions with no underlying source or evidence). We’ve also just noticed that over in Twitter they’re trying to ‘reward’ the judge with ‘honours’, e.g. here (there’s more). They lionise Justice Huber and shower him with praises, even fake badges and nonsense like “IP STARS”. Watch who they give these “crowns” to; it’s rather revealing. Watchtroll has just published “Gene Quinn Named One of the 50 Most Influential People in IP by Managing IP” and their list features Justice Huber (whom they elevate in Twitter). They’re also glorifying Microsoft’s Erich Andersen, who ‘reciprocates’ with a link in Twitter. Patent extortion against GNU/Linux ? Yes, reward! Chris Coons pushing for software patents and against patent justice (and courts)? Quick! Reward and special mention also!

“The people who nowadays publish their ‘reports’ could just go back to ‘uni’ and study how the patent systems actually work instead of just printing whatever law firms (which pay Managing IP) tell them to write.”Managing IP is basically a prank ‘news’ site, composed by people with no qualifications in the said area. As more writers leave (high turnover there) they hired increasingly less experienced people. We don’t want to name names here, but one can check and verify this for oneself. The people who nowadays publish their ‘reports’ could just go back to ‘uni’ and study how the patent systems actually work instead of just printing whatever law firms (which pay Managing IP) tell them to write.

So anyway, going back to AWA’s Niklas Mattsson and Louise Jonshammar, here’s what they say: (the firm apparently promoted this for a fee)

In an interview with IP industry publication Managing IP, Justice Huber of the German Federal Constitutional Court stated that the UK’s decision to leave the EU was of no concern to him and that, depending on the time it takes him and the other judges to deliberate, it is his intention for the Court to issue a decision on the complaint against German ratification of the Unified Patent Court Agreement (UPCA) in early 2020.

However, any decision from the German Federal Constitutional Court may still be delayed as the Justice Ministry previously expressed in a letter that the government will not ratify the UPCA until the implications of Brexit are clear.

Moreover, the court itself distanced itself from this inadequate ‘interview’, made memorable by use of words like “bullshit”. Why did a judge speak to a pressure group? Because he was pressured?

“Germany needs patent reform badly. The German patent litigation system is not just broken: it was ill-conceived and it’s been prone to abuse all along,” argues Florian Müller this month (days ago), stressing in his headline that “it would be unconstitutional in other countries” [1].

“This thing was ‘constructed’ (in a conspiratorial fashion) by law firms from France, Germany, and the UK (some of them have branches in several if not all of these countries).”“UPC will heavily influenced by Germans and their broken patent system, which favour patent trolls and is out of reach for SMEs,” Benjamin Henrion said about this article yesterday, followed by the hashtags #upc #germany and #trolls (seems apt). He has meanwhile also noted: “Unitary Software Patents ratification coming to Brussels Parliament, when do we get an opinion from the Belgian Constitutional Court about making adhoc rules of procedure for a court, which is against ECHR art6, justice made by LAW…”

He mentioned this to me yesterday and I told him that Brussels doesn’t matter to it; nobody expected Brussels (EU) to be the source of resistance, unlike the Spaniards, Czechs, Hungarians, Poles and so on. This thing was ‘constructed’ (in a conspiratorial fashion) by law firms from France, Germany, and the UK (some of them have branches in several if not all of these countries). Brussels is being an extension of EU authorities here, i.e. German/French Eurocrats.

“The EPO is not at all for SMEs!!! Leaks prove otherwise, as do basic sanity checks and scholarly work.”Suffice to say, those law firms don’t know or care about SMEs. They just don’t. They constantly lie about SMEs, as does the EPO. The EPO released several more tweets about “SMEs” this past week, a little #IPforSMEs fluff and then some more about #IPforSMEs (we’ll spare readers the shallow and repetitive content of these “tweets”). We’ve seen this more than once a day an average (used to be once in a couple of days or thereabouts, so it is increasing in frequency). Here’s some more tweeting about “SMEs”: “Up to two-thirds of inventions developed by SMEs & protected by European #patents are commercially exploited – around half exclusively by the SME itself & half with a partner, usually from another European country.”

That’s a rather meaningless and intentionally misleading bit of statistics. One might wrongly interpret that as two-thirds of SMEs being in favour of the status quo. The EPO together with the EUIPO recently released equally ridiculous claims. Causations and correlations get played like fire.

The EPO is not at all for SMEs!!! Leaks prove otherwise, as do basic sanity checks and scholarly work.

Yesterday the EPO tweeted: “Regular searches in #patent databases allow companies to monitor competitors and reveal opportunities for future innovations.”

“These are universal realities when it comes to the patent systems and that’s not unique to Europe.”“That also makes them liable with treble damages (willful infringement),” I responded, “but you leave that inconvenient fact out, don’t you? #IPforSMEs hashtag a total misfit here.”

“Even if you are not obliged to appoint a professional representative when applying for a #patent,” the EPO also tweeted yesterday, “it may still be helpful to consult one.”

“Very expensive and small businesses haven’t in-house ones,” I responded, “so they wind up wasting a fortune on advice from disloyal (external) people…”

These are universal realities when it comes to the patent systems and that’s not unique to Europe. Also check (based on publicly available data) what proportion of patents goes to SMEs.

“Also check (based on publicly available data) what proportion of patents goes to SMEs.”UPC would further damage SMEs, which barely if at all operate outside their home country and thus have a lot more to lose than to gain from multinational litigation.

Over at Kluwer Patent Blog (comments) Richard Gillespie wrote: “I find it surprising that the UPC has attracted so much more attention than the four EPO-related cases before the BVerfG – the result of these cases could have a far greater impact on out profession than the UPC-related case.”

And “Concerned observer” responded:

In my view, the answer to your question is that, in a large part, this is due to complacency that is based upon the assumption that the BVerfG will hesitate to reach a conclusion that could force Germany to exit such a long-established (and deeply embedded) international treaty as the EPC.

There may well be an element of truth in that assumption. However, whilst I do not claim any familiarity with constitutional law in Germany, it appears to me that another possible outcome is that the BVerfG’s ruling requires the German government to negotiate amendments to the EPC … which amendments could have significant effects. For this reason alone, I believe that it would be unwise to assume that none of the complaints in the EPO-related cases will be upheld.

Moreover, we already have examples of the independence of the EPO’s “judiciary” being compromised (in the Corcoran case, twice). Also, the Enlarged Board of Appeal is currently pondering a case (G 3/19) where the eventual ruling will provide direct evidence on the question of whether the EBA remains truly independent of the EPO’s President and Administrative Council. Given the (potential) breaches of the rule of law at the EPO in these cases, it seems to me that the BVerfG could well be justified in upholding at least some of the constitutional complaints relating to the EPO. Whether they will go as far as finding the current structure of the EPO unconstitutional remains to be seen … but it appears that there is no room for complacency on this point.

“Thanks for the reply,” Richard Gillespie later responded, “I think your [sic] right on this.”

“Concerned observer” later added:

I have been waiting years now for a plausible answer to the even more fundamental question of how the UPC can simultaneously meet the requirements of Article 267 TFEU (where preliminary references are only admissible if they are made by a “court or tribunal OF a Member State”) whilst being based upon an Agreement that allegedly establishes an INTERNATIONAL court (which permits the participation of a non-Member State).

Given the speed with which arguments have been generated by the UPC’s proponents on other points of law that threaten the viability of the UPC project, I believe that the long period over which not even a remotely plausible answer to this question has been provided can now be taken as strong evidence of the non-existence of any such answer. However it is evident that even non-compliance with EU law (ie the creation of a court that would destroy the integrity of the EU’s legal order) is no deterrent to those seeking to make the UPC a fait accompli.

My guess is that the proponents of the UPC are envisaging a situation in which the CJEU will keep the show on the road by delivering a judgement that, no matter how unconvincingly, glosses over the fundamental incompatibilities between the Agreement and EU law. Sadly, such a travesty is not as implausible as it ought to be. This is because there is evidence that, where there is enough political will, even immovable legal obstacles can be overcome (think, for example, of the decision of the Supreme Court of the Netherlands which ruled that recourse to ILO AT – which only accepts after the fact complaints from individuals – is an adequate recourse for those seeking to exercise their right to COLLECTIVE bargaining).

With this in mind, perhaps the most important question to answer here is why are the proponents of the UPC so seemingly confident that the political will is there to push their pet project over what should (for the sake of maintaining the integrity of the EU’s legal order) be an insurmountable obstacle? In other words, how can they be so confident that the politicians will support their project no matter what untold damage it might cause?

This is one of those cases where both the articles and all the comments are reasonable. Team UPC is more or less ‘shut out’ of this discussion, so there’s clarity, honesty, and common sense, not blind jingoism and lies (like whatever we see from AWA and Managing IP).

The above was only mentioned and quoted selectively by Team UPC. We supposed they don’t really want people to see it.

“Team UPC is more or less ‘shut out’ of this discussion, so there’s clarity, honesty, and common sense, not blind jingoism and lies (like whatever we see from AWA and Managing IP).”As a side (but nonetheless important) note, Henrion has taken some time off work to fight the UPC or will do so very soon.

They might rename (again) the UPC and retry for the next 10 years. We need to keep watching. “We need to go on campaign mode against to defeat the Unitary Patent monster,” Henrion explained. “Will take some days off to make an urgent plan of attack #swpat #upc #smes”

“Imagine the public reaction if Anthony Joshua claimed that his loss to Andy Ruiz II earlier this year was actually a “good” thing because of the ‘rematch’.”We don’t quite share his alarmist tone. We think that UPC died more than 2 years ago and those who still entertain it are “playing with the corpse” (as the saying goes). Henrion points to this page of feedback on EU policy that reveals patent trolls and their front groups (and law firms, e.g. Team UPC lobbyists). “Full of patent trolls here,” Henrion said, but yes, it’s hardly surprising. This is what we’ve been seeing for years and this is why UPC managed to get as far as it had (until its death). We’re not particularly concerned about the UPC anymore, seeing that its loudest proponents take very early retirement, IAM quit talking about it (almost), and the ringleader Ramsey has the audacity to say that all these setbacks are actually “good” (as if a loss is actually a win). “Failure is success if we learn from it,” Malcolm Forbes said. But what was learned by Team UPC? Nothing. Imagine the public reaction if Anthony Joshua claimed that his loss to Andy Ruiz II earlier this year was actually a “good” thing because of the ‘rematch’.

Related/contextual items from the news:

  1. Injustice is a built-in feature of Germany’s bifurcated patent litigation system — it would be unconstitutional in other countries

    I am presently researching the most appalling miscarriage of justice that ever occurred in a German patent case: dozens of people lost their jobs over a patent–held by a publicly-traded U.S. corporation–that later got invalidated by the Federal Patent Court of Germany (a problem commonly referred to as the “injunction gap”). That patent-in-suit is either (if construed broadly) clearly invalid or (if construed narrowly) not infringed by the accused product, but could not reasonably be held valid and infringed at the same time. The case raises questions not only about the outcome but also about the reasoning and the circumstances that led to it. There’s even a secondary question that reminds me of why Federal Circuit Chief Judge Rader resigned. But as the issues are so very serious, and the fallout from the facts being published might be massive and lasting, I’m making every humanly possible effort to analyze the matter with utmost diligence. That’s why it’s too early to provide names, but when the time is right, I will. The case number contains “39.” Interestingly, the presiding judge of the appellate panel that made the related decision mentioned it in passing last month, in a conspicuously defensive way, and the audience had no idea why he made a reference to a case they hadn’t ever heard of…

    Germany needs patent reform badly. The German patent litigation system is not just broken: it was ill-conceived and it’s been prone to abuse all along, but abuse has become so rampant that the time is ripe for change. The situation is unsustainable, and the system doesn’t really deliver justice.

    Right now there’s only one leading German patent infringement court of first instance that I believe does a stellar job under the circumstances, and that’s the Landgericht Mannheim (Mannheim Regional Court). Many years ago I thought the court was too plaintiff-friendly, but by now it’s my favorite one. To a far greater extent than their counterparts in other German venues, the Mannheim judges–whose understanding of technical issue is unsurpassed–have realized just how irresponsible it is to let patent holders enforce invalid patents all the time. In Mannheim, there are judges who deserve an honorary doctorate in (at least) radio frequency electronics and have the expertise to figure out when a patent is likely invalid as granted, coupled with the backbone to stay such cases (while we’re on this subject, I found out they recently also stayed one Broadcom lawsuit against BMW and one against Daimler, both over non-standard-essential patents). It will be interesting to see how they address the issue of component-level licensing in Nokia’s automotive SEP cases.

IRC Proceedings: Friday, December 06, 2019

Posted in IRC Logs at 2:02 am by Needs Sunlight

GNOME Gedit

GNOME Gedit

#techrights log

#boycottnovell log

GNOME Gedit

GNOME Gedit

#boycottnovell-social log

#techbytes log

Enter the IRC channels now

Links 7/12/2019: Fedora 31 Elections Results, Lots of Media Drama Over VPN Bug

Posted in News Roundup at 12:52 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Goodbye Error 83: You Can Now Stream Disney Plus on Linux Devices

        Prior to Disney+ launching, there was some speculation that the service wouldn’t work on Chromebook or Linux Devices. Those streaming on certain devices during the test in the Netherlands received an Error 83 which meant a “device compatibility issue.” This was a result of how Disney+ handled Widevine DRM and the fact that Disney+ required a higher level of security than other streaming services like Netflix and Hulu.

        While Disney was able to add Chromebook support ahead of launch (which is good because, you get 3 free months when you buy one), some Linux devices still did not support the streaming service. But now, according to many Linux users, earlier this week that changed.

      • Arm Server CPUs: You Can Now Buy Ampere’s eMAG in a Workstation

        Avantek offers the system with three optional graphics cards: AMD FirePro W2100, a Radeon Pro WX 5100, and the NVIDIA Quadro GV100. OS options are variants of Linux: Ubuntu, CentOS, SUSE SLES, and openSUSE.

    • Server

      • When you’re in the release team, you’re family: the Kubernetes 1.16 release interview

        It is a pleasure to co-host the weekly Kubernetes Podcast from Google with Adam Glick. We get to talk to friends old and new from the community, as well as give people a download on the Cloud Native news every week.

        It was also a pleasure to see Lachlan Evenson, the release manager for Kubernetes 1.16, win the CNCF “Top Ambassador” award at KubeCon. We talked with Lachie when 1.16 was released, and as is becoming a tradition, we are delighted to share an abridged version of that interview with the readers of the Kubernetes Blog.

        If you’re paying attention to the release calendar, you’ll see 1.17 is due out soon. Subscribe to our show in your favourite podcast player for another release interview!

      • IBM

        • Containers and Kubernetes can be essential to a hybrid cloud computing strategy

          Hybrid cloud is gaining ground among enterprises that want to expand computing resources with public cloud infrastructure while still using their on-premise, data center environments. Adding public cloud can mean more elasticity, scalability, and even faster time to market. But if you want to improve the chances that your hybrid cloud can deliver on its promise, you need to think about adding containers to the mix.

          Linux containers provide a way to encapsulate application code in a way that makes the code more portable and faster to deploy. More and more organizations are using containers as part of the infrastructure for microservices-based, cloud-native applications.

          Containers can be portable across environments such as Red Hat OpenShift Container Platform and consistent, so they can speed application delivery times and make it easier for teams to collaborate, even if those teams are working in different deployment environments. And they can serve as a bridge between your data center and public cloud environments.

        • Systemd-homed Looks Like It Will Merged Soon For systemd 245

          Announced back in September at the All Systems Go event in Berlin was systemd-homed as a new effort to improve home directory handling. Systemd-homed wants to make it easier to migrate home directories, ensure all user data is self-contained, unify user-password and encryption handling, and provide other modern takes on home/user directory functionality. That code is expected to soon land in systemd.

          Systemd-homed was talked about by Lennart as being ready for versions 244 or 245. Now that systemd 244 shipped at the end of November, systemd-homed is looking like it will soon land in Git.

        • Understanding Red Hat AMQ Streams components for OpenShift and Kubernetes: Part 3

          In the previous articles in this series, we first covered the basics of Red Hat AMQ Streams on OpenShift and then showed how to set up Kafka Connect, a Kafka Bridge, and Kafka Mirror Maker.

        • What personality trait most defines a sysadmin?

          When you think of a system administrator, who do you think of?

          Chances are, most of us have taken a Myers-Briggs Type Indicator (MBTI) test at some point in our careers. For me, my results typically come up as INTJ, and I’ve always thought the traits associated with that type (introversion, intuition, thinking, judging) have aligned with my interest in technology and the kind of work I enjoy.

          But that doesn’t mean that those are the only characteristics that make a good sysadmin. Far from it. A successful team is made up of a diversity of skills, viewpoints, and personal characteristics.

        • How to identify a strong sysadmin job applicant

          When a company looks for new resources with skills in a specific focus area—especially in IT—the challenge is on. Why? Because only a few in the company, if any, have even a vague notion of how to verify the skills they are looking for. The work of a system administrator is a key function, and if it goes wrong, the very existence of the company is at stake (something I’ve been unfortunate to witness when called in on an emergency rescue effort).

    • Audiocasts/Shows

      • 2019-12-06 | Linux Headlines

        The W3C puts forward WebAssembly as an official standard, Azure Sphere gains support for Ubuntu developers, CodeWeek reports back in with this year’s results, and Manjaro has some exciting news for PinePhone backers.

      • Playing “Teeny Titans 2″

        I love “Teen Titans GO,” even if I am a grown up adult human male with teenagers. So, when I saw this in my Play Store suggested list, I could not resist. I mean, come on! So, I downloaded it, installed it, and began playing.

      • Destination Linux 150 – Librem 5, Zorin OS, Private Internet Access, UBports, Fedora, Bitwarden

        Topics covered in this episode:

        ZorinOS Privacy Concerns
        Ubuntu Touch Runs On Raspberry Pi
        Librem 5 Birch Has Shipped
        Fedora Users Concerned GNOME Software Proprietary Software
        Linux Powered Handheld Returns

      • Linux Apps I Use Daily

        In this video, I go over all the Linux distributions and apps that I use every single day. I could not imagine my life without any of this software.

      • 411 DevSecOps: Karthik Gaekwad | Jupiter Extras 37

        Ell and Wes sit down with Karthik Gaekwad to sort through the buzzword bingo and explain what DevSecOps is, what it isn’t, and why security should be part of the full lifecycle of your apps.

      • Imaginary Turkey | User Error 80

        Talking to ourselves, delicious family meals, and the complexities of modern work.

        Plus inexpensive acquisitions, the price we put on security, and popey refusing to answer the simplest of questions.

      • LHS Episode #315: The Weekender XXXVIII

        It’s time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we’re doing. We’d love to hear from you.

    • Kernel Space

      • A General Notification Queue Was Pushed Back From Linux 5.5 Introduction

        Red Hat has been working on a “general notification queue” that is built off the Linux kernel’s pipe code and will notify the user-space of events like key/keyring changes, block layer events like disk errors, USB attach/remove events, and other notifications without user-space having to continually poll kernel interfaces. This general notification queue was proposed for Linux 5.5 but has been pushed back to at least 5.6.

        This Linux kernel general notification queue builds off a standard pipe and allows user-space applications to efficiently become aware of changes to block devices (disks), keys, USB subsystem happenings, and other possible events. The proposed documentation spells out more of the planned functionality and behavior.

      • Graphics Stack

        • NVIDIA presenting a talk at GTC 2020 about Linux drivers and possibly some open source news

          Both AMD and Intel already have their drivers open, with developers paid to work on them and so perhaps NVIDIA will finally follow along? Stranger things have happened, so I wouldn’t completely count NVIDIA out on that, although I’m not expecting them to make such a big shift. What do you think they’re planning?

          GTC is being hosted in San Jose, California and runs from March 23 – 26, 2020. The talk doesn’t seem to have a set time or date yet.

    • Benchmarks

      • RadeonSI NIR Benchmarks Show Great Progress With Mesa 20.0

        With AMD last week having enabled OpenGL 4.6 for their RadeonSI OpenGL Linux driver when enabling the NIR intermediate representation support, you may be wondering how using NIR is stacking up these days compared to the default TGSI route. Here are some benchmarks on Polaris, Vega, and Navi for comparing this driver option that ultimately allows OpenGL 4.6 to be flipped on.

        NIR is the modern intermediate representation used by a majority of Mesa drivers now in some capacity as an alternative to the likes of TGSI as what had been the default IR for Gallium3D drivers. With RadeonSI they have been transitioning to NIR since that has been the growing trend of these open-source drivers for sharing IR optimizations and the like. As well, NIR is being wired up in order to re-use some code-paths used currently by the “RADV” Radeon Vulkan driver to share some of the SPIR-V work that was needed in order for RadeonSI to have OpenGL 4.6 support. Like on the Intel side when they crossed the OpenGL 4.6 milestone recently, the big blocker to GL 4.6 on these drivers was handling SPIR-V ingestion with GL_ARB_gl_spirv / GL_ARB_spirv_extensions.

    • Applications

      • Terminal File Manager nnn Adds Session Management, Rclone Cloud Storage Integration

        nnn is a very fast file manager created to work seamlessly with desktop environments and GUI utilities. The ncurses based keyboard-driven terminal application should run smoothly on the Raspberry Pi, Termux on Android, Linux, macOS, BSD, Cygwin and WSL.

        Besides basic file manager features (with tabs/contexts, bookmarks, search, and so on), the tool also various handy utilities like a disk usage analyzer (block/apparent), a fuzzy application launcher, batch renamer, and more. It’s also extensible via a plugin system, and comes with many built-in plugins. For navigation, nnn supports navigate-as-you-type with directory auto-select. Search-as-you-type is also supported.

        Other features include SSHFS mounts support, support for navigating using the mouse, batch operations on selections, multiple sorting options and a lot more.

      • A 25K commit gift

        The other day we celebrated curl reaching 25,000 commits, and just days later I received the following gift in the mail.

      • curl speaks etag

        That’s a quote from the mozilla ETag documentation. The header is defined in RFC 7232.

        In short, a server can include this header when it responds with a resource, and in subsequent requests when a client wants to get an updated version of that document it sends back the same ETag and says “please give me a new version if it doesn’t match this ETag anymore”. The server will then respond with a 304 if there’s nothing new to return.

        It is a better way than modification time stamp to identify a specific resource version on the server.

    • Instructionals/Technical

    • Wine or Emulation

      • Wine 5.0 Code Freeze To Begin Next Week

        As expected by Wine’s annual release cadence, next week Wine 5.0 will enter its code freeze followed by release candidates until this next stable Wine release is ready to ship around early 2020.

        Wine project leader Alexandre Julliard shared that following next week’s development release will mark the expected code freeze season for Wine 5.0. Wine 4.22 will be out one week from today and the last point by which Wine developers can land any features they want to see in this annual stable release. Following that will be weekly Wine 5.0 release candidates until the 5.0.0 release is ready to ship, likely in January or February.

    • Games

      • Aquiris Game Studio ending support for their online FPS Ballistic Overkill

        Ballistic Overkill, an easy pick up and play first-person shooter from Aquiris Game Studio is now essentially being killed off.

        In an announcement on Steam, the team noted that “supporting a game like this with frequent updates is no easy task, nor is it something cheap, especially for an independent studio like us” and they’re certainly not wrong about that. Keeping a multiplayer game going, with constant updates to keep people interested and fighting against cheaters certainly isn’t easy for a smaller team.

      • Roadwarden, an upcoming illustrated text-based exploration fantasy RPG with a Linux demo

        Roadwarden certainly grabs your attention! A game that blends together features from a ton of different genres to create a mix of an RPG, interactive fiction, adventure, exploration and a lot more. It doesn’t really fit into any clear genre.

        Somehow, I completely missed it being announced with a demo a good few months ago. Thankfully, I did notice it popping up on Steam just recently and they have a new announcement trailer:

      • Gloomy and surreal adventure game Mosaic from Krillbite Studio is out now

        Krillbite Studio, developer of the creepy Among the Sleep have released Mosaic, a dark and surreal adventure game about life in a cold overpopulated and ever-expanding city. Note: Key provided to us by GOG.com.

        I was a big fan of Among the Sleep, the story telling and the atmosphere they made with it was brilliant and to this day the ending still makes me think. With Mosaic, they’ve done quite the opposite in terms of the story. Life is hard, it can often be quite dull and Mosaic is showing it all off with a dystopian near-future setting. This is a game about adult life, how it’s often monotonous as we go through it just trying to survive. Things get a little weird though, as you expected it to with such a game.

      • The Humble Choice game bundle subscription has launched replacing Humble Monthly

        Humble Bundle have today replaced their Humble Monthly subscription service with Humble Choice, offering subscription tiers and more.

      • The Llama of Wall Street has invaded Tropico 6 in a new DLC out now, plus a free update

        Limbic Entertainment and Kalypso Media today released the first expansion to the humurous city building sim Tropico 6, along with a free update for everyone.

        Firstly, the Seguridad Social update is free for everyone who owns Tropico 6 and adds in a new Warehouse building, a sandbox map ‘Rio’, and a community-requested Social Security edict, which helps prevent in-game student and retiree NPCs from going broke. There’s also quite a healthy amount of bug fixing in this update.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Plasma Pass 1.1.0

          Plasma Pass, a Plasma applet for the Pass password manager version 1.1.0 is out.

          There’s only one bugfix, but an important one – the applet now no longer freezes during filtering, so searching for your passwords is faster and more comfortable. The new release also contains new and updated translations.

        • Plasma Mobile: weekly update: part 9-10

          Calindori, the calendar application, now offers a flat event view which allows to show all events in single card list view. The events are sorted by start date.

      • GNOME Desktop/GTK

        • GNOME 3 won’t unlock

          Every couple days something on my RHEL 7 box goes into a swapstorm and uses up all the memory. I think it’s Firefoxe, but I never figured out why, generally I have four different Firefoxes running with four different profiles, so it’s hard to tell which one’s failing (if it even is that). Anyway, sometimes it makes the screen lock crash or something, and I can’t get in, and I can never remember what process you have to kill to get back in, so here it is: gnome-shell. You have to killall -9 gnome-shell, and it lets you back in. Also killall -STOP firefox and killall -STOP “Web Content” are handy if the swapstorm is still under way.

        • LaTeX or ConTeXt for writing documents

          If I wanted to re-implement GNOME LaTeX, it would target the ConTeXt language instead. If there are any ConTeXt user reading this, I would be interested to know what application you use for writing ConTeXt documents, and what features are important to you.

        • GNOME Outreachy 2019

          The Outreachy program provides internship to work in Free and Open Source Software. This year I’ve proposed two projects as part of the GNOME project and we’ve two interns working for three months, so we’ll have a lot of improvements in the following months!

          I’ll be mentoring these interns, so I will need to spend some time helping them to work on the existing codebase, but it worth it, if this makes more people to collaborate in free software development and if this help us to improve some useful apps.

          These two projects are Fractal and the GNOME translation editor. You can take a look to the list of outreachy interns.

        • Barcelona: LAS 2019

          This November I was in Barcelona for the Linux App Summit 2019. It was awesome \o/. I really liked that the conference was a joint event by GNOME and KDE, I met so many cool new people. During the conference I volunteered to show the “time left” signs to speakers, and helped out at the registration desk.

          Aside from normal conference stuff I also managed to do quite a bit of hacking during the week. I made my first contribution to Gnome Initial Setup, and cleaned up Teleport a bit so I can hopefully get a new release out soon.

          I’m bad at taking pictures, so here’s a picture of a tree in the middle of the stairs on the slopes of Mount Montjuic.

        • Open source case prompts patent troll litigation fears

          The Gnome Foundation, an organisation that aims to develop a desktop platform based on free software, announced in October that it was being sued by NPE Rothschild Patent Imaging (RPI) for developing the Shotwell, an application for managing images.

          RPI filed its action in the Northern District of California over US patent number 9,936,086, which is allegedly infringed by Gnome’s product that, among other things, uses an image-capturing device to perform a method.

          Mike Dolan, vice president of strategic programmes at the Linux Foundation, tells Patent Strategy that open software is becoming a larger component of most software projects and is growing every year.

          Recent open source activity such as RPI suing Gnome over an open source project, he says, points to the level of indifference inherent in the litigious NPE business model.

    • Distributions

      • Screenshots/Screencasts

      • SUSE/OpenSUSE

        • openSUSE Tumbleweed – Review of the weeks 2019/48 & 49

          Once again I’m spanning two weeks; besides the normal work on getting you openSUSE Tumbleweed updated and timely delivered, the release team has been working together with the build service team to implement/stabilize the OBS-internal staging workflow. There is (should) not be any real noticeable difference for the contributors – except the new used URLs. The Factory Staging dashboard can now be found at https://build.opensuse.org/staging_workflows/1

          During the last two weeks, we have pushed out 10 Tumbleweed Snapshots (1121, 1122, 1123, 1124, 1126, 1127, 1128, 1202, 1203 and 1204) containing those changes…

      • Fedora Family

        • Fedora 31 Elections Results

          The Fedora 31 election cycle has concluded. Here are the results for each election. Congratulations to the winning candidates, and thank you all candidates for running in this election!

          Council

          One Council seat was open this election. A total of 243 ballots were cast, meaning a candidate could accumulate up to 729 votes (243 * 3).

          # votes Candidate
          520 Dennis Gilmore
          259 Alberto Rodríguez Sánchez
          237 John M. Harris, Jr.

          FESCo

          Five FESCo seats were open this election. A total of 273 ballots were cast, meaning a candidate could accumulate up to 2184 votes (273 * 8).

          # votes Candidate
          1490 Miro Hrončok
          1350 Kevin Fenzi
          1115 Zbigniew Jędrzejewski-Szmek
          879 Fabio Valentini
          877 David Cantrell
          868 Justin Forbes
          813 Randy Barlow
          534 Pete Walter

        • Fedora program update: 2019-49
      • Debian Family

        • Debian Developers Take To Voting Over Init System Diversity

          It’s been five years already since the vote to transition to systemd in Debian over Upstart while now there is the new vote that has just commenced for judging the interest in “init system diversity” and just how much Debian developers care (or not) in supporting alternatives to systemd.

          Due to Debian developers having differing opinions on handling non-systemd bugs in 2019 and the interest/commitment to supporting systemd alternatives in the scope of Debian packaging and various related friction points, they’ve taken to a new general resolution over weighing init system diversity.

      • Canonical/Ubuntu Family

        • Ubuntu Blog: Introducing the Ubuntu AWS Rolling Kernel

          The linux-aws 4.15 based kernel, which is the default kernel in the Ubuntu 18.04 LTS AMIs, is moving to a rolling kernel model.

          [...]

          The Ubuntu rolling kernel model provides the latest upstream bug fixes and performance improvements around task scheduling, I/O scheduling, networking, hypervisor guests and containers to our users. Canonical has been following this model in other cloud environments for some time now, and have found it to be an excellent way to deliver these benefits while continuing to provide LTS level stability.

        • Ubuntu Podcast from the UK LoCo: S12E35 – Feud

          This week we’ve been talking to the BBC about Thinkpads and Ubuntu goes Pro. We round up the news from the Ubuntu community and discuss our picks from the wider tech news.

          It’s Season 12 Episode 35 of the Ubuntu Podcast! Alan Pope and Martin Wimpress are connected and speaking to your brain.

        • The State of Robotics – November 2019

          November, for robotics, was a good month. We’re seeing new things develop, current projects finish and more cute animals in our future. So who can complain? The news we’re covering here are things that have crossed our path and that we’ve found interesting. If you have suggestions for next months post or your own projects you would like us to highlight, don’t hesitate to get in touch. Send an email and a brief summary to robotics.community@canonical.com and we can start the discussion. As ever we want this to be a highlight reel for cool robot stuff because we like cool robot stuff. Happy December everyone.

        • Simplifying hardware management during Linux development

          Every few months we release a Snapcraft update, with improvements to both Linux development, and snap user experience. Last week, we released Snapcraft 3.9, and this blog post will focus on the remote build feature that is now a fully accessible preview.

          Let’s dig deeper into why you need to try remote build, and how you can use it today.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Ardour Digital Audio Workstation Finally Adds Native MP3 Importing Support

        While lossy compression audio formats like MP3 are not recommended for use within professional audio tasks, for those using the open-source Ardour digital audio workstation (DAW) software as of today there is finally native MP3 import support.

        Obviously it’s better working with lossless audio formats as source material for Ardour and other digital audio workstation software suites, but given how common MP3 content is, there certainly is relevance to being able to import MP3s into DAWs. But historically due to licensing/patent issues, MP3 support within Ardour hasn’t been possible — thus leading to common complaints/questions by users over the years.

      • Certbot Leaves Beta with the Release of 1.0

        Earlier this week EFF released Certbot 1.0, the latest version of our free, open source tool that helps websites encrypt their traffic. The release of 1.0 is a significant milestone for the project and is the culmination of the work done over the past few years by EFF and hundreds of open source contributors from around the world.

        Certbot was first released in 2015 to automate the process of configuring and maintaining HTTPS encryption for site administrators by obtaining and deploying certificates from Let’s Encrypt. Since its initial launch, many features have been added, including beta support for Windows, automatic nginx configuration, and support for over a dozen DNS providers for domain validation.

      • Open Repos provides code metrics on open source projects

        GitClear is offering Open Repos as a free product, though it is not open source. GitClear’s paid product offers many of the same insights and more. Long-term plans include allowing projects to embed an Open Repos view of a project in their site, and “improving data quality before adding features.”

      • Productivity Software/LibreOffice/Calligra

        • Improvements in LibreOffice’s PowerPoint presentation support

          LibreOffice’s native file format is OpenDocument, a fully open and standardised format that’s great for sharing documents and long-term data storage. Of course, LibreOffice does its best to open files made by other office software as well, even if they’re stored in pseudo-“standards” with cryptic and obfuscated contents. Compatibility with PowerPoint PPT(X) presentations is therefore a challenge, but developers are working hard on improvements…

          A few months ago, we announced an initiative to improve the support of PPT and PPTX files in LibreOffice. Lots of great work happened since then and the results are collected below!

      • CMS

        • People of WordPress: Jill Binder

          Jill Binder never meant to become an activist. She insists it was an accident.

          Despite that, Jill has led the Diversity Outreach Speaker Training working group in the WordPress Community team since 2017. This group is dedicated to increasing the number of women and other underrepresented groups who are stepping up to become speakers at WordPress Meetups, WordCamps, and events.

          [...]

          The following year her internship advisor, who had become a client, was creating the first ever BuddyCamp for BuddyPress. He asked Jill to be on his organizing team. At that event she also moderated a panel with Matt Mullenweg. Then, Jill was invited to be on the core organizing team for WordCamp Vancouver.

          Part of this role meant reviewing and selecting speakers. From 40 speaker applications the team had to pick only 14 to speak.

      • FSF

        • GNU Projects

          • GNU Guile 2.9.6 (beta) released

            We are delighted to announce GNU Guile 2.9.6, the sixth beta release in preparation for the upcoming 3.0 stable series. See the release announcement for full details and a download link.

            This release fixes bugs caught by users of the previous 2.9.5 prerelease, and adds some optimizations as well as a guile-3 feature for cond-expand.

          • GCC 10′s C++20 “Spaceship Operator” Support Appears To Be In Good Shape

            The C++20 spaceship operator support was merged in early November for GCC 10. The commits this week meanwhile allow the operator to be used with std::pair and std::array, among other related commits in recent weeks.

            See the GCC C++ status page for the state of C++20/C++2A with GCC 10. Most C++20 functionality is already in place even on GCC 8/9 but some pieces remain around atomic compare-and-exchange with padding bits, modules support, coroutines, using enum, and more implicit moves.
            14 Comments

      • Programming/Development

        • A beginner’s guide to using Vagrant

          Vagrant describes itself as “a tool for building and managing virtual machine environments in a single workflow. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases production parity, and makes the ‘works on my machine’ excuse a relic of the past.”

        • Convert CSV to JSON with miller
        • Android’s commitment to Kotlin

          When we announced Kotlin as a supported language for Android, there was a tremendous amount of excitement among developers. Since then, there has been a steady increase in the number of developers using Kotlin. Today, we’re proud to say nearly 60% of the top 1,000 Android apps contain Kotlin code, with more and more Android developers introducing safer and more concise code using Kotlin.

          During this year’s I/O, we announced that Android development will be Kotlin-first, and we’ve stood by that commitment. This is one of the reasons why Android is the gold partner for this year’s KotlinConf.

        • Google Reaffirms Commitment To Kotlin Programming Language For Android

          Google is continuing to embrace Kotlin programming for Android, making more Android APIs accessible by Kotlin, Jetpack Compose as a UI toolkit catered to Kotlin, and Kotlin extensions for more Google libraries. Google is also working to offer more Kotlin + Android learning material, working with JetBrains on improving the Kotlin code compiler, speeding up the build time of Kotlin code, and other improvements.

        • Python

          • New Project, Who Dis? – Building SaaS #38

            In this episode, we started a brand new project! I had some internet troubles so this “stream” is actually a local recording from my computer. We created a new Django project from scratch and set up Heroku to handle deployments.

            In spite of the streaming trouble, we were able to get a bunch done. We started the project from scratch so we made a repository on GitHub with some .gitignore settings tailored for Python projects.

          • RunSnakeRun for Python3 Out

            So I finally pushed out the Python3/wxPython Pheonix compatible release of RunSnakeRun. The Python3 version has to run Python2 in order to load Python2 pstats dumps, and Meliae doesn’t AFAIK support Python3 yet, so I expect I’ll just drop support for it eventually. The code is now living on GitHub rather than Launchpad.

          • Angular 9 CRUD Tutorial: Consume a Python/Django CRUD REST API

            This tutorial is designed for developers that want to use Angular 9 to build front-end apps for their back-end REST APIs. You can either use Python & Django as the backend or use JSON-Server to mock the API if you don’t want to deal with Python. We’ll be showing both ways in this tutorial.

          • Django: Angular 9/8 Tutorial By Example: REST CRUD APIs & HTTP GET Requests with HttpClient

            In this Angular 9 tutorial, we’ll learn to build an Angular 9 CRUD example application going through all the required steps from creating/simulating a REST API, scaffolding a new project, setting up the essential APIs, and finally building and deploying your final application to the cloud.

          • Comparing equivalent Python statements

            While teaching one of my Python classes yesterday I noticed a conditional expression which can be written in several ways. All of these are equivalent in their behavior…

          • Serving Files with Python’s SimpleHTTPServer Module

            Servers are computer software or hardware that processes requests and deliver data to a client over a network. Various types of servers exist, with the most common ones being web servers, database servers, application servers, and transaction servers.

            Widely used web servers such as Apache, Monkey, and Jigsaw are quite time-consuming to set up when testing out simple projects and a developer’s focus is shifted from producing application logic to setting up a server.

            Python’s SimpleHTTPServer module is a useful and straightforward tool that developers can use for a number of use-cases, with the main one being that it is a quick way to serve files from a directory.

            It eliminates the laborious process associated with installing and implementing the available cross-platform web servers.

            Note: While SimpleHTTPServer is a great way to easily serve files from a directory, it shouldn’t be used in a production environment. According to the official Python docs, it “only implements basic security checks.”

      • Standards/Consortia

        • Mint: Late-Stage Adversarial Interoperability Demonstrates What We Had (And What We Lost)

          In 2006, Aaron Patzer founded Mint. Patzer had grown up in the city of Evansville, Indiana—a place he described as “small, without much economic opportunity”—but had created a successful business building websites. He kept up the business through college and grad school and invested his profits in stocks and other assets, leading to a minor obsession with personal finance that saw him devoting hours every Saturday morning to manually tracking every penny he’d spent that week, transcribing his receipts into Microsoft Money and Quicken.

          Patzer was frustrated with the amount of manual work it took to track his finances with these tools, which at the time weren’t smart enough to automatically categorize “Chevron” under fuel or “Safeway” under groceries. So he conceived on an ingenious hack: he wrote a program that would automatically look up every business name he entered into the online version of the Yellow Pages—constraining the search using the area code in the business’s phone number so it would only consider local merchants—and use the Yellow Pages’ own categories to populate the “category” field in his financial tracking tools.

  • Leftovers

    • In memoriam: D. C. Fontana, the creator of Mr. Spock from Star Trek

      Kat readers younger than I will have come to know the original series through broadcast syndication and, later, via internet access. Whatever the medium, for many, one character stood out, Starfleet officer Spock, as portrayed by Leonard Nimoy.

      The son of a human mother and a Vulcan father, Spock embodied the tension between the emotional (his human side) and the analytical (his Vulcan side), a dichotomy that reaches back to the foundations of the Western philosophical tradition, and which sets the tone for the series.

      [...]

      One wonders to what extent her gender influenced the ultimate decision how to credit her contribution. Indeed, her preference for “D.C. Fontana” over “Dorothy” (or “Dorothy Catherine”) might have been a concession to the challenge of being identified as a woman. Also, in the third season, she worked as a freelance scriptwriter and was credited as Michael Richards.

      Fontana went on to have a distinguished career as a script writer in several genres (including westerns), as well as a producer and novelist. In the words of her husband—
      She was a very, very tough lady. She carried a phaser with her right to the end.
      But it was for her work on Star Trek and the development of the Spock character that she will likely be best remembered. In doing so, as The New York Times reported, Fontana realized only later to what extent-
      she had gone where no woman had gone before.

    • Health/Nutrition

      • The Big Deal in Warren’s Prescription Drug Plan

        Earlier this month, Senator Warren put out a set of steps that she would put forward as president as part of a transition to Medicare for All. The items that got the most attention were including everyone over age 50 and under age 18 in Medicare, and providing people of all ages with the option to buy into the program. This buy-in would include large subsidies, and people with incomes of less than 200 percent of the poverty level would be able to enter the Medicare program at no cost.

      • Donald Trump, the US Private Health Giant, and Top NHS Officials—Special Relationships?

        In the UK, we have a simple take on the US healthcare system as a for-profit, private system that fleeces its customers and fails the poor.But here’s the secret: the US has its own ‘mini NHS’. Smaller than the UK’s system, but still a government funded, (mostly) publicly-run system that serves people according to their need.

      • Catholic Ban on Contraception Is Driving Doctors to Fabricate Diagnoses

        “I don’t know how else to put it, except that people lied all the time.”

      • As Abortion Access Dwindles, App Offers Safe and Discreet Options

        Each year, 25 million unsafe abortions are performed around the world. The rate of unsafe abortions is higher where access to skilled providers and effective contraception is limited or unavailable, or where sexual education is lacking.

      • Avicii Tribute Concert to Be Streamed to Raise Mental Health Awareness

        The Avicii tribute concert was live-streamed on YouTube, Facebook, and Instagram. Tickets to the concert sold out instantly, and proceeds will go to raising mental health awareness.

      • Don’t Look, Don’t See: Time for Honest Media Reporting on Impacts of Pesticides

        The UK-based Independent online newspaper recently published an article about a potential link between air pollution from vehicles and glaucoma. It stated that according to a new study air pollution is linked to the eye condition that causes blindness.

      • Trump Administration Considering Reduction in Biologics Exclusivity Period

        On Monday, The Wall Street Journal reported that the Trump administration is considering reducing the 12-year data exclusivity period for biologic drugs set forth in the Biologics Price Competition and Innovation Act (BPCIA) to ten years. According to The Wall Street Journal, the Trump administration is considering the change in order to persuade Democrats to support the U.S.-Mexico-Canada Agreement (USMCA), a replacement for the North American Free Trade Agreement (NAFTA), that the administration negotiated last year. The USMCA would establish at least a 10-year data exclusivity period for biologic drugs, which would double the exclusivity period in Mexico and increase the exclusivity period in Canada by two years.

    • Integrity/Availability

      • Proprietary

        • Former Oracle product manager says he was forced out for refusing to deceive customers. Now he’s suing the biz

          A former Oracle employee filed a lawsuit against the database giant on Tuesday claiming that he was forced out for refusing to lie about the functionality of the company’s software.

          The civil complaint [PDF], filed on behalf of plaintiff Tayo Daramola in US District Court in San Francisco, contends that Oracle violated whistleblower protections under the Sarbanes-Oxley Act and the Dodd-Frank Act, the RICO Act, and the California Labor Code.

          According to the court filing, Daramola, a resident of Montreal, Canada, worked for Oracle’s NetSuite division from November 30, 2016 through October 13, 2017. He served as a project manager for an Oracle cloud service known as the Cloud Campus BookStore initiative and dealt with US customers. Campus bookstores, along with ad agencies, and apparel companies are among the market segments targeted by Oracle and NetSuite.

          Daramola’s clients are said to have included the University of Washington, the University of Oregon, the University of Texas at Austin, Brigham Young University and the University of Southern California.

          The problem, according to the complaint, is that Oracle was asking Daramola to sell vaporware – a charge the company denies.

          “Daramola gradually became aware that a large percentage of the major projects to which he was assigned were in ‘escalation’ status with customers because Oracle had sold his customers software products it could not deliver, and that were not functional,” the complaint says.

        • Canonical makes Ubuntu for Windows SubSystem for Linux a priority [Ed: GNU/Linux volunteers worked hard to make an alternative to Windows and now comes Ubuntu helping Microsoft make it just an “app” or a “feature” of Windows, with Windows-only “extensions”]

          Ubuntu was the first Linux supported by WSL on Windows 10. Since then, many other Linux distros have appeared on WSL. These include Debian, Fedora, Kali, openSUSE, and SUSE Linux Enterprise Server (SLES), and the WSL-specific distribution, PengWin. Now, from a recent Canonical job advertisement, we know Ubuntu’s founding company wants to be the leading WSL Linux.

        • Still in preview, but look! You can now develop Azure Sphere apps in Linux – if you dare [Ed: Several Microsoft lies packed into one article, even the feature image, and they help googlebomb "Linux" to sell proprietary software of Microsoft]

          Ominously, Microsoft warns that “your success using different distributions may vary”, so Ubuntu it is then. This is preview stuff after all.

        • OAS Expands Its Platform Compatibility with Runtime Support for Linux

          Open Automation Software, a well-established IoT Automation Company, has further expanded its platform compatibility with runtime support for Linux. With this recent development, the company aims to offer superior services to customers who have mixed platform environments. Over the years, Open Automation Software has set a benchmark in the field of industrial automation. Now, the company has expanded its platform compatibility for the enterprises that have both Windows and Linux OS servers.

        • Security

          • Hackers Can Hijack VPN Connections Using A New Linux Vulnerability

            Researchers have found a vulnerability on most Linux distros and *NIX devices which allow hackers to hijack the VPN connections and inject malicious data into the TCP stream.

            The security researchers found the vulnerability in most Linux distributions and operating systems such as Linux, FreeBSD, OpenBSD, macOS, iOS, and Android.

          • Linux security flaw could let VPN connections be hacked

            The Breakpointing Bad cybersecurity research team from the University of New Mexico discovered and reported on a security flaw which could allow malicious actors to hack Virtual Private Network (VPN) connections.

            William J. Tolley, Beau Kujath, and Jedidiah R. Crandall said the flaw impacts Linux, Android, macOS and other Unix-based operating systems and could allow attackers to sniff, hijack and tamper with VPN-tunnelled connections. The vulnerability was named CVE-2019-14899, with the researchers claiming it takes advantage of how operating systems handle unexpected network probes.

          • OpenBSD devs patch authentication bypass bug

            One of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability.

            OpenBSD allowed people access to its smtpd, ldapd, and radiusd programs – which send mail, allow access to user directories, and allow remote access to the computer system. All an attacker needed to do was enter a specific word prefixed by a hyphen as a username.

            Qualys Research Labs found four bugs in BSD Authentication, which is the code that OpenBSD uses to authenticate users. Three of them were local privilege escalation bugs, while the other, CVE-2019-19521, bypassed the authentication system altogether. According to its security advisory, BSD Authentication supports four authentication styles: password, a one-time password mechanism called S/Key, and Yubico’s YubiKey hardware token.

          • Linux Flaw Allows VPN Hijacking

            A number of Linux distributions, including Ubuntu, Fedora, and Debian, contain a newly discovered vulnerability that an attacker could use to determine whether an individual is using a VPN and then potentially hijack that encrypted connection.

            A research team from the University of New Mexico discovered the vulnerability and developed an attack to exploit it. The attack has some specific requirements and relies on some analysis of the traffic going to and from the target device running the VPN client. The attack is confirmed to work against WireGuard and OpenVPN, but the researchers said that the VPN a victim is using doesn’t really matter. The main prerequisite for the attack to work is for the attacker to be able to send unsolicited packets to the victim’s VPN client.

          • New Linux vulnerability lets attackers to hijack VPN connections

            Three researchers from the University of New Mexico and Breakpointing Bad have identified vulnerability in the way Unix and Linux-based operating systems like the macOS handle the TCIP connections. Researchers believe that vulnerability can specifically affect VPN users by hijacking encrypted traffic.

          • New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

            A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote ‘network adjacent attackers’ to spy on and tamper with encrypted VPN connections.
            The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams.
            Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed.
            This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim’s network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted.

          • VPN Bug Affects “Most” Linux Distros

            A team of security researchers from the University of New Mexico has disclosed a new vulnerability that could allow attackers to probe devices and determine various details about the VPN (Virtual Private Network) connection status of a user.

            The security vulnerability (CVE-2019-14899) appears to affect most GNU/Linux distributions, besides FreeBSD, OpenBSD, Android, iOS and macOS systems. William J. Tolley, one of the security researchers, explained in a post that the vulnerability could let attackers to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and also sniff out whether or not there is an active connection to a given website.

          • VPN hijacking on Linux (and beyond) systems
            Hi all,
            
            I am reporting a vulnerability that exists on most Linux distros, and
            other  *nix operating systems which allows a network adjacent attacker
            to determine if another user is connected to a VPN, the virtual IP
            address they have been assigned by the VPN server, and whether or not
            there is an active connection to a given website. Additionally, we are
            able to determine the exact seq and ack numbers by counting encrypted
            packets and/or examining their size. This allows us to inject data into
            the TCP stream and hijack connections.
            
            Most of the Linux distributions we tested were vulnerable, especially
            Linux distributions that use a version of systemd pulled after November
            28th of last year which turned reverse path filtering off. However, we
            recently discovered that the attack also works against IPv6, so turning
            reverse path filtering on isn't a reasonable solution, but this was how
            we discovered that the attack worked on Linux.
            
            Adding a prerouting rule to drop packets destined for the client's
            virtual IP address is effective on some systems, but I have only tested
            this on my machines (Manjaro 5.3.12-1, Ubuntu 19.10 5.3.0-23). This
            rule was proposed by Jason Donenfeld, and an analagous rule on the
            output chain was proposed by Ruoyu "Fish" Wang of ASU. We have some
            concerns that inferences can still be made using slightly different
            methods, but this suggestion does prevent this particular attack.
            
            There are other potential solutions being considered by the kernel
            maintainers, but I can't speak to their current status. I will provide
            updates as I receive them.
            
            I have attached the original disclosure I provided to 
            distros@vs.openwall.org and security@kernel.org below, with at least
            one critical correction: I orignally listed CentOS as being vulnerable
            to the attack, but this was incorrect, at least regarding IPv4. We
            didn't know the attack worked against IPv6 at the time we tested
            CentOS, and I haven't been able to test it yet.
            
            
            William J. Tolley
            Beau Kujath
            Jedidiah R. Crandall
            
            Breakpointing Bad &
            University of New Mexico
            
            
            *************************************************
            
            
            **General Disclosure:
            
            We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS,
            iOS, and Android which allows a malicious access point, or an adjacent
            user,  to determine if a connected user is using a VPN, make positive
            inferences about the websites they are visiting, and determine the
            correct sequence and acknowledgement numbers in use, allowing the bad
            actor to inject data into the TCP stream. This provides everything that
            is needed for an attacker to hijack active connections inside the VPN
            tunnel.
            
            This vulnerability works against OpenVPN, WireGuard, and IKEv2/IPSec,
            but has not been thoroughly tested against tor, but we believe it is
            not vulnerable since it operates in a SOCKS layer and includes
            authentication and encryption that happens in userspace. It should be
            noted, however, that the VPN technology used does not seem to matter
            and we are able to make all of our inferences even though the responses
            from the victim are encrypted, using the size of the packets and number
            of packets sent (in the case of challenge ACKs, for example) to
            determine what kind of packets are being sent through the encrypted VPN
            tunnel.
            
            We have already reported a related vulnerability to Android earlier
            this year related to the issue, which resulted in the assignment of
            CVE-2019-9461, however, the CVE strictly applies to the fact that the
            Android devices would respond to unsolicited packets sent to the user’s
            virtual IP address over the wireless interface, but this does not
            address the fundamental issue of the attack and did not result in a
            change of the reverse path settings of Android as of the most recent
            security update.
            
            This attack did not work against any Linux distribution we tested until
            the release of Ubuntu 19.10, and we noticed that the rp_filter settings
            were set to “loose” mode. We see that the default settings in
            sysctl.d/50-default.conf in the systemd repository were changed from
            “strict” to “loose” mode on November 28, 2018, so distributions using a
            version of systemd without modified configurations after this date are
            now vulnerable. Most Linux distributions we tested which use other init
            systems leave the value as 0, the default for the Linux kernel.
            
            We have described the procedure for reproducing the vulnerability with
            Linux and included a section illustrating the differences in
            architecture.
            
            
            
            There are 3 steps to this attack:
            
            1. Determining  the  VPN  client’s virtual IP address
            2. Using the virtual IP address to make inferences about active
            connections
            3. Using the encrypted replies to unsolicited packets to determine the
            sequence and acknowledgment numbers of the active connection to hijack
            the TCP session
            
            
            
            There are 4 components to the reproduction:
            
            1. The Victim Device (connected to AP, 192.168.12.x, 10.8.0.8)
            2. AP (controlled by attacker, 192.168.12.1)
            3. VPN Server (not controlled by attacker, 10.8.0.1)
            4. A Web Server (not controlled by the attacker, public IP in a real-
            world scenario)
            
            The victim device connects to the access point, which for most of our
            testing was a laptop running create_ap. The victim device then
            establishes a connection with their VPN provider.
            
            The access point can then determine the virtual IP of the victim by
            sending SYN-ACK packets to the victim device across the entire virtual
            IP space (the default for OpenVPN is 10.8.0.0/24). When a SYN-ACK is
            sent to the correct virtual IP on the victim device, the device
            responds with a RST; when the SYN-ACK is sent to the incorrect virtual
            IP, nothing is received by the attacker.
            
            To quickly demonstrate this difference, we use the nping commands on
            the AP device running create_ap. The source IP is the gateway of our
            AP, the destination IP is the virtual IP assigned to the tun interface
            by the VPN client, ap0 is the interface create_ap created on the
            attacker device, and the destination MAC is the victim’s wireless MAC
            address.
            
            For example:
            
            The correct address generates a RST from the victim:
            
            nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.8 --
            rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            The incorrect address does not elicit a response from the victim:
            
            nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.9 --
            rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            Similarly, to test if there is an active connection for any given
            website, such as 64.106.46.56, for example, we send SYN or SYN-ACKs
            from 64.106.46.56 on port 80 (or 443) to the virtual IP of the victim
            across the entire ephemeral port space of the victim. The correct four-
            tuple will elicit no more than 2 challenge ACKs per second from the
            victim, whereas the victim will respond to the incorrect four-tuple
            with a RST for each packet sent to it.
            
            To quickly test this, we suggest creating a netcat connection on the
            victim device, such as this:
            
            Netcat 64.106.46.56 80 -p 40404
            
            The correct four-tuple generates challenge ACKs
            
            nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
            10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            The incorrect four-tuple generates a single RST for each packet sent:
            
            nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
            10.8.0.8 -p 40405 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            Finally, once the attacker determined that the user has an active TCP
            connection to an external server,  we will attempt to infer the exact
            next sequence number and in-window acknowledgment number needed to
            inject forged packets into the connection. To find the appropriate
            sequence and ACK numbers, we will trigger responses from the client in
            the encrypted connection found in part 2. The attacker will continually
            spoof reset packets into the inferred connection until it sniffs
            challenge ACKs. The attacker can reliably determine if the packets
            flowing from the client to the VPN server are challenge ACKs by looking
            at the size and timing of the encrypted responses in relation to the
            attacker's spoofed packets. The victim’s device will trigger a TCP
            challenge ACK on each reset it receives that has an in-window sequence
            number for an existing connection. For example, if the client is using
            OpenVPN to exchange encrypted packets with the VPN server, then the
            client will always respond with an SSL packet of length 79 when a
            challenge ACK is triggered.
            
            The attacker must spoof resets to different blocks across the entire
            sequence number space until one triggers an encrypted challenge ACK.
            The size of the spoof block plays a significant role in how long the
            sequence inference takes, but should be conservative as to not skip
            over the receive window of the client. In practice, when the attacker
            thinks it sniffs an encrypted challenge-ACK, it can verify this is true
            by spoofing X packets with the same sequence number. If there were X
            encrypted responses with size 79 triggered, then the attacker knows for
            certain it is triggering challenge ACKs (at most 2 packets of size 79
            per second).
            
            After the attacker has inferred the in-window sequence number for the
            client's connection, they can quickly determine the exact sequence
            number and in-window ACK needed to inject. First, they spoof empty
            push-ACKs with the in-window sequence while guessing in-window ACK
            numbers. Once the spoofed packets trigger another challenge-ACK, an in-
            window ACK number is found. Finally, the attacker continually spoofs
            empty TCP data packets with the in-window ACK and sequence numbers as
            it decrements the sequence number after each send. The victim will
            respond with another challenge ACK once the attacker spoofs the exact
            sequence number minus one. The attacker can now inject arbitrary
            payloads into the ongoing encrypted connection using the inferred ACK
            and next sequence number.
            
            This can be tested by observing the behavior from this sequence of
            commands, continuing with the same four-tuple:
            
            Using the four-tuple from the previous steps, we send RSTs in the
            sequence number range in blocks of 50,000 until we trigger a challenge
            ACK.
            
            nping --tcp --flags R --source-ip 64.106.46.56 -g 80 --dest-ip 10.8.0.8
            -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12 --seq [SEQ
            RANGE]
            
            If the packet lands in-window, the victim will respond with at most 2
            challenge ACKs per second. These packets are still encrypted and
            originate from the virtual interface, unlike with Android, but we can
            still determine the contents of these packets by their size. The
            encrypted challenge ACK packets are larger than the encrypted RST
            packets. You can run tcpdump on the victim machine to accelerate the
            testing of his process by viewing the actual sequence and
            acknowledgement numbers.
            
            After we have found an in-window sequence number, we locate an in-
            window acknowledgement by spoofing empty PSH-ACKs with the in-window
            sequence number and guessing the acknowledgement number by dividing the
            acknowledgement number space into eight blocks. In most instances,
            seven of these blocks will trigger challenge ACKs, but one of them will
            not, which allows us to quickly determine which block falls within the
            acknowledgement window. We are interested in the block that  does not
            respond with a challenge ACK. This behavior can be observed by using an
            in-window sequence number and an acknowledgement number in the block
            containing the correct acknowledgement number.
            
            nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
            10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
            -seq 12345678 --ack [ACK RANGE]
            
            Finally, using the in-window sequence and acknowledgement numbers, we
            spoof empty PSH-ACKs using the same in-windows acknowledgement number
            and decrementing the sequence number until we trigger another challenge
            ACK. This sequence number is one fewer than the next expected sequence
            number. We can then arbitrarily inject data into the active TCP
            connection.
            
            Continuing with our toy example:
            
            nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
            10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
            -seq [EXACT] --ack [IN-WINDOW] --data-string “hello,world.”
            
            
            
            **Operating Systems Affected:
            
            Here is a list of the operating systems we have tested which are
            vulnerable to this attack:
            
            Ubuntu 19.10 (systemd)
            Fedora (systemd)
            Debian 10.2 (systemd)
            Arch 2019.05 (systemd)
            Manjaro 18.1.1 (systemd)
            
            Devuan (sysV init)
            MX Linux 19 (Mepis+antiX)
            Void Linux (runit)
            
            Slackware 14.2 (rc.d) 
            Deepin (rc.d)
            FreeBSD (rc.d) 
            OpenBSD (rc.d) 
            
            This list isn’t exhaustive, and we are continuing to test other
            distributions, but made usere to cover a variety of init systems to
            show this is not limited to systemd.
            
            
            
            **Operating System Variations:
            
            The behavior is slightly different on other operating systems. Here is
            a summary of the differences:
            
            Android: In the first phase of the attack, Android responds with
            unencrypted RSTs to unsolicited SYN-ACKs for the correct port and ICMP
            packets for the incorrect one. For the second phase, it will respond
            with RSTs on the correct four-tuple.
            
            MacOS/iOS: The first phase of the attack does not work as described
            here, but you can use an open port on the Apple machine to determine
            the virtual IP address. We use port 5223, which is used for iCloud,
            iMessage, FaceTime, Game Center, Photo Stream, and push notifications
            etc.
            
            We know the phone will communicate with one of the push notification
            servers on port 5223, and have observed that on MacOS, the port used on
            the victim device is not the same as the port used to connect to the
            VPN server, but is very close (in our testing it has always been within
            10).
            
            nping --tcp --flags SA --source-ip 17.57.144.[84-87] -g 5223 --dest-ip
            10.8.0.8 -p [X] --rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
            
            For iOS devices, it does not follow this convention for choosing the
            client’s source port, but always choose a port between ~48000-50000
            (our testing on iOS 13.1 was between 48162-49555).
            
            FreeBSD: The first two phases work essentially the same as Linux,
            however, for the last phase, the ACK number is not needed at all, so
            that piece of phase three can be skipped.
            
            OpenBSD: OpenBSD responds to spoofed SYN packets to the correct virtual
            IP with unencrypted RST packets, and the incorrect virtual IP elicits
            unencrypted NTP packets or nothing at all for the first part of the
            attack. For the second part, the responses are encrypted, but we can
            still determine which packets are challenge ACKs from the packet size,
            as with Linux. Connections can be reset by sending a RST with the
            correct sequence number.
            
            
            
            **Possible Mitigations:
            
            1. Turning reverse path filtering on
            
            Potential problem: Asynchronous routing not reliable on mobile devices,
            etc. Also, it isn’t clear that this is actually a solution since it
            appears to work in other OSes with different networking stacks. Also,
            even with reverse path filtering on strict mode, the first two parts of
            the attack can be completed, allowing the AP to make inferences about
            active connections, and we believe it may be possible to carry out the
            entire attack, but haven’t accomplished this yet.
            
            2. Bogon filtering
            
            Potential problem: Local network addresses used for vpns and local
            networks, and some nations, including Iran, use the reserved private IP
            space as part of the public space.
            
            3. Encrypted packet size and timing
            
            Since the size and number of packets allows the attacker to bypass the
            encryption provided by the VPN service, perhaps some sort of padding
            could be added to the encrypted packets to make them the same size.
            Also, since the challenge ACK per process limit allows us to determine
            if the encrypted packets are challenge ACKs, allowing the host to
            respond with equivalent-sized packets after exhausting this limit could
            prevent the attacker from making this inference.
            
            
            We have prepared a paper for publication concerning this
            vulnerability and the related implications, but intend to keep it
            embargoed until we have found a satisfactory workaround. Then we will
            report the vulnerability to oss-security@lists.openwall.com. We are
            also reporting this vulnerability to the other services affected, which
            also includes: Systemd, Google, Apple, OpenVPN, and WireGuard, in
            addition to distros@vs.openwall.org for the operating systems affected.
            
            Thanks,
            
            William J. Tolley
            Beau Kujath
            Jedidiah R. Crandall
            
            Breakpointing Bad &
            University of New Mexico
            
          • New Linux vulnerability puts VPN connections at risk of hijacking

            Furthermore, the research team also identified the SEQ and ACK numbers from inspecting the encrypted packet size and number and managed to inject data into the TCP steam, which led to the hijacking of the connection. This means VPN technology was ineffective in preventing the attack since even encrypted packets could be assessed.

            After testing on Manjaro 18.1.1, CentOS, and Ubuntu 19, researchers discovered that the exploit was applicable to both IPv4 and IPv6. Other systems that are vulnerable to exploitation include Void Linux, Debian 10.2, Slackware 14.2, Arch 2019.5, MX Linux 19, Deepin, Fedora, Devuan, FreeBSD, and OpenBSD. They will be testing the effectiveness of the exploit against Tor as well.

          • Attackers using Linux Vulnerability to Hijack VPN Connections
          • Linux VPN connections can be hacked

            Insecurity experts at Breakpointing Bad have found aa new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

            The security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android.

            A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

          • VPN connections could be hacked due to Linux security flaw

            A new vulnerability that could allow potential attackers to hijack VPN connections on affected NIX devices and inject arbitrary data payloads into IPv4 and Ipv6 TCP streams has been discovered by security researchers.

            The researchers disclosed the security flaw they detected, tracked as CVE-2019-14899, to Linux distro makers, the Linux kernel security team and to others that are impacted including systemd, Google, Apple, OpenVPN and WireGuard.

          • Unix-like Systems Vulnerable to VPN Inferring and Hijacking Attacks

            Three researchers from Breakpointing Bad and the University of New Mexico have discovered a vulnerability that exists in Linux and Unix-like operating systems like Android and macOS. Given the tracking code “CVE-2019-14899”, the flaw resides in the routing table code and the TCP code that is present in these systems. The vulnerability allows an attacker to perform traffic analysis via clever use of encrypted DNS queries in conjunction with error messages, leading to the sniffing of open TCP connection information. The attack was discovered quite a while back, but the researchers disclosed it publicly now, and after they allowed the vendors some time to plug the holes.

          • Researchers say VPN bug affects Linux, Unix systems
          • Linux Bug Opens Most VPNs to Hijacking

            In a coffee-shop scenario, attackers can hijack “secure” VPN sessions of those working remotely, injecting data into their TCP streams.

            A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers.

            According to researchers at University of New Mexico and Breakpointing Bad, the bug (CVE-2019-14899), “allows…an attacker to determine if…a user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.”

          • New vulnerability lets attackers sniff or hijack VPN connections
          • Researchers find a new Linux vulnerability that allows attackers to sniff or hijack VPN connections

            On Wednesday, security researchers from the University of New Mexico disclosed a vulnerability impacting most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. This Linux vulnerability can be exploited by an attacker to determine if a user is connected to a VPN and to hijack VPN connections.

            The researchers shared that this security flaw tracked as CVE-2019-14899, “allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.” Additionally, attackers can determine the exact sequence and acknowledgment numbers by counting encrypted packets or by examining their size. With this information in hand, they can inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

          • Cyber Security Today – An email gift card scam, please stop re-using passwords and more open data found on Amazon storage

            Welcome to Cyber Security Today. It’s Friday December 6th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

          • NetworkManager Adds Support For Enhanced Open / Opportunistic Wireless Encryption

            Opportunistic Wireless Encryption (OWE) provides a means of encrypting wireless data transfers without having any secret/key. Opportunistic Wireless Encryption is advertised as Wi-Fi Certified Enhanced Open.

            This OWE / “Enhanced Open” standard is now supported by NetworkManager for allowing supported devices connecting to Linux systems to make use of this means of opportunistic encryption. The Wi-Fi CERTIFIED Enhanced Open has been around just since summer of 2018 to better secure open WiFi networks. More details on the standard can be found via Wi-Fi.org.

          • Security updates for Friday

            Security updates have been issued by Debian (libav), Fedora (kernel, libuv, and nodejs), Oracle (firefox), Red Hat (firefox and java-1.7.1-ibm), SUSE (clamav, cloud-init, dnsmasq, dpdk, ffmpeg, munge, opencv, and permissions), and Ubuntu (librabbitmq).

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Hackers Exploit New Linux Vulnerability To Hijack VPN Connections [Ed: Techworm misreporting, as usual. There are no known attacks]

              The attack has been reported to work against several popular VPN solutions, including OpenVPN, IKEv2/IPSec, and WireGuard.

              However, the researchers are still testing their viability against Tor, as it works in a SOCKS layer and implements authentication and encryption that takes place in userspace.

              “It should be noted, however, that the VPN technology used does not seem to matter and we are able to make all of our inferences even though the responses from the victim are encrypted, using the size of the packets and number of packets sent (in the case of challenge ACKs, for example) to determine what kind of packets are being sent through the encrypted VPN tunnel,” clarifies the research team.

          • Privacy/Surveillance

    • Defence/Aggression

      • Envisioning a United World

        Let’s bomb Iowa! Or maybe Texas or Michigan or Nebraska . . .

      • The Hillsborough Soccer Tragedy: Who is Responsible?

        Who was responsible for the deaths of 96 people and the hundreds injured in the collapse of stands at a soccer match in England in 1989? A jury at the Preston Crown Court in England last week exonerated David Duckenfield for responsibility for the Hillsborough tragedy. A 1991 inquiry said it was accidental and not caused by the rush of Liverpool fans; a 2016 inquest said it was disorganization and negligence by the police who ordered one of the exit gates to be opened, and David Duckenfield, the match commander for the local police, was judged not guilty.

      • As Impeachment Looms, 350 Mental Health Professionals Warn Congress That Nuclear-Armed Trump ‘A Threat to Safety of Our Nation’

        “We are convinced that, as the time of possible impeachment approaches, Donald Trump has the real potential to become ever more dangerous.”

      • Today’s Republican Party Preserves US Legacy of Slavery and Imperialism

        On the Thursday of the second week of the House Intelligence Committee’s impeachment hearings, former U.S. Attorney Preet Bharara had a special guest on his weekly podcast, Carl Bernstein. It was Bernstein, with fellow Washington Post journalist Bob Woodward, whose reporting broke open the story of how the Committee to Re-elect the President burglarized Democratic Party headquarters at the Watergate office building in Washington, D.C. That reporting and the impeachment hearings that followed eventually forced President Richard Nixon to resign in disgrace in 1974. Bharara wanted to hear about what differences Bernstein sees between the Nixon impeachment proceedings and Donald Trump’s today.

      • ICC Holds Hearing on Afghanistan War Crimes, Including US Torture

        The International Criminal Court (ICC) opened a three-day hearing in the The Hague, Netherlands on Wednesday at which prosecutors and Afghan torture victims are attempting to convince the court to overturn a previous decision to refuse to investigate war crimes committed by Taliban, Afghan government and US forces.

      • U.S. Considers Sending Several Thousand More Troops to Mideast

        The Pentagon is considering sending several thousand additional troops to the Middle East to help deter Iranian aggression, amid reports of escalating violence in Iran and continued meddling by Tehran in Iraq, Syria and other parts of the region.

      • ‘This Isn’t How You End the Endless War’: Trump Weighs Plan to Send 14,000 More US Troops to Middle East

        “Trump ran on ending these endless wars. But he’s sending more troops to the Middle East, making yet another war there more likely.”

      • Everyone Should Watch The Report. Take It From a Guantánamo Bay Lawyer

        Here’s a quiz question: how many famous songs, or films, can you name that address the serious contemporary issues of torture and rendition? There aren’t many. When I think of music in connection with our US secret prisons, it is the kind blasted at prisoners at deafening volume, all day and night.

    • Environment

    • Finance

      • ‘Victory for the People’: Michigan Court Rejects Nestlé’s Claim That Privatizing Local Town’s Water Provides ‘Essential Service’

        “Allowing a corporation to bottle our water just to sell it back to us is hardly an ‘essential service.’”

      • The U-Turn That Made America Staggeringly Unequal

        Wealth in America has concentrated — and dramatically so — over the past four decades. Since 1980, note wealth researchers Emmanuel Saez and Gabriel Zucman, the top 0.1 percent share of the nation’s total wealth has more than doubled, from under 10 percent in 1980 to over 20 percent today. In a nation of over 125 million households, just one ten-thousandth of those households — some 12,500 — now control over 10 percent of our wealth.

      • Big Rallies and Big Differences in Germany

        Looking out my window at the wide Karl Marx Allee boulevard below, I have seen many a big May Day parade march by in the old GDR days, and many a passing bicycle race or Marathon. Recently, for the first time, I saw a slow, endless column of green or yellow tractors. I learned later that 5600 of them, after blocking traffic while driving in from North, South, East and West Germany, had converged at the Brandenburg Gate, parked in orderly rows and then voiced their demands: “Fewer or better pesticides, OK! Less or better fertilizers, also OK! We too want to save our planet. But not without consulting with us, who are fighting a bitter battle against monopoly agriculture giants and monopoly retailing giants which are threatening the survival of us family farmers.”

      • Sweden Offers Free Higher Ed, Universal Health Care, Daycare — Why Can’t the US?

        Medicare for All and tuition-free universities have been at the core of the 2020 Democratic presidential campaigns, creating a stark division between progressive candidates and their centrist counterparts. Senators Bernie Sanders and Elizabeth Warren have proposed to make Medicare for All and public universities cost-free by taxing massive corporations and the super wealthy, and earlier this year, Sanders introduced legislation that would cancel student loan debt. His plan would be paid for with a new tax on Wall Street, he says. It would also make public universities and community colleges free — a key pillar of Sanders’s 2020 education platform. These proposals are not radical ideas in Sweden, a country that has built one of the world’s most extensive social welfare systems. In Sweden, healthcare costs are largely subsided by the state. Daycare and preschool programs are mostly free. College and university are free. Public transportation is subsidized for many users. To explain how Sweden does it, we speak with Mikael Törnwall, Swedish author and journalist focusing on economic issues at Svenska Dagbladet, a Stockholm daily newspaper. His most recent book is titled Who Should Pay for Welfare?

      • Denouncing Macron’s Neoliberal Pension Reforms, Hundreds of Thousands of Striking Workers Bring France to a Halt

        “We have one of the best pension systems in the world, if not the best. Yet the president has decided, purely out of ideology, to wipe it out.”

      • ‘Flat-Out Corruption’: DeVos Accused of Scheming to Stop Next President From Canceling Student Loan Debt

        “Normally the rich are moderately more subtle about rigging the system in their favor. They’re scared.”

      • Trump’s SNAP Cuts
    • AstroTurf/Lobbying/Politics

      • Investigation Uncovers Israel-Based Group Behind Bigoted Facebook Smear Campaign Aimed at US Muslim Congresswomen

        “The goal of these anti-Muslim hate campaigns is clear—they put Muslim lives here and around the world at risk and undermine our country’s commitment to religious pluralism.”

      • Inside the Battle for Another World

        A succession of social upheavals over the last decade has radically realigned political power throughout the world. As a result of these tectonic shifts, what had once been on the furthest fringes of the right has now moved toward the center while the left has been pushed to the margins. “Things fall apart; the centre cannot hold,” poet William Yeats wrote…

      • Protocols of the Elders of the Republican Party

        How do the horrific events of Charlottesville, the shooting at the Tree of Life Synagogue in Pittsburgh, and a similar hate crime in California directly relate to the eye-rolling pronouncements by Devin Nunes, Rudy Giuliani, and other Republicans in defense of President Donald Trump?

      • “It’s On”: Pelosi Officially Asks Nadler to Prepare Articles of Impeachment

        “The president leaves us no choice but to act.”

      • The Most Important Election in British History

        Democracy in Britain has never been particularly strong or vibrant. Yet, for the first time in decades, the British people face a real choice at the ballot box in December. It wasn’t long ago that any possibility of radical change was excluded from the outset.

      • Bernie Sanders Tops New California Poll—But You Wouldn’t Have Known It By Reading This LA Times Headline

        In latest #BernieBlackout example, Sanders’ deputy campaign manager notes it took major newspaper “three paragraphs to mention who is leading.”

      • Kerry Endorses Biden as Ad Cites NATO Leaders Mocking Trump

        John Kerry, the former secretary of state and 2004 Democratic presidential nominee, endorsed Joe Biden for president on Thursday, buoying the former vice president’s argument that his international experience should be a deciding factor for voters in 2020.

      • New York’s Other Hopelessly Corrupt Candidate

        For better or worse, New York City has produced some of the biggest names in contemporary U.S. politics. From President Donald Trump and his conspirator-in-corruption Rudy Giuliani, all the way to Rep. Alexandria Ocasio-Cortez and Sen. Bernie Sanders (the latter has spent most of his life in Vermont, of course, but is a New Yorker to the core), politicians from across the political aisle have hailed from the Big Apple.

      • A Playboy Misrules Pakistan

        Unlike Western press practices, Pakistan’s privacy traditions constrain a robust discussion of the private lives of celebrities in electronic or print media. However, hush-hush gossip, group text messages, and social media in Pakistan are as brutal as anywhere else in the world. As such private lives of political leaders, such as Prime Minister Imran Khan (IK), remain shrouded in an unsortable mixture of fabrications and truths. For the most part, the Pakistani public ignores the private lives of favored leaders, including IK.

      • Biden Campaign’s “World Is Laughing at Donald Trump” Video Wins Viral Moment

        “They see him for what he really is: dangerously incompetent and incapable of world leadership.”

      • Burundi: Elections ‘Levy’ Opens Door to Abuse

        Local officials and members of the widely feared youth wing of Burundi’s ruling party have extorted donations for the upcoming 2020 elections, in many cases with threats or force.

      • The Mad Activist Impeaches Western Culture
      • Look Out for the Drift

        In the mid-nineties, after receiving a BA in psychology, psychopathology was on my mind daily. I worked at a group home for psychiatrically diagnosed teens in Queens, New York; later as a psychiatric rehab counselor for adults transitioning from group homes to independent living in the South Bronx. My experiences were disturbing enough to make me leave that counselor career path and drift from one job to another—finally end up as a poet, with society and politics being main interests. How could they not be: my family is from Puerto Rico. If government is, indeed, now just a big business, the tiny defenseless island of Puerto Rico has received a brutally raw deal since its occupation in 1898. It’s difficult to see your mother raped by someone you are supposed to trust—a neighbor you were taught was moral and good.

      • Impeachment of Trump Appears Inevitable in the House

        The House Judiciary Committee convened Wednesday for eight and a half hours of testimony to discuss what the Constitution requires for impeachment. It was an exercise that didn’t reveal any new information on the investigation, but rather laid out the legal justification for Trump’s potential impeachment. The hearing underscored that any eventual impeachment will most likely be partisan. Judiciary Committee Republicans continued the House GOP’s approach of raising procedural complaints and bad-faith attacks on the Democratic witnesses, while the Republican witness argued there isn’t sufficient evidence to justify impeaching Trump. But Democrats made a strong case for the obligation Congress has to impeach, given Trump’s conduct. The three Democratic witnesses all argued that Trump has not only committed impeachable offenses, but that the gravity of the president’s abuse of power made impeachment utterly necessary.

    • Censorship/Free Speech

      • Gen Z and Free Speech

        The Knight Foundation released a study that details the attitudes surrounding free speech in our precious young people today. Generational tension is on the rise as young people confront the richer and more conservative “Boomer” generation. Among the many divides is the attitude towards free speech.

      • TikTok Secretly Hid Content From Fat, Queer, and Disabled Users

        TikTok has admitted it adopted a set of policies to suppress the content of ‘vulnerable’ creators. TikTok says the policy was to prevent cyberbullying but hints at censorship.

      • Russian lawmakers adopt legislation imposing massively higher fines on violations by ‘foreign agent’ news media

        The State Duma has adopted the third and final draft of legislation that imposes fines as high as 5 million rubles ($78,300) for repeated violations of Russia’s media laws pertaining to “foreign agents.” 

      • Russia’s Council of Judges advocates new protections for the judiciary against ‘biased journalists’

        Russia’s Council of Judges has developed a new draft concept for the judicial system’s information policies in the next decade, says the newspaper Vedomosti, citing the document. Among other things, the federal agency wants to impose legal liability on mass media outlets and journalists for “pressuring” courts through “negative content published for money.” The council argues that Russia’s judges need additional protection from “biased publications.”

      • [Reposted, different site] We Need To Save .ORG From Arbitrary Censorship By Halting the Private Equity Buy-Out

        The .ORG top-level domain and all of the nonprofit organizations that depend on it are at risk if a private equity firm is allowed to buy control of it. EFF has joined with over 250 respected nonprofits to oppose the sale of Public Interest Registry, the (currently) nonprofit entity that operates the .ORG domain, to Ethos Capital. Internet pioneers including Esther Dyson and Tim Berners-Lee have spoken out against this secretive deal. And 12,000 Internet users and counting have added their voices to the opposition.

        What’s the harm in this $1.135 billion deal? In short, it would give Ethos Capital the power to censor the speech of nonprofit organizations (NGOs) to advance commercial interests, and to extract ever-growing monopoly rents from those same nonprofits. Ethos Capital has a financial incentive to engage in censorship—and, of course, in price increases. And the contracts that .ORG operates under don’t create enough accountability or limits on Ethos’s conduct.

      • ‘Let’s look in the mirror’ A young Russian YouTuber who faces four years in prison for ‘extremism’ delivers a powerful courtroom speech

        On December 4, Moscow’s Kuntsevsky District Court continued hearing the case against 21-year-old Higher School of Economics (HSE) student and libertarian YouTube personality Egor Zhukov. Zhukov stands accused of issuing public calls for extremism: Prosecutors have argued that his videos on nonviolent resistance were motivated by “political hatred and enmity to the constitutional structure extant in the Russian Federation” as well as a desire to destabilize the country’s social and political order.

      • Devin Nunes’ Virginia SLAPP Suits Causing Virginia Legislators To Consider A New Anti-SLAPP Law

        We’ve been covering all the various SLAPP suits filed by Devin Nunes against his critics, journalists, political operatives, and (most famously) a satirical internet cow. As we’ve noted, despite Nunes being a Representative from California, and despite the fact that many of the people and companies he’s targeting are California-based, he’s filed most of the suits in Virginia state court. The reasons for this seemed fairly obvious to many commentators. Virginia has a very weak anti-SLAPP law. California has a very robust one.

      • Kyrgyzstan: Blogger Faces Incitement Charges

        A blogger in Kyrgyzstan who wrote about corruption on social media is facing charges of inter-regional incitement, Human Rights Watch said today. The blogger, Aftandil Zhorobekov, was detained on November 24, 2019 by Kyrgyzstan’s State Committee for National Security (GKNB) and held in pretrial detention until being placed under house arrest on December 5, with the charges against him still standing.

      • IP and the controversial “Hate Speech Bill” in Nigeria

        As some readers may be aware, many Nigerians are vehemently opposed to the National Commission for the Prohibition of Hate Speeches Bill, 2019 (SB. 154) (the “Hate Speech Bill”), which recently passed second reading in the Nigerian Senate. There have been complaints that the offences created under the Bill seek to silence criticism and free speech and that the establishment of a Commission to curb hate speech under the Bill is a waste of resources.

        [...]

        IPRs holders may be imprisoned for life or punished with death by hanging where they produce (see section 3 of the Bill for all the verbs) written or visual material that is threatening, abusive or insulting and intended to stir up ethnic hatred against any person or person from an ethnic group in Nigeria. [Death by hanging only applies to where the hate speech leads to the death of another person]. The Bill offers no guidance on how a court may determine what constitutes “threatening, abusive or insulting” material and/or how intention to stir up ethnic hatred may be determined. As opined here, proving the commission of a crime requires that the prosecution show that the accused person(s) is responsible for the actus reus (physical act) and had the mens rea (guilty mind or intention). Proving the intention to stir up ethnic hatred may not be so straightforward. Nigeria has over 250 ethnic groups: would/should the court be invited to consider history of inter-ethnic relations to decide subjects that would stir up ethnic hatred?

        [...]

        However, the powers of the Commission in the case of receiving contravention complaints may in some sense be quasi-judicial. Persons who are directly aggrieved or who claim that the Bill has been contravened may lodge a complaint with the Commission. See sections 37 and 38 of the Bill. The Commission may decline to entertain complaints that are frivolous or lacking in substance or, that may be more appropriately dealt with by the court. See section 39. Under section 45, the Commission must ensure that it attempts conciliation regarding complaints lodged with it. After hearing the representation of the parties to a complaint, the Commission may issue a compliance notice under section 50 of the Bill. Where parties fail to comply with the compliance notice, the Commission needs an order of the Magistrate’s court or other court to compel such compliance. See section 52 of the Bill.

        Given these circumstances, it may be apt to argue the establishment of the Commission is a waste of resources. By and large, the Hate Speech Bill is still going through the legislative process and nothing is cast in stone (yet).

    • Freedom of Information / Freedom of the Press

      • Spying on Assange: the Spanish Case Takes a Turn

        Judge José de la Mata of Spain’s High Court, the Audiencia Nacional, had been facing a good deal of stonewalling on the part of his British colleagues. He is overseeing an investigation into the surveillance activities of a Spanish security firm aimed at WikiLeaks founder, Julian Assange, during his stay at the Ecuadorean embassy in London.

    • Civil Rights/Policing

      • ‘Make America 36th Out of 41 Developed Nations Again’: Social Justice Index of Developed Nations Puts US Near Bottom

        Meanwhile, the democratic-socialist Nordic countries of Iceland, Norway, Denmark, Finland, and Sweden enjoy the top spots in detailed survey of OECD nations.

      • The Activists Guiding Us Through These Dark Days

        Over 1,000 people packed into the historic Cirkus Arena in downtown Stockholm Wednesday night. It wasn’t for the building’s original purpose, an actual circus, or for a rock concert, which is one of the contemporary uses of the building. What drew this remarkable cross section of Swedish society, as well as people from around the world? Activism. Courage. Passion.

      • US Official Threatens Communities That Don’t ‘Respect’ Police

        On Tuesday, Attorney General of the United States William Barr warned that if Americans don’t give more “support and respect” to police, “they might find themselves without the police protection they need.”

      • Indonesia Arrests Yet More Indigenous Papuans

        The list of political prisoners in Indonesia’s West Papua and Papua provinces is growing higher, as at least 110 people were arrested for raising the Papuan national flag over the weekend.

      • Edward Snowden: In the US, I Would Likely Die in Prison for Telling the Truth

        The Right Livelihood Awards celebrated their 40th anniversary Wednesday at the historic Cirkus Arena in Stockholm, Sweden, where more than a thousand people gathered to celebrate this year’s four laureates: Swedish climate activist Greta Thunberg; Chinese women’s rights lawyer Guo Jianmei, Brazilian indigenous leader Davi Kopenawa and the organization he co-founded, the Yanomami Hutukara Association; and Sahrawi human rights leader Aminatou Haidar, who has challenged the Moroccan occupation of Western Sahara for decades. The Right Livelihood Award is known as the “Alternative Nobel Prize.” Over the past four decades, it’s been given to grassroots leaders and activists around the globe — among them the world-famous NSA whistleblower Edward Snowden. At Wednesday’s gala, Amy Goodman interviewed Snowden in front of the award ceremony’s live audience via video link from Moscow, where he has lived in exile since leaking a trove of secret documents revealing the U.S. government’s had built an unprecedented mass surveillance system to spy on Americans and people around the world. After sharing the documents with reporters in 2013, Snowden was charged in the U.S. for violating the Espionage Act and other laws. As he attempted to flee from Hong Kong to Latin America, Snowden was stranded in Russia after the U.S. revoked his passport, and he has lived there ever since. Edward Snowden won the Right Livelihood Award in 2014, and accepted the award from Moscow.

      • No Free Pass for North Korea’s Abuses

        The United Nations Security Council has an opportunity this month to refocus attention on North Korea’s abysmal human rights record after giving it a pass last year.

      • Inside the Cell Where a Sick 16-Year-Old Boy Died in Border Patrol Care

        Carlos Gregorio Hernandez Vasquez, a 16-year-old Guatemalan migrant, was seriously ill when immigration agents put him in a small South Texas holding cell with another sick boy on the afternoon of May 19.

      • These Cops are Supposed to Protect Rural Villages. They’re in the Suburbs Instead.

        WASILLA, Alaska — The man appeared around dinnertime in the parking lot of the city Police Department, asking to see a cop. Another fight with his wife. Nothing violent, he said, but she threatened to carve a word in the paint of his luxury pickup: CHEATER.

        Maybe an officer could go talk to her? A routine request on a routine night for the Police Department of this small suburban city, made famous by former Mayor Sarah Palin. (She lives up the road.)

      • R. Kelly Accused of Bribing a Public Official to Marry Aaliyah at Age 15

        R&B singer R. Kelly is now facing bribery charges for the fake ID he used to marry Aaliyah. The charges were revealed in an unsealed indictment this afternoon.

      • Professor Turley Is Dead Wrong on Impeachment and Here’s Why

        In his opening statement emphasizing the importance of legal standards, George Washington University constitutional law professor Jonathan Turley claimed that impeaching, “a president on this record would expose every future president to the same type of inchoate impeachment” and warned, “I hope you will consider what you will do when the wind blows again…”

      • The Twenty-First-Century Legacies of America’s Twin Sins

        On the Thursday of the second week of the House Intelligence Committee’s impeachment hearings, former U.S. Attorney Preet Bharara had a special guest on his weekly podcast, Carl Bernstein. It was Bernstein, with fellow Washington Post journalist Bob Woodward, whose reporting broke open the story of how the Committee to Re-elect the President burglarized Democratic Party headquarters at the Watergate office building in Washington, D.C.  That reporting and the impeachment hearings that followed eventually forced President Richard Nixon to resign in disgrace in 1974. Bharara wanted to hear about what differences Bernstein sees between the Nixon impeachment proceedings and Donald Trump’s today.

      • Be Best, My Ass

        OK, we are now and truly done with the con man and his vile hooker squatting in the White House. Having stayed silent through endless atrocities – rapes, lies, cruelty, racism, bullying, leaving families hungry, caging 70,000 children and killing six…

      • ‘Impeach Trump for This’: Video Shows Final Hours of Teen’s Horrible Death in US Immigration Detention Center

        Contrary to claims by Border Patrol, “they didn’t take him to the hospital. They didn’t release him. They didn’t even seem to check on him as he was dying on the floor of his cell.”

      • Video Shows Teen’s Horrible Death in U.S. Immigration Detention Center

        Footage from an immigrant detention center in Texas obtained by Pro Publica and published online Thursday shows the final hours of 16-year-old Carlos Gregorio Hernandez Vasquez—who died from complications of the flu while in custody—but also strongly indicates the border patrol agents responsible for his care lied about what happened that night.

      • Mexican Immigration Officials Destroy Asylum Seekers’ Tents

        Mexican immigration officials arrived at a refugee camp in Matamoros, Mexico early Tuesday morning bearing machetes used to destroy unoccupied tents left behind by Mexican asylum seekers, according to multiple camp residents who witnessed the event.

      • France Drops Plan to Give Boats to Libya

        France’s decision last week to withdraw its offer of six boats to the Libyan Coast Guard is good news, as Libya could have used this “gift” to subject even more migrants and refugees to serious abuses in Libya.

      • Fred Hampton: “Peace To You…If You’re Willing to Fight For It

        It was 50 years ago that Chicago cops executed Black Panther Chairman Fred Hampton as he slept, firing over 90 shots into his apartment for the crimes of feeding hungry kids, opening medical clinics, forming a Rainbow Coalition and championing black self-determination. Targeted by the FBI as a danger who could “electrify the masses,” Hampton vowed to fight racism with

      • NYPD Finally Releases A Body Camera Policy That Gives The Department Plenty Of Ways To Withhold Footage

        The NYPD has finally finalized its body-worn camera footage release policy. It’s not much better than its initial public offering, which sought public input and then ignored every bit of the public’s input to craft an officer-friendly deployment policy that left the act of recording to officer discretion.

      • This Judge Is Married to the Sheriff. Ethics Complaints Have Piled Up.

        Two years ago, the Chester County Sheriff’s Office in South Carolina accused a pair of lower-court judges of unfairly blocking the sheriff’s requests for criminal warrants.

        A top deputy planned to file a complaint with the chief magistrate and the local state senator, who controls the county’s judicial appointments. But before doing so, the deputy turned to an unlikely ally to help craft his appeal: Magistrate Angel Underwood.

      • American WeChat Users Getting Banned For Celebrating Hong Kong Election Results

        The recent election in Hong Kong may have scored some wins for pro-democracy candidates, but supporters of protesters and newly-elected candidates still aren’t able to do much celebrating on social media. WeChat, the massively popular messaging app owned by China’s Tencent, is apparently censoring posts and shutting down pro-democracy accounts.

      • ALEC-Crafted Laws Could Send Me to Prison for a Decade for My Activism

        This week, corporate executives and legislators from around the country are gathering in Scottsdale, Arizona, for the American Legislative Exchange Council’s (ALEC) annual States and Nation Policy Summit, where they will craft policies to introduce into state legislatures. More than a dozen groups have protested outside the meeting. ALEC is a shadowy group — meeting in secret, hiding its membership, and prohibiting journalists and the public from observing its activities. Various watchdogs have increasingly exposed ALEC’s undemocratic nature. What has received less attention, however, are the policies that emerge from ALEC.

      • Black Back Room Deals Must Not Stifle Right To Die With Dignity: Philip Nitschke

        Culture is crucial to Indigenous Australia, but it doesn’t give a handful of black leaders the right to scuttle laws to assist everyone the right to die with dignity, writes Dr Philip Nitschke.

    • Internet Policy/Net Neutrality

      • AT&T Says The Real Problem With The Internet Is We Pay Too Much Attention To Giant ISPs

        As Silicon Valley giants like Google and Facebook face all manner of (justified) regulatory scrutiny, telecom has been able to somehow remove itself from the conversation, despite engaging in many of the same (if not worse) behaviors over the years. While Congress obsesses about new ways to regulate “big tech,” the US government has oddly been busy neutering all oversight of “big telecom”. That’s at least partially by design; giants like AT&T and Comcast have spent years pushing for the hyper regulation of companies telecom increasingly competes with in the online ad space.

    • Monopolies

      • CJEU rules that “aceto” and “balsamico” are not individually protectable components of PGI “Aceto Balsamico di Modena”

        Yesterday, the Court of Justice of the EU (CJEU) issued its decision in Case C-432/18, Consorzio Tutela Aceto Balsamico di Modena v Balema GmbH [here]. The decision sets important limitations on the scope of protection of the Protected Geographical Indication (PGI) “Aceto Balsamico di Modena” and for PGI’s registered in a similar manner, because the Court held that individual components of this PGI are not protected.

        Background to the case

        Balema is a German producer of balsamic vinegar and markets its products as “Balsamico” or “Deutscher Balsamico”. The consortium of producers of Modena balsamic vinegar hold the PGI for “Aceto Balsamico di Modena (PGI)”, which enjoys protection under Regulation 1151/2012 (the Agricultural Foodstuff Regulation). It was registered under its predecessor and, as is common practice for European geographical indications, on the conditions set forth in the granting regulation, 583/2009. The consortium sued Balema in Germany and the Federal Supreme Court asked the CJEU whether the protection for “Aceto Balsamico di Modena” extends to the use of individual, non-geographical components of this term.

      • One-minute survey: Does judicial recruitment need a shake-up?

        The England and Wales High Court is in need of IP specialist judges. But with the courts facing a wider recruitment issue, filling the gap is not easy.

        Factors including pay and changes to pension arrangements mean there is a lack of candidates who want to become a judge. The UK’s Ministry of Justice has itself cited “very strong evidence” for recruitment difficulties in the High Court.

      • Mandatory mediation in Greece: Odysseus reaches Ithaca

        We have previously reported on Greece’s legislative initiative to introduce mandatory mediation in certain civil and commercial disputes, including trademark infringement disputes.

        The respective law, 4512/2018, had been enacted, but its entry into force was postponed, following reactions of lawyers and bar associations. As a result, the drafting of a new law was commenced. After the conclusion of the public consultation, a final draft was submitted to Parliament, and it was approved by the Plenary on November 28, 2019.

        Published the following day, on November 29, 2019, it is now law no 4640/2019 “Mediation on civil and commercial disputes – Further harmonization of Greek legislation with Directive 2008/52/EC of the European parliament and of the council of 21 May 2008 and other provisions” (the Law).

      • Patents

        • As 9th Circuit Prepares For Argument, Korean Fine Against Qualcomm Upheld

          Qualcomm’s appeal of the FTC’s success in district court continues to move forward, with the second set of amicus briefs (including CCIA’s) filed the week of Thanksgiving. Qualcomm’s reply brief is due by Friday, December 13th, and oral argument is scheduled for February 13th, 2020. Judge Koh found that Qualcomm had abused its dominant position in baseband modems, harming consumers and competitors alike.

          On appeal, Qualcomm has in essence argued that competition law shouldn’t apply to it because of its importance to cellular standards. Many amici, from technology firms to auto companies to former heads of the FTC, repudiated the argument that maintaining Qualcomm’s position in 5G is more important than ensuring healthy competition. We’ll see if that argument flies in the United States—given the strength of the factual determinations and the evidence in the district court, it shouldn’t—but in the meantime, Qualcomm has been handed another setback.

        • Nokia outmaneuvering Daimler with settlement effort that has zero credibility–but Mannheim court confirms hearing date

          One week ago, Reuters’ Foo Yun Chee (who’s been covering EU competition matters for more than a decade and whom I regard very highly) reported on a statement by Nokia according to which “the Finnish telecoms equipment maker had submitted a proposal for resolving the patent licensing fee row.” This relates to the situation between Nokia and Daimler as well as Daimler’s suppliers. Nokia brought ten German standard-essential patent (SEP) infringement actions against Daimler earlier this year–several months after Daimler had lodged an antitrust complaint with the European Commission’s Directorate-General for Competition (DG COMP) over Nokia’s refusal to extend exhaustive SEP licenses on FRAND terms to Daimler’s suppliers. At around the same time, four suppliers (Continental, Valeo, Gemalto, and BURY Technologies) also filed complaints against Nokia with DG COMP.

        • Supreme Court Hears Appealability Appeal

          The section 315(b) time bar prohibits institution of a petition “filed more than 1 year after the date on which the petitioner … is served with a complaint alleging infringement of the patent.” Years ago (well before the 1-year date) the patentee Click-to-Call sued Thryv’s predecessor-in-interest for infringement and served the complaint as required under § 315(b). That lawsuit, however, was voluntarily dismissed without prejudice. When the defendant later filed its IPR petition, the PTAB found that the dismissal without prejudice effectively nullified the original lawsuit and, as such, did not raise the time-bar. The PTAB then invalidated the claims. On appeal, the Federal Circuit rejected PTAB’s approach — holding that the statute does not allow for any exception to the time-bar for cases dismissed without prejudice. In its petition to the Supreme Court, Thryv asked the court to review both whether (1) the issue is appealable; and (2) the time-bar still applies after a dismissal without prejudice. The Supreme Court granted certiorari, but only as to question 1 – whether the issue is appealable.

        • Another German FRAND Ruling – OLG Karlsruhe, Judgment of 30 October 2019, 6 U 183/16 (Philips v Wiko)

          In its latest ruling on FRAND and the Art. 102 TFEU defense, the OLG (Higher Regional Court) Karlsruhe put an emphasis on the ‘fairness’ of the licensing negotiation procedure and thus on the ‘F’ prong of FRAND. To allow fair and expedient licensing negotiations and avoid a finding of abuse of dominance, the owner of a standard essential patent (SEP) has to explain and substantiate vis-à-vis the willing licensee why its license offer is FRAND in such a way that the implementer can assess the offer and respond with a counter-offer in a meaningful way. Even though both the SEP holder and the implementer may still comply with their ‘negotiation duties’ after filing the complaint, undue pressure by the threat of an injunction has to be avoided, e.g. by suspending the proceedings.

          The case concerned a patent essential for the LTE standard. The OLG Karlsruhe, appeal instance to the Mannheim Regional Court, confirmed patent infringement by defendant’s LTE compatible mobile phones, resulting in a declaration on damages and full claims for information and accounting. However, the defendant’s FRAND/Art. 102 TFEU defense was successful and the court rejected the requests for an injunction, recall and destruction as currently unfounded.

          With this decision, the Karlsruhe court tackles questions on the implementation of the negotiation framework as set out in the landmark decision Huawei v ZTE of the CJEU (case C-170/13) from yet a different angle than the appeal courts in Duesseldorf (with an emphasis on the ‘non-discriminatory’ assessment of the content of the SEP holder’s license offer and stricter requirements on the provision of third party licenses) and the UK (with a focus on the ‘fair and reasonable’ prong of FRAND and a more flexible application of the CJEU negotiation framework; see previous posts here and here). The Karlsruhe court also came to a different conclusion than the Court of Appeal The Hague in the parallel proceedings between the same parties earlier this year. According to public comments, the Dutch court held that the plaintiff was entitled to an injunction as the defendant was not a ‘willing licensee’ prior to the proceedings and had not met its burden to show that the plaintiff’s later license offer was non-compliant with FRAND. In contrast, the OLG Karlsruhe found that the plaintiff had not met its burden to substantiate the FRANDness of its license offer to the defendant. This failure to meet its information and negotiation duties amounts to an abuse of the plaintiff’s dominant position acc. to Art. 102 TFEU.

        • TCL v Ericsson overturned on appeal in US; will go to jury trial

          Readers will remember the news of Christmas 2017: Judge Selna in the Central District of California determined the FRAND royalties that TCL should pay to Ericsson. The decision attracted comment because the rates were very much lower than the findings that Mr Justice Birss had made in relation to Ericsson’s portfolio in Unwired Planet, despite similar evidence

          Today the Court of Appeals of the Federal Circuit overturned that decision.

          Ericsson appealed on two grounds: that it had been deprived of its right to a jury trial, and that Judge Selna’s calculations contained many errors. Happily for Ericsson, but disappointingly for followers of FRAND, the CAFC agreed with the first of those grounds. That means it did not need to look at the second.

      • Trademarks

        • Fraudulent Trademarks: How They Undermine the Trademark System and Harm American Consumers and Businesses

          Congress is moving on Trademark Legislation with a number of different potential proposals circling.

        • Counterfeit Goods Seizure Act of 2019

          Copyright, trademark, and “trade name” violations are already listed in the statute; patents and trade secrets are not listed. The basic idea here is that it is pretty easy for CPB to stack design patents atop their current system that looks at copyright and trademark. The hope here is that a layman (e.g., CPB official) can quickly and easily determine design patent infringement at a relatively high level of accuracy. This would be much more difficult for utility patents, and wouldn’t work for trade secrets without disclosing the secret to CPB.

        • AG Campos advises CJEU to rule that Amazon might be potentially liable for trade mark infringement

          Subsequently Coty requested Amazon to provide all perfumes stocked on behalf of the seller. 11 of the 30 perfumes delivered by Amazon to Coty had been stocked on behalf of another seller, whose identity Amazon was not able to confirm.

          Coty sued Amazon for trade mark infringement in Germany, but without success. In fact, both at first instance and on appeal, the German courts found that Amazon had not directly used the trade mark or stocked the goods to sell them; rather, it had just stocked them on behalf of third parties and was unaware that the trade mark rights had not been exhausted.

          On appeal to Germany’s Federal Court of Justice (BGH), a question arose: Does a person who, on behalf of a third party, stores goods which infringe trade mark rights, without having knowledge of that infringement, stock those goods for the purpose of offering them or putting them on the market under Article 9(3)(b) EUTMR, if it is not that person himself but rather the third party alone which intends to offer the goods or put them on the market?

          The BGH was unsure, though it was inclined to answer in the negative in light of what happens in Germany in the patent field. The court also excluded that Amazon’s behaviour would amount to a ‘use’ of the trade mark within the meaning of Article 9(2) EUTMR.

          Despite all this, a referral was made to the CJEU.

      • Copyrights

        • When you own an artwork, you don’t own the copyright: Danish artist wins injunction against watchmakers planning to cut up painting

          With thanks to Hanne Kirk and her team at Gorrissen Federspiel (Denmark) for this fascinating post regarding the outer limits of copyright in an artwork:

          On Monday, 2 December 2019, the Danish Maritime and Commercial High Court issued a ruling in a case which explores the fine line between destruction and alteration of existing artwork. The conclusion? Cutting up an existing artwork to repurpose the individual pieces as wristwatch faces constitutes reproduction of the work in an amended form – not destruction followed by the creation of a new, original work.

          [...]

          In its 2 December 2019 ruling, the Danish Maritime and Commercial High Court found in favour of Tal R on all claims, confirming expressly that the insertion of pieces of a painting into wristwatches was, in the view of the Court, not a destruction of the work, but rather a reproduction of the work in an amended form.

          In support of this conclusion, the Court noted that Kanske had itself explained that the very idea of the project was to transform Tal R’s artwork, and had further asked on its website “what happens when you take an original artwork and turn it into something else?” It made no difference in this regard that the artwork, once incorporated into the wristwatches, would no longer be recognizable.

          (This GuestKat finds the last-mentioned statement somehow surprising, given that similarity is a prerequisite for an infringement, and given that similarity calls for a certain recognizability of the original work.)

          The Court further ruled that the project would indeed, as claimed by Tal R, constitute an alteration and making available to the public of Tal R’s artwork “in a manner or in a context which is prejudicial to the author’s literary or artistic reputation or individuality,” thereby violating section 3(2) of the Danish Copyright Act.

          Finally, the Court also agreed that Kanske had violated sections 3(1) and 22(1) of the Danish Marketing Practices Act by marketing and offering for sale the wristwatches, including by making unauthorized use of the “Tal R” brand.

          Overall, the Court dismissed Kanske’s defense that the project was art and should benefit from the protections granted to expressions of artistic freedom.

        • Creative Commons Receives an AWS Imagine Grant to Improve CC Search

          With that in mind, we’re excited and proud to announce that we’ve been awarded an Amazon Web Services (AWS) Imagine Grant—a public grant for non-profit organizations that are “using technology to solve the world’s most pressing challenges.”

        • The Pirate Bay Moves to a Brand New Onion Domain

          The most famous torrent site in the world, The Pirate Bay, has ditched its old and mostly unreadable Onion domain for something more recognizable and potentially more permanent. The switch was reported to TorrentFreak after Pirate Bay proxy sites noticed extended downtime on the old domain.

        • IPTV Service Easily Circumvents First Canadian Piracy Blockade

          Through the Federal Court, Bell, Rogers, and Groupe TVA recently obtained the first Canadian pirate ‘site’ blocking order. The companies argued that ISP blockades are an effective way to deal with copyright infringing sites and services. While that may be true to a certain degree, the targeted GoldTV service simply switched to a new domain and continues to offer its services.

        • Meet the Guy Behind the Libgen Torrent Seeding Movement

          Libgen and Sci-Hub, regularly referred to as the ‘Pirate Bay of Science’, are continually under fire. However, if all of the important data is decentralized, almost any eventuality can be dealt with. Today we meet the guy leading a new movement to ensure that Libgen’s archives are distributed via the highest quality torrent swarms possible.

        • Why Won’t Creative Future’s Members Comment About This Hollywood Front Group Smearing A Well Respected Law Professor?

          If you look in the dictionary, the word “projection” has many different definitions. I find it particularly amusing that in Merriam Webster’s dictionary, the following two are right next to each other: the attribution of one’s own ideas, feelings, or attitudes to other people or to objects; especially : the externalization of blame, guilt, or responsibility as a defense against anxiety the display of motion pictures by projecting an image from them upon a screen This is a story that kind of involves both of those definitions, because it’s all about a front group, created and funded by Hollywood, very much “projecting” its own blame, guilt and responsibility onto one of the most respected and thoughtful copyright law professors. And… almost no one wants to comment on the organization’s shameful tactics. Perhaps some of you might help in my ongoing efforts to get literally any of Creative Future’s members to explain why it still supports the organization after its shameful smear campaign over the past few weeks and months.

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts