The Battle Against Software Patents Rages on

Posted in Europe, Patents at 11:58 pm by Dr. Roy Schestowitz

Working around mathematics?

If you could work around that patent, that'd be great - I could just delete the whole thing - But then it won't work - you suits have no clue about code, do you?

Summary: Spring is coming, the economy is collapsing, and it’s important to maintain our focus on liberating all software developers around the world from the yoke of man-made monopolies on algorithms (or laws of nature)

THE ERA of 35 U.S.C. § 101 started about half a decade ago, a year after Alice (SCOTUS). It represented a shift in the sense that presumption of the validity of software patents was no longer there. For the next 3 or so years (2015-2018), based on Federal Circuit caselaw, it emerged that it would be close to impossible to “enforce” patents on algorithms. Sometimes they’d perish without even a lawsuit being filed, owing to Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs). Therefore, at the end of 2018 we stopped covering U.S. Patent and Trademark Office (USPTO) affairs as closely as we had done beforehand. Two years later nothing has changed, not even Congressional intervention. With the economy on the ropes we don’t expect further/similar attempts by Coons et al later this year (they usually start this every summertime… since 2017).

“So much work remains to be done.”Over here in Europe the battle is still heated and the anvil/iron is hot. The UPC has been almost certainly defeated, but software patents are still being granted. So much work remains to be done. The media is not on our side because it’s in the pockets of law firms, the patent microcosm so to speak.

Law firms continue promoting software patents in Europe which would not be upheld by European courts if challenged there. It’s the law, surely, but today’s European Patent Office (EPO) — led by António Campinos and his handlers — rarely adheres to the EPC (law). They tried to usher in the UPC and failed.

As FFII’s President put it the other day: “There Are 10 Kind Of People: Those Who Have A Legally Binding Translation And Those Who Don’t #upc #unitary #patent #discrimination”

Imagine the UK leaving the EU (maybe EPC as well… and then the EPO) — not to mention UP and UPC — with the above hopefuls still working towards the official language being English… (who for? The Irish? Maltese? Countries outside Europe?)

The EPO still likes to show us patents on physical things, as it last did this week, not the loads of illegal patents it grants, e.g. one-click shopping and progress bars (software patents in their purest form). These patents include and constitude attacks on Free software developers, as noted here the other day. “The SIFT patent expired yesterday,” it said, linking to this discussion. “Back in the day, Hugin (free/libre panorama stitching software) developers had to make workarounds because of this limitation…”

Later this year the Boards of Appeal (BoA) will decide on patents covering computer simulations, i.e. software patents. Campinos has already pressured judges to rule in favour, quite a tactless move from him in light of numerous major complaints about lack of BoA independence — something that BoA and AMBA repeatedly complained about.

The other day we saw at Financialbuzz this new press release from ResearchAndMarkets, claiming to be organising an “intensive one-day course will give you a comprehensive introduction to the role of the patent administrator. It is a highly complex area due to many different procedures across different patent offices. The programme will demystify these procedures and filing requirements in key jurisdictions and will improve your knowledge and skills so you can work more efficiently and excel in your role.”

Maybe it will be canceled for “health and safety” reasons, but that’s not the main point. At the moment we have a series going about EPO corruption — a series that will expose abuse even in the EQE procedures. Candidates who hoped to attend/take these exams later this month might want to pay close attention in the coming days.

EPO Corruption Under António Campinos: Part 1 – António and the Balkan Express Connection

Posted in Deception, Europe, Fraud, Patents at 10:49 pm by Dr. Roy Schestowitz

Previously (yesterday): EPO Corruption Under António Campinos: Teaser

Campinos and Kuterovac
Campinos and Kuterovac at the February 2020 EPO-EUIPO love-in Zagreb

Summary: It’s clear that António enjoys long-standing cordial relations with the members of Battistelli’s “Balkan Express” team

When António turned up at the recent EPO-EUIPO love-in in Zagreb it wasn’t his first contact with the Croatian State Intellectual Property Office (DZIV). In his former position as head of the EUIPO in Alicante, formerly known as the Office for Harmonization in the Internal Market (OHIM), he was a seasoned traveller on the "Balkan Express" of the IP world.

Campinos and Topic

For example, back in September 2011 he appeared for some photo-ops with the then Director-General of the Croatian State Intellectual Property Office (DZIV), our old friend Željko Topić, for the signing of a bilateral co-operation agreement between the OHIM and DZIV which took place on the margins of a WIPO meeting in Geneva.

Topić’s “protégé”, Ljiljana Kuterovac

Some time later in May 2013, in preparation for Croatia’s coming accession to the European Union, Campinos met with the new Director of the DZIV, Topić’s “protégé”, Ljiljana Kuterovac, on the margins of an OHIM Administrative Board and Budget Committee (ABBC) meeting where they signed further cooperation and bilateral agreements between the OHIM and DZIV.

Campinos and Kuterovac handshake
Campinos and Kuterovac in May 2013

Not long afterwards, following Croatia’s accession to the European Union on 1 July 2013, Campinos turned up at an OHIM-DZIV junket in Zagreb under the title of “Croatia in the Community Trademark and Community Design Systems”.

Campinos and Kuterovac in Croatia
Kuterovac and Campinos at an OHIM-DZIV love-in in Zagreb (July 2013)

It’s clear that António enjoys long-standing cordial relations with the members of Battistelli‘s “Balkan Express” team.

So it would hardly be a surprise if he were to lend a helping hand to a friend in need.

“In order to understand the nature of this favour we need to take a closer look at Topić IP d.o.o., a Zagreb-based IP consultancy established in 2019.”As a matter of fact, it seems that this is precisely what he did in 2019 when a former member of the team came knocking on his door looking for a small favour to help his newly established IP consultancy business.

In order to understand the nature of this favour we need to take a closer look at Topić IP d.o.o., a Zagreb-based IP consultancy established in 2019.

Stay tuned for the next instalment which we look at this intrepid entrepreneurial start-up which in its own words, “represents clients before European Patent Office (EPO), European Union Intellectual Property Office (EUIPO), World Intellectual Property Organisation (WIPO), Croatian State Intellectual Property Office (SIPO), European Medicines Agency (EMA), Croatian agency for Medicinal Products and Medical Devices, and before more than 20 other competent national authorities from regional EU and non-EU countries to USA and Canada”.

Seattle Police Repeatedly Falling Behind Its Own Promised Schedules, Admitting There Are Almost 3,000 Pages in Its Report About Arrest for Paedophilia in the Mansion of Bill Gates

Posted in Bill Gates at 10:51 am by Dr. Roy Schestowitz

More on the subject yet to come, probably later this week or in the weekend

Police query

Police reply

Summary: Getting blood out of a rock/stone is easier than getting the police to produce even a single page; meanwhile a lot has happened, as MIT covers this mess up and the Gates Foundation’s head left a few months ago, immediately to be replaced by Mark Suzman [1, 2] (it’s also likely that the report and the police’s computer systems are indirectly controlled by Microsoft)

EPO Corruption Under António Campinos: Teaser

Posted in Europe, Fraud, Patents at 3:09 am by Dr. Roy Schestowitz

António Campinos and Topić
António and Željko (2011) – what’s a little favour between friends?

Summary: Guest series about EPO affairs with Team Battistelli even after some of it left (still profiting from EPO corruption)

Techrights recently reported on a grubby little EPO-EUIPO love-in together with the Croatian State Intellectual Property Office (DZIV) in Zagreb.

Not for the first time, Techrights was on the right track but as is often the case with EPO matters the public spectacle is only the tip of the iceberg.

EPO insiders have pointed out that there are deeper, hidden layers of corruption which are obscured from public view but which are about to be explored in an upcoming mini-series.

The trigger which inspired this mini-series was a piece of news that came shortly after the Zagreb love-in. Namely, an announcement in the form of the cancellation of the European Qualifying Examination (EQE) 2020 scheduled to take place on 16-19 March.

According to the EPO (warning: epo.org link), the cancellation of the EQE was a response to the latest developments regarding the spread of the COVID-19 (novel Coronavirus).

It’s nice to see that the EPO is taking the Coronavirus seriously.

Let’s hope it has some success on that front because sadly it seems to have lost the battle against the virus of corruption which has infiltrated its body politic.

But back to the European Qualifying Examination.

For readers who are unfamiliar with the EQE, a few words of explanation may be in order. The EQE is a legal exam focused on patent law which is designed to establish whether a candidate is qualified to practise as a professional representative before the EPO.

In order to qualify for entry on the EPO’s list of professional representatives it is normally necessary to have passed this examination.

Candidates for the EQE 2020 who have invested a lot of time and effort into preparing for their big day are understandably rather peeved by this year’s cancellation at such short notice.

However, they might be able to take some consolation in the fact that it isn’t always necessary to have passed the EQE in order to obtain a place on the EPO’s list of professional representatives.

In the coming mini-series we plan to look into the unsolved mystery of how the name of a former EPO Vice-President appeared on this list in 2019.

As you might have suspected, the former EPO Vice-President in question is Željko Topić, who after departing the EPO at the end of 2018 seems to have managed to add a further qualification to his already impressive list of diplomas and certificates.

The events that we plan to examine here took place not during the “reign” of the notoriously corrupt influence-peddler Battistelli but rather on the watch of his successor, the allegedly “clean” António Campinos.

There is a further detail to this saga which suggests that the current EPO Vice-President in charge of Legal and International Affairs, Dr. Christoph Ernst is likely to have been implicated in the affair.

This is hardly surprising in view of Ernst’s long-standing connections to the Battistelli-Kongstad clique on the Administrative Council.

Readers may recall that Ernst previously held the position as Chair of the Administrative Council after his predecessor Jesper Kongstad had departed prematurely under circumstances that have never been fully clarified.

Kongstad’s abrupt exit from the Administrative Council seems to have been connected with allegations of financial irregularities which have been doing the rounds inside the EPO for many years now.

But in an international organisation which lacks its own independent Audit Committee and where the internal audit function appears to be safely in the hands of the remnants of Battistelli’s “old guard”, you would be well-advised not to hold your breath waiting for a credible investigation into what would be a criminal matter in any normal jurisdiction.

Whatever about that, Ernst was quickly moved in as a “safe pair of hands” to fill the gap left on the Administrative Council by Kongstad’s untimely departure in October 2017.

A little over a year later, in a typical game of EPO musical chairs, he was rewarded with the plum job of Vice-President in charge of Legal and International Affairs (VP5) when the former holder of that position, Raimund Lutz, departed in December 2018.

Ernst and Topić
Did Ernst facilitate Topić’s entry onto the EPO’s list of professional representatives?

Based on the currently available information it would appear that Ernst played a key role in facilitating Topić’s mysterious entry onto the EPO’s list of professional representatives in 2019.

Stay tuned for more as we take a closer look at the new EPO management team and the Balkan Express connection.

IRC Proceedings: Tuesday, March 10, 2020

Posted in IRC Logs at 2:19 am by Needs Sunlight



#techrights log

#boycottnovell log



#boycottnovell-social log

#techbytes log

Enter the IRC channels now

Understanding Thierry Breton: Looking Back

Posted in Europe, Patents at 1:28 am by Dr. Roy Schestowitz


Understanding Thierry Breton


  • You are here ☞ Looking Back

France Télécom - Is the boss arrested yet?

Summary: The last and concluding part of the above-mentioned Thierry Breton series, culminating in the arrest of France Télécom’s old boss

THE reign of Thierry Breton’s Commission is coming under scrutiny and people habitually cite Techrights to refute what Breton had publicly said before his appointment or still says after this controversial appointment. Moreover, the old boss of France Télécom was found guilty and arrested. SUEPO posted many links about it.

We last explained the relevance of Breton to the European Patent Office (EPO) way back in December. Today, however, we proceed to the next scandal, which involves António Campinos. Stay tuned as we’re about to begin.

Links 11/3/2020: dav1d 0.6, LibreELEC (Leia) 9.2.1, Sculpt OS 20.02, Firefox 74.0, WordPress 5.4 RC2, Git 2.26 RC1

Posted in News Roundup at 12:49 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Windows 10 KB4535996 Update Issues: Crashes, Slowdowns, Audio, More

        Since the release of the Windows 10 KB4535996 cumulative update, Windows users have been reporting numerous problems including boot issues, crashes, performance problems, audio issues, and developer tools no longer working.

        The optional Windows 10 KB4535996 cumulative update was released on February 27th, 2020 and while it resolved some Windows Search issues, it also introduced other issues for users who installed the update.

        Unfortunately with Windows 10 installed on over 900 million PCs, there are always going to be problems for some users when installing a new update such as Windows not booting, the screen flickers, Cortana is broken, or they can no longer launch programs.

    • Audiocasts/Shows

      • Going Linux #387 · Listener Feedback

        We answer questions and comment on internal drive problems, Microsoft making Linux more popular, the Distrowatch podcast, gPodder and Orca, the Mint forums, print/fax/scan compatibility, games, Manjaro, and Chromebooks running Linux.

      • 2020-03-10 | Linux Headlines

        Mozilla removes support for older versions of TLS in Firefox 74, Google launches a facility for managing machine images on Compute Engine, IBM’s Elyra brings new tools to Jupyter Notebooks, and Palo Alto Networks issues a dire report on the state of IoT security.

      • Building an Open Source Community: Wirefall | Jupiter Extras 62

        Ell and Wes sit down with Wirefall, founder of the Dallas Hackers Association, to talk about the struggles and rewards of community building, why moving with the times is key, and how to foster an inclusive community meetup that still feels like a family gathering.

      • Command Line Heroes: Floppies
      • This Week in Linux 96: GNOME 3.36, APT 2.0, systemd, Jellyfin, Collabora Online & More

        On this episode of This Week in Linux, we’ve got some big news from GNOME, APT & systemd. We’ve also got some new releases from Jellyfin media server, Collabora Online (an online office suite), and a new release from ZorinOS. We’re going to round out this episode with some Linux Gaming news for playing Tetris and a new Space Shooter in your terminal! All that and much more on Your Weekly Source for Linux GNews!

    • Kernel Space

      • Intel P-State Changes Could Improve iGPU-Bound Performance – Some Cases ~15%, ~43% Perf-Per-Watt

        We’ve known that Intel’s P-State Linux CPU frequency scaling driver in general can be a bit quirky and especially so when dealing with Intel integrated graphics where the iGPU and CPU share the same power envelope. This has been shown with examples like using the “powersave” governor to boost iGPU performance while discrete graphics owners are generally best off switching over to the “performance” governor. As the latest though on helping the iGPU front with P-State, there is a new patch series talking up big gains in performance and power efficiency.

        Francisco Jerez of Intel’s open-source driver team sent out a set of ten patches today working on GPU-bound efficiency improvements for the Intel P-State driver.

      • Taming Tracepoints in the Linux Kernel

        Here we are going to describe what tracepoints are, how they are defined and finally demonstrate the various ways they can be used. By fleshing out all of the steps, I’m hoping others may find this process a bit easier.

      • The Staging exFAT Driver Set To Be Nuked In Linux 5.7, Thanks To Samsung’s New Driver [Ed: …2020: News about Linux… hijacked by Microsoft for its patent traps [1, 2, 3]]
    • dav1d

      • dav1d 0.6.0 ‘Gyrfalcon’, the fast and lean AV1 decoder
        dav1d 0.6.0 'Gyrfalcon', the fast and lean AV1 decoder
        This is a major update of the dav1d, the fast and lean AV1 decoder,
        codename 'Gyrfalcon'.
        0.6.0 brings major improvements in 10/12bit decoding on ARMv8 CPUs,
        up to 2.5 times faster than 0.5.2.
        It also brings new AVX-512, AVX2 and SSSE3 optimizations and improves
        the existing optimizations on all platforms.
        Finally, it also fixes some decoder mismatches and minor crashes.
      • Dav1d 0.6 AV1 Video Decoder Delivering Healthy Improvements For Intel + AMD Processors

        Given this week’s release of dav1d 0.6, here are some fresh benchmarks of this open-source AV1 video decoder on a few different Intel and AMD systems so far.

        Dav1d 0.6 has various AVX2 and AVX-512 optimizations that excite us plus 10/12-bit video decoding improvements for ARMv8 hardware. With waiting for some more exciting ARM server platforms still to arrive, this round of testing is just looking at the Intel/AMD x86_64 CPU performance.

      • VideoLAN’s dav1d 0.6 Released With More AVX2 + AVX-512 Optimizations

        Dav1d 0.6 is now available as a big update to this open-source AV1 video decoder developed by the VideoLAN crew.

        Dav1d already is quite fast on most CPUs but now is even faster on x86_64 hardware thanks to enabling AVX-512 optimizations and also extending their AVX2 and SSSE3 optimizations.

    • Instructionals/Technical

    • Games

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE Plasma 5.18.3 Is Out with More Flatpak Improvements, over 60 Fixes

          Arriving two weeks after Plasma 5.18.2, the Plasma 5.18.3 maintenance release is here to further improve the Flatpak experience for users in the Plasma Discover package manager. About 10 bugs related to Flatpak support were fixed in this update.

          KDE Plasma 5.18.3 fixes about 70 issues, including a common crash the occurred when adding or removing widgets, as well as an issue that wouldn’t allow running GTK3 apps to immediately show any changes to titlebar button order.

          Furthermore, it removes an unnecessary bottom scrollbar from the Audio page under System Settings, which now looks much better when using a fractional scale factor, and makes it possible to once again drag links into the Sticky Notes widget.

        • Marble Maps – Find your way and explore the world on Android!
    • Distributions

      • New Releases

        • Zorin OS 15.2 Released with New Features, Download Here Directly

          There’s a clear trend of users moving from Windows and macOS to Linux distros lately. And this journey is fueled by the dissatisfaction and limited capabilities of those two giants. Linux distributions as ZorinOS are no less than Windows, and even giving more options to customize and better security. The developers of ZorinOS have released the new version 15.2, which has support for more hardware, improved security, etc as notables.

          Though Linux itself is cool, it’s hard for a normie or a beginner to handle the extensive platform initially. That’s when several Linux distributions as Ubuntu, Mint, ElementaryOS, ZorinOS, etc stepped in, making the journey of users from Windows and macOS to Linux smooth and interesting. With respect to the latest development of such distribution, ZorinOS has rolled out its new version named v15.2. This contained new features as below:

        • LibreELEC (Leia) 9.2.1

          LibreELEC 9.2.1 (Leia) the final version has arrived based upon Kodi v18.6, the 9.2.1 release contains many changes and refinements to user experience and a complete overhaul of the underlying OS core to improve stability and extend hardware support compared to the LE 9.0 release.

        • Sculpt OS 20.02 Released – Built Off Genode, Now Includes File Manager + Editor

          Sculpt OS is the general purpose operating system built off the Genode operating system framework. Out now is their version 20.02 update that tries to make the OS more approachable.

          Given they are trying to make Sculpt OS a general purpose OS, they determined their reliance on command-line utilities is a barrier for adoption. So with Sculpt OS 20.02 they have introduced a custom graphical file manager and text editor. They hope the file manager and editor will make it easier tweaking the system state while the CLI options remain available.

        • Sculpt OS release 20.02

          With the release of Sculpt version 20.02, we follow our roadmap’s mission to make Sculpt OS easier to approach. In particular, we identified the reliance on a command-line interface as a potential barrier of entry. As Sculpt OS is not a Unix-like system, it should not require any Unix know-how from the user. To relieve users from this burden, Sculpt 20.02 introduces a custom graphical file browser and editor that can be used for interactively inspecting and tweaking the state of the system. The traditional command-line interface is still present as a fallback for advanced tasks though. The updated manual goes into detail about the use of the new system.

      • Screenshots/Screencasts

      • IBM/Red Hat/Fedora

        • Red Hat Summit 2020 Goes Virtual Over Coronavirus Concerns

          Red Hat Summit 2020, scheduled to take place at San Francisco’s Moscone Center from April 28-29, is moving to an online-only event as a safety measure against the current coronavirus outbreak.

        • OpenShift Scale: Running 500 Pods Per Node

          A common request from OpenShift users has long been to raise the number of pods per node. OpenShift has set the limit to 250 starting with the first Kubernetes-based release (3.0) through 4.2, but with very powerful nodes, it can support many more than that.

          This blog describes the work we did to achieve 500 pods per node, starting from initial testing, bug fixes and other changes we needed to make, the testing we performed to verify function, and what you need to do if you’d like to try this.

        • What’s new in Red Hat Ceph Storage 4: A Beast of a front end, default support for BlueStore, and Cockpit installer support

          Today Red Hat announced Red Hat Ceph Storage 4, a major release that brings a number of improvements in scalability, monitoring, management, and security improvements. We also have designed Ceph Storage 4 to be easier to get started. Let’s tour some of its most interesting features.

        • Securing the deployment of OpenShift Container Platform 4

          There have been some changes to the way we deliver OpenShift Container Platform 4 from OpenShift Container Platform 3. The installer and client binaries are delivered via mirror.openshift.com, as well as access.redhat.com. Also, container images are delivered from Quay.io primarily, and most of them are mirrored to the Red Hat container registries such as registry.access.redhat.com and registry.redhat.io. This was done to speed up the rate at which we can deliver updates, and facilitate over-the-air updates. You might be wondering how we ensure the integrity of bits delivered via this new delivery mechanism, so we’re going to dive into that in this post.

        • Robotic Process Automation (RPA): 5 truths behind the buzz

          The current hype about robotic process automation comes with questions, concerns, and misconceptions about what RPA can and can’t do. Let’s examine 5 key facts business leaders should understand

        • Red Hat Accelerates Petabyte-Scale Object Storage for Cloud-Native Workloads

          Red Hat, Inc., the world’s leading provider of open source solutions, today announced the general availability of Red Hat Ceph Storage 4 to deliver simplified, petabyte-scale object storage for cloud-native development and data analytics. Red Hat Ceph Storage 4 is based on the Nautilus version of the Ceph open source project.

        • Red Hat Shares ― More edge computing

          Wondering why there’s another Red Hat Shares issue so soon after the last one? The February issue was all about edge computing. But, frankly, 1 newsletter isn’t enough to tackle a topic that’s poised to explode this year, as many predict.

          We’ve published a couple of additional pieces on edge computing in the last month and thought you might be interested.

          In this short issue, see how we approach edge computing, and read our own Paul Cormier’s blog post about edge’s dependence on hybrid cloud and open source.

        • IBM announces Elyra AI Toolkit, a set of AI-centric extensions to Jupyter Notebooks

          Jupyter Notebooks are now the open standard for data science and artificial intelligence (AI) model development. In keeping with our commitment to open source and the Jupyter community, in particular, IBM is proud to announce Elyra, a set of open source AI-centric extensions to Jupyter Notebooks, and, more specifically, the new JupyterLab user interface.

        • Fedora 31 Release Party – Karachi

          Fedora 31 Release Party was a social event for people to meet & connect who are curious about Fedora from Karachi in general, and check out the cool & awesome features of the new Fedora 31 release. It also served as an opportunity for people to find out what Fedora and free software in general is all about and ask questions of people already involved in the community.

      • Debian Family

        • Shaming and suicide movies

          Are free software organizations descending into the abyss, or is there light at the end of the tunnel?

          A number of organizations have recently indulged in shaming volunteers, including FSF, FSFE and Debian. Is it a smart move? Hollywood may provide some interesting clues.

        • Axel Beckert: Backup over Tor with BackupPC

          I have a Raspberry Pi at my parents home. They have internet access via some ISP using Carrier Grade NAT (CGN). Hence their home router is not reachable via IPv4 from the outside, they do have IPv6 and the devices can also be made accessible via IPv6 via the local router.
          Did that, was able to access my Raspberry Pi over IPv6 and SSH from the outside. So doing backup of that Raspberry Pi with BackupPC from the outside was a walk in the park.

          Unfortunately the IPv6 prefix seems to change occasionally and the router only allows to configure explicit IPv6 addresses in firewall rules — so after a prefix change the configured rules no more match the devices IPv6 addresses. Meh.

        • Antoine Beaupré: Font changes

          I have worked a bit on the fonts I use recently. From the main font I use every day in my text editor and terminals to this very website, I did a major and (hopefully) thoughtful overhaul of my typography, in the hope of making things easier to use and, to be honest, just prettier.

        • Markus Koschany: My Free Software Activities in February 2020

          Welcome to gambaru.de. Here is my monthly report (+ the first week in March) that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

        • Utkarsh Gupta: Debian Activities for February 2020

          Here’s my (fifth) monthly update about the activities I’ve done in Debian this February.

      • Canonical/Ubuntu Family

        • On Boxing, Tabletop Exercises and Threat Models

          At Canonical we have recently performed a series of cyber tabletop exercises (TTX). A TTX is an information security preparedness drill where a cyber incident scenario is played out to improve your tactics, techniques and procedures (TTPs). When performing a TTX it is important to use the same amount of staff and effort as though a real incident were occuring. This helps to uncover deficiencies in your TTPs and address those issues before a real event occurs. Being as efficient as possible is critical during incident response because as time passes data that can help determine root cause is lost and the attacker may still be causing harm to the environment.

          This past month we performed two TTXs with different groups within Canonical. This type of exercise requires support from the top down, you will be interrupting work for up to a day and it is imperative that the management of each team is behind this effort. At Canonical security is in our DNA and this exercise was performed with full support of everyone within the company.

        • Interana uses ESM to maintain system security while upgrading its customers to Ubuntu 18.04 LTS across public clouds

          Interana, an analytics software provider, enables users to run advanced big data queries on raw customer data and delivers answers in seconds. Their customers include Microsoft, Comcast and Salesforce.

          Interana’s leading-edge platform is based on Ubuntu and deployed directly inside customers’ public cloud environments. This empowers users with some of the fastest analytics capabilities on the market. However, this also means that they have to schedule large-scale data migrations with each client.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Why remote working can be good for people, business and environment

        One of the primary contributions of the open source community to the world is a system that allows random people from around the world to work together to solve complex problems, so it is no surprise that Collabora has been from the get-go a geographically distributed company. Our consultancy team of Open Source professionals is distributed across 2 offices – Cambridge, UK and Montreal, Canada – and remote based in more than 30 different countries around the globe.

        Here at Collabora, we trust our people to work remotely, we give them full responsibility for their output, and we believe it helps create an even stronger internal culture and comes with some other positives.

      • Server

        • Virtualise everything!

          his issue Jonni has been getting very angry at me for conflating the terms emulate and virtualise, don’t even get him started on containerise. Largely I hadn’t clocked that virtualise only includes systems running on the same hardware platform. Surely, that’s an easy enough mistake to make with the x86 platform being so dominant, it’s the main thing you are going to virtualise!

          This x86 world is changing though; sure for Linux Format readers x86 is going to remain the primary desktop platform. But there’s a good chance Arm plays as much a roll in your life, be that in the Raspberry Pi, your smartphone, tablet or smart TV.

          In big business Amazon is already running its own design of Arm-based server processor, Apple is posturing to launch an Arm-based consumer-level processor for laptops, while Microsoft is already peddling Arm-builds of Windows. You can see the world is changing. If slowly.

        • Containers vs. VMs, Istio in production, and more industry news

          As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update.

        • Google launches TensorFlow for quantum computers

          Google today launched TensorFlow Quantum (TFQ), an open-source library for prototyping quantum machine learning models.

          Quantum computers aren’t quite mainstream yet, but when they arrive they’ll need algorithms. TFQ fills that Gap by making it possible for developers to create hybrid AI algorithms that use both classical computing techniques and quantum computer circuit simulations.

      • Web Browsers

        • Chromium

          • Installing the latest version of Inkscape on Chrome OS just got a whole lot easier

            We use Gravit Designer on the daily as our go-to vector editing and design tool but for a long time, Inkscape was always in the old tool bag. Problem was, using Inkscape on Chrome OS in the past required Crouton and the unofficial path to dual-booting Linux on your Chromebook. With the advent of the Crostini Project and Linux apps support, that has changed and for many, installing Inkscape free software on a Chromebook has been a game-changer for productivity. While we no longer use Inkscape, it is still an incredible vector editor and we recommend it for users who aren’t ready to make the jump to the pro version of Gravit that runs you $49.99/year.

          • Chrome OS 80 makes graphic intensive Linux apps so much better

            As we’ve seen in the past few months, Linux apps on Chrome OS have come a long way. There’s still work to be done and there are new features that are on the way or that have just launched, but the overall feel of Linux apps on Chromebooks is way more cohesive than it was just 6 months ago.

          • Chrome browser may get an official Snap package for Linux

            As of late, I spend a good majority of my time digging into Linux on Chrome OS and testing what works and what doesn’t. As the Command Line series takes shape, we’ve become a little keener to Linux-related commits in the Chromium repository. There’s so much that you can do with Linux apps on Chrome OS but the Crostini project still has its limitations due to the nature of the technology. Running applications in containers requires some workarounds for certain things that are normally native on full Linux distributions.

          • Brave Browser Has Reached 12 Million Monthly Active Users

            Brave, the popular crypto-integrated browser, has surpassed its previous adoption records.

            As of Mar. 5, Brave had 4 million daily active users (DAU) and 12 million monthly active users (MAU). Based on Brave’s previous usership statistics, this means that Brave attracted approximately 2 million monthly active users and 700,000 daily active users over the past three months.

        • Mozilla

          • 74.0 Firefox Release
          • Firefox 74.0

            The latest release of Firefox features some login management improvements, the ability to add custom sites to the Facebook Container, better privacy for web voice and video calls, and better add-on management. See the release notes for more information.

          • Firefox 74 Released with DNS over HTTPS, Other Privacy Improvements

            The freshly accelerated Firefox release schedule see a new version of Firefox released every four weeks. The increased release rate allows the famous FOSS browser to bring new features to users faster.

            The headline change in Firefox 74 is the use of DNS over HTTPS by default for users in the USA.

            A privacy-minded feature, DNS over HTTPS encrypts all DNS requests made in Firefox 74 (requests which are normally done ‘in the open’). This helps prevent people snooping on internet traffic from discerning detail about the requests being made.

            Firefox 74 defaults to Cloudflare as the DNS resolver but users are able switch to NextDNS through the Preferences > Network Settings dialog.

          • Firefox 74 Begins Rolling Out With DNS-Over-HTTPS, Disabling TLS 1.0/1.1

            Firefox 74.0 is the release offering DNS-over-HTTPS support with Cloudflare as the default DNS resolver, TLS 1.0 and TLS 1.1 support is now disabled, sandbox security improvements, CSS text-underline-position support, implementing the JavaScript optional chaining operator, and many other developer improvements. The DNS over HTTPS is enabled by default for users in the United States with Firefox 74 while others can turn it on manually. While Cloudflare is the default DNS resolver, NextDNS can also be selected as another option. The roll-out began in late February and more details on Mozilla’s DoH work via this blog post.

          • Jiri Eischmann: Mozilla makes Firefox Beta available on Flathub

            I’m glad to see that Mozilla has made a significant process with offering Firefox as a flatpak. Having Firefox as a flatpak was one of our long-term goals.

            Three years ago we started a testing flatpak repo with Firefox Developer Edition and soon after that we added Firefox Nightly. For a long time it was the only source of Firefox for Flatpak out there. The user base grew into thousands, a level our hosting could barely deal with. Lately we haven’t had much time for its maintenance and at least the nightly builds were often broken.

            That’s why from the very beginning we worked with Mozilla to make official Firefox builds available as flatpaks. The effort was later on picked up by Endless.

            Now it brings first fruits, Mozilla is already shipping Firefox Beta in the beta channel on Flathub. You just need to enable it by installing this file: https://flathub.org/beta-repo/appstream/org.mozilla.firefox.flatpakref

            I think it may already be useful for Silverblue users who have relied on our testing repo if they didn’t want to use package overlay.

          • An Official Firefox Flatpak is on the Way

            With the Firefox 74 release out of the way Mozilla developers now turning their attention towards Firefox 75, scheduled for release in the early part of April.

            While Firefox 75 will (obviously) ship with new features, key changes and a dollop of developer-related improvements it will be notable for another reason:

            It’s looking like Firefox 75 will be the first version of the famed web browser to be released as a Flatpak app on the Flathub app store.

          • Hacks.Mozilla.Org: Security means more with Firefox 74

            Today sees the release of Firefox number 74. The most significant new features we’ve got for you this time are security enhancements: Feature Policy, the Cross-Origin-Resource-Policy header, and removal of TLS 1.0/1.1 support. We’ve also got some new CSS text property features, the JS optional chaining operator, and additional 2D canvas text metric features, along with the usual wealth of DevTools enhancements and bug fixes.

          • Support for extension sideloading has ended

            Today marks the release of Firefox 74 and as we announced last fall, developers will no longer be able to install extensions without the user taking an action. This installation method was typically done through application installers, and is commonly referred to as “sideloading.”

            If you are the developer of an extension that installs itself via sideloading, please make sure that your users can install the extension from your own website or from addons.mozilla.org (AMO).

      • Productivity Software/LibreOffice/Calligra

        • Announcing Open Badges for LibreOffice contributors!

          LibreOffice is made by volunteers and certified developers across the globe, and today we’re announcing a new system to credit their work and show appreciation: Open Badges. So what are they?

          In a nutshell, Open Badges are PNG images that are awarded to contributors for reaching a certain threshold – such as a number of commits to the codebase, or answering questions on Ask LibreOffice. But these images are something special: they contain metadata describing the contributor’s work, which can be verified using an external service. Open Badges are used by other free software projects, such as Fedora.

          We at The Document Foundation – the non-profit entity behind LibreOffice – will start issuing customised badges to contributors, who can then proudly display them on websites or social media. And because of the embedded metadata, contributors can use the badges as proof of their work. If you’ve been a long-time contributor to LibreOffice and are in the job market, use your badge to highlight your involvement in a large open source project!

        • My hack week at Collabora: (start of) padded numbering in Writer

          Padded numbering is a style where you insert 0 characters in front of an otherwise normal (Arabic) numbering, making sure that the result always has at least N characters. Up to now, you had to number your content manually to have this effect, while Word supports this feature.

          OOXML supports padding up to 2, 3, 4 and 5 characters. Padding up to 2 characters is the older feature, supported in DOC and RTF as well, so I focused on that piece.

      • CMS

        • WordPress 5.4 RC2

          The second release candidate for WordPress 5.4 is now available!

          WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time!

      • Public Services/Government

        • Expert Brochure to Modernise Public Digital Infrastructure with Public Code – Translated Versions Online

          What is Free Software? How does it contribute to digital sovereignty, security and transparency of state digital infrastructure? Which steps can public administrations take? These and more questions are answered in our publication “Public Money Public Code – Modernising Public Infrastructure with Free Software”. After the successful release of the English version of our brochure we translated it into three more languages: German, Czech and Brazilian Portuguese.

          The recent debates about digital sovereignty show that the desire for self-determined government action in the field of digitisation is immense. Digital services offered and used by our public administrations are the critical infrastructure of 21st century. In order to establish trustworthy systems, public bodies must ensure they have full control over the software and the computer systems at the core of our state digital infrastructure. We need software that helps public administrations regain sovereignty over their critical digital infrastructure, allowing them to become and remain independent from a handful of companies.

          The brochure summarises the FSFE’s long-term expertise with additional knowledge from leading experts in various ICT areas. It helps readers understand Free Software and its benefits for a modern digital public infrastructure. Hot topics covered include the avoidance of vendor lock-in, improvement of IT security through openness, exploring different business models, handling of procurement issues, and learning from innovative approaches to smart cities.

      • Programming/Development

        • RenderDoc 1.7 Released With Vulkan Improvements, Better D3D12 Capture Performance

          RenderDoc 1.7 is out today for this cross-platform graphics debugging/profiling tool that supports Vulkan, Direct3D, and OpenGL graphics APIs across all major platforms.

          RenderDoc 1.7 comes with Python API changes, improved capture performance for Direct3D 12 programs, better handling of queue ownership transfer barriers in Vulkan, support for Vulkan’s KHR_shader_non_semantic_info extension, and dozens of bug fixes across the board. RenderDoc 1.7 also brings a global font scale for better scaling of text within its own user-interface.

        • Git v2.26.0-rc1
          A release candidate Git v2.26.0-rc1 is now available for testing
          at the usual places.  It is comprised of 453 non-merge commits
          since v2.25.0, contributed by 47 people, 10 of which are new faces.
          The tarballs are found at:
          The following public repositories all have a copy of the
          'v2.26.0-rc1' tag and the 'master' branch that the tag points at:
            url = https://kernel.googlesource.com/pub/scm/git/git
            url = git://repo.or.cz/alt-git.git
            url = https://github.com/gitster/git
          New contributors whose contributions weren't in v2.25.0 are as follows.
          Welcome to the Git development community!
            Abhishek Kumar, Benno Evers, Eyal Soha, Harald van Dijk,
            Jacques Bodin-Hullin, Kir Kolyshkin, Lucius Hu, Peter Kaestle,
            Rasmus Jonsson, and Shourya Shukla.
          Returning contributors who helped this release are as follows.
          Thanks for your continued support.
            Alban Gruin, Alexandr Miloslavskiy, Bert Wesarg, brian
            m. carlson, David Turner, Denton Liu, Derrick Stolee, Elijah
            Newren, Emily Shaffer, Eric Sunshine, Hans Jerry Illikainen,
            Hariom Verma, Heba Waly, Jeff King, Johan Herland, Johannes Berg,
            Johannes Schindelin, Johannes Sixt, Jonathan Nieder, Jonathan
            Tan, Junio C Hamano, Kevin Willford, Kyle Meyer, Luke Diamand,
            Martin Ågren, Masaya Suzuki, Matheus Tavares, Matthew Rogers,
            Miriam Rubio, Paolo Bonzini, Philippe Blain, Pranit Bauva,
            Ralf Thielow, René Scharfe, SZEDER Gábor, Tanushree Tumane,
            and Taylor Blau.
        • Git 2.26-rc1 Released With More Improvements For This Distributed Version Control System

          Git 2.26-rc1 is out this morning as the newest test version of this distributed version control system.

          Highlights of the Git 2.26 series so far as of RC1 consists of:

          - Continued work on improving the Bash/CLI auto-completion for different sub-commands.

        • Perl / Raku

          • The Weekly Challenge #051

            I am really enjoying the weekly challenges, specially doing in Raku. The point of blogging is also about sharing my fight with Raku. I hardly write anything about my Perl solution as I don’t see anything new to talk about. Having said that, I still go for Perl first as it is my first love and will remain so rest of my life. Even today, my brain is so tuned to Perl, every ideas come in form and shape of Perl only. I started contributing in the Week #46. I could only find time to do Perl solutions in the Week #46. The following Week #47 was the same as I didn’t get to do Raku. It was the Week #48 when I managed to find time to do both Perl and Raku for the first time. Ever since I have been able to contribute every week in both languages. I would give the credit to the fellow Team PWC member, Ryan Thompson, for helping me with the Perl and Raku reviews.

        • Python

          • Zato services as containers for Python functions and methods

            Acting as containers for enterprise APIs, Zato services are able to invoke each other to form higher-level processes and message flows. What if a service needs to invoke a hot-deployable Python function or method, though? Read on to learn details of how to accomplish it.

          • Polymorphism in Python

            In this tutorial, we will learn about polymorphism, different types of polymorphism, and how we can implement them in Python with the help of examples.

          • Defining Main Functions in Python

            Many programming languages have a special function that is automatically executed when an operating system starts to run a program. This function is usually called main() and must have a specific return type and arguments according to the language standard. On the other hand, the Python interpreter executes scripts starting at the top of the file, and there is no specific function that Python automatically executes.

            Nevertheless, having a defined starting point for the execution of a program is useful for understanding how a program works. Python programmers have come up with several conventions to define this starting point.

          • Python 3.7.7 is now available

            Note that Python 3.8 is now the latest feature release series of Python 3. You should consider upgrading to it. Get the latest release of 3.8.x here. We plan to continue regular bugfix releases of Python 3.7.x through mid-year 2020 and provide security fixes for it until mid-year 2023. More details are available in PEP 537, the Python 3.7 Release Schedule.

          • Python 101: Learning About Lists

            Lists are a fundamental data type in the Python programming language. A list is a mutable sequence that is typically a collection of homogeneous items. Mutable means that you can change a list after its creation. You will frequently see lists that contain other lists. These are known as nested lists. You will also see lists that contain all manner of other data types, such as dictionaries, tuples or objects.

          • Statement on Coronavirus

            As you are aware, the Coronavirus (COVID-19) is a topic of frequent and ongoing discussions. We would like to provide an update on our status and policies as well as provide resources for additional information.

            As of today, our event schedule remains as posted on event sites. Any changes or updates will be immediately shared. The NumFOCUS staff and board of directors are closely monitoring the situation and will be following the lead of the WHO, CDC, and state and local governments. Our plan is to weekly reassess information and provide updates as needed.

          • PyDDF Python Spring Sprint 2020

            The following text is in German, since we’re announcing a Python sprint in Düsseldorf, Germany.

          • PyCoder’s Weekly: Issue #411 (March 10, 2020)
          • Tryton News: Security Release for issue9108

            With issue9108, the trytond server does not enforce access right on wizard relying on the access right of the model on which it runs.

          • Tryton News: Security Release for issue9089

            With issue9089, the web client does not set noreferrer nor noopener to open external links.

        • Shell/Bash/Zsh/Ksh

          • Life tables

            I know I’ll die, sooner or later, but how many years do I have left?

            There’s no answer to that question for me or for anyone else interested in their future, because the future is unknowable. That hasn’t stopped demographers and actuaries from calculating life expectancies in years and sometimes making news with their calculations.

            Here in Australia the Government Actuary produces Life Tables every 5 years. The tables are based on enumeration. How many 60-year-old women were there at the last Census? How many 60-y-o women died around the Census time? From those numbers (and others) the Actuary can calculate a current likelihood of dying and an expected number of years before death for 60-y-o women.

            Tallying population and death totals isn’t straightforward and adjustments are made to both the current male and female populations at each age, and to the death numbers. The population figures in the latest Life Tables were adjusted from the 2016 Census, and the death figures cover the 3 years 2015-2017.

        • Rust

          • The 2020 RustConf CFP is Now Open!

            The 2020 RustConf Call for Proposals is now open!

            Got something to share about Rust? Want to talk about the experience of learning and using Rust? Want to dive deep into an aspect of the language? Got something different in mind? We want to hear from you! The RustConf 2020 CFP site is now up and accepting proposals.

    • Standards/Consortia

      • Intel Adds Bare-Metal oneAPI Support to Linux via its Compute Runtime

        Intel has added bare-metal oneAPI support to its open-source Graphics Compute Runtime for OpenCL and oneAPI, according to a Phoronix report on Monday. This brings oneAPI Level Zero to Linux.

        Intel’s bare-metal specification for oneAPI is known as Level Zero and provides the lowest-level access to hardware, such as accelerators. Intel has now brought initial support for Level Zero to its Graphics Compute Runtime for OpenCL and oneAPI, as evidenced by a commit on GitHub.

      • OMEMO Specification Sprint

        The past weekend some members of the XMPP community gathered in Düsseldorf to work on the next iteration of the OMEMO Encryption Specification. All of us agree that the result – version 0.4 of XEP-0384 – is a huge step forward and better than ever!

        On Saturday morning we met up at the Chaosdorf, a local Hacker Space who’s members kindly hosted the sprint. Huge thanks to them for having us!

        Prior to the sprint we had collected a list of bullet points of topics we wanted to discuss. Among the more urging topics was proper specification of OMEMO for group chats, support for encrypting extension elements other than the body, as well as clarification on how to implement OMEMO without having to use libsignal. While the latter was technically already possible having a clear written documentation on how to do it is very important.

  • Leftovers

    • Health/Nutrition

      • staying home

        I was to fly to Boston tomorrow evening, but I’m staying home instead. Just a few days ago, I was thinking all the fear around Covid-19 was silly, but then I caught a very mild cold and, wondering whether that could get me quarantined, sent back home, or barred from travelling, I started looking into the matter, and what I learned changed my mind.

        I used to think I was reasonably healthy, and though I invariably catch a bug at conferences abroad, for sleepless nights in tight plane seats and long exposure to unknown pathogens, I’m likely able to survive Covid-19 even if I came across it, which was extremely unlikely to begin with. It’s not much more than a flu, after all, right?

        Well… It’s not so simple. What happens if everyone reasons this way and carries life on as usual? The virus spreads very fast, healthcare units get overloaded, and even people with very treatable diseases fail to get treatment and die.

        Avoiding unnecessary physical contact slows down the propagation. In extreme cases, this might even get a virus to die off. Even if we don’t go that far, the more we slow it down, the more time we buy to develop treatments and vaccines, and the less we overload healthcare units so that people who need treatment are more likely to get it.

      • Stephen Michael Kellat: Following The Planning P

        Why bring that up? The big reason is to mention the need for backup plans and continuity plans. With COVID-19 concerns in play within the continental United States, the Windows Subsystem for Linux conference had to switch from being an in-person event to a virtual event. After my broadband decided to die on me I decided to follow up on guidance from the state’s election authorities to get early voting out of the way as reported by the Cleveland Plain Dealer. My account on Instapaper has been full of closure listings in the local area such as Kent State University stopping classes on all campuses including the local commuter campus in Ashtabula. Many people and institutions are having to improvise, adapt, and overcome.

        For the individual developer, though, there should be some consideration about COVID-19. Is your code maintained in a way that nobody else could access it if you were incapacitated? Do you have a “trusted person” who has delegated access if you become incapacitated so automated systems can continue to function? Is your code clean and commented sufficiently so that somebody could take over maintaining it if, heaven forfend, you are out of commission for an extended period of time?

        These are all good business practices. The COVID-19 situation merely brings them into sharp focus as being essential business practices. If you haven’t implemented them already there is no time like the present.

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

          • Privatisation/Privateering

            • Linux Foundation

              • The TARS Foundation: The Formation of a Microservices Ecosystem

                The TARS Foundation can help make the microservices ecosystem more effective, building a more aligned community of contributors and supporters. As more technology-first companies deploy microservices in production, we expect the trend to extend to traditional industries that are transforming. We hope that more people and companies will participate in the TARS Foundation and welcome everyone to contribute to a better and more open microservice ecosystem.

              • The Linux Foundation Open Sources Hardware of Disaster Relief Project that Won First Call for Code Global Challenge Led by IBM
              • The Linux Foundation Open Sources Hardware of Disaster Relief Project that Won First Call for Code Global Challenge Led by IBM

                The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced Project OWL’s IoT device firmware effort will be hosted at the Foundation and is inviting developers worldwide to build mesh network nodes for global emergency communications networks. Project OWL, the winner of Call for Code 2018, is a cloud-based analytics tool that helps facilitate organization, whereabouts, and logistics for disaster response. The Linux Foundation’s open governance model will enable a global network of developers to accelerate the development of the mesh networks, which could help save lives following a natural disaster.

              • Project Owl’s open source project challenges developers to build global mesh network nodes for emergency communications

                Project Owl is a cloud-based analytics tool that helps facilitate Organization, Whereabouts, and Logistics (Owl, for short) for disaster response. Our team developed a mesh network of Internet of Things (IoT) devices called “DuckLinks” that can be deployed or activated in disaster areas to quickly re-establish connectivity and improve communication between first responders and civilians in need.

                In 2018, we won the inaugural Call for Code Global Challenge. Our idea rose to the top from over 100,000 participants from 156 nations and we won the opportunity to work with IBM’s Code and Response initiative with The Linux Foundation, to help us build, fortify, test and launch our solution to help communities in need.

        • Security

          • Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling LVI flaw will slash performance

            Computer security researchers involved in the discovery of the Meltdown and Spectre vulnerabilities affecting many modern processors have developed a related attack technique called Load Value Injection (LVI).

            The attack relies on microarchitectural data leakage to inject and execute malicious code in a way that breaks the confidentiality of modern Intel systems.

            Chipzilla’s processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x.

          • LVI Attack Hits Intel SGX – Defeats Existing Mitigations, More Performance Hits

            Load Value Injection (LVI) is being disclosed today as a new class of transient-execution attacks and the researchers claim can defeat all existing mitigations around Meltdown, Foreshadow, Zombieload, RIDL and Fallout. The researchers say LVI can affect virtually any access to memory and compiler-based mitigations can be expensive.

            LVI combines Spectre-style code gadgets with Meltdown-type illegal data flows to bypass existing defenses and allow injecting data into a victim’s transient execution. LVI was discovered in April of 2019 while today the researchers and Intel are making a coordinated disclosure. The initial discovery was made again by university researchers but Bitdefender ended up also discovering the same vulnerability.

          • Say hello to your new best friend ‘LVI’ – another security flaw in CPUs for Intel

            Oh hell. This comes shortly after Intel had another one announced that was ‘unfixable’, plus one for AMD too and now this all in the space of a month. Rough time right now, for Intel specifically on this one.

          • Security updates for Tuesday

            Security updates have been issued by Debian (libvpx and network-manager-ssh), Fedora (cacti, cacti-spine, and podman), openSUSE (chromium and python-bleach), Oracle (curl), Red Hat (ansible and qemu-kvm), SUSE (gd, ipmitool, and php7), and Ubuntu (runc and sqlite3).

          • Over 80% of Medical Imaging Devices Run on Outdated Operating Systems
          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Debian Linux Reports Highest Bugs Since 1999, Ubuntu Ranks 5th: Report [Ed: Comparing apples to oranges again]

              Microsoft’s Windows is always considered the most vulnerable OS owing to its popularity or kernel design. But a recent analysis report published by theBestVPN.com may surprise and clear some myths for you.

            • Linux is the world’s most vulnerable operating system [Ed: Microsoft hides its many flaws (no disclosure, by its own admission) and this counts far more packages, not core OS]

              The idea that Microsoft’s Windows is the world’s most buggy and vulnerable operating system is pants, and it is so-called cast iron operating systems like Linux and macOS which are the worst.

              An analysis of the National Institute of Standards and Technology’s National Vulnerability Database, compiled by Thebestvpn.com, tracked ‘technical vulnerabilities’ in popular pieces of software between 1999 and 2019.

            • PPP Daemon flaw opens Linux distros, networking devices to takeover attacks [Ed: How many people even use such devices any longer?]

              A vulnerability (CVE-2020-8597) in the Point-to-Point Protocol Daemon (pppd) software, which comes installed on many Linux-based and Unix-like operating systems and networking devices, can be exploited by unauthenticated attackers to achieve code execution on – and takeover of – a targeted system.

    • Finance

      • Should working while you commute count as paid time?

        Few people look forward to their commute, but Albane Bochatay, 30, has it easier than most. With Switzerland’s snow-capped mountains and Lake Geneva as a backdrop and an almost guaranteed seat, her one-hour train journey one-way is decidedly more relaxing than a packed London Underground train. And most importantly, she gets paid for it.

        After moving from Bern, the centre of government, to the southwestern city of Lausanne, Bochatay, a research associate for Swiss union Transfair, now works at a regional office near her home two days a week and commutes to the headquarters in Bern the other three. And thanks to Switzerland’s well-equipped and uncrowded trains, her boss was happy for her to start her workday on the journey in.

        “I can answer my mails, I can read some papers, I can also write some minutes, so I can actually do a lot of things on the train,” she says. “And now I can be home at six in the evening and I can do some sport or see some friends. So it’s a good balance.”

    • Monopolies

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts