Bonum Certa Men Certa

Links 31/7/2020: New Thunderbird and FreeBSD Foundation, Now 20, Has Got a New Look



  • GNU/Linux

    • Want to run Mac OS 8 on Linux as an Electron app? Well, you can anyway

      After creating Electron-based version of Windows 95 in 2018, Felix is back with a new virtual machine package (and a new apology for creating it).

      Called macintosh.js, Felix brings Apple’s ancient Mac OS 8 system to the masses via the medium of JavaScript and everyone’s favourite app creation framework€¹ Electron.

      His free-to-use-but-don’t-ask-me-if-Apple-approve version of Mac OS 8 runs like a champ on Windows, macOS and Linux (I tested it on the latter). It runs as a standalone app that boots the OS up directly, i.e. there’s no need to fuss around with installers or set up dialogs).

      “The virtual machine is emulating a 1991 Macintosh Quadra 900 with a Motorola CPU, which Apple used before switching to the PowerPC architecture (Apple/IBM/Motorola) in the mid 1990s,” Felix says of his effort.

      A suite of era-specific software and games is bundled inside as trials, demos, or shareware. This includes Adobe Photoshop 3, Adobe Premiere 4, Netscape Explorer, Duke Nukem 3D, and plenty more.

      While there’s no working internet connectivity (meaning the bundled copy of Internet Explorer must go unloved) this is a functional version of Mac OS 8. All of the apps work; this isn’t a superficial reconstruction with the veneer of usability — it works.

    • Linux PC maker System76 is designing a new customizable keyboard

      System76 has been selling Linux laptop and desktop computers for years. But for most of that time the company has been buying OEM designs and slapping its own software on top.

      Recently System76 started designing and manufacturing its own desktop computers. And now the company is working on its own custom keyboards.

      The upcoming System76 keyboard will be designed to work with the company’s Linux-based Pop!_OS operating system with support for a variety of keyboard shortcuts. But it’s not just the software that’s customizable — the keyboard is too.

    • Desktop/Laptop

      • New KDE Slimbook available
        Linux fans everywhere now have more choices than ever. With distribution-specific laptops popping up left and right, it was only a matter of time before a desktop environment received the same treatment. So when the KDE Slimbook arrived, it was not only the first laptop to focus on the KDE desktop environment, it was a well-spec'd thing of beauty.

        And with the rise of popularity of the AMD Ryzen CPU, it makes perfect sense that the makers of the KDE Slimbook would migrate their laptops to AMD's processor.

        This new laptop easily falls into the Ultrabook category. With a magnesium case that's less than 20 millimeters thick and either a 14.1" or 15.6" display, the new laptops weigh only 1.1 kg (for the 14.1" option) and 1.5 kg (for the 15.6" version). The display is a full HD IPS LED panel and covers 100% of the sRGB range, so colors will be accurate.

    • Server

      • Linux runs on 500 of the top 500 supercomputers

        One of the primary testaments to the success of Linux is its amazing dominance in the area of supercomputing. Today, all 500 of the world’s top 500 supercomputers are running Linux. In fact, this has been the case since Nov 2017. I know this because the TOP500 organization has been tracking the 500 most powerful commercially available computer systems since 1993 and their data documenting Linux’ takeover of supercomputing since 1998 is nothing short of inspiring. A graph of Linux' ascension is available on this TOP500 page.

    • Audiocasts/Shows

      • Command Line Heroes - Season 5, episode 2: Where Coders Code

        Home office. Corporate park. Co-working space. Funland campus. Coders expect options when it comes to their workplace. The relocation of the average workspace from the office to the home has revealed the benefits of working from home—but also highlighted its tradeoffs

    • Kernel Space

      • Systemd 246 Released With Many Changes

        Systemd 246 is out today as the newest version of this dominant Linux init system and system/service manager. Systemd 246 has a lot of new functionality in time for making it into at least some of the autumn 2020 Linux distributions.

      • Linux Plumbers Conference: LLVM Microconference Accepted into 2020 Linux Plumbers Conference

        We are pleased to announce that the LLVM Microconference has been accepted into the 2020 Linux Plumbers Conference!

        The LLVM toolchain has made significant progress over the years and many kernel developers are now using it to build their kernels. It is still the one toolchain that can natively compile C into BPF byte code. Clang (the C frontend to LLVM) is used to build Android and ChromeOS kernels and others are in the process of testing to use Clang to build their kernels.

      • Graphics Stack

        • Wayland's Weston Compositor Introduces Kiosk/Fullscreen Shell

          While there is already the Cage kiosk full-screen shell as well as the likes of Ubuntu's Mir Kiosk Shell, Wayland's Weston reference compositor now has its own implementation.

          Collabora graphics developer Alexandros Frantzis has contributed "kiosk-shell" to Weston, Wayland's official reference compositor. The Kiosk Shell is a full-screen shell for applications making use of the XDG-Shell protocol.

        • Mike Blumenkrantz: Debugging

          It’s another hot one, so let’s cool down by checking out a neat bug I came across.

          As I’ve mentioned previously, zink runs a NIR pass to inject a gl_PointSize value into the last vertex processing stage of the pipeline for point draws.

        • ACO Radeon Shader Back-End Adds Unit Testing Framework To Help Test Optimizations

          The popular "ACO" shader compiler back-end that recently was promoted to the default shader compiler for Mesa's open-source Radeon Vulkan driver (RADV) has long been testing with shaders and traces while now a proper unit testing framework is being introduced for verifying optimizations are correctly handled, ensuring no regressions, etc.

          ACO continues on a nice upward trajectory this year with being the default over AMDGPU LLVM for the RADV driver in Mesa 20.2, Valve continuing to fund the developers working on it, RadeonSI OpenGL driver support still being worked on, and various performance optimizations continuing. For helping to keep on that trajectory, today a unit testing framework was merged for ACO.

    • Instructionals/Technical

    • Games

      • The Humble Double Fine 20th Anniversary Bundle is live with lots of games

        The weekend is quickly approaching and you're in need of some games? Seems Humble Bundle have you covered today with the launch of the Humble Double Fine 20th Anniversary Bundle.

      • Rocket League: The Epic Way

        When Epic bought Psyonix a while back, the writing was already on the wall. Soon after, Psyonix dropped the Linux and Mac versions of the game, and now, as the game becomes Free to Play, it has finally become what we all feared it would be: an Epic Store exclusive...

        [...]

        The sellouts at Psyonix, after building their success on the shoulders of the Steam community, ended up leaving for a poorer, anti-competitive, Windows-only platform.

      • The 20 Best Funny Apps and Games for Android Device in 2020

        The Internet is deemed as a plethora of entertainment for all sorts of latest gadgets. However, it is too difficult for users to riffle through the funny elements from the scattered sources. Hence, there comes the apps and games which generate funny and hilarious content as per recent demands and trends. They help you abate your boredom and monotonous lifestyle and yet help you to laugh since laughter is great medicine for your body. Some of these funny apps and games for Android contain animations to make the caricature live and vivid, whereas some use the real or fabricated images for fun.

      • How to Play Android Games on Linux

        Fancy playing Android games on your desktop? We have shown you how to do so in Windows, but what about Linux? If you want to play Android games on Linux, we have the solution.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE archive tool flaw let hackers take over Linux accounts [Ed: This is overhyped nonsense. Compressed files that are from unknown and malicious source have long been a risk and they're framed as a major hazard, sometimes because people unwittingly execute them.]

          A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it.

          KDE is a desktop environment commonly found on Linux distributions that offers a graphical user interface to the operating system.

          Discovered by security researcher Dominik Penner of Hackers for Change, a path traversal vulnerability has been found in the default ARK archive utility that allows malicious actors to perform remote code execution by distributing malicious archives.

    • Distributions

      • BSD

        • We’ve Got a New Look

          The Foundation team is excited to announce a new look for our website! We hope you’ll find the new site easier to read and navigate. We’ve also added a FreeBSD Resources section that includes links to our how-to guides and other community training resources. If you have a blog, youtube channel, or other training materials you’d like us to include, please let us know.

          Also, as you may have noticed, not only are we unveiling a new site, but we’re also unveiling a 20th Anniversary logo. It’s hard to believe the Foundation has been supporting the FreeBSD Project for 20 years. You’ll hear more about that in the coming weeks. In the meantime, take a look around the site and let us know if you see something amiss.

        • FreeBSD Foundation Celebrates 20th Anniversary

          The FreeBSD Foundation has announced its twentieth anniversary. Founded as a 501(c)(3) non-profit organization by early FreeBSD developer Justin Gibbs in March 2000, the FreeBSD Foundation has helped FreeBSD to become one of the most widely distributed open source operating systems, and is used by Netflix, Apple, Sony, Intel, Microsoft, and tens of millions of deployed systems.

          From 2000 to 2005, FreeBSD Foundation activities were managed by its board of directors comprised of volunteers, including Gibbs. During this time, FreeBSD partnered with Sun Microsystems to license FreeBSD Java binaries, funded early work on network scalability for SMP systems, and fostered BSD conferences. In 2004, the FreeBSD Foundation acquired the FreeBSD trademark from Wind River.

          In 2005, the FreeBSD Foundation hired its first employee, Deb Goodkin, who came to the foundation with a technical background of 20 years in storage development as firmware engineer, logic designer, applications engineer, technical marketing and technical sales.

      • Screenshots/Screencasts

        • My Thoughts On GNU Guix After Three Days

          I have spent several hours each of the last three days playing around with GNU Guix ( mostly watching packages build :D ). I have it running in a VM and on a Lenovo Thinkpad. There is a lot to love about Guix, but there are also some challenges with it. Some of the problems I initially had were configuring Guix to recognize new window managers that I installed. Also, running a "make install" doesn't work on my Suckless builds. And qtile isn't packaged for Guix and a "pip install qtile" fails on Guix. But I'm still having fun!

        • EndeavourOS 2020.07.15 overview | An Arch-based distro with a friendly community in its core.

          In this video, I am going to show an overview of EndeavourOS 2020.07.15 and some of the applications pre-installed.

      • SUSE/OpenSUSE

        • New GeckoLinux Rolling Editions Are Out Now, Based on openSUSE Tumbleweed

          After announcing the latest versions of the GeckoLinux Static and GeckoLinux NEXT KDE Plasma editions, the developer also refreshed the GeckoLinux Rolling editions, which are based on the openSUSE Tumbleweed rolling operating system.

          Therefore, as you an imagine these new GeckoLinux Rolling editions are the most up-to-date ISO releases of the openSUSE-based distribution. GeckoLinux Rolling is available in seven variants with the KDE Plasma 5.19, GNOME 3.36, Xfce 4.14, Cinnamon 4.4, MATE 1.24, and LXQt 0.15 desktop environments, as well as BareBones flavor with the IceWM window manager.

      • IBM/Red Hat/Fedora

        • Redefining RHEL: Introduction to Red Hat Insights - 2020 Update

          In 2019, Red Hat announced that we were including Red Hat Insights with every Red Hat Enterprise Linux (RHEL) subscription. Now in 2020, we have expanded the capabilities that Insights includes and we wanted to take this opportunity to review what these expanded capabilities means to you, and to share some of the basics of Red Hat Insights.

          We wanted to make Red Hat Enterprise Linux easier than ever to adopt, and give our customers the control, confidence and freedom to help scale their environments through intelligent management.

      • Canonical/Ubuntu Family

        • Ubuntu-driven Coffee Lake AI system features Myriad X, FPGA, and PoE add-ons

          IEI’s “FLEX AIoT Dev. Kit” runs Ubuntu on a 8th or 9th Gen Coffee Lake with 2x GbE, 2x HDMI, 4x SATA, 3x M.2, PCIe x4, and 2x PCIe x8 slots with optional Mustang cards with Myriad X VPUs and more.

          IEI Integration has launched high-end edge AI computer that runs a “pre-validated” Ubuntu 18.04 stack on Intel’s 8th or 9th Gen Coffee Lake CPUs. The FLEX AIoT Dev. Kit has much in common with its earlier, 8th Gen Coffee Lake FLEX-BX200-Q370 system.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Mozilla

          • Mozilla Thunderbird 78.1 Released with Full OpenPGP Support, Search in Preferences Tab

            Mozilla Thunderbird 78.1 is now rolling out today to all supported platforms as the first point release to the latest major Mozilla Thunderbird 78 release with a bunch of exciting new features.

            As you know, Mozilla Thunderbird 78 arrived two weeks ago with many exciting changes, including OpenPGP support, new minimum runtime requirements for Linux systems, DM support for Matrix, a new, centralized Account Hub, Lightning integration, and support for the Red Hat Enterprise Linux 7 operating system series.

            Probably the most exciting new feature in Mozilla Thunderbird 78 is support for the OpenPGP open standard of PGP encryption, which lets users send encrypted emails without relying on a third-party add-on. However, OpenPGP support wasn’t feature complete in the Thunderbird 78 release and it was disable by default.

            With the Thunderbird 78.1 point release, Mozilla says that OpenPGP support is now feature complete, including the new Key Wizard, the ability to search online for OpenPGP keys, and many other goodies. But it’s still disable by default to allow more time for testing, so you need to enable it manually to take full advantage of the new Thunderbird release.

      • FSF

        • Free software in business: Success stories

          Even though the vast majority of software development and news articles on technology still predominantly focus on proprietary software, public pressure is increasingly shifting the conversation to include ethical considerations. Whenever you feel that free software is not making strong enough waves, I urge you to look at the LibrePlanet conference video collection (or listen to the talks), to strengthen your belief. Making free software a kitchen table issue in every home can at times seem like an insurmountable challenge, but there are so many community members doing incredibly inspiring work driving user freedom forward.

          This is why we have been updating our "Working Together for Free Software" pages in the last few weeks, with new testimonials from activists and enthusiasts. We have heard why people believe in free software, and how free software can make a difference in all industries. This third blog post in the series inspired by interviews with community members will bring some attention to the success that people have had advocating for free software through their occupations. It manifests how appeals to user freedom, and successful free software implementations, are driving forces behind the advancement of businesses all over the world.

        • GNU Projects

          • July GNU Spotlight with Mike Gerwitz: 22 new releases!

            adns-1.5.2 binutils-2.35 bison-3.7 gama-2.09 gcc-10.2.0 gettext-0.21 gnun-1.0 gnunet-0.13.1 gnupg-2.2.21 guile-3.0.4 help2man-1.47.16 libextractor-1.10 libgcrypt-1.8.6 libidn-1.36 linux-libre-5.7-gnu mcsim-6.2.0 mpfr-4.1.0 nano-5.0 parallel-20200722 shepherd-0.8.1 tramp-2.4.4 unifont-13.0.03

      • Programming/Development

        • Python

          • Upgrade to pip 20.2, plus, changes coming in 20.3

            On behalf of the Python Packaging Authority, I am pleased to announce that we have just released pip 20.2, a new version of pip. You can install it by running python -m pip install --upgrade pip.

            The highlights for this release are:

            - The beta of the next-generation dependency resolver is available -- please test - Faster installations from wheel files - Improved handling of wheels containing non-ASCII file contents - Faster pip list using parallelized network operations - Installed packages now contain metadata about whether they were directly requested by the user (PEP 376’s REQUESTED file)

          • Docs, Bugs, and Reports - Building SaaS #66

            In this episode, I created documentation for anyone interested in trying out the application. After documenting the setup, I moved on to fixing a bug with the scheduling display of courses. In the latter half of the stream, we focused on creating a new reports section to show progress reports for students.

            One of my patrons requested some documentation to explain how to get started with the project. We updated the README.md to show the commands that I use to set up my project. This includes virtual environment setup, package installation, Django bootstraping commands, and how to run the web server.

            After completing some documentation, we worked on a bug that my customer discovered during the last round of feedback that I collected from her. The problem was very specific to how courses would be displayed in the past. The customer wants to be able to hide courses that are complete, but still show past completed data. The existing implementation didn’t show the past. I wrote the unit test and made the code change to fix the issue.

            Finally, we started some new pages. The customer wants to see progress reports for students. I needed a new section that will display all the available reports in the future. I built a new ReportsIndexView that will be the new section for showing reports. We added the template view and started to put in context data.

        • Rust

  • Leftovers

    • Gianni Infantino: Legal proceedings launched against Fifa president

      Swiss prosecutors have launched legal proceedings against Fifa president Gianni Infantino.

      It is in relation to an alleged secret meeting the head of world football's governing body held with the Swiss attorney general Michael Lauber.

      Lauber last week offered to resign after a court said he covered up the meeting and lied to supervisors during an investigation by his office into corruption surrounding Fifa.

      Both have denied any wrongdoing.

    • Health/Nutrition

      • Herman Cain dies from coronavirus
      • How should policymakers use “pull” mechanisms to improve COVID-19 innovation incentives?

        As we have emphasized throughout this COVID-19 blog post series, even though patent law historically has been the primary field in which legal scholars consider questions of innovation policy, governments use a wide variety of policies to incentivize and allocate access to new innovations. One of the key dimensions for comparing these different policies is when the incentive occurs. Under ex ante or “push” policies such as grants or R&D tax incentives, innovators receive funding early in the research process, before the results are known; for ex post or “pull” policies such as patents or prizes, only successful projects receive a reward.

        In a recent talk for the Iowa Innovation, Business & Law Center’s speaker series on COVID-19 innovation policy, one of us (RS) explained why pull mechanisms are very effective innovation policy levers to achieve the kind of clear technological goals presented by the pandemic. Here, we will unpack these ideas and explain how lawmakers should be adjusting these policies to bring this crisis to a more rapid close.

        [...]

        When faced with an innovation policy problem for which market rewards seem insufficient—like a global pandemic—Congress can raise or allocate funds distributable upon the success of some event or with certain conditions attached, thereby creating prize-like funding for specific goals. For COVID-19, part of the CARES Act contains prize-like inducements for industry. These include mandatory insurance coverage for SARS-CoV-2 tests (thereby expanding the tests’ market), the elimination of reimbursement restrictions on many telehealth visits that previously depressed the market for such services, and a commitment to purchasing a successful COVID-19 vaccine. With respect to vaccines, several recent proposals from congressional policymakers have focused on calibrating the government’s payout for a successful vaccine—most recently $25 billion. (Perhaps as a sign of government pull incentives’ paucity relative to push incentives, The New York Times labeled this move “unusual.”)

        Aside from Congress, federal and state agencies can also direct funds to prizes. While the primary incentive mechanism for federal agencies like NIH is ex ante grant distribution, Congress made clear in 2010 that federal agencies have authority to spend their appropriations on ex post prizes. And a 2011 report from the National Economic Council, Council of Economic Advisers, and Office of Science and Technology Policy further encouraged agencies to do so. An increasing number of agencies now post prize competitions at Challenge.gov, although prizes remain a small part of agencies’ overall innovation policy portfolio. NIH, to its credit, recently created a national innovation initiative for COVID-19 diagnostics.

        Government purchasing and reimbursement can also act as a strong, innovation-forward prize, increasing the market size for goods and service. Reimbursement from the Centers for Medicare and Medicare (CMS) for health technologies and services operates in just this fashion, encouraging the development of technologies by, essentially, subsidizing (and increasing) payment. For COVID-19, we suggested back in April that CMS should increase its reimbursement limits for scalable COVID-19 testing (such as at-home testing) as an incentive to encourage the development of new testing technologies. CMS has done just that, increasing its reimbursement level to $100 per test. Given the urgency of the COVID-19 pandemic, pull incentives with quick payouts—such as prizes and purchases—are likely to be useful both for patients and industry.

    • Integrity/Availability

      • Proprietary

        • Opera 70 is Here with Major Improvements to its Existing Features

          The Opera desktop web browser released its latest version 70 with usability improvements to its existing feature set. Coming up after a month of previous release Opera 69, this release focusing on improving your browsing experience.

        • Pseudo-Open Source

          • Openwashing

            • Open Mainframe Project Announces the Full Schedule for the Inaugural Open Mainframe Summit on September 16-17

              The Open Mainframe Project (OMP), an open source initiative that enables collaboration across the mainframe community to develop shared tool sets and resources, today announces the complete schedule of the inaugural Open Mainframe Summit. The virtual event takes place September 16-17 and will feature Ross Mauri, General Manager of IBM Z and LinuxONE at IBM; Greg Lotko, Senior Vice President and General Manager, Mainframe Division at Broadcom; Brian Behlendorf, Executive Director of Hyperledger; and The Linux Foundation’s Jim Zemlin, Executive Director, and John Mertic, Director of Program Management. Open Mainframe Summit will focus on all open source projects and technologies impacting the mainframe. The event enables a collaborative environment that offers seasoned professionals, developers, students and leaders a forum to share best practices, discuss hot topics, and network with like-minded individuals who are passionate about the mainframe industry.

          • Privatisation/Privateering

            • Linux Foundation

              • Fledge, an LF Edge Project, Enters Growth Stage as Release 1.8 Enables Open Industrial Edge Software with AI/ML, and Public Cloud Integration

                LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced maturing of its Fledge project, which has issued it’s 1.8 release and moved to the Growth Stage within the LF Edge umbrella. Fledge is an open source framework for the Industrial Internet of Things (IIoT), used to implement predictive maintenance, situational awareness, safety and other critical operations. Deployed in industrial use cases since early 2018, Fledge integrates IIoT, sensors, machines, ML/AI tools-processes-workloads, and cloud/s with the current industrial production systems and levels, as per ISA-95.

                Fledge v1.8 is the first release since moving to the Linux Foundation. However, this is the ninth release of the project code that has over 60,000 commits, averaging 8,500 commits/month. Concurrently, Fledge has matured into a Stage 2 or “Growth Stage” project within LF Edge. This maturity level is for projects interested in reaching the Impact Stage, and have identified a growth plan for doing so. Growth Stage projects receive mentorship from the Technical Advisory Committee (TAC) and are expected to actively develop their community of contributors, governance, project documentation, and other variables identified in the growth plan that factor in to broad success and adoption.

              • Fledge, an LF Edge Project, Enters Growth Stage as Release 1.8 Enables Open Industrial Edge Software with AI/ML, and Public Cloud Integration
        • Security

          • Security updates for Thursday

            Security updates have been issued by Arch Linux (webkit2gtk), CentOS (GNOME, grub2, and kernel), Debian (firefox-esr, grub2, json-c, kdepim-runtime, libapache2-mod-auth-openidc, net-snmp, and xrdp), Gentoo (chromium and firefox), Mageia (podofo), openSUSE (knot and tomcat), Oracle (grub2, kernel, postgresql-jdbc, and python-pillow), Red Hat (firefox, grub2, kernel, and kernel-rt), SUSE (grub2), and Ubuntu (firefox, grub2, grub2-signed, and librsvg).

          • Grub2 updates for Red Hat systems are making some unbootable

            As reported in the comments on the Grub2 secure-boot vulnerabilities report, the updates for grub2 for RHEL 8 and CentOS 8 are making some systems unbootable. The boot problems are seemingly unrelated to whether the system has secure boot enabled. It may be worth waiting a bit for that to shake out.

          • Servers at risk from “BootHole” bug – what you need to know

            That’s our tongue-in-cheek name for a cybersecurity vulnerability that not only gets assigned an identifier like CVE-2020-10713, but also acquires an impressive name plus a jaunty logo (and even, in one intriguing case, a theme tune).

            This month’s bug with an impressive name (see what we did there?) is called BootHole, and its logo rather cheekily shows a boot with a worm sticking out of a hole in the toecap.

            The bad news is that this bug affects the integrity of bootup process itself, meaning that it provides a way for attackers to insert code that will run next time you restart your device, but during the insecure period after you turn on the power but before the operating system starts up.

            The good news for most of us is that it relies on a bug in a bootloader program known as GRUB, short for Grand Unified Boot Loader, which is rarely found on Windows or Mac computers.

          • Why the GRUB2 Secure Boot Flaw Doesn’t Affect Purism Computers

            To understand why this flaw does not affect Purism computers, it helps to understand why UEFI Secure Boot exists to begin with, and how it and the security exploit works. Attacks on the boot process are particularly nasty as they occur before the system’s kernel gets loaded. Attackers who have this ability can then compromise the kernel before it runs, allowing their attack to persist through reboots while also hiding from detection. UEFI Secure Boot is a technology that aims to protect against these kinds of attacks by signing boot loaders like GRUB2 with private keys controlled ultimately by Microsoft. UEFI Firmware on the computer contains the public certificate counterparts for those private keys. At boot time UEFI Secure Boot checks the signatures of the current GRUB2 executable and if they don’t match, it won’t allow the executable to run.

            If you’d like to understand the GRUB2 vulnerability in more detail, security journalist Dan Goodin has a great write-up at Ars Technica. In summary, an attacker can trigger a buffer overflow in GRUB2 as it parses the grub.cfg configuration file (this file contains settings for the GRUB2 menu including which kernels to load and what kernel options to use). This buffer overflow allows the attacker to modify GRUB2 code in memory and execute malicious code of their choice, bypassing the protection UEFI Secure Boot normally would have to prevent such an attack.

            Unfortunately, UEFI Secure Boot doesn’t extend its signature checks into configuration files like grub.cfg. This means you can change grub.cfg without triggering Secure Boot and the attack exploited that limitation to modify grub.cfg in a way that would then exploit the running GRUB2 binary after it had passed the signature check.

            Further complicating the response to this vulnerability is the fact that it’s not enough to patch GRUB2. Because the vulnerable GRUB2 binaries have already been signed by Microsoft’s certificate, an attacker could simply replace a patched GRUB2 with the previous, vulnerable version. Patching against this vulnerability means updating your UEFI firmware (typically using reflashing tools and firmware provided by your vendor) so that it can add the vulnerable GRUB2 binary signatures to its overall list of revoked signatures.

          • Red Hat Enterprise Linux runs into Boothole patch trouble

            Sometimes the cure really is worse than the disease. The recently revealed Boothole security problem with GRUB2 and Secure Boot can, theoretically, be used to attack Linux systems. In practice, the only vulnerable Linux systems are ones that have already been successfully breached by an attacker. Still, the potential for damage was there, so almost all enterprise Linux distributors have released patches. Unfortunately, for at least one -- Red Hat -- the fix has gone wrong.

            Many users are reporting that, after patching Red Hat Enterprise Linux (RHEL) 8.2, it has rendered their systems unbootable. The problem also appears to affect RHEL 7.x and 8.x computers as well. It seems, however, to be limited only to servers running on bare iron. RHEL virtual machines (VM)s, which don't deal with Secure Boot firmware, are working fine.

          • Privacy/Surveillance

            • [App Fridays] Secure, secret, and synced: how Telegram scores over WhatsApp

              According to App Annie Intelligence, Telegram was among the top 10 most downloaded and most used apps worldwide in Q2 2020, and jumped to 8th spot in the same period from 11th earlier. Telegram on Android has more than 500 million installs and a rating of 4.4 stars ratings.

              The app has been around for seven years, but we thought of reviewing it in the time of coronavirus when virtual meetups have become the norm.

    • Environment

    • Finance

      • How the American Idiot Made America Unlivable

        America is a Poor Country Now, in Ways that are Likely to be Permanent

        [...]

        We expect much, much poorer societies to be impoverished in public health. It’s a strange concept to have to think about precisely because we don’t expect it of a rich country. Perhaps one of a poor one, that’s never really developed at all. This is a syndrome unique to America — a form of poverty that Europeans and Canadians struggle to understand, because, well, they’ve mostly eliminated it. But in America, health poverty is endemic.

        So endemic that you can see America’s gotten shockingly poorer and poorer in health — right down to the resurgence of old, conquered diseases, from measles to mumps. Again, that’s the work of the American Idiot — the kind of person who won’t vaccinate their kids, which is an idea that in the end takes society right back to the medieval days of endemic smallpox and polio.

        So what was going to happen when a society

        impoverished in terms of health met a pandemic? Utter catastrophe. America’s mortality rate and infection rate are so high precisely because America was a time bomb of failing public health waiting to go off. What then are the results of creating a society impoverished in public health? Well, Americans face a gruesome choice that doesn’t exist anywhere else in the rich world, even in much of the poor one: your money or your life. “Medical bankruptcy” is the result — I put in quotes because it’s a notion that scarcely exists elsewhere.

        How did all that happen?

        Americans are culturally impoverished, too. The American Idiot has turned American culture into the one of the world’s regressive, short-sighted, narrow-minded, and, well…idiotic. Literally the tiniest shreds of decency and sanity come under a murderous, withering barrage of denial and false “debate” — from things as simple as wearing masks to ones as large as educating Americans about how the rest of the rich world and even the poor one now has vastly better functioning societies.

        Huge chunks of American culture are so hateful, foolish, or bizarre that they’d be either illegal, laughable, or bewildering in much of the rest of the world, from Canada, Europe, or Asia. “Debating” whether the answer to school shootings — which happen nowhere else — is to arm teachers? The idea that billionaires are somehow good for society, or that things like healthcare, retirement, pensions, income, and safety aren’t human rights? That money is all that should matter? Nearly everyone else in the world finds such notions jaw-droppingly foolish by now, which is how the American Idiot made his country a laughingstock the world over.

      • Cory Doctorow: Full Employment

        I don’t see any path from continuous improvements to the (admittedly impressive) ”machine learning” field that leads to a general AI any more than I can see a path from continuous improvements in horse-breeding that leads to an internal combustion engine.

        Not only am I an AI skeptic, I’m an automation-employment-crisis skeptic. That is, I believe that even if we were – by some impossible-to-imagine means – to produce a general AI tomorrow, we would still have 200-300 years of full employment for every human who wanted a job ahead of us.

        I’m talking about climate change, of course.

        Remediating climate change will involve unimaginably labor-intensive tasks, like relocating every coastal city in the world kilometers inland, building high-speed rail links to replace aviation links, caring for hundreds of millions of traumatized, displaced people, and treating runaway zoontoic and insectborne pandemics.

        These tasks will absorb more than 100% of any labor freed up by automation. Every person whose job is obsolete because of automation will have ten jobs waiting for them, for the entire foreseeable future. This means that even if you indulge in a thought experiment in which a General AI emerges that starts doing stuff humans can do – sometimes better than any human could do them – it would not lead to technological unemployment.

      • Cutting the $600 unemployment benefit could hurt the recovery, economists say
    • Monopolies

      • Prepping For The End Of YouTube? Distributing My Videos

        If you build yourself on one platform, you're setting yourself up for failure, it's as simple as that. This is true for uploading videos as much as it's true for funding your work so I thought I'd talk a bit about what I've done recently to help bolster my position as a creator. In short I've started up a few extra pages on platforms like Facebook and Dailymotion so that I can distribute my video uploads and alongside those I have also started a few more recurring donation platforms besides just Patreon, those are SubscribeStar, Liberapay and Locals. If you're not already preparing for whatever YouTube or platform you're using to collapse, you're not going to be ready when it does happen.

      • Patents

        • German Competition Authority Files Amicus Brief In SEP Litigation

          In 2019, Nokia filed a series of patent infringement complaints against Daimler before several German courts. Nokia alleged that connected cars made by Daimler infringed Nokia's patents. Nokia considered the relevant patents as essential for certain wireless communication standards. Nokia v. Daimler, Case No. 2 O 34/19 (Mannheim District Court). On 18 June 2020, the litigation took a surprising turn: The German competition authority, the Federal Cartel Office (FCO), filed an amicus curiae brief with the relevant patent infringement courts (FCO docket no. P-66/20).

          The FCO's amicus curiae brief addressed a specific question in dispute between Nokia and Daimler: Can Nokia lawfully enforce standard-essential patents (SEPs) against Daimler while refusing to grant licenses under the relevant patents to suppliers of Daimler?

          This question is not limited to the dispute between Nokia and Daimler. Whether an SEP holder is obliged to "license to all," i.e., to any wiling licensee, is a key question of SEP licensing and SEP enforcement that awaits clarification throughout Europe and the United States. Are SEP holders obligated to grant licenses to upstream component suppliers? Or is it sufficient for SEP holders to license end products only, i.e., to grant licenses to downstream makers of end products, such as automotive original equipment manufacturers? The possible consequences of a "license to all" obligation are multifaceted: If an SEP holder infringes the obligation, the SEP holder may breach any fair, reasonable and non-discriminatory (FRAND) undertaking. Not only that, but the SEP holder also may violate European competition law or abuse a dominant market position according to Article 102 of the Treaty on the Functioning of the European Union (TFEU).

        • In Judge Gilstrap's Eastern COVID of Texas, patent trolls trump public health concerns: PanOptis v. Apple trial to go forward regardless

          Another day, another post calling out a court obsessed with advancing the cause of patent assertion entities and prepared to compromise public health in the process. Yesterday I reported on a courtroom insanity of potentially pathological proportions in Munich (Nokia v. Daimler), but regrettably a similar problem exists in the Eastern District of Texas--Munich's role model in some respects--on an even larger scale.

          I think hard and long before naming and shaming judges, but Judge Rodney Gilstrap has hit a new low by exposing well over 100 people to significant health risks over the course of several weeks, only because he's worried about his court's ability to attract patent troll lawsuits. He's made other decisions over the years that one can or must respectfully disagree with. This month he's done something no reasonable person could possibly accept, much less condone--except for the most ruthless and reckless patent trolls out there, maybe.

          The Eastern District of Texas hasn't really made itself a name as the cradle of patent litigation sanity, but at least one used to associate the region with honest, hard-working, mostly conservative people leading a healthy rural life in their picturesque cattle towns, remote from whatever plagues more densely populated areas such as the nearby Dallas-Fort Worth metropolitan area. Unfortunately, certain parts of East Texas, such as Harrison County (where the Marshall division of the United States District Court for the Eastern District of Texas is based), have very recently been designated as "Red Zones" from an epidemiological perspective.

          [...]

          Apple's proposal was to wait until early October and re-evaluate the situation then. Obviously Apple, like pretty much any defendant to a patent infringement suit, may be suspected of "stalling" when bringing such a motion. But a litigant's motives don't matter when the public interest--specifically, the health of counsel, court staff, and the local community (potential and actual jurors)--is implicated...

          [...]

          As for the trial itself, the courtroom was sealed for the entirety of the FRAND discussion, which is rather questionable as even the presiding judge himself initially indicated that the court deemed only part of that to involve confidential business information.

        • Irresponsible Munich judges provoked coronavirus superspreader event at today's Nokia v. Daimler patent trial: no masks, no minimum distance

          I am shocked, disgusted, and concerned about my health because even the most basic rules for preventing the spread of the coronavirus were waived at a Nokia v. Daimler patent trial in Munich today, only because the court--as one of the judges explained--was so very eager to hold that trial. I can only hope that neither I nor anyone else got infected today. I will give further thought to the possibility of directing formal complaints to certain politicians and authorities. I furthermore wonder whether this might give rise to a retrial as today's trial was held under unlawful circumstances.

          Most of my blog posts about Munich patent trials mentioned a judge whose panel is not at issue: much to the contrary, I commend Presiding Judge Dr. Matthias Zigann of the Munich I Regional Court's 7th Civil Chamber for taking a perfect set of precautionary measures at last week's Sharp v. Daimler trial. I arrived about one hour early, and it lasted five hours. It will come as no surprise that I felt relieved to take my mask off upon leaving the building. But it was undoubtedly warranted to wear masks, and everyone complied 100% of the time: the judges, the lawyers, the party representatives, and "the general public" (such as me). And, very importantly, there was plenty of distance between any two persons in the room. So, the court's 7th Civil Chamber does what it can to prevent infections, but its 21st Civil Chamber has a reckless patent-centric attitude that the government of the Free State of Bavaria, which actually took the lead in Germany with respect to corona policies, should be ashamed of.

          I went to the Palace of Justice early this morning to attend a 9 AM trial (Nokia v. Daimler, case no. 21 O 3891/19 over German patent DE60240446C5 on a "hybrid automatic repeat request (HARQ) scheme with in-sequence deliver of packets"). Initially, everything looked just as proper as at last Thursday's trial. But then, at around 8:30 AM, I noticed that one of the technicians setting up audio and videoconferencing equpiment in the courtroom wasn't wearing his mask. I notified his supervisor or colleague, who then told him to put on his mask again. He did so, but only for a short while. At around 8:45 AM I asked the mask-refusing technician directly, as he was sitting quite close to me at the back of the room, and he walked by me several times at a close distance without a mask. He told me he "didn't know" what the rule was, and we would see when the judges were going to enter the room.

        • Software Patents

          • $1,500 for prior art on Mountech patent

            On July 30, 2020, Unified Patents added a new PATROLL contest, with a $1,500 cash prize, seeking prior art on at least claim 1 of US Patent 7,991,784. This patent is owned by Mountech, an IP Edge subsidiary, a NPE. The ‘784 patent is generally relates to a method for automatic dynamic contextual data entry completion system. The ‘784 patent has been asserted in district court against ZTE, Samsung, Motorola, Blackberry, and LG.

      • Trademarks

        • The extended but not unlimited protection of trade marks with a repute: Hugo Boss loses battle against ‘BOSS SHOT’ due to the difference between goods at issue

          With an application filed in August 2017, the Applicant Boss Shot sought to register 'BOSS SHOT' as an EU trade mark (EUTM). Registration was sought for goods in Classes 30 (food flavorings) and 34 (electronic cigarettes) of the Nice Classification.

          Hugo Boss opposed the application under Article 8(5) EUTMR claiming that its own earlier EUTM 'BOSS' enjoys considerable reputation in the EU, and that the Applicant’s sign conflicted with its own EUTM designating Classes 14 (precious metals jewellery, clocks, and watches) and 25 (clothing, belts, shawls, accessories, ties, gloves, and shoes).

          In April 2019, the Opposition Division rejected the opposition by considering that – notwithstanding the similarity of the signs – the designated goods under the mark applied for are so different that the mark is unlikely to bring the earlier mark to the mind of the relevant public.

          Hugo Boss appealed.

          [...]

          The evidence must show that reputation has been acquired for all the relevant goods and services. In the case at hand, Hugo Boss was able to demonstrate – by means of sales figures, marketing expenditure, and independent sources such as various surveys, studies and sponsorships – that its mark enjoys a high degree of recognition amongst the relevant public in Germany and in the EU for certain goods in Class 25. Whilst the Board found that reputation had been demonstrated for certain goods in Class 16, the same would not be true for services in Class 41.

          The 'link’ between the signs

          In order to determine the existence of a risk of injury, it is necessary to demonstrate that the relevant public will establish a link between the signs. The necessity of a ‘link’ is not explicitly mentioned in Article 8(5) EUTMR but has been established through case law, notably in C-408/01, Adidas and C-252/07, Intel.

          On the basis of the evidence submitted by the parties, the Board found that the contested goods have different natures, purposes, methods of use, origins, and distribution channels. Overall, electronic cigarettes are so distant from clothing that it is implausible that the public would be reminded of the earlier mark when purchasing the contested goods.

          The same applies to the contested ‘food flavourings’ in Class 30. They are equally dissimilar to the opponent’s clothing. Consumers will not expect that there is any relationship between ‘food flavourings’ producers and the opponent’s company offering clothing.

          Where, as in the present case, a link between the conflicting marks used in relation with the relevant goods and services cannot be established, the goodwill of the earlier mark, also in economic terms, is not affected, or at least not protected under Article 8(5) EUTMR.

          Unfair advantage of distinctive character or repute of the earlier trade mark

          In the absence of a ‘link’, it was considered inconceivable that use of the contested trade mark for those goods and services would take unfair advantage of the distinctive character or repute which the earlier trade mark.

      • Copyrights

        • Conservancy Applies to Renew Key DMCA Exemption

          Conservancy has once again pushed for a renewal of the exemption to smart TV's, effectively allowing people to install and use free software on their own televisions. As part of a coalition with a group of researchers, our Executive Director, Karen Sandler also participated in filing the renewal application to continue the exemption for medical devices filed by the USC's Gould School of Law. Both of these exemptions must refiled in the triennial review process to ensure that interacting with the software in these devices does not become unlawful.

          In 2015 the Digital Millennium Copyright Act (DMCA) was amended to expand the exemption process within the original sweeping 1998 legislation that criminalized many types of digital tinkering and improvements. The Copyright Office is tasked with soliciting and approving proposed exemptions to the law every three years to allow people to undertake non-infringing work on various devices. Many of the activities that are proscribed by the DMCA would hamper security research, interfere with commonplace after-market modifications to users' devices or preclude trivial repairs by laypeople without clearly described exemptions. Once renewals are filed, there is a period of time for oppositions to those renewals to be filed. As in the past, Conservancy has succeeded in explaining why the exemption for smart TVs is so important and we are ready to respond to any opposition now.

        • [Guest Post] Warming Up: The Legality Issue of Fan Fiction Is Back on Appeal in Mainland China

          The legality of unlicensed fan fiction is quietly returning to judicial attention in Mainland China. In August 2018, the trial judgment of the first case concerning fan fiction was rendered in Cha v Yang et al. – more commonly referred to as Jin Yong v Jiang Nan, the pseudonyms of the complainant and the primary defendant [case reference: Tianhe District People’s Court of Guangzhou City, Guangdong Province (2016) Guangdong 0106 Minchuzi No. 12068 (in Chinese)]. See the full text of the ruling here. The trial was live-streamed and can be watched here].

          The trial court held that making fan fiction using characters from another author’s works did not infringe copyright, but the exploitation of said fan fiction amounted to unfair competition. The decision was appealed, but the complainant passed away shortly after the trial judgment was rendered. The litigation was therefore suspended for succession, so that it could be determined who should take the author’s place as appellee. Nearly two years have passed, and now the preparation for the appeal is once again underway. Thus, it is high time to take another look at the copyright rules relevant to fan fiction in Mainland China.

          [...]

          The name of a character falls outside the scope of character design due to its general lack of originality and the impossibility to consider it a 'work'. According to the definition of character design, characters are essentially protected as their characterisation, whereas a name is a sign that can identify that characterisation. On its own, a name is too short to reflect originality: true originality arises from cumulative expression, as is reflected by the content filtered out in the process of identifying original expression in character design. Isolated personality traits such as being resourceful or loyal, or having a birthmark, are not original; nor are simple relationships like those between family, lovers, a master and disciple, or colleagues, if they are not delineated in more specific detail by the plot. While a character design counts as original expression, a name is but an ontological reference to it. A character with a name but no characterisation is not protectable – for example, Godot from Samuel Beckett’s play Waiting for Godot.

          Regarding the second issue: using a character design from a written work does not automatically amount to unauthorised adaptation. Infringement of adaptation rights is determined by seeing whether there is a relationship of source and re-creation between the complaining and defending works [Yu et al. v Chen, case reference: Beijing High People’s Court (2015) Gaomin(zhi)zhongzi No. 1039 (in Chinese). See the commentary of the ruling here]. Such a relationship is established if the creator of the allegedly infringing work is likely to have accessed the claiming work and if the two works are substantially similar to suffice incremental creation. With fan fiction, access is rarely disputed, as fans are highly likely to have accessed the canon; thus, the debate mainly concentrates on substantial similarity.

          For story-telling works, substantial similarity requires at least both character design and plot design to support that the similarities between two works are both qualitatively and quantitatively substantial. The defending work is abstracted into character design and plot design, which are paired and compared with those of the claimant's work. The question of adaptation rights infringement also considers background setting: on the one hand, a consistent background setting between two works (e.g. one being a sequel or prequel to the other) indicates incremental creation; but, on the other hand, any similarities arising from historical background should be dismissed, because such similarities must be attributed to history instead of any author’s original expression [Zhang v Lei et al., case reference: Supreme People’s Court (2013) Minshenzi No. 1049 (in Chinese). See the full text of the ruling here]. What separates fan fiction from conventional infringement of adaptation rights, such as plagiarism, is that fan fiction breaks the mutual confirmation of plot design and character design. Fan fiction creators use canon content primarily as reference, because they and their readers have little interest in repetition. In adapting character design to a new context, the character design is not necessarily used as expression. Therefore, fan fiction referring to canon through characters alone is not enough to constitute the substantial similarity required to establish the infringement of adaptation right.



Recent Techrights' Posts

Comparing U.E.F.I. to B.I.O.S. (Bloat and Insecurity to K.I.S.S.)
By Sami Tikkanen
New 'Slides' From Stallman Support (stallmansupport.org) Site
"In celebration of RMS's birthday, we've been playing a bit. We extracted some quotes from the various articles, comments, letters, writings, etc. and put them in the form of a slideshow in the home page."
Thailand: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter
Desktop Operating System Market Share Thailand
António Campinos is Still 'The Fucking President' (in His Own Words) After a Fake 'Election' in 2022 (He Bribed All the Voters to Keep His Seat)
António Campinos and the Administrative Council, whose delegates he clearly bribed with EPO budget in exchange for votes
Adrian von Bidder, homeworking & Debian unexplained deaths
Reprinted with permission from Daniel Pocock
Sainsbury’s Epic Downtime Seems to be Microsoft's Fault and Might Even Constitute a Data Breach (Legal Liability)
one of Britain's largest groceries (and beyond) chains
 
People Don't Just Kill Themselves (Same for Other Animals)
And recent reports about Boeing whistleblower John Barnett
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 18, 2024
IRC logs for Monday, March 18, 2024
Suicide Cluster Cover-up tactics & Debian exposed
Reprinted with permission from Daniel Pocock
Gemini Links 19/03/2024: A Society That Lost Focus and Abandoning Social Control Media
Links for the day
Matthias Kirschner, FSFE: Plagiarism & Child labour in YH4F
Reprinted with permission from Daniel Pocock
Linux Foundation Boasting About Being Connected to Bill Gates
Examples of boasting about the association
Alexandre Oliva's Article on Monstering Cults
"I'm told an earlier draft version of this post got published elsewhere. Please consider this IMHO improved version instead."
[Meme] 'Russian' Elections in Munich (Bavaria, Germany)
fake elections
Sainsbury's to Techrights: Yes, Our Web Site Broke Down, But We Cannot Say Which Part or Why
Windows TCO?
Plagiarism: Axel Beckert (ETH Zurich) & Debian Developer list hacking
Reprinted with permission from Daniel Pocock
Links 18/03/2024: Putin Cements Power
Links for the day
Flashback 2003: Debian has always had a toxic culture
Reprinted with permission from Daniel Pocock
[Meme] You Know You're Winning the Argument When...
EPO management starts cursing at everybody (which is what's happening)
Catspaw With Attitude
The posts "they" complain about merely point out the facts about this harassment and doxing
'Clown Computing' Businesses Are Waning and the Same Will Happen to 'G.A.I.' Businesses (the 'Hey Hi' Fame)
decrease in "HEY HI" (AI) hype
Free Software Needs Watchdogs, Too
Gentle lapdogs prevent self-regulation and transparency
Matthias Kirschner, FSFE analogous to identity fraud
Reprinted with permission from Daniel Pocock
Gemini Links 18/03/2024: LLM Inference and Can We Survive Technology?
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 17, 2024
IRC logs for Sunday, March 17, 2024
Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
Links for the day
Molly Russell suicide & Debian Frans Pop, Lucy Wayland, social media deaths
Reprinted with permission from Daniel Pocock
Our Plans for Spring
Later this year we turn 18 and a few months from now our IRC community turns 16
Open Invention Network (OIN) Fails to Explain If Linux is Safe From Microsoft's Software Patent Royalties (Charges)
Keith Bergelt has not replied to queries on this very important matter
RedHat.com, Brought to You by Microsoft Staff
This is totally normal, right?
USPTO Corruption: People Who Don't Use Microsoft Will Be Penalised ~$400 for Each Patent Filing
Not joking!
The Hobbyists of Mozilla, Where the CEO is a Bigger Liability Than All Liabilities Combined
the hobbyist in chief earns much more than colleagues, to say the least; the number quadrupled in a matter of years
Jim Zemlin Says Linux Foundation Should Combat Fraud Together With the Gates Foundation. Maybe They Should Start With Jim's Wife.
There's a class action lawsuit for securities fraud
Not About Linux at All!
nobody bothers with the site anymore; it's marketing, and now even Linux
Links 17/03/2024: Abuses Against Human Rights, Tesla Settlement (and Crash)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 16, 2024
IRC logs for Saturday, March 16, 2024
Under Taliban, GNU/Linux Share Nearly Doubled in Afghanistan, Windows Sank From About 90% to 68.5%
Suffice to say, we're not meaning to imply Taliban is "good"
Debian aggression: woman asked about her profession
Reprinted with permission from Daniel Pocock
Gemini Links 17/03/2024: Winter Can't Hurt Us Anymore and Playstation Plus
Links for the day